Roles and Responsibilities

Below are the roles of the people involved in the implementation of UBC's Information Security Standards.



Responsibilities Delegation of Responsibilities
Chief Information Officer (CIO) Has overall responsibility for the Information Security Standards, as set out in Policy 104, section 3. May delegate responsibilities to Associate Director, Information Security Management
Administrative Head of Unit Ultimately responsible and accountable for establishing and maintaining UBC Electronic Information and Systems within their areas of responsibility, as set out in Policy 104, section 6. Must also create an implementation roadmap for compliance with the Standards. While always remaining accountable, may delegate responsibilities to Information Stewards/Owners, University IT Support Staff, and other individuals where appropriate.
Information Steward/Owner

Appointed by an Administrative Head of Unit to be responsible for a specified UBC System, database or collection of UBC electronic information. Determines:

  1. the appropriate classification of this information (see the Security Classification of UBC Electronic Information standard);
  2. how the information may be used;
  3. who is authorized to access the information;
  4. where the information may be stored;
  5. what security measures must be used to protect the information; and
  6. how to comply with any statutory or regulatory obligations that apply to the information.
University IT Support Staff Assists the Administrative Head or Unit or delegate to implement Information Security Standards n/a
User Uses or accesses UBC Electronic Information and Systems. Must comply with all Information Security Standards relevant for Users. n/a