Leadline Inc.PP-20: IT Job Descriptions and Responsibilities
Written job descriptions specifying responsibilities and professional requirements for IT positions affecting system security, availability, confidentiality, processing integrity, and privacy
Control Description
The Company has written job descriptions specifying the responsibilities of and professional requirements for job positions within the IT department (update as necessary, e.g. pharmacy services department) who are responsible for the design, development, implementation, and operation of systems affecting system security, availability, confidentiality, processing integrity, and privacy (update as necessary).
Plain Meaning
This control requires you to have formal, written job descriptions for all IT positions that handle systems affecting your security, availability, confidentiality, processing integrity, and privacy commitments. These job descriptions must clearly define the responsibilities and professional requirements (like education, certifications, experience) for each role. This ensures that the right people with the right qualifications are in the right positions.
Related Controls
- LS-14: Administrative access restrictions
- LS-26: Multi-factor authentication for remote access
- PP-19: Background verification procedures
Related Links
PP-19: Anonymous Incident Reporting Hotline
Anonymous hotline for reporting security, availability, confidentiality, processing integrity, and privacy incidents and compliance concerns
RA-01: Internal Control Audits
Internal audits that assess the design and operating effectiveness of controls and compare them against the Company's security, availability, confidentiality, processing integrity, and privacy commitments