Roles and Responsibilities

Overview

The Roles and Responsibilities page is where you manage your team members’ roles, responsibilities, and authorities for cybersecurity governance. It centralizes who does what, what they’re accountable for, and what authority they have to act.

Accessing the Website Security Page

Go to app.maplegrc.com.
Log in with your account credentials.
From the homepage, navigate to the Roles and Responsibilities page.

Before you begin

Ensure all users are added first. Go to Home → Users and make sure every team member is added.
Ensure you select the correct Job Function for each member. The Website AI Analyzer uses the Job Function chosen when adding a member to auto-generate their Roles, Responsibilities, and Authorities on this page.
If your exact job title isn’t listed, pick the closest Job Function that matches the person’s real responsibilities—this drives the auto-generated content.
After users are added, return here to review and, if needed, edit the generated entries.

Page Actions: Edit a Row (Role, Responsibilities and Authorities)

Click Edit button (top-right) to open the page in edit mode.
In the table, go to the Actions column on the right-hand side and click the pen (edit) icon for the row you want to change.
Update the fields you need — Name, Role, Responsibility, and/or Authority.
Click Save to apply your changes.
The trash icon deletes a row (use with care).
When finished, click Back to Roles, Responsibilities, and Authorities page to exit edit mode.

Page Actions: Export a Report

Click Export button (top-right).
The system downloads a report of the Roles & Responsibilities currently shown on the page.
Use this for handoffs, reviews, or audit packs.

Page Actions: Add to evidence

Click Add to Evidence button (top-right).
MapleGRC generates a report of the current Roles & Responsibilities page and be saved in the Evidence Manager page files.
It is also attached under as evidence attachment in CyberSecure Canada Audit page, mapped to the relevant points/clauses required by the standard.

Fields to Fill - Resources

Click Edit (top-right) to switch the page to edit mode.

Fill each field with the current information. If unknown or not applicable, enter N/A.

Current period Cyber Security Budget (details)
- What to enter: The period your budget covers.
- Example: 2025 or FY 2024–2025
Budget spending level
- What to enter: Your planned budget amount for the period.
- Example: CAD 10,000
IT vs CyberSecurity Budget
- What to enter: The percentage of the total IT budget allocated to CyberSecure Canada implementation/certification.
- Formula: CSC budget ÷ Total IT budget × 100
- Example: 30%
Cyber Security Personal headcount (Personnel)
- What to enter: The number of people dedicated to cybersecurity (full-time or part-time).
- If you have no dedicated staff: Count at least (a) one internal focal point responsible for MapleGRC communications and (b) one MapleGRC consultant (third party).
- Example: 2
IT vs CyberSecurity Personal
- What to enter: The overall IT headcount versus the portion focused on cybersecurity.
- Example: 5 IT vs 2 CyberSecurity (or IT: 5; CSC: 2)
Cybersecurity Consulting services provider
- What to enter: Your consulting partner(s) for security services.
- Example: MapleGRC, Inc.
Cybersecurity Managed Services Provider
- What to enter: A company that watches and protects your systems for you (monitoring, alerts, incident help).
- Example: XXX, inc
- if handled by your own employees, Write Internal.

Save your entries: Click Save (disk icon) on the Resources card.

Fields to Fill - Cyber Talent Standard

What to enter: The talent/competency standard your organization uses to define required cybersecurity skills and roles.
Examples (pick one):
- ISO/IEC 27021:2017 (Competence requirements for ISMS professionals)
- NIST NICE Framework (SP 800-181)
- Internal Cyber Talent Standard
Save your entries: Click Save (disk icon) on the Resources card.

Page updated

Report abuse