ITS 833 Information Governance Semester Project Phase III

Verified

Added on 2023/05/28

AI Summary

This project outlines an Information Governance plan for the Insurance Assurance of the South (IAS), aiming to establish it as a leading insurance provider. The project defines the scope, emphasizing efficient information handling, access, control, sharing, storage, and preservation. It details roles and responsibilities, including those of the CEO, Senior Information Risk Owner (SIRO), and Record Manager. The project establishes essential information policies covering security, ICT, and record management, along with procedures for managing personal information, data volume, information creation, and interactions with third parties. Disaster recovery and business continuity plans are also addressed. The project concludes with a focus on auditing, measurement, and review processes, ensuring continuous improvement and alignment with best practices for information governance in the insurance sector. References to relevant literature are also included.

Running head: INFORMATION GOVERNANACE
Information Governance
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION GOVERNANCE
Scope Definition:
This information governance sets to deliver the systematic and a standardized way of
handling information in the each line of insurance which are functional where the Insurance
Assurance of the South will be able to efficiently optimize and analyse the access to the
information, control of the information, managing and sharing of the information and storing
and preserving of the information for the line of coverage. In simple way this Information
Governance aims to make the Insurance Assurance of the South a recognized organization in
the insurance sector.
Roles and Responsibilities:
Chief Executive Officer: CEO will take the responsibility for establishing a document
management system which will effectively manage the governance of information for the
purpose of decision making.
Senior Information Risk Owner: The director of the Insurance Assurance of the South is
selected as the senior information risk owner. The senior information risk owner or the SIRO
will take the responsibility of the security risk policies of the organization (Epstein, 2013).
SIRO will assist the accounting officer by providing a written advice. This written advice will
contain the statement of the organization regarding the security risk. The SIRO must take
trainings in different time intervals to provide effectiveness to the assigned job role.
Record Manager: The main role of the record manager is maintaining, securing and caring
the organizational records which are mainly the valuable data of the customers (Marchewka,
2014). The record manager will be also assigned to the publishing, creating, and maintaining
the local records of the organization. The record manager will also need to take training for
effectively managing the organizational records.

2INFORMATION GOVERNANCE
Employees: The employees need to follow the whole structure of the information
governance. Also, they need to follow the organizational rules. Proper training must be taken
by the employees before joining the main operational team of the organization.
Information Policies:
These information policies must be followed by the organization:
Information security policies: The data of the customers must be confidential within the
organization.
ICT Policies: Organizational data must be transferred over a secured network (Galbraith &
McAdam, 2013). Preferably an organization’s own communication network.
Record Management Policies: All the records must be accessible, authentic and readable and
unauthorised access permission will not be given.
Information Procedures:
Managing Personal Information: All personal information will be stored differently. Others
cannot view or access the personal information.
Managing the Volume of Information: Old and unnecessary data of the customers will be
removed with the time. For that, an expiry date will be set for all the data.
Creating and Receiving Information: Customer information will be taken directly from the
authorised customers and only relevant data will be taken.
Working with Third Parties:
 Only normal information will be shared which are required for the business purposes
(Safa, Von Solms & Furnell, 2016). No confidential data of the customers will be
shared with third parties.

3INFORMATION GOVERNANCE
 Access will be limited for the third parties within the organization.
Recovery form Disaster and Continuity of Business:
 Information loosed by the Insurance Assurance of the South organization will be
assessed by the manager.
 As a backup of the disaster all information will be stored in the cloud on daily basis.
Auditing, Measurement and Review:
 Data access will be review by creating a survey within the organization.
 SIRO will continuously assess the risks and update the information governance
whenever required.
 Structure of the overall information governance will be reviewed by the staffs and the
employees to implement best suggestion of them.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION GOVERNANCE
References:
Epstein, D. (2013). The making of institutions of information governance: the case of the
Internet Governance Forum. Journal of Information Technology, 28(2), 137-149.
Galbraith, B., & McAdam, R. (2013). The convergence of ICT, policy, intermediaries and
society for technology transfer: evidence from European innovation projects
Technology Analysis & Strategic Management, 25(3): 249-252.
Marchewka, J. T. (2014). Information technology project management. John Wiley & Sons.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. Computers & Security, 56, 70-82.