What is Ownership?

Understanding Ownership

Possessing something usually of value. In information security ownership establishes clear responsibility and accountability for information assets systems and processes. Owners have authority to make decisions about the asset including classification access controls and acceptable use. Asset ownership is a fundamental concept in frameworks like ISO 27001 NIST CSF COBIT and various regulatory requirements. Organizations implement ownership through formal designation of data and system owners documented responsibilities governance structures and regular owner reviews of controls and access. For example a marketing department head might be designated as the owner of customer relationship management data with responsibility for determining who should have access defining classification levels approving changes to data structures and ensuring appropriate controls are implemented. Related terms Data owner System owner Asset management Accountability Responsibility Data stewardship Data governance.