Creating an Information Governance Policy: Assignment Tasks and Assessment Criteria

Learning Outcomes tested in this assessment

Learning Outcomes tested in this assessment:

The following learning outcomes will be assessed by this assignment:

1.Critically evaluate and demonstrate your understanding of key information governance and security principles and practice

2.The ability to critically evaluate an organisation’s approach to information governance and security

3.The ability to advise on the design and implementation of a strategy to meet the legal, regulatory, organisational and/or societal requirements for information governance and security

4.Consider an organisation’s information governance and security culture and reflect on how it relates to your own ethical and professional values for managing information assets

The assignment for this module is the creation of an information governance policy for a chosen organisation, accompanied by a report justifying the policy and recommending an implementation strategy.

You are required to create an information governance policy for an organisation and write an accompanying report in which you justify the approach and content of the policy, and propose an implementation strategy. Choose an organisation you know sufficiently well to be able to complete the assignment and address the assessment criteria. It may or may not be an organisation you currently or have previously worked for and you may wish to anonymise it.

This component addresses module learning outcomes 1 and 3. The policy should be overarching i.e. a statement of intent that provides the organisation with an holistic approach to information governance. It should therefore reference other relevant policies that are either already in place or in need of development; for example an information security policy, email policy, data privacy policy. The policy should be fit-for purpose were it to be implemented in practice. As a minimum it should contain:

·Aim or purpose

·Scope (e.g. all of or selected functions or operating jurisdictions)

·Objectives

·Roles and responsibilities

·Related policies and/or procedures

·Monitoring, measurement and review mechanisms

You may include other sections as appropriate for the organisational context. You are also free to determine the length of the policy – its word length is not part of the word limit for the assignment.

This component addresses module learning outcomes 1, 2, 3 and 4. The accompanying report should provide relevant information about the chosen organisation as context, including the nature of its business and the jurisdiction(s) in which it is situated. It should also establish the importance of information governance within the organisational context.

You should justify the form and content of the policy based on principles and best practice, and set out an implementation strategy which should include details relating to any high level resource investment involved (e.g. people, system investment etc) and a timescale.

Your report may include appendices which you may use, for example, to provide additional detail in regard to the nature of the organisation or any analysis you have undertaken. These are outside the word limit.

The audience for the report is the module tutor, not a member of the organisation, therefore it should include citations where relevant, formatted in accordance with academic standards. The word length is 3500-4000 words.

Assessment criteria

The work will be marked out of 100 in line with the University’s marking grades and according to the following assessment criteria

·Within the context of the selected organisation – possible mark 15%

·Appropriateness and completeness of content – possible mark 15%

·Evidence of application of principles and best practice – possible mark 15%

·Fitness-for-purpose – 15%

·Presentation including appropriate language, clarity of expression and style; appropriate structure and format and length – possible mark 5%

Accompanying report (50%)

·Appropriateness of organisational context detail – possible mark 10%

·Justification of the importance of information governance to the selected organisation based on a critical evaluation of the organisational context – possible mark 10%

·Justification of the approach taken and rationale for the form and content of the information governance policy based on a critical evaluation and understanding of the organisation, and reference to principles and best practice - possible mark 15%

·Critical analysis and evaluation of the resource requirements and recommendations for the implementation strategy, including timescale - possible mark 10%

·Presentation including appropriate language, clarity of expression and style; appropriate structure, format, length and relevance of appendices if used.