What role develops and maintains the information system?

The Information System Owner is responsible for developing and maintaining the information system. This role includes overall accountability for the information system's effectiveness, functionality, and security. The Information System Owner ensures that the system aligns with the organization’s objectives and policies while managing resources allocated to the system. This individual is crucial in making decisions about the system’s requirements, upgrades, and responses to changes in risk, ensuring proper oversight throughout the system’s lifecycle.

In contrast, other roles have different focuses. The Information Owner has a broader responsibility related to data within the system rather than the system itself. The Chief Information Security Officer (CISO) is primarily concerned with the overall security posture of the organization, managing security initiatives and policies but not directly maintaining specific information systems. The Information System Security Officer (ISSO) plays a supportive role, focusing specifically on the security measures and compliance related to the information system, but not on its overall development and maintenance. Each role complements the others, but the direct responsibility for the system’s development and upkeep lies with the Information System Owner.