Reflective Journal: IT Governance, Australian Standards & Legislation

Verified

Added on 2024/06/28

AI Summary

This journal entry reflects on the importance of IT governance, Australian Standards, and legislation for an ICT professional at PAYAM Data Recovery Pty Ltd. It discusses the IT Governance framework used by the company, emphasizing its role in aligning IT with business strategy and ensuring responsible data handling. The journal also explores the application of Australian Standards related to ICT, particularly in maintaining data integrity and confidentiality, and considers the implications of the Privacy Amendment (Enhancing Privacy Protection) Act, 2012. The reflection highlights the necessity of adhering to these standards and legislation to avoid penalties and enhance the organization's reputation.

Journal
This week 4 has proved to be an important week in enhancing my knowledge regarding
Australian Standards and different legislation that may be utilized while working as an IT
professional in PAYAM Data Recovery Pty Ltd. In this week I have learned a lot about the
framework of IT Governance. I have assessed different frameworks of IT Governance in this
week and also discussed about the framework used by my company. In this week I have
analyzed different situations where I have utilized the Australian Standards related to ICT and
the legislation named as Privacy Amendments (enhancing privacy protection) Act, 2012. It has
been analyzed by me that all the information related to clients should be kept private and
confidential otherwise there may be legal penalties for such misconduct. I have learned that the
IT Governance is a part of Corporate Governance of any organization which plays a very
important role in managing and monitoring the IT services used by the company. It helps the
organization to grow and develop in the market. Hence it can be said that this week was very
productive.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 1
PAYAM data recovery Pty Ltd
I am working as an intern in PAYAM data recovery pty ltd as an ICT professional. If I talk about
the IT Governance Framework in my organization then yes there is a policy document regarding
IT Governance Policy. IT Governance framework is an important framework for any
organization to attain its objectives and goals as previously determined by its managers. All the
decision-making process also gets affected by this IT Governance policy document.
This IT Governance is considered as a part of the Corporate Governance of whole organization.
In this policy documents, the guidelines and compliances regarding the IT services provided by
company. These guidelines are used to govern and monitor the process of whole IT related tasks.
There are different types of IT Governance frameworks used by any organization such as IT
Infrastructure Library which was developed for the purpose of IT service management. Other
then this there is a framework named as Control Objectives for Information and Related
technology that is helpful in meeting the business challenges in the regulatory compliance areas
and in risk management (CIO FROM IDG, 2018). One more framework can be taken as example
is Factor Analysis of Information Risk which is used generally for quantifying the risks. In this
framework, Cybersecurity and the operational risks are mainly focused. The Framework used by
my organization helps us in identifying our roles and responsibilities and sets guidelines
according to which we have to perform our tasks with responsibility, accountability and
integrity. IT Governance framework has proved to be a very important framework for decision-
making process by managers of my company.
Reference
CIO FROM IDG, (2018). What is IT governance? A formal way to align IT & business strategy.
[ONLINE] cio.com Available at:
https://www.cio.com/article/2438931/governance/governanceit-governance-definition-and-
solutions.html [Accessed on: 28 July 2018]

Question 2
Australian Standards regarding ICT are commenced for a reason and that is increasing popularity
in the field of Information technology and communication. There was need for guidelines and
standard to manage and monitor the conducts of ICT professionals (Cruz, 2010). I am also
working as an ICT professional in PAYAM DATA Recovery Pty Ltd. There were many
situations when I was required to take account of the Australian Standards in fulfilling my ICT
tasks. Following are six principles of quality governance of ICT:
1. Clearly describe the responsibilities for ICT.
2. For the best support of organization, Carefully plan ICT
3. Ensure that the ICT acquisition is valid.
4. Ensure that the implemented ICT performs as expected, if not better when needed.
5. Verify and validate that ICT conforms to a set of formal rules.
6. Ensure that ICT respects human factors.
There was a situation in my organization when I was working as a data analyst and all the data
included the personal as well as official information of the clients regarding which there was a
set rules and guidelines in my organization that how to deal with such data with maintaining the
integrity and the confidentiality of the information. As per the principles of Australian Standards,
There is one Standard that is Verify and validate the ICT conforms to a set of formal rules. Here
I was that ICT professional who was required to confirm those sets of rules and regulations
regarding the processing of Client’s data. Hence I used and followed all those rules and
performed my task, taking the Australian Standards into consideration.
Reference
Cruz, M. 2010, Australian Standard, [Online] Ramin.com Available at:
http://www.ramin.com.au/itgovernance/as8015.html [Accessed on: July 28, 2018].

Question 3
There are so many Australian Legislations that are needed to be followed during performing any
ICT task. I am working as an ICT professional in PAYAM Data recovery pty ltd but I have not
followed any such situation where I had to follow the legislation.
Legislations are the Acts passed by the government for the welfare of public and protecting the
interest of the citizens of the country. It is necessary for the success of any business or profession
to follow all the legislation connected to their tasks. If any Legislation is not followed by the
organization then it leaves adverse impact on the reputation of business (CSO, 2017).
There can be an imaginary situation I am thinking of while working as an ICT professional in the
organization there may be cases where the data of the client was needed to keep private and
confidential. Here the legislation that is needed to be followed is Privacy Amendment
(Enhancing Privacy Protection) Act, 2012. As per this act, there are some privacy principles
those are required to be followed by the ICT professionals. Hence the data and information of
client should be used with their prior permission and it should also be handled very carefully. It
will definitely enhance the image of the organization in market and there will be no provisions
for penalty if we will follow all the legislation.
Reference
CSO, (2017). A Brief Guide to the ICT Security Controls Required by the Australian Privacy
Principles [ONLINE] Available at:
https://www.cso.com.au/article/540185/brief_guide_ict_security_controls_required_by_australia
n_privacy_principles [Accessed on: July 28, 2018]