Information Governance Policy Implementation for STP

Verified

Added on 2022/10/02

AI Summary

This report outlines an Information Governance (IG) plan for Security Transport Professionals (STP), addressing the need for a comprehensive data management system. The plan encompasses a scope statement defining the data covered, including all data generated by STP. It details roles and responsibilities for an Information Governance Committee, Team, Risk Manager, IAM, and other key personnel. The report defines crucial information policies, including Information Security, Sharing, ICT, and Remote Working policies. It also outlines procedures for data management, working with third parties, disaster recovery, and auditing. The plan emphasizes the importance of data security, compliance, and risk mitigation. References to relevant resources are included, providing a structured approach to implementing and maintaining effective information governance within STP.

Student Name
Student ID 1
Information Governance – Security Transport Professionals (STP)
Submitted By
Course
Professor
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Student Name
Student ID 2
Introduction
The Information Governance (IG) Policy system helps to set some standard that needs to be
connected for overseeing data which includes the principle, standard, technique and rule.
According to the given scenario, it’s very easy to generate more information in the STP
organization. Therefore, it is difficult for the organization to simply set out on information
management (IM) approach in dealing with its data. Rather, the organization ought to imply
information governance (IG) policy since it covers more extensive areas that include strategy,
innovation and guideline to the management. IG is a multi-faceted functionality that incorporates
records management (RM), content administration, data innovation administration, data
security, information protection, risks management, prosecution availability, lawful, the digital
materials maintenance in automated way as well as business intelligence (Halim & Yusof, 2018).
Here, we have to develop a plan for implementation of information governance policy.
Scope Statement
The information governance system will include all the data generated by STP organization. This
IG program ought to incorporate key ideas from records management, content administration,
Information Technology and information governance, data security, information protection, risk
management, litigation, administrative consistence. Also, IG system will include all the staff
members whether its management or clerical staff. The implementation of IG system in the
organization will help to provide some procedures that can be useful while sharing data with
external stakeholders, suppliers and so on. It will help to manage all the documents as well as
soft copy of data.

Student Name
Student ID 3
Roles & Responsibilities
The main roles and responsibilities of the information governance team are as following:
Information Governance Committee - The main responsibility of information governance
committee is to handle all the information that extends from consistence, procedure and
infrastructure to metadata standards as well as security. This committee requires key senior
management support from all applicable data stakeholders like those who are responsible of
ICT, lawful, business, data management, security, protection, and also the opportunity of data.
The information governance committee in STP will act as a board, a working group. It can help
to characterize, relegate and facilitate data related jobs and duties to all other members. The
committee in STP organization can analyze all the risks associated with the system and will
mitigate these risks related with consistence, security, access, protection, congruity, management
and cost (National Archives of Australia, 2019).
Information Governance Team - The Information Governance Team will be required in STP in
order to provide expert advice as well as the assistance in the implementation process of
Information Governance Framework. The team will work with SIRO, Caldicott Guardian, the
DPO, Data Asset Owners/Administrators and key staff to provide all of necessities expected to
guarantee better information governance in the organization. Also, the team will help in
providing training program to the staff. It will help in actualizing the Data Protection,
Confidentiality and other related approaches (University Health Board, 2018).
Information Risk Management - The main responsibility of Information Risk Manager is to
impart risk approaches as well as procedures for the association. Risk Manager in the
organization will help to provide hands-on advancement of risk models that include business

Student Name
Student ID 4
sector, credit as well as operational risks, provide risk controls, mitigation policies and give
research and scientific help. They are required to have phenomenal quantitative and expository
skills, alongside the capacity to apply those abilities over an assortment of business processes
(Robert Half, 2019).
Information Asset Management (IAM) - IAM is responsible to ensure that information, data
and substance are treated as precious assets in the genuine business as well as accounting and
maintains a strategic distance from the hazard and cost related with abuse of information and
substance or the exposure to administrative scrutiny (Evans, N. & Price, 2015).
Record Manager - Record managers are mainly responsible of the effective as well as proper
administration of the organizations records from their creation, directly through to their
inevitable transfer (Graduate Prospects Ltd., 2019).
Line of Business Managers - Line Business Managers are responsible to guarantee that they and
their staff completely comprehend and satisfy their Information Governance obligations.
Employees - Employees are required to understand the need to appropriately deal with the data
they make and access (InfoGov Basics, 2019).
Information Policies
Information Security Policy – Data of STP ought to be both secure and accessible to those with
an legitimate requirement for access as per its authorization level.
Information Sharing Policy – The required information in STP should be shared only to the
authorized stakeholders, suppliers or any external party (Shafik, 2015).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Student Name
Student ID 5
ICT Policy - This policy helps to provide the governance structure to Information management
as well as security inside the organization and characterizes the organization approach in all parts
of Information Security as stipulated under the pertinent Information benchmarks.
Remote Working Policy - In case of remote policy, individual private information or sensitive
data won't be taken off site and utilized remotely. This incorporates manual records and
hardware expected to access such electronically held records (Clinical Commissioning Group,
2018).
Information Procedures
Characterizing an better framework for the staff with respect to data management is critical. It is
likewise fundamental to include initiative and key partners inside the organization to make these
approaches and rules for how staff of STP will deal with the organization's data resources. When
the organization has pre-defined data resources, the next stage is to make a schedule that will
give clear direction to representatives for to what extent to keep those records dependent on the
administrative, legitimate and business needs of the association. Some legal compliance should
be considered while implementing information governance framework (iGMapware, 2019).
Working with Third Parties
The objective of data sharing is to give the correct information at the perfect place so as to help
timely and to make better decision making process. When a lot of individual data are being
moved to the outsider contractual worker or potentially they are getting to CCG IT frameworks
remotely, an information sharing understanding ought to likewise be delivered to detail the
strategy for data exchange, and so forth., and to acquire Caldicott Guardian sign off before the
exchange happens (Herfordshire, 2019).

Student Name
Student ID 6
Disaster Recovery, Contingency and Business Continuity
The organization is required to take regular backup. A backup policy should be defined that can
help in data loss. A proper disaster recovery plan should be defined by the organization. In case
of any disaster, all the contact numbers should be handy, so that one can be contacted as soon as
possible. Without having proper continuity planning, the association may lose its competitive
advantages, important staff, and future research. The organization must have proper business
continuity plan that can help to mitigate the risks associated with the organization STP.
Auditing, Measurement and Review
Auditing in the organization should be scheduled after a particular time period to empower the
Trust to illustrate consistence with the General Data Protection Regulations. Auditing will be
planned all through the financial year to incorporate minimum of one audit in every department
at the end of financial year. Auditing will be attempted by the Information Governance
Managers. All breaches that are related with the above mentioned and other Information
Governance issues will likewise be accounted for on a DATIX incident report. Any risk if found
during auditing process, needs to be documented in audit report, so that a proper plan can be
developed to mitigate these risks (IG and Data Protection Audit Procedure, 2018).

Student Name
Student ID 7
References
Creating an Information Governance Framework. InfoGov Basics 2019. Retrieved from -
https://www.infogovbasics.com/creating-a-policy/
Establishing an information governance committee. National Archives of Australia 2019.
Retrieved from - http://www.naa.gov.au/information-management/information-
governance/governance-committee/index.aspx
Evans, N. & Price, J. (2015). Information Asset Management Capability: The Role of the CIO .
Retrieved from -
https://pdfs.semanticscholar.org/6dc2/e2686ceb157581de3c4cee422434ed18edd3.pdf
Guidance for Inclusion of Information Governance Requirements within Third Party Contracts.
Herfordshire 2019. Retrieved from -
https://www.herefordshireccg.nhs.uk/who-we-are/publications/policies/information-
governance/1429-hccg0050-guidance-for-the-inclusion-of-information-governance-
requirements-within-third-party-contracts-web/file
Halim, N., A. & Yusof, Z., M. (2018). The Requirement for Information Governance Policy
Framework in Malaysian Public Sector. International Journal of Engineering &
Technology, 7 (4.15) (2018) 235-239.
Information Governance and Data Protection Audit Procedure. IG and Data Protection Audit
Procedure Version 1.0 May 2018. Retrieved from -

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Student Name
Student ID 8
https://www.bcpft.nhs.uk/documents/policies/i/1922-information-governance-sop-02-
information-governance-and-data-protection-audits/file
Information Governance Framework. University Health Board 2018. Retrieved from -
http://www.wales.nhs.uk/sitesplus/documents/862/238-
InformationGovernanceFramework-v6.pdf
Job profile - Records manager. Graduate Prospects Ltd. 2019. Retrieved from -
https://www.prospects.ac.uk/job-profiles/records-manager
Mobile and Remote Working Policy. Clinical Commissioning Group 2018. Retrieved from -
https://www.dudleyccg.nhs.uk/wp-content/uploads/2013/04/Mobile-and-Remote-
Working-V1.2.pdf
Risk Management job description guide. Robert Half 2019. Retrieved from -
https://www.roberthalf.com.au/our-services/financial-services/risk-management-jobs
Shafik, D., M. (2015). Information Security Policy. The London school of economics and
political science. Retrieved from - https://info.lse.ac.uk/staff/services/Policies-and-
procedures/Assets/Documents/infSecPol.pdf
What Employees Need for Successful Information Governance. iGMapware 2019. Retrieved
from - https://www.igmapware.com/post/2018/08/27/what-employees-need-for-
successful-information-governance