Skip to main content

User Roles Defined: Know Which Role to Allocate to Which User

Not sure what role type to assign to what user? Learn more here.

A
Written by Andrew Lawrence
Updated over a year ago

When adding a new User to de.iterate, or modifying an existing User, you will need to set three different role functions:

  • Role

  • ISMS Role

  • ISMS Committee Role

We'll take a look at what each of these mean, one-by-one.

Role

This field is related to the interaction that the User will have with the de.iterate platform itself. There are three options:

  • Company Admin: If the User is an Asset Owner or someone who will require interactive access to manage your organisation's compliance, select this option. This Role type allows the User to access and edit all aspects of the de.iterate platform, including key documents, registers, reports and more.

  • Policy Reader: If the User only needs to read the policies, then select this option. Policy Readers do not have access to the full de.iterate platform. They cannot access key documents or registers. They can only read organisation policies via the de.iterate mobile app. It is perfect for employees.

  • Auditor Access (read-only): If the User needs access to read your registers, documents and evidence store, but should not be allowed to make changes, select this option. It is perfect for auditors.

ISMS Role

This field is related to the interaction that the User will have with your organisation's Information Security Management System (ISMS). There are three options:

  • Asset Owner: If the User is someone who will own (or be responsible for) Assets listed in your Asset Register, then select this option. While they can update information related to the specific Assets that they own, they cannot edit other sections of the de.iterate platform.

  • Business Sponsor: If the User is a sponsor or a person in charge of your organisation's compliance program, select this option. This Role type allows the User to access and edit all aspects of the de.iterate platform, including key documents, registers, reports and more.

  • User: If the User only needs to read the policies, then select this option. Policy Readers do not have access to the full de.iterate platform. They cannot access key documents or registers. They can only read organisation policies via the de.iterate mobile app. It is perfect for employees.

ISMS Committee Role

This field is related to the User's relationship to your organisation's ISMS Committee—the platform to discuss any issues related to ISMS and information security in general. This is a mandatory requirement under ISO 27001. There are three Role options:

  • Member: If the User is a general member of the ISMS Committee, then select this option.

  • Chair: If the User is the Chair of the ISMS Committee, then select this option.

  • None: If the User is no way involved with the ISMS Committee, then select this option.

Related Articles
What Does the 'Legal Obligations' Field Mean in the Asset Register?
What is Asset Management According to ISO 27001?
How to Build Your Asset Register for ISO 27001 Compliance
Asset Register Form Fields Explained
How to Select the Right Control for a Risk According to ISO 27001
Did this answer your question?