Skip Ribbon Commands
Skip to main content
SharePoint


10 All users within WHO bear responsibility for data asset and information security. For the needs of the data asset and information protection in WHO, the following three categories of roles are defined: Owner, Custodian and User. At least one of these roles applies to each individual in WHO.

  • “Owner" are those individuals in WHO charged with the ownership of the data assets, information or systems utilized by their respective unit. Owners include managers or their representatives who bear responsibility for acquisition, development and maintenance of data assets, information, and systems processing that data. Owners are responsible for determining access rights and access authorization, information security classification and requirements for information under their control.
  • “Custodian" are those with physical or logical possession of WHO information or data assets entrusted to WHO. IT and Records and Archives staff are examples of custodians. When information is stored only on a personal computer or laptop, the individual user is the custodian. Custodians implement the access rights and security controls approved by the Owners.

“User" are those individuals or entities who use and/or process information or data assets within their day-to-day work that is owned or under the custody of others. Users are responsible for complying with the security rules (policies, standards, procedures, etc.) established by the Owners. In the event of questions regarding access or classification of data or information, users must refer to the owners. Users may be staff members, consultants, contractors, or third parties with who special arrangements have been made.​

​​

Related Content
Publishing information
Version: 1.0
Published: 30/01/2024 11:52
View History  (Requires sign-in)