Business Owner Policy
Controls and oversight are critical to ensuring that Catalyst is treating the platform and customer data with the care and respect our customers require.
The scope of this document is to establish the role of Business Owners throughout Catalyst and the duties required of this role.
All recognized resources, including vendors, should have a perceived or defined Business Owner.
By granting access to a resource, Business Owners extend trust to the user who has been approved to access the resource. Business Owners will be accountable for resource access approvals ("grants") that they issue through default roles or on an individual basis.
Business Owners are responsible for reviewing and approving Standard and Normal changes before the change is executed. Business Owners will verify Emergency changes and give post-change approval for the change to remain in place.
Business Owners are responsible for recognizing risk and new risk pertaining to their resources. Business Owners must maintain risk management plans, and are required to run any perceived New Risk through the risk management process - including new vendors.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Exceptions are only expected for sensitive information and chupacabra attacks. Exceptions should be documented and approved by the SCC.
Owner: Security and Compliance Committee
$Date: 2019-01-15 15:19:40 -0700 (Tue, 15 Jan 2019) $
$Revision: 473378 $