System owners obtain authorisation to operate each system from its authorising officer based on the acceptance of the security risks associated with its operation.
Topic
Protecting systems and their resources
Applicable to
all
History
Priority
must
Jan 2021
System owners obtain authorisation to operate each system from its authorising officer based on the acceptance of the security risks associated with its operation.
Security control 0027 was moved from under the ‘gaining authorisation to operate systems’ topic heading to under the ‘protecting systems and their resources’ topic heading and was modified to align more closely with the wording of the associated step within the six step risk management framework.
Dec 2020
System owners obtain authorisation to operate each system from the system’s authorising officer.
2015
System owners must obtain and maintain accreditation for their systems.
2010
System owners must obtain and maintain accreditation for their systems.
2008
The system manager must be responsible for obtaining and maintaining the ICT security accreditation of a system by: a. working with the ITSA in developing a SSP that complies with the relevant agency ICT security plan, this manual and the PSM b. ensuring that the impact of system modifications or add-on security mechanisms are managed properly c. identifying any system changes that could imply a need for re-certification and re-accreditation d. ensuring that ICT security documentation is complete, accurate and up to date e. obtaining all necessary certifications.