ITS 833 Information Governance Project Phase I: STP Implementation

Verified

Added on 2023/04/04

AI Summary

This project details the initial phase of implementing an information governance (IG) program at Security Transport Professionals Incorporated (STP), a freight hauling company. It identifies a project team composed of key personnel like the CEO, CIO, financial analysts, legal counsel, IT security experts, and regional managers. The project emphasizes educating team members on relevant US data retention laws, including the Stored Communication Act, Gramm Leach Bliley Act, and Sarbanes-Oxley Act. Furthermore, the project creates a risk profile, analyzing strategic business risks such as liability, change management, project, competitive, operational, security, and infrastructure risks, as well as reputational and publicity risks related to information technology, quality, and customer service. The analysis categorizes these risks by severity and proposes mitigation strategies, highlighting the importance of CEO involvement in change management and outsourcing for project risks. The overall goal is to enhance the organization's functioning and sustainability through effective information governance.

Information Governance
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
Introduction......................................................................................................................................3
Part 1................................................................................................................................................3
Part 2................................................................................................................................................4
Part 3................................................................................................................................................5
Conclusion.......................................................................................................................................6
Reference list...................................................................................................................................7
2

Introduction
Information governance is the holistic way of managing corporate information’s and this manage
is conducted by implementing different process, roles and many more. The main aim of setting
up information governance is to make information available to those who are in need of it. These
are several advantages of setting up information governance within the organizational purview
and the main aim is to reduce the legal risks that evolve due to lack of management of the
information, information governance set up also help the organization to curb itself according to
the requirement of the changing market place (Zouridis and Steur, 2017). In this current study
IG program, implementation set up will be showcased and the company where the IG will be set
up is Security Transport Professionals Incorporated (STP). STP is a freight hauler, which
operates with the home branch in Kentucky.
Recently the company is facing problem with the management due to lack of proper management
set up and hence the company is in the view of setting up IG program in its purview to deal with
the problems and integrate growth in the organization (Jadric, Cukusic and Garaca, 2016).
Part 1
For the implementation of the IG program the company has to develop a IG project team and the
list of individuals who will part of this team are:
I. Chief Executive Officer
II. Chief Information Officer
III. In house Financial analyst and Risk Manager
IV. In house Counsel
V. IT Security Expert
VI. Overland Transport Manager
VII. Airway transport Manager
VIII. Southern Region General Manager
IX. Western Region General Manager
X. Information Security Specialist
3

Chief Executive Officer selected because he is responsible for setting up and executing the
strategies of the company. Overland Transport Manager, Airway Transporter manager, Southern
Region General Manager and Western Region General Manager are selected because they are
the shareholders of the company and hence it is necessary to involve them in IG project to aware
them about the functioning of the project and the results that are aimed through project. By
involving all the shareholders of the company, the IG project can succeed in achieving its
objectives because without the investment of the shareholders IG project cannot be executed
properly. Finally the others included in the list which are Information Security Specialist, IT
security Expert, Chief Information Officer, In house counsel and In house Financial analyst and
Risk Manager because they are the ones who are mostly liable for IG project because all of them
are related to the informational purview of the organization. Thus it is expected all the selected in
the above list will work together to ensure a good set up of the IG within the organization.
Part 2
In order to educate all the team members of the IG project it is necessary to go through the
details about the company’s home branch and the primary hubs. The home branch of the
company is located in Kentucky while the primary hubs are located in Texas and California. All
these states are situated in United States. Hence, US laws will be considered. Retaining data of
organization or of an individual is known as the data retention. This data retention is significant
because of several rules and regulations. In USA, Stored Communication Act, which is part of
the Electronic Communications Privacy Act of 1986, is applicable according to which
government can have access of the stored data. This Act shows that in case of emergency
revelation of data can be done to government officials (Weiss and Archick, 2016). Gramm
Leach Bliley Act, which was introduced in 2003 mainly due to proper secure of data. This Act
thus aimed at privacy protection.
Now the legal and regulatory requirement shows that Sarbanes–Oxley Act is followed to serve
the customers in a better way. SEC Rule 17a-4 is another act which shows that records must be
stored in such a way that it will help retain for further use. Code of Federal Regulations Title 21,
Part 11—Pharmaceuticals and Code of Federal Regulations Title 47, Part 42—
Telecommunications are also followed because the company deals with the transportation
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

business and here these laws are very significant. U.S. Federal Authority on Archives and
Records: National Archives and Records Administration is followed for better maintain of the
information’s. Finally, the U.S. Code of Federal Regulations is followed for retaining records
properly.
Thus, it can be said that new team members should educate themselves before taking part in the
IG project because knowledge about the above-mentioned regulatory framework is very essential
for smooth conduct of the project.
Part 3
IG project is implemented with a view that it ill uplift the functioning of the organization and
help it to move towards the path of sustainability. For last few years, the organization has been
facing several risks and due to these risks, the management of the organization has lost their
confidence. Thus, it is very significant to create a risk profile so that organization can educate
itself about the potential risks. Risks can be faced by an organization in several forms and each
type of risk poses different degree of affecting the functioning of the organization (Van Der Vegt
et al., 2015). Hence, along with the risk profile it is necessary to analyze the nature of the risks
so that they can be handled with proper measures because lack of address to risks can result in
huge threat, which the organization cannot face owing to its current potential problems.
Among the Strategic business risks organization is prone to Liability Risk, Change Management,
Project Risk, Competitive Risk, Operational Risk, Security Risk and Infrastructure Risk. The
company is bound to face Reputational and Publicity Risks and among these the potential risk
that company may face are Information Technology, Quality and Customer Service. Thus these
are the ten types of risks that the company may face while conducting its operational activities.
Greatest Risks
 Change Management
 Project Risk
 Operational Risk
 Security Risk
 Infrastructure Risk
Lowest Risks
 Quality
 Customer Service
 Liability Risk
 Competitive risk
5

 Information Technology
Table 1: Risk Analysis
(Source: Created by Learner)
From the risk analysis table it can be observed that some risks can be mitigated by the
organization in full or in part. Considering the highest risks section the change management risk
affects can be reduced by considering strategies, which will help the management team with
incorporation of CEO to convey the message to all the individuals of the organization that
change is for the good of the organization. Thus, these risks can be mitigated in full. Project risk
is another high risk and this risk can be mitigated by outsourcing the project with contractual
penalties in case if failures. For the operational risk, organization has to assign special body to
deal with it. For the rest of the greatest risk organization must include the IT management for
mitigating the risk. Now for the lowest risk the organization can assign special department for
reducing the affect of these risks.
Conclusion
From the above analysis, it can be seen that IG project implementation requires huge research
before it is conducted because this is very new in the purview of the organization. hence its
requires special supervisions.
6

Reference list
Jadric, M., Cukusic, M. and Garaca, Z., 2016, April. Exploring the Responsibilities and Practices
Behind Information Security Governance. In International OFEL Conference on Governance,
Management and Entrepreneurship (p. 328). Centar za istrazivanje i razvoj upravljanja doo.
Van Der Vegt, G.S., Essens, P., Wahlström, M. and George, G., 2015. Managing risk and
resilience.
Weiss, M.A. and Archick, K., 2016. US-EU data privacy: from safe harbor to privacy shield.
Zouridis, S. and Steur, B.F., 2017. Beyond good governanace–The case of the Netherlands.
7

1 out of 7

ITS 833 Information Governance Project Phase I: STP Implementation

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

STP Ltd Networking Project Report: Security and Business Continuity

MNG81001: Leading and Managing Virtual Teams in Global Context

Essendon Food Solutions: Strategic Leadership and Innovation Report

Detailed Audit Process Proposal and Analysis for Micron Technology

+13062052269

info@desklib.com