A.6 Roles and Responsibilities #2
Labels
Comments
nelsonic
added a commit
that referenced
this issue
Dec 15, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What are the Roles and Responsibilities in our organisation?
So far I have:
### Management/Leadership team
The Management/Leadership team is ultimately responsible for the information
security in the organization; it is not "outsourced" to anyone else.
Day-to-day responsibility for checking that process/procedures for information
security are followed/met belongs to the
data controller.Data Controller
The Data Controller is the person in the organization who is registered/named
with the Information Commissioner's Office (UK) and responsible for
ensuring that
Data protection principles
are followed.
Application Developers
Application developers are responsible for implementing the code and systems
which have the protection of people's personal data at heart.
Additionally developers should make reasonable efforts to keep their
knowledge and skill current and keep track of security reports/advisories
which are relevant to the code which has been included/used in the application.
Developer Security Checklist
stored by the application/database (e.g: if you don't need Social Security number don't ask for it!)
localStorage(where it can be "stolen" by an "XSS" attack)a malicious user gaining access to these mission-critical systems.
Under no circumstances should a developer merge her/his own change/feature/bugfix.
Quality Assurance
The Quality Assurance (QA) person (or team) is responsible for
checking/testing features of the application while they are being built
and before they are released to the "live" environment.
QA is the "gate keeper" between application developers and end-users.
QA should not write code unless the team is small and the QA/developer
role are being alternated.
The text was updated successfully, but these errors were encountered: