ISM-0032 Removed History 2008 Information relating to the roles and responsibilities of system users should be included in the ICT security documentation produced for each system.