Information Security Roles and Responsibilities
Authoritative document
- Link to PDF or official URL: TBD
Ownership
| Field | Value |
|---|---|
| Owner | Takayuki KIKUCHI |
| Last reviewed | 2026-4-13 |
Statement of policy
Rendering Consulting Inc is committed to conducting business in compliance with all applicable laws, regulations, and company policies. Rendering Consulting Inc has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
Objective
This policy and associated guidance establish the roles and responsibilities within Rendering Consulting Inc, which is critical for effective communication of information security policies and standards. Roles are required within the organization to provide clearly defined responsibilities and an understanding of how the protection of information is to be accomplished. Their purpose is to clarify, coordinate activity, and actions necessary to disseminate security policy, standards, and implementation.
Applicability
This policy is applicable to all Rendering Consulting Inc infrastructure, network segments, systems, and employees and contractors who provide security and IT functions.
Audience
The audience for this policy includes all Rendering Consulting Inc employees and contractors who are involved with the Information Security Program. Awareness of this policy applies for all other agents of Rendering Consulting Inc with access to Rendering Consulting Inc information and infrastructure. This includes, but is not limited to partners, affiliates, contractors, temporary employees, trainees, guests, and volunteers. The titles will be referred collectively hereafter as "Rendering Consulting Inc community".
Roles and responsibilities
| Roles | Responsibilities |
|---|---|
| CEO | - Oversight of Cyber-Risk and internal control for information security, privacy and compliance - Approves Capital Expenditures for Information Security and Privacy programs and initiatives - Oversight over the execution of the information security and Privacy risk management program - Communication Path to Rendering Consulting Inc Board of Directors - Aligns Information Security and Privacy Policy based on mission, strategic objectives and risk appetite - Oversight over the implementation of information security controls for infrastructure and IT processes - Responsible for the design, development, implementation, operation, maintenance and monitoring of IT security controls - Responsible for conducting IT risk assessments and maintaining risk register - Coordinates the development and maintenance of information security policies and standards - Oversight over information security in the software development process - Responsible for compliance with contractual commitments and relevant data privacy laws and regulations - Responsible for adherence to SOC 2, ISO 27001 and applicable frameworks - Oversight and implementation of information security tools in customer production environments - Maintain confidentiality, integrity and availability of information systems - Ensuring employees and contractors are qualified, competent, and receive appropriate security training - Responsible for oversight over third-party risk management and vendor contracts |
| Employees, Contractors, temporary workers, etc. | - Acting at all times in a manner which does not place at risk the health and safety of themselves or others - Helping to identify areas where risk management practices should be adopted - Taking all practical steps to minimize contractual and regulatory liability - Adhering to company policies and standards of conduct - Reporting incidents and observed anomalies or weaknesses |
Policy compliance
The CEO will measure the compliance to this policy through various methods, including, but not limited to—reports, internal/external audits, and feedback to the policy owner. Exceptions to the policy must be approved by the CEO in advance. Non-compliance will be addressed with management and Human Resources and can result in disciplinary action in accordance with company procedures up to and including termination of employment.