2-8 Business Relationship Management Portfolio Managers

Business Relationship Management portfolio managers are responsible for the following:

  1. Functioning as the liaison between executive sponsors and the information technology providers.
  2. Ensuring that the information resource is entered in the Enterprise Information Repository (EIR) and the record is updated as required.
  3. Appointing, if desired, an ISSR to serve as a development team point of contact to perform security-related activities.
  4. Reviewing the C&A documentation package and completing a risk mitigation plan for risks identified as High or Medium.
  5. Preparing and signing an acceptance of responsibility letter, if a documented High or Medium vulnerability will not be mitigated.
  6. Ensuring that the information resource is registered in eAccess and updated as required.
  7. Ensuring C&A documentation is stored in the IT Artifacts Library and maintaining the hardcopies and electronic copies for the appropriate retention periods.
  8. Maintaining appropriate security during the production phase by ensuring the installation of software and operating system security patches.
  9. If the VP IT delegated this responsibility to the Business Relationship Management portfolio manager, the Business Relationship Management portfolio manager will work jointly with the vice president of the functional business area (or the executive sponsor if this responsibility is delegated) to accept, in writing, the residual risk [1] associated with information resources, and [2] requests to host or remove sensitive-enhanced/sensitive/non-publicly available data from Postal Service premises.
  10. Notifying the NCRB when the business partner trading agreement ends or when network connectivity is no longer required.
  11. On a semiannual basis, reviewing and validating business partner connectivity to the Postal Service intranet.
  12. Completing along with their staff the annual C&A training.
  13. Resolving identified vulnerabilities.