ISMS RACI Matrix Template
R = Responsible (does the work) A = Accountable (owns the decision) C = Consulted (provides input) I = Informed (kept updated)
ISMS Governance Activities
| Activity | Exec Sponsor | ISMS Manager | IT Manager | HR Manager | All Staff |
|---|---|---|---|---|---|
| Policy Approval | A | R | C | C | I |
| Risk Assessment | A | R | C | C | I |
| Risk Treatment | A | R | R | C | I |
| Internal Audit | I | A | R | C | I |
| Management Review | A | R | C | C | I |
| Incident Response | I | A | R | C | R |
| Awareness Training | I | A | C | R | R |
| Access Control | I | C | A/R | C | I |
| Change Management | I | C | A/R | I | I |
Control Implementation
| Control Area | ISMS Manager | IT Manager | HR Manager | Facilities |
|---|---|---|---|---|
| A.5 Organizational | A/R | C | C | I |
| A.6 People | A | C | R | I |
| A.7 Physical | A | C | I | R |
| A.8 Technological | A | R | I | I |
Incident Management
| Activity | ISMS Manager | IT Manager | Legal | Communications |
|---|---|---|---|---|
| Detection | I | R | I | I |
| Assessment | A | R | C | I |
| Containment | A | R | I | I |
| Communication | C | I | C | R |
| Investigation | A | R | C | I |
| Recovery | I | R | I | I |
| Lessons Learned | A | R | C | C |
Instructions for Use
- Review each activity and validate assignments
- Ensure every activity has exactly ONE Accountable person
- Verify Responsible parties have capacity
- Confirm Consulted parties are available
- Update as roles change
Congratulations! You've completed Module 2: Defining Your Domain. You've earned the "Domain Master" badge and 500 XP bonus!
Next Module: Risk & Planning - Identify threats before they strike.