For system owners

System owners are expected to familiarise themselves with the contents of the documents listed below, and to act in accordance with these documents. Furthermore, system owners are expected to know about their information security role and responsibilities at Aarhus University.

The documents describe minimum requirements and may need to be supplemented by further local requirements and guidelines depending on the risk assessment.

Responsibilities

System owners have overall responsibility for information security related to their system, and activities include 

  • preparing written risk assessments for systems used for processing, storing or transferring confidential and/or sensitive information, including personal data
  • ensuring that risks and security measures have been addressed pursuant to the risk assessment
  • obtaining management approval and endorsement of the risk assessment
  • ensuring that the risk assessment is reassessed at least once every year, or
    • in conjunction with major changes in type of data/data processing
    • following changes to the system/setup/collaboration partners/data processing agreement
    • in conjunction with security incidents/security breaches

Descriptions of other responsibilities and functions are in the handbook for system owners.