3 Roles

The safeguards provide examples of the people responsible for the initiation and/or the implementation of this safeguard in addition to the actual recommendation as to how to implement the individual safeguards. Since the job titles of the people appointed as responsible or of the roles are not the same in every organisation, a short description of the most important roles is provided in this chapter to make it easier to assign people or roles to be responsible for a given safeguard.

Responsible Role Description

Administrator

An administrator is responsible for configuring, operating, monitoring, and maintaining an IT system.

 

Application Developer

An Application Developer is an expert responsible for planning, developing, testing, or maintaining programs.

 

Archive Administrator

The Archive Administrator is responsible for configuring, operating, monitoring, and maintaining an archive system at the technical level.

 

Auditor

An Auditor checks whether the planned safeguards were implemented adequately.

 

Building Services

Building Services refers to the organisational unit responsible for the infrastructure in a building or on a property. Here, the services looked after may include, for example: electrical engineering, signalling and control technology, security technology, IT networks (the physical network installation), heating and sanitary engineering, lifts and escalators, etc.

 

Building Services Manager

This term refers to the person responsible for Building Services.

 

Change Manager

The Change Manager must operate an efficient and effective patch and change management system. The task of the Change Manager is to design all changes made to applications, infrastructure, documentation, processes, and procedures so that they are manageable and controllable.

 

Compliance Manager

The Compliance Manager is responsible for identifying the statutory, contractual, and other specifications relevant for the organisation and for checking these for compliance.

 

Construction Company

A Construction Company is a company performing construction work of all kinds on behalf of the company or the government agency or a person in charge. This may include classic construction trades, electrical installation companies, but also the company installing the alarm detection technology (installation company).

 

Construction Manager

A Construction Manager is responsible for the execution of construction projects.

 

Data Protection Officer

A Data Protection Officer is a person appointed by the Top Management being responsible for ensuring personal data is handled correctly and in a law-compliant manner in the company or government agency.

 

Developer

In the context of IT-Grundschutz, a Developer is a person participating in the development of software, hardware, or entire systems.

Within the framework of IT-Grundschutz, the Developer role summarises many different roles, e.g. Software Architect, Software Designer, Software Developer, Computer Programmer, and Tester.

 

Emergency Officer

The Emergency Officer controls all activities in the field of emergency management. He/she is responsible for drawing up, implementing, maintaining, and supporting the organisation-wide emergency management process and of the corresponding documents, regulations, and safeguards. He/she analyses the overall procedure of emergency management after a damage event.

 

Employee

An employee is member of a specialised department, government agency, or company.

 

Fax Mail Centre

The Fax Mail Centre is responsible for all organisational and technical rules relating to the use of fax machines in an organisational unit.

 

Fire Safety Engineer

A Fire Safety Engineer is contact person and person in charge regarding all questions relating to fire protection. Amongst other things, this person is responsible for drawing up fire risk analyses, training and educational programmes for the employees, and sometimes even for maintaining and servicing the fire alarm and protection equipment.

 

Head of Development

This term refers to the head of a hardware and/or software development department or the project manager of a development team.

 

Head of Internal Services

This term refers to the head of the internal services department and/or the person responsible for providing central services.

 

Head of IT

This term refers to the head of the IT department and/or of the management team responsible for managing the information technology.

 

Head of Organisation

This term refers to the head of the organisational unit responsible for regulating and monitoring general operations as well as for planning, organising, and providing all administrative services, among other tasks.

 

Head of Organisation

This term refers to the head of the organisational unit responsible for regulating and monitoring general operations as well as for planning, organising, and providing all administrative services, among other tasks.

 

Head of Personnel

This term refers to the head of the personnel department and/or of the organisational unit responsible for personnel matters.

 

Head of Purchasing

This role refers to the head of the purchasing department or of the organisational unit responsible for purchasing.

 

Head of Specialised Department

This term refers to the head of a specialised department.

 

Information Security Management

Information Security Management or IS management for short (often also referred to as IT security management) refers to the management and coordination task providing for adequate information security in the company and/or government agency. However, this term is also often used for persons actually performing this management task.

 

Installation Company

This is a company providing building services, but also constructing buildings.

 

Internal Services

Internal Services refers to an organisational unit coordinating all central services for the employees, for example mail centre, copiers, transportation services, courier services, elimination of technical malfunctions, industrial cleaning, provision of resources, etc.

 

IS Management Team

The IS Management Team (often also called IT Security Management Team) supports the IT Security Officer by coordinating comprehensive safeguards in the entire organisation, by collecting information, and by performing control tasks.

 

IT Security Officer

An IT Security Officer is a person appointed by the Top Management to coordinate and expedite the task of information security in the government agency or company on behalf of the management.

 

IT Support Technician

The tasks of IT Support Technicians include receiving and answering questions from users relating to all aspects of the IT installation, among other tasks.

 

Mail Centre

The Mail Centre is the collection point of a government agency or company for incoming and outgoing mail. Its tasks may also include providing fax and email services as well as scanning incoming documents as part of an electronic workflow.

 

PBX System Manager

The PBX System Manager is responsible for the proper operation of the telecommunication systems and for the corresponding rules.

 

Person in Charge of the Fax System

The Person in Charge of the Fax System is responsible for all organisational and technical rules relating to the use of fax machines in an organisational unit.

 

Person responsible for the data backup

A person responsible for a data backup is responsible for creating, maintaining, regularly updating, and implementing a data backup policy.

 

Personnel Department

The Personnel Department is responsible for the following tasks, amongst other things:

  • basic issues relating to human resources
  • human resources planning
  • personal matters of the employees
  • handling social issues of the employees
  • general cooperation with the Personnel Representative
 

Personnel/Supervisory Board

The Personnel and/or Supervisory Board (Personnel Representative) is responsible for representing the interests of the employees when dealing with the Top Management.

 

Persons responsible for individual applications

A person responsible for an individual application is not only responsible for the smooth operation of the application, but also for initiating and implementing security safeguards for this application.

 

Planner

The general term "Planner" includes roles such as a "Network Planner" and "Construction Planner". Thus, this term refers to persons responsible for planning and designing certain tasks.

 

Press Office

The Press Office is responsible for all incoming and outgoing contacts with the press and the media. In many cases, enquiries of private individuals and companies are dealt with there.

 

Purchaser

This refers to an employee of the Purchasing department who is responsible for purchasing operating resources or IT systems.

 

Purchasing Department

The Purchasing Department initiates and monitors purchases. Government organisations follow defined procedures for purchasing.

 

Specialised Department

A Specialised Department is the part of a government agency and/or company responsible for performing certain technical tasks. In state and federal administrations, a department is a superior organisational unit of several sub-departments with related tasks.

 

Specialists Responsible

The Specialists Responsible are the people who are responsible for one or more business processes or specialised procedures (for example, the head of the "Sales" department is the Specialist Responsible for the "Automated Sales" application).

 

Supervisor

A supervisor refers to the employees in an organisation who are authorised to issue directives to the employees in their area.

 

Telecommuter

A Telecommuter performs his/her tasks outside of the offices of the company or government agency and has a communication link to the IT of the employer and/or customer for this purpose.

 

Tester

Testers are people testing new or changed software and/or hardware and comparing the test results to the expected results according to the procedures and criteria previously specified in a test plan.

 

Top Management

This term refers to the management level of the organisation and/or the organisational unit considered.

 

User

A user is an employee of the company and/or government agency who uses information technology for performing his/her tasks.

In this, IT user and user must be deemed synonymous, since virtually every employee of a company and/or government agency uses information systems while performing his/her tasks.