LD7006 Information Governance and Security Assignment Sample
Introduction
Information is considered to be an important asset for any organization. The companies may succeed or fail based on the security of their data. The organization needs to have strategically created frameworks that control the information and provide security to data. This framework is referred to as Information Governance. It comprises the set of policies, various business processes, metrics and roles for managing information on various media in a way that the immediate and future regulation of the organization is well supported. Information governance is considered to be a holistic approach for managing the information of corporations by the implementation of controls, processes and metrics. This policy will streamline the management process and bring down the storage cost. An important objective of IG is to ensure the employees have secured access to clients’ data and simultaneously make important business decisions. This information is targeted as an important business asset. Attacks have been increasing on a daily basis on the information system and the emergence of the information system is growing. This report presents the information governance framework for “Smartlytics Consulting”. It is a Business intelligence Consulting based in the UK. The Company is specialized in Data Visualisation, Data Analytics, Digital Analytics, Data Science and Business Intelligence services. The company has gained more reputation in the recent few years. With the increasing number of clients over the past few years, there is a requirement for an information policy that would protect the data of clients and subsequently build the trust of the clients. The report consists of the scope of the policy implemented in this organization. The effective IG program will improve the business operations and the values of the organization could be maximized by having compliance compatibilities.
Background
Smart lyrics Consultancy is a business intelligence consulting firm based in Coventry, UK. It was established in the year 2017. The services offered by the company are “data analysis, digital analytics, business intelligence, data science, data engineering and data visualization.”The company has a total of nine employees (Åm 2019). It focuses on delivering intelligent analytics for the reduction of cost and bringing on outstanding experiences of customers. It even helps the private sector by bringing down the cost through the implementation of digital analytics. It provides other services like an extension of data analytics, improvement of conversion rates, and reduction of service cost. The company works with various clients and helps them to achieve their full potential through data (Capano et al. 2020). The company aims to scale up the economic profit by the merger of sophisticated security and developing a framework for information governance policy to ensure its credibility in the market. It has more than 50 clients. The company offers its services to HUL, Hafele, Concep, ZSL and many more. The technologies used by Smartlytics Consultancy are Microsoft Azure, POWER BI, SQL, Google Analytics, MongoDB and so on.
It assures to provide end to end solutions for eliminating data silos and creation of the genuine source. The company also uses the application of machine learning for analyzing the data. It transforms the various reports and analytics by combining data sources in one place. With ever-growing competition in the consultancy market, the organization has been efficient enough to serve many clients (Clarke et al. 2017). For the development of the IG program, the current infrastructure must be analyzed in detail. The organization is not having a sustainable information Governance maturity.
Discussion
Information governance is a method of controlling information so that it becomes available but by no means is the security to be compromised. There are basically six components for the proper information management for delivering corporate governance and it includes “transparency, accountability, due process, compliance, meeting statutory and common law requirements, and security of personal and corporate information.” This policy would be pulling all the important requirements of IG so that the information of Smatlytics Consulting is processed in a legal, secured, efficient and effective manner. Information is considered an important asset in the day to day activity of business analytics firms. The quality of the services provided by the organization depends on the accurate and available information. There is a need for clear and effective management for the formation of robust information governance. Accordingly, this policy would be fulfilling all the requirements, standards, and best practices of the organizations. It is a vital responsibility of every employee within the organization. Everyone needs to play an important part in the implementation and embedding of the important policies and codes of conduct into the working practices of the organization. There are huge benefits of Information governance from the accession of data to a well-developed risk management system. Information governance is required by organizations of all types and sizes. Smart lyrics Consulting needs effective information governance and security as it suffers from poor organisational management of information assets (Croese et al. 2020). This could lead to the rise of many issues and concerns of security arise as there is a huge collection of client data in the database of the company. Effective Information Governance can bring on developing a single source of truth which will help to render information more trustworthy.
Need of Information Governance Policy
Smart lyrics Consulting deals with a huge volume of data of clients and employees. Hence there is a requirement of an effective Information Governance that will fulfil the overall objectives of the Organization. The policy will enable the passing of the right information to the right people and there will be the promotion of high-quality services. It will be also needed for the building of staff competencies. The employees would be motivated to work in a team that will enable the efficient use of resources. It will also be beneficial for the identification and management of the information assets across the organizations.
Implementation of Information Governance Policy
Smart lyrics Consulting is dealing with various clients and managing their big data through the application of machine learning. The company needs to perform various tasks and achieve the goal of the clients and manage information through a secured medium. Therefore the creation of the IG framework will fulfil all the objectives of the organization and it will have proper handling of the information. To develop an effective framework it is necessary to understand and assess the legal, regulatory and business requirements of Smartlytics Consulting.
Aim of the Policy
The policy will help to elevate the various activities of the Information Governance in Smartlytics Consulting (Cross et al. 2020). It will also fulfil the aim of providing secured access to the client data and easy accessibility of information to the employees. The maintenance of robust corporate governance is the key aim of this policy. The main aims of the policy will help the organization to comply with the legal, regulatory and contractual obligations. The other aims that could be fulfilled are discussed below:
- To meet its information management and security responsibilities
- To control and give access to verified individual
- Digitization of the core compliance
- To bring on the data capture functionality
- Delivering high quality and secured services
Smart lyrics Analytics stores and processes a lot of sensitive data that is required for the provision of services, engagement in commercial activities, research and the safeguarding of each member across the organization.
Figure 1: Importance of IG framework
(Source: https://edrm.net/)
Scope of the Policy
The policy will benefit both the employees and clients of Smmartlytics Consulting. It will concentrate on the proper governance of the information of two parties to an efficient level and starting those data with confidentiality (Cumiskey et al. 2019). Smart lyrics Consulting contains valuable data of clients, the policy would be covering necessary guidelines for ensuring the best method to be implemented and handled. The policy will develop a massive level of a legislative framework for IG. This policy will help the organization to develop strategic opportunities and responsibilities for data analysis. The overall productivity gets increased by the facilitation of employee collaboration. The risk of non-compliance gets reduced by the adoption of this policy. The agility of the organization also gets improved. It is necessary that all the employees and clients of Smartlytics Consulting comply with the IG policy.
Policy objectives
The policy delivers to fulfil the intended objectives after the implementation of the information governance and ensure that a high level of standard is kept under legal requirements. The objectives of the said policy are discussed below:
-
Legal Compliance-
Smartlytics complies with the regulatory board and abides by the rule and regulations of the country. The policy will allow the organization to follow all the relevant legislation (Evans et al. 2019). It is the sole responsibility of the company to follow the DPA law at the time of the creation of any personal data which contains information about their clients.FCA has clearly defined that it is the sole responsibility of the organization to secure the data of the customers and protect it from getting hacked by fraudsters.
-
Privilege principle-
every program in the system should use the minimum privileges for the completion of the job. This principle will allow access to the control mechanism to secure data from getting hacked. This policy will clearly state that there must be minimum access which is to be granted as the employee’s indecent action could be a threat to the organization (Giest et al. 2018). The data and information get less exposure if there is the use of the least privilege principle in the organization. The employees would be able to track the amount of information that is required. In this way, the confidential details of the clients can be protected.
-
CIA-
The core components of Information security are Confidentiality, Integrity, Availability. This gives the main principle of Information Governance. The policy would ensure the CIA in the organization. The property of confidentiality ensures that the information could be not shared with any unauthorized person in Smartlytics Consulting. The property of Integrity would ensure the accuracy of the information and be defining assets of the business. Any authorized person who could access the data at any time defines the property of availability.
-
Contingency Planning-
The policy would also aim to deliver contingency planning that is required by the organization in the worst-case scenario (Hartley et al. 2018). It will also facilitate interdepartmental collaboration within Smartlytics Consulting. Thereby helping in producing plans for recovery and deploying necessary steps at the time of urgency. This policy will make sure that there is a visualized plan developed supporting the framework.
DRP is used as a method for the quick evaluation of the business processes.
-
Sharing of information-
The company shares its information with the different organizations for the completion of work. The organization needs to comply with the data protection act 1998 which provides the right to the individuals to view how their data is processed by the company. In the data protection act, there are basically eight principles that are applied to every data controller and they must comply with all these principles.
Role and Responsibility
The policy would focus on ensuring the necessary values and important qualities and compliance for saving the data governance. The important elements of the Information Governance framework would be in analyzing and identification of the important dimension of IG (Ibragimova et al. 2019). The key contribution would be delivered by the CIO of the organization. The CIO would formulate the goals and objectives of the organization. The important goal would be storing, the transmission of data and data analytics. The other responsibility would be developing key metrics, which would be essential in implementing important policies. The CIO would also reflect on the company’s threats and various risk factors involved within the system.
The IG committee would be deploying a few teams and clearly stating the responsibility of each team. The information security policies would be enforced by this committee. They will also maintain a high standard for the work program of IG. The activities like protection of data, data security, data transfer are also to be carried out by the Committee team.
The policy will be specifying the role of employees towards the security of information. It will be implied to determine the requirement of a training program for employees, implementation of the security program and the information endorsement. It is mandatory that staff maintain an attitude of vigilance towards the creation of data. The policy will also enhance the knowledge of information governance security.
The organization must deploy the scope of ISMS where all the activities of Information Governance would be implemented. It will also develop a centralized system for carrying out the activities (Jim et al. 2018). The Scope of ISMS would also ensure that all employees receive equal benefits and the security problems of each employee could be easily solved with the implementation of the ISMS. The goal of ISMS would be the reduction in the risk involved with the IG and confirming the business continuity and simultaneously predefining the risk of the security breach.
There could be the promotion of security culture by the organization and this could be achieved by the endorsement of senior management. The employees must need to have coordinate with the senior level management to proceed with the said framework. The demonstration should be given by the senior management for the commitment of the policy. This is done by the proper implementation, improvement and continuous assessment at the right time with SmartLytics Consulting (Kamaruddin et al. 2020). The employees need to complete the training program of the Annual information Governance by adopting the training module. In order to properly implement the IF framework, there must be fostering of ethical and professional culture within the organization. The employees’ behaviour must be monitored for ensuring compliance and meet security requirements. Therefore the management team needs to develop security controls till the employees of Smartlytics Consulting exhibit an acceptable security culture.
Resources: without adequate resources, the objectives of information Governance could not be fulfilled. The workload of Smartlytics Consulting is increasing day by day and they must ensure that there is a huge resource available all the time.
In order to check the accuracy of the framework, there must be a periodic evaluation of the plan by the CIO. This will help the organization to identify the data stored manually and in electronic methods. It aims at understanding and managing the information asset of Smartlytics Consulting. The policy will be maintaining the classification of information for addressing the common data and facilitating automated control. The sensitivity of the data is indicated by the classification of security. The classification done will be providing a baseline for the loss and damage. The organizations that have successfully made a planning policy would be succeeding in the identification of confidential information.
Approach
For the deliverance of the services of Information Governance, there are major four elements to be considered. These elements would be integrating and assuring Information Governance into all aspects of business operations. These elements are people, process, information and Technology. These factors would be needed for the operation of the business processes and it will depend on these elements. It will be done through a range of dedicated programs of information governance that will be measured by the steering group of information governance. These programs will be defined for each project of IG and they would be monitored in accordance with the agreements of state governance.
Figure 4: Information Governance in Action
(Source: https://www.macro4.net)
Benefits of policy
The following benefits would be served after the successful implementation of the policy :
- There would be consistent and effective management of information across Smartlytics
- The compliance would be well understood with relevant legislation
- The overall time and the efforts of employees would get reduced
- The employees would have clear responsibilities related to IG
- The better management system of research data with high security of intellectual property
- The incidents of information security would be reduced
- The information risks would be managed effectively and efficiently.
- The data quality gets increased.
Associated Policies
This policy would be requiring a few additional policies for covering the important aspect of the IG. ISO27001 standard specifies the management for information Security which determines the requirement of ISMS (Katzenbach et al. 2019). It gives a systematic approach for the management of the risk associated with the organization. It aims at the establishment, implementation and maintenance of the ISMS at the workplace. The factors that should be considered for supporting the IG agenda are legal and professional guidance. There are various policies related to Email, remote access and browsing of the internet which will be discussed in the next part.
Figure 5: Information Security Policy
(Source: https://www.exabeam.net/information-security/information-security-policy/)
Information Security Policy
The policy defines the roles and responsibilities of the employees in the organization. It brings on a discussion of the information assets of the organization and the assessment of the information risk. This is indeed an important mechanism for the management of information across Smartlytics Consulting. The obligations on all employees are discussed and the reporting of security incidents. The category of sensitive data is discussed under this policy. The policy also consists of the requirement of the system of the business operations and the requirement of the secured information asset disposal at the lifecycle end.
Monitoring, measurement and review mechanisms
The policies of IG should be carefully studied and updated on a regular basis to make required changes in the laws, regulations and the business environment. This is an immensely important process which is noted in the “ISO 2700 monitoring information security management”. The standard includes the audit of risk management, report of incident management and activities of internal audit.
Smartlytics Consulting should consider the working patterns of employees and focus on deploying any policy which could bring advancement in the workflow and provide additional securities. The organization gets benefited by maintaining relationships with the external bodies.
Implementation Strategy
The policy must be carefully assessed by the management authority to make a huge impact on the organization. The policy has to abide by IEC27001 which remains a standard process of security that is required for achieving effective security (Lee et al. 2018). The policy needs continuous monitoring and has to go through a chain of continual improvement. The strategy of IG security must be effectively implemented to make it a successful one. The activity of monitoring needs to be done and updated regularly through Smartlytics Consulting. It is the work of the organization to put the initiative in the right place for developing a correct implementation process (May et al. 2017). The IT governance framework works well if there is more involvement from stakeholders, developed IT infrastructure and improved business processes. The other factor that is considered is the initiatives from the top management. This will improve the competencies for the management of IT sources and also the internal process level gets better. It should be also considered that the success of information security governance is not guaranteed by the adoption of information governance. A lack of strategic plans could create trouble for the It governance. The main aim of the strategy is to make sure that the organization is able to fulfil its information management and provide a secure system to all the employees and the valued clients of Smartlytics Consulting (Mikalef et al. 2018). It will allow every person associated with Smartlytics Consulting to gain confidence and confirm to them that the information is protected and stored in a secured location. Each employee must have the knowledge to access the information correctly and share information lawfully and protect it from any type of fraud.
Figure 6: Framework for Information governance
(Source: https://nowdiscovery.net)
The strategy intends to meet the obligations in terms of:
- Requirement of the appropriate disclosure of information
- A regulated framework for information management
- Exchange of information with the other parties
- Developing professional codes for the usage of information
- Code of practice by the organizations
The strategy will be able to recognize the high standards expected from the clients of the organizations and to maintain the important task in the area of IG security. This will help to embed a culture of security through Smartlytics Consulting.
Establishing committee for IG
The implementation of the framework would be the responsibility of the CIO. The overall accountability of the various fields will be under the control of the senior executives. They are going to play an important role in strategic management and the exercise of policy. It is the work of the committee to have a check on the framework on a regular basis (Morris et al. 2020). This regular check of the framework will be justifying its relevance in the organization. The other objectives of the business must be informed and notified by the committee.
Figure 7: Information Governance Committee
(Source: https://www.csudh.edu/it/about-it/governance/)
Need of resource
The policy has to undergo various phases for having the authorization and being supported by the top management. The development of ISMS is required to be put under the project framework. It is only then the policy framework can be easily implemented across the company. Smartyltics undertakes many projects and there is a requirement of additional resources to get the project done before the deadline (Morris et al. 2020). The resources are also required to fulfil the objectives of the policy. Resources consist of design analysis, engineers, auditors, and an important representative from Smartlytics Consulting. There is a need for allocation of enough time to gather all resources so that the framework process does not stop in between. Secondly, the cost would be increased in buying the hardware equipment.
Training should be made mandatory for information governance and all the employees of Smartlytics Consulting must be trained accordingly (Saguin 2019). The CIO should be setting up the IG training module for bringing awareness among all the employees. It is to be ensured by CIO that the training module is reviewed on a regular basis to analyze its efficiency. The upper layer manager should cascade the training module wherever required.
Key Challenges
There are various challenges that will occur at the time of the implementation of the policy. It is to be noted that the policy that has been implemented in the organizations are very poor and not up to the standards of Information Governance (Ulnicane et al. 2021). File management is considered to be chaotic. The biggest challenge faced would be the enforcement of the policy in the organizations. Nowadays the business is overloaded with too much data and a remote workforce (Yi et al. 2019). The overall cost associated with the information Governance increases and could result in negative production. The organizations are left with no choice other than to adopt the policy of Information Governance.
Conclusion
Information Governance is capable of bringing a paradigm shift in business operations. In order to have an organized structure and the security of information, it is very necessary that the organization adopt the policy of Information Governance. Most of the elements of IG are already known and the policy can be implemented easily. It is necessary to harness all these elements by developing integration and enforcing connected interaction. The biggest challenge remains the unification of the governance as no department alone can bring effectiveness in the policy. There is no doubt that Smartlytrics would be developing a secure system where information could be accessed by genuine persons. The report has dealt with the important objectives that would be fulfilled by the policy. After the implementation of the policy, the organization would be able to easily assess the quality of the information governance program. The goal of the policy would be to establish a well-defined map of the responsibilities of information management. There would be the establishment of a better understanding of the principle of Information Governance and policies among the shareholders. It is definitely so easy to implement the policy in the organization as there are various hurdles and challenges faced during the implementation process. Nowadays the organizations have no other option than to adopt the framework of Information Governance as it delivers huge security to the assets of the company. The responsibilities of the employees would be increasing and they should understand the important objectives of the policy. Then only the effectiveness in the Information governance Security is achieved.
Reference List
Journals
Åm, H., 2019. Limits of decentered governance in science-society policies. Journal of Responsible Innovation, 6(2), pp.163-178.
Capano, G. and Pritoni, A., 2020. What really happens in higher education governance? Trajectories of adopted policy instruments in higher education over time in 16 European countries. Higher Education, 80(5), pp.989-1010.
Clarke, A., Lindquist, E.A. and Roy, J., 2017. Understanding governance in the digital era: An agenda for public administration research in Canada. Canadian Public Administration, 60(4), pp.457-476.
Croese, S., Oloko, M., Simon, D. and Valencia, S.C., 2021. Bringing the global to the local: The challenges of multi-level governance for global policy implementation in Africa. International Journal of Urban Sustainable Development, pp.1-13.
Cross, J.P. and Greene, D., 2020. Talk is not cheap: Policy agendas, information processing, and the unusually proportional nature of European Central Bank communications policy responses. Governance, 33(2), pp.425-444.
Cumiskey, L., Priest, S.J., Klijn, F. and Juntti, M., 2019. A framework to assess integration in flood risk management: implications for governance, policy, and practice. Ecology and Society, 24(4).
Damayanti, M., Scott, N. and Ruhanen, L., 2019. Coopetition for tourism destination policy and governance: The century of local power?. In the Future of Tourism (pp. 285-299). Springer, Cham.
Evans, J., McKemmish, S. and Rolan, G., 2019. Participatory information governance: transforming recordkeeping for childhood out-of-home care. Records Management Journal.
Giest, S. and Ng, R., 2018. Big data applications in governance and policy. Politics and Governance, 6(4), pp.1-4.
Halim, N.A., Yusof, Z.M. and Zin, N.A.M., 2018. The requirement for information governance policy framework in Malaysian public sector. International Journal of Engineering & Technology, 7(4.15), pp.235-239.
Hamilton, M.L. and Lubell, M., 2019. Climate change adaptation, social capital, and the performance of polycentric governance institutions. Climatic Change, 152(3), pp.307-326.
Hartley, K. and Zhang, J., 2018. Measuring policy capacity through governance indices. Policy capacity and governance, pp.67-97.
Ibragimova, I. and Korjonen, M.H., 2019. The value of librarians for clinical and health governance (a view from Europe). International Journal of Health Governance.
Jim, C.K. and Chang, H.C., 2018. The current state of data governance in higher education. Proceedings of the Association for Information Science and Technology, 55(1), pp.198-206.
Kamaruddin, M.I.H., Hanefah, M., Shafii, Z. and Salleh, S., 2020. Comparative analysis on Shariah governance in Malaysia: SGF 2010, IFSA 2013 and SGPD 2019. Journal of Public Administration and Governance, 10(1), pp.110-131.
Katzenbach, C. and Ulbricht, L., 2019. Algorithmic governance. Internet Policy Review, 8(4), pp.1-18.
Lee, J. and Tkach-Kawasaki, L., 2018. The relationship between information-sharing and resource-sharing networks in environmental policy governance: focusing on Germany and Japan. Journal of Contemporary Eastern Asia, 17(2), pp.176-198.
May, T. and Marvin, S., 2017. The future of sustainable cities: governance, policy and knowledge.
Mikalef, P., Boura, M., Lekakos, G. and Krogstie, J., 2018. Complementarities between information governance and big data analytics capabilities on innovation.
Morris, K.C., Lu, Y. and Frechette, S., 2020. Foundations of information governance for smart manufacturing.
Saguin, K.I., 2019. Designing effective governance of education. Policy Design and Practice, 2(2), pp.182-197.
Shon, C. and You, M., 2020. Evaluation of health policy governance in the introduction of the new DRG-based hospital payment system from interviews with policy elites in South Korea. International Journal of Environmental Research and Public Health, 17(11), p.3757.
Ulnicane, I., Eke, D.O., Knight, W., Ogoh, G. and Stahl, B.C., 2021. Good governance as a response to discontents? Déjà vu, or lessons for AI from other emerging technologies. Interdisciplinary Science Reviews, 46(1-2), pp.71-93.
Yi, H., Huang, C., Chen, T., Xu, X. and Liu, W., 2019. Multilevel environmental governance: Vertical and horizontal influences in local policy networks. Sustainability, 11(8), p.2390.
………………………………………………………………………………………………………………………..
Know more about UniqueSubmission’s other writing services: