Security Roles and Responsibilities Policy

Security Roles and Responsibilities

Having clearly defined roles and responsibilities is key in our Information Security Management System (ISMS).  These are used throughout other policies of the ISMS.  EVERY team should document and understand the roles and responsibilities they have, and their relationship to achieving security.

Role Descriptions

Managers are responsible for creating and maintaining role descriptions.

Security responsibilities are generated from the Security and Compliance teams of KX through the ISMS platform.  These responsibilities are distributed to KX employees through ISMS training.  The Security and Compliance leaders and the IT leader are responsible for the implementation and monitoring of security controls, and they hold regular meetings with the CISO to discuss Security and Compliance status.

For the independent monitoring of controls, the Compliance Team regularly engages internal and external auditors to provide assurance services over various information security related standards and practices.  Dashboards, metrics and reports are used to view each security controls risk and compliance aspect to ensure that the Security, Compliance and IT Teams are operating within key security risk and compliance policies and are continuously audit ready. The Security and Compliance Teams provide status updates to senior management on a regular basis.

All Security Policies are owned by the Compliance Leader.  All security policies will be reviewed annually at a minimum.  Security Standards are owned by the Security Leader.  The Standards document how the Policies will be adhered to.