Criteria 1.3
基準 1.3Responsibility and accountability for the entity’s system processing integrity and related system security policies, and changes, updates, and exceptions to those policies, are assigned.
システム処理の完全性と関連するシステムセキュリティーポリシーと変更、更新、ポリシーの例外に対する責務と説明責任が割り当てられる。
Illustrative Controls
統制の実例
Management has assigned responsibilities for the implementation of the entity’s processing integrity and related security policies to the chief information officer (CIO). Others on the executive committee assist in the review, update, and approval of the policies as outlined in the executive committee handbook.
Management has assigned responsibilities for the implementation of the entity’s processing integrity and related security policies to the chief information officer (CIO). Others on the executive committee assist in the review, update, and approval of the policies as outlined in the executive committee handbook.
経営者は、最高情報責任者(CIO)への処理の完全性と関連するセキュリティポリシーについて、実装の責任を割り当てられる。役員会の別の者はレビューや更新やポリシーの改善を役員会ハンドブックに則り、支援する。
Ownership and custody of significant information resources (for example, data, programs, and transactions) and responsibility for establishing and maintaining system processing integrity and related security over such resources is defined.
重要な情報源(例:データ、プログラム、取引)の所有と監護とそれらのリソースに関するシステム処理の完全性と関連するセキュリティの確立と維持の責任が定義されている。
Ownership and custody of significant information resources (for example, data, programs, and transactions) and responsibility for establishing and maintaining system processing integrity and related security over such resources is defined.