|
The VP, IT, is responsible for the following:
- Sponsoring information security and business continuity management programs and ensuring that financial, personnel, and physical resources are available for completing security and business continuity tasks.
- Ensuring confidentiality, availability, and integrity of information processed by IT applications.
- Ensuring compliance with the information security certification and accreditation processes.
- Accepting all risks, liabilities, and responsibilities and assuming personal accountability for any damage to the Postal Service (including direct financial losses and any costs resulting from remedial actions in operating the information resource) for authorizing an information resource to enter the production environment prior to completing the information resource C&A process.
- Together with the vice president of the functional business area, accepting, in writing, residual risk [1] associated with information resources and [2] requests to host or remove sensitive-enhanced/sensitive/non-publicly available data from Postal Service premises. The VP IT may delegate this authority to the applicable Business Relationship Management portfolio manager. If this authority is delegated, notice to that effect must be in writing.
- Defining and documenting secure coding best practices.
|
|