The Information Technology Security Manager should ensure that the plan is comprehensive and complete and should present the Plan and the IT Security Implementation Plan Template to the Security Review Committee for its approval. ITSD102-3 IT SECURITY PLAN IMPLEMENTATION SCHEDULE lists tasks to be completed (with lines for the completion date) and should be approved by the IT Security Manager, IT Management, and the Security Review Committee.
All Information Technology systems should be identified according to a standard format. Systems identification should include, but not necessarily be limited to, the following:
System name and ID;
Description & purpose;
Interconnections and information sharing;
Applicable regulations; and
After any review of the Information Technology Security Plan, the Information Technology Security Manager should be responsible for implementing required updates.