Stakeholder Management

Total Stakeholders

24

3 since last month

Executive Stakeholders

6

25% of total stakeholders

Operational Stakeholders

14

58% of total stakeholders

External Stakeholders

4

17% of total stakeholders

Name Role Department Type Responsibilities Contact Actions
John Smith
John Smith
Chief Information Security Officer
 CISO Security Executive
Security Strategy Risk Management Compliance Oversight
john.smith@company.com
Sarah Johnson
Sarah Johnson
Chief Information Officer
 CIO IT Executive
IT Strategy Technology Governance Digital Transformation
sarah.johnson@company.com
Michael Chen
Michael Chen
Security Operations Manager
 Security Manager Security Operational
Security Operations Incident Response Security Monitoring
michael.chen@company.com
Lisa Rodriguez
Lisa Rodriguez
Compliance Manager
 Compliance Manager Legal Operational
Compliance Monitoring Audit Coordination Policy Management
lisa.rodriguez@company.com
David Wilson
David Wilson
External Auditor
 Auditor External External
ISO 27001 Audits Compliance Verification Audit Reporting
david.wilson@auditfirm.com

Executive Roles

Chief Information Security Officer (CISO)

Executive

The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Key Responsibilities:
  • Develop and implement an information security program
  • Oversee compliance with security frameworks and standards
  • Report security status to the board and executive leadership
  • Manage security risk across the organization
  • Establish security policies and procedures
Framework Responsibilities:
NIST CSF: Govern ISO 27001: Clause 5 (Leadership)

Chief Information Officer (CIO)

Executive

The CIO is responsible for the organization's IT strategy and operations, ensuring that technology supports business objectives while maintaining security and compliance.

Key Responsibilities:
  • Develop and implement IT strategy aligned with business goals
  • Oversee IT operations and infrastructure
  • Ensure IT systems support compliance requirements
  • Collaborate with CISO on security initiatives
  • Manage IT budget and resources
Framework Responsibilities:
NIST CSF: Identify, Protect ISO 27001: Clause 7 (Support)

Operational Roles

Security Operations Manager

Operational

The Security Operations Manager oversees day-to-day security operations, including monitoring, incident response, and security control implementation.

Key Responsibilities:
  • Manage security operations center (SOC)
  • Oversee security monitoring and alerting
  • Coordinate incident response activities
  • Implement and maintain security controls
  • Report security metrics and incidents to leadership
Framework Responsibilities:
NIST CSF: Detect, Respond ISO 27001: A.8 (Operational Security)

Compliance Manager

Operational

The Compliance Manager ensures the organization adheres to relevant security frameworks, standards, and regulations through monitoring, assessment, and reporting.

Key Responsibilities:
  • Monitor compliance with security frameworks
  • Coordinate internal and external audits
  • Maintain compliance documentation
  • Track remediation of compliance gaps
  • Report compliance status to leadership
Framework Responsibilities:
NIST CSF: Identify, Govern ISO 27001: Clause 9 (Performance Evaluation)

External Roles

External Auditor

External

External Auditors provide independent assessment of the organization's compliance with security frameworks and standards, validating control effectiveness.

Key Responsibilities:
  • Conduct independent security audits
  • Verify compliance with frameworks and standards
  • Assess control effectiveness
  • Document audit findings and recommendations
  • Provide certification for compliance standards
Framework Responsibilities:
NIST CSF: All Functions ISO 27001: All Controls

RACI Responsibility Matrix

R - Responsible
A - Accountable
C - Consulted
I - Informed
Activities / Stakeholders CISO CIO Security Manager Compliance Manager IT Manager Risk Manager External Auditor
NIST CSF: Govern
Security Strategy Development A C R C C C I
Security Policy Approval A I C R I C I
NIST CSF: Identify
Asset Inventory Management I A C I R I I
Risk Assessment A C R C C R I
NIST CSF: Protect
Access Control Implementation I A R I R I I
Security Awareness Training A I R C C I I
NIST CSF: Detect
Security Monitoring I I A I R I I
NIST CSF: Respond
Incident Response A I R I R C I
NIST CSF: Recover
Business Continuity Planning A A C C R R I
ISO 27001
ISMS Implementation A C R R C C I
Internal Audit I I C R C A I
External Certification Audit A I C R C C R

Stakeholder-Specific Reports

Customize and generate reports tailored to specific stakeholder needs and responsibilities.

Report Configuration

Report Content

Compliance Metrics
Risk Information
Operational Data

Saved Report Templates

Executive Dashboard
Executive

Target: CISO, CIO

Frequency: Weekly

Content: High-level compliance metrics, critical risks, upcoming audits

Operational Status
Operational

Target: Security Manager, Compliance Manager

Frequency: Daily

Content: Control status, open tasks, recent activities

Audit Preparation
External

Target: External Auditor

Frequency: One-time

Content: Compliance status, evidence summary, control implementation