ITS 833 Information Governance Policy for Superior Card Processors

Verified

Added on 2023/04/07

AI Summary

This project outlines an information governance policy for Superior Card Processors (SCP), addressing the maintenance and establishment of a controlling environment for managing risks related to information integrity, availability, and confidentiality. It details the scope of information governance, including personnel, tools, and business processes, and defines roles and responsibilities for various stakeholders such as the Information Governance Committee, employees, line managers, and a dedicated Information Governance Team. The policy covers critical aspects like information risk management, records management, and information asset management, emphasizing the protection of user data and compliance with legal requirements, including GDPR and the Data Protection Act 1998. It also addresses information procedures, focusing on openness, legal compliance, confidentiality, information security, and quality assurance, while providing guidelines for working with third parties and ensuring disaster recovery and business continuity. The policy is designed to be reviewed annually to adapt to legislative changes and organizational infrastructure updates. Desklib provides a platform for students to access a wealth of solved assignments and study resources.

Running head: INFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION GOVERNANCE POLICY 1
Scope:
Information Governance is the maintenance and establishment of the controlling
environment for managing the risks that are related to the integrity, availability of the
information, confidentiality and supporting systems and processes of it. The information
Governance is all of the tools personnel, tools as well as the business processes which ensure
that the security is being carried out for meeting the specific needs of an organization. The
structure of the organization, performance measurement, responsibilities and roles, oversight
mechanisms and defined tasks (De et al., 2013). The white paper that is provided from the
Institute of the IT Governance, define that the Information Governance is the set of practices
exercises and responsibilities by the executive and board management with the target of
providing direction that is strategic and also ensuring that all the objectives are achieved,
determining that the risks have been managed appropriately as well as verifying that the
resources of the enterprise are responsibly used.
Roles and responsibilities:
Information governance committee:
The committee is responsible ultimately to ensure that if it meets the legalization or
not. The key executives will from the committee, as the committee must be multi-disciplined
in nature. This committee plays a key role in protection of data foresting (Caldicott, 2013).
The committee will also ensure that the means of processing and purposes of personal data
for that the organization is determined and data controller in the compliance with the
legislation.
Employees:
The employees will have to be responsible for managing information that they create
(Epstein, 2013). The role of the employees is that they have to implement the policies and

2INFORMATION GOVERNANCE POLICY
practices of information governance. In addition they have to implement authorization and
security of the information.
Line managers:
The line managers are responsible for ensuring that the employees of the organization
are made aware of the particular responsibilities of them as well as the employees are
complying with data protection that is associated and information governance policies,
information management and information security.
Information governance team:
The information governance team is a dedicated team for driving the practical
implementation of the policy, where the roles and responsibilities of the team should be
stated clearly.
Information risk management:
The information risk management is one of the most important element of the
information governance. It will include establish a team information risk, a risk owner who is
senior and monitoring, enforcing and creating information risk procedure and policies.
Records manager:
The record manager is one more key area of the information governance. This
framework will extend the information for that the manager is responsible.
Information asset management:
The information asset management ensures that the assets of information are managed
with the information governance framework, the role of the assets owners is to manage and
identify risks of data protection within the respective units of business of them.

3INFORMATION GOVERNANCE POLICY
Information Policy:
The information Governance Policy will be maintained by the SCP. This must be
supported by the set of a related procedures and policies for covering all the aspects of the
information governance as well as that are aligned with the operating framework or the
toolkit requirements of Information government (Ferguson et al., 2013). The framework of
the governance policy will be encompassed as, the records of management policies,
information of risk policy, the policy of encryption, data protection and confidentiality
policy, disposal and retention policy. All the user data and information should be protected
under this policy as information and data is one of the most important assets that are that is
available to organization as well as therefore all the organizations must be having robust
arrangement for the information governance that are annually reviewed as well as described
in the new protection toolkit and data security. The policy will offer assured trust as well as to
the individuals, that the information that is personal is legally, efficiently, securely and
effectively dealt with, in order to provide the care that is best possible. The objective of the
policies is for ensuring that the people who work are working for trust for understanding how
look after to the information for protecting the confidential data. As for money related
transactions data security is the most important thing, data privacy policy will be needed
(Liaw et al., 2014).
Information procedures:
The SCP recognises the requirements for appropriate balancing between
confidentiality and openness in the information usage and management. The SCP supports
the principles of monetary and information governance, corporate as well as it recognizes the
accountabilities of public however the importance on the arrangement of security and
confidentiality on credit card based transactions and personal information that are truly
sensitive commercially in nature (Rasouli et al., 2016). The SCP recognises also the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION GOVERNANCE POLICY
requirements for sharing information with other organizations as well as the other agencies in
a manner that is controlled and consistent with the agents in some of the circumstances, the
interest of the public under the Freedom of Information Act 2000. The four keys for
supporting the Information governance policy are openness, legal compliance, confidentiality
and information security and lastly the quality assurance of the information.
Openness:
The information shall be defined as well as where the appropriate kept to be
confidential and underpinning the regulations and Caldecott principles outlined in General
Data Protection Regulation (GDPR) as well as the Data protection act 1998. The information
that is non confidential on the SCP and the services of it should be available to public via
different medium with the Freedom of information Act 2000 (Rebollo, 2016). The SCP will
be must having clear arrangements and procedures to handle the queries from the clients.
Legal Compliance:
The SCP regards all the personal information that are identifiable and related to the
customers and clients and the staff are confidential. The corporate information are also
regarded as confidential by the SCP. The SCP will maintain and establish the policies, for
appropriate and controlled sharing the information of the agents and customers with the other
organizations by taking account of legalization that is relevant (Silic & Back, 2014).
Confidentiality and information security:
The SCP will maintain and establish the policies for the secure and effective
management of the resources and information assets of it. The SCO will also promote
security practice and confidentiality that is effective to the staffs via procedures, policies and
training (Tallon, Ramirez & Short, (2013). The SOP must have to maintain the continuity

5INFORMATION GOVERNANCE POLICY
plans of business for all the infrastructure components that are critical as well as the major
information systems.
Quality assurance of the information:
The SCP will also maintain and establish the procedures and the policies for the
information quality assurance as well as the effective record management. Audits and annual
assessments of the information quality of it and also records the arrangements of management
(Van & De, 2018).
The information procedures also address the type of the contents that can be
acceptable also it manages the information volume.
Working with the third parties:
When the organizational information is to be shared with third parties, the policy
requires the department to be involved for taking proactive steps to be aware of as well as for
reducing the risks that is associated with the information sharing. While the SCP recognizes
the requirement for sharing organizational information with the partners for accomplishing
the mission of it, the departments must have to do home works for ensuring the compliance
with the applicable regulations, laws and the organizational policies. Also it is vital for
assessing and approving the ability of the third parties for handling appropriately as well as
protecting the information before sharing the information (Wu et al., 2015). SCP must have
to make a contract with the third parties about the data security policy that all the money
related transaction must have to be confidential and the information of agent and customers
also have to be confidential. By giving some of the tasks to the third parties the workload of
the organization should be less. The stored information, moved, transferred or copied to any
of the type of portable and removable both the externally and internally to a third party.
Further the information governance policy applies to each and every third parties.

6INFORMATION GOVERNANCE POLICY
Disaster recovery, contingency and Business continuity:
In this framework the organization should be approached that they have to report
about the losses of information. Sometime the information can be leaked as security breaches
can be happened for SCP have to be prepared always for that. Thus all the data and
information should be backed up previously (Van & de, 2018). In addition SCP will have to
manage the management for business continuity that will provide the ability to the
organization to respond effectively to the threats like data breaches and natural disasters as
well as protecting the interest related to business to the organization.
Review:
The policy would be monitored via the awareness of the staffs as well as the
supporting evidence to the SCP IG toolkit. The policy must be reviewed annually and with
the changes of legislative, guidance for good practices, changes to infrastructure of the
organization and case law (Wu et al., 2015). Also the SCP have to monitor the assess of the
information and use as well as monitor of storage and ICT infrastructure performance. One
more major requirement of the IG policy is auditing and risk assessment.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION GOVERNANCE POLICY
References:
Caldicott, F. (2013). Information: To share or not to share. Information Governance
Review. Information: To share or not to share.
De Haes, S., Van Grembergen, W., & Debreceny, R. S. (2013). COBIT 5 and enterprise
governance of information technology: Building blocks and research
opportunities. Journal of Information Systems, 27(1), 307-324.
Epstein, D. (2013). The making of institutions of information governance: the case of the
Internet Governance Forum. Journal of Information Technology, 28(2), 137-149.
Ferguson, C., Green, P., Vaswani, R., & Wu, G. (2013). Determinants of effective
information technology governance. International Journal of Auditing, 17(1), 75-99.
Liaw, S. T., Pearce, C., Liyanage, H., Cheah-Liaw, G. S., & de Lusignan, S. (2014). An
integrated organisation-wide data quality management and information governance
framework: theoretical underpinnings. Journal of Innovation in Health
Informatics, 21(4), 199-206.
Rasouli, M. R., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016). Information
governance requirements in dynamic business networking. Industrial Management &
Data Systems, 116(7), 1356-1379.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical
evaluation of a cloud computing information security governance
framework. Information and Software Technology, 58, 44-57.
Silic, M., & Back, A. (2014). Information security: Critical review and future directions for
research. Information Management & Computer Security, 22(3), 279-308.

8INFORMATION GOVERNANCE POLICY
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2013). The information artifact in IT
governance: toward a theory of information governance. Journal of Management
Information Systems, 30(3), 141-178.
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2013). The information artifact in IT
governance: toward a theory of information governance. Journal of Management
Information Systems, 30(3), 141-178.
Van Grembergen, W., & De Haes, S. (2018). Introduction to the Minitrack on IT Governance
and its Mechanisms.
Wu, S. P. J., Straub, D. W., & Liang, T. P. (2015). How information technology governance
mechanisms and strategic alignment influence organizational performance: Insights
from a matched survey of business and IT managers. Mis Quarterly, 39(2), 497-518.