An executive with the authority to formally accept the security risks associated with the operation of a system and to authorise it to operate.