ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
RACI Matrix: Password Reset Workflow
2
Sample RACI Matrix for Template 4.1 - Appendix C
3
4
RACI Legend
5
R = ResponsiblePerforms the work to complete the activity
6
A = AccountableUltimately answerable for the correct completion
7
C = ConsultedProvides input and must be consulted before action
8
I = InformedKept informed of progress or decisions
9
10
#Workflow StepEnd UserAuthentication SystemEmail SystemIT SupportSecurity Team
11
1User clicks "Forgot Password"RI
12
2User enters email addressRI
13
3System validates email existsIR/A
14
4System generates reset tokenR/AC
15
5System sends reset emailICR/A
16
6User checks email & clicks reset linkRI
17
7System validates token & expiryIR/A
18
8User enters new passwordRI
19
9System updates passwordR/AI
20
10System invalidates tokenR/AC
21
22
Exception Handling
23
E1Email not found - Manual resetCIR/A
24
E2Token invalid/expired - Manual resetCIR/AI
25
E3Support verifies user identityRIAC
26
E4Support creates temporary passwordCRAI
27
28
Notes:
29
• Each activity should have exactly one 'A' (Accountable) role
30
• Activities can have multiple 'R' (Responsible) roles who do the work
31
• Use 'R/A' when the same role is both Responsible and Accountable
32
• Limit 'C' (Consulted) to those whose input is essential
33
• Keep 'I' (Informed) to those who truly need updates
34
• Exception handling steps are marked with 'E' prefix
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100