The person who creates, or initiates the creation or storage of the information, is the initial owner. In an organisation, possibly with divisions, departments and sections, the owner becomes the unit itself with the person responsible, being the designated 'head' of that unit.
The Information owner is responsible for ensuring that :-
- An agreed classification hierarchy is agreed and that this is appropriate for the types of information processed for that business / unit.
- Classify all information stored into the agreed types and create an inventory (listing) of each type.
- For each document or file within each of the classification categories, append its agreed (confidentiality) classification. Its availability should be determined by the respective classification.
- Ensure that, for each classification type, the appropriate level of information security safeguards are available e.g. the logon controls and access permissions applied by the Information Custodian provide the required levels of confidentiality.
- Periodically, check to ensure that information continues to be classified appropriately and that the safeguards remain valid and operative.
*** The Information Security Glossary ***