Information Governance Electronic Portfolio Assignment

1.Demonstrate an in-depth and systematic understanding of policies, standards, methodologies and procedures around information governance and their impact of security frameworks in modern and dynamic information systems with clear references to the value of information and organisational assets

2.Assess, classify, evaluate and review current legal and regulatory requirements, record management and auditing processes and their influence upon self-preserved, dynamic and versatile information governance programmes and frameworks

This assignment involves the development of an Information Governance electronic portfolio. The Information Governance electronic portfolio should be based around an organisation of your choice. You should make the teaching team aware of the organisation you have chosen. The portfolio should include the following elements:

1.A draft Information Governance framework that clearly identifies the following elements (you can specify roles in each of the committees rather than the name of a given individual):

a.The scope of the governance framework (I.e. does it apply to the whole organisation, or just a single department within the organisation, and what elements (people, processes, policies and procedures) are covered.

b.An outline information governance committee consisting of the relevant executive level post holders

c.The information governance team – those responsible for the operational oversight of the framework, reviewing its implementation and ensuring that records are being kept accurately and that security policies are enforced

d.The relevant information policies that should be included (e.g. information security policy, records management policy etc.) within the framework, along with an explanation of why they are relevant

e.An overview of information procedures that need to be put in place (including legal and regulatory compliance)

f.An overview of how third parties will be managed

g.A risk assessment that identifies all the potential risks associated with information governance and security – this should include the risks, their likelihood (low, medium, high) and impact (minimum, moderate, severe) and any mitigating actions that can be taken to limit the impact of the risk

h.An outline Business Continuity plan identifying what the organisation must do in the event of unforeseen circumstances. Again, you can mention key stakeholder roles rather than individual names

i.A Disaster Recovery Plan that outlines key roles who will take responsibility for ensuring technical systems are up-and-running and back online following an unexpected outage

2.An outline for an Information Security Management System (ISMS) which will be utilised to ensure effective auditing, monitoring and review of information governance within your chosen organisation. This will draw upon information from your information governance framework that you identified in step 1.

You are expected to outline the key elements, and there is no need for you to write the associated policies that you refer to in your information governance framework, but you will be expected to explain why you have included certain policies, and how they relate to the organisation you have chosen.

In order to pass this assessment, you will need to:

1) Implement, evaluate and analyse asset classification schemes and risk assessment methodologies (I.e. a risk management plan)

2) justify information governance requirements and limitations in a given organisational context

3) Undertake analysis of organisational norms, trends and guidelines to be considered when implementing, testing and reviewing an information governance framework (how does your proposed information governance framework relate to the organisation you have chosen)

How do I produce high quality work that merits a good grade?

To gain a higher grade you need to evidence your understanding of the organisational context, and clearly explain how the measures you are proposing are relevant and proportionate to the organisational context you have chosen. You should evaluate your approach and show how, given the possibilities you have considered, why the approach that you present is the best possible option for the organisation you have chosen.

How does this assignment relate to what we are doing in scheduled sessions?

The teaching and development undertaken during the unit focuses around information governance, including the key aspects of information governance frameworks, business continuity planning, disaster recovery planning, ISO standards such as the ISO 27000 family, and the use of information security management systems (ISMS). The learning from these sessions can be directed applied to the requirements of this assignment and will allow you to demonstrate your skills and abilities to turn the theoretical concepts into a practical solution.