ISO 27001 ANNEX A RASIC Matrix
To get things done and manage the ISMS you are going to want to know who is ultimately accountable for a control and who does the work day to day. There are many scenarios where this information is important ranging from who to speak to for internal and external audits, who will maintain operational control of the process, who will update documents and more. The ISO 27001 RASCI Table is a tool that allows you to record who owns an Annex A / ISO 27002 control. It records who is accountable for it and who is responsible for it. Think of it like who would get sacked if the control failed and who is the person that does the actual work day to day. They may be the same person or may not. This allows you to plan your communications, your internal audits, your documentation maintenance and more.
ISO27001:2013 – Annex A Controls
Cut down RASCI showing who does the work, who is accountable and who is informed.
R = Responsible – does the work
A = Accountable – responsible for the work
I = Informed – informed of progress
ISMS RASCI Table Template Contents
Responsible Named Person
List of roles or people
Flag for RASCI