They have asked you to produce a report outlining your recommendations for how PoundLend should meet its overall obligations relating to information governance.
During your initial meetings, you realise that PoundLend is relatively naïve when it comes to understanding the breadth and depth of the potential information governance risks related to their new venture. You therefore consider it important to work with PoundLend to identify their most important stakeholders’, concerns and how you will address them.
You believe that in the highly regulated financial environment, PoundLend will need to be able to demonstrate continuing compliance with its IG requirements. You therefore recommend that they conduct regular audits of their IG arrangements.
You are aware of several inconsistencies and ambiguities in the frameworks (rules, policies and industry-practices) that govern PoundLend’s data use. You decide it is necessary to provide an example compliance plan to enable PoundLend to explain how they should interpret these potentially contradictory rules and demonstrate appropriate controls within a consistent, overall information governance system.
ASSIGNMENT TASK
Your task is to produce a management report summarising your proposals following the structure given below.
You are encouraged to use the tools and resources introduced in the course but merely re-stating or duplicating images of the various tools will not be considered adequate. A strong submission will demonstrate that you are able to understand and apply the tools, processes, and principles presented in the course to support effective information governance.
You may wish to conduct independent research into publicly available information regarding standards and controls relevant to the preceding scenario, but such research is not required to complete the assignment. If you do conduct and rely on such research, be sure to include appropriate citations or references in line with University guidelines.
You may add any additional fictional details to the scenario you believe are necessary to create a realistic situation. These should be included as explicitly stated assumptions and should remain consistent throughout your report.
PART 1
- Considering the practical and governance issues, present a high-level overview your proposed solution for PoundLend. You must make the case for the choices you make (for example, which services you will prioritise and why).
- Present a high-level model showing the governance arrangements required for your proposed solution. This should show the actors (including external organisations e.g. regulators), data sources, and data flows. Provide as much detail as necessary to be able to inform the information governance decisions that will need to be taken, for example, you should consider the metadata, log data, or other records necessary to govern the substantive records. You should also consider the physical storage location of data, the scope and boundaries of governance controls (such as contracts) you recommend.
PART 2
(Extract from the scenario above)
… you realise that PoundLend is relatively naïve when it comes to understanding the breadth and depth of the potential information governance risks related to their new venture. You therefore consider it important to work with PoundLend to identify their most important stakeholders’, concerns and how you will address them.
- Identify PoundLend’s key stakeholders. Explain the potential risks and benefits for each of these interested parties, and the governance arrangements that you propose to address these concerns. Provide specific examples of how IG controls, including those you have proposed earlier, contribute to the security and trust of PoundLend’s system.
PART 3
(Extract from the scenario above)
… PoundLend will need to be able to demonstrate continuing compliance with its IG requirements. You therefore recommend that they conduct regular audits of their IG arrangements.
- Create and propose an information governance audit plan for at least one of PoundLend’s systems (or their system overall). This should describe at least five information governance topics against which you would wish to evaluate the system. Give examples of the types of policies, procedures, or controls you would want to see in place, including their component attributes, relevant quality criteria and metrics. Make sure you include sufficient detail to explain the kinds of actions, records, behaviours, etc. that will be required by those being audited.
PART 4
(Extract from the scenario above)
… you decide it is necessary to provide an example compliance plan to enable PoundLend to explain how they should interpret these potentially contradictory rules and demonstrate appropriate controls within a consistent, overall information governance system.
- Identify three areas where there are apparent inconsistencies between different frameworks. These may be within one type of framework (e.g. between different laws) or between different types of framework (e.g. government policies and laws) and may affect different actors in the system.
- Describe how you suggest PoundLend should deal with these inconsistencies. You are required to describe your high-level approach but also to illustrate this with an example list of at least five IG controls you propose should be implemented to demonstrate defensible compliance with the rules. You should include the metrics that will be reported to demonstrate how well those controls are being executed.
Report Structure
- The first page is a cover sheet, stating your name, the course name, the date of your submission, and a note on the total number of pages. Do not put any answer material on the cover sheet.
- Your answer should start on the second page. This page and all subsequent pages should not include your name.
- Each part of your report should be separately titled. No index sheet is required.
- All pages should be numbered consecutively.
- Harvard style referencing should be used.
- No more than 25 pages, font size 10pt Segoe UI at A4 size, or 6000 words. The use of diagrams and tables is encouraged but this should supplement, not replace, substantive analysis.
Assessment Criteria
- Candidate can demonstrate that they understand and can explain the diverse sources of requirements that give substance to the complexity and value of information governance.
- Candidate can demonstrate the capability to analyse these requirements and map their detailed criteria into process models and controls that govern the creation and use of digital information assets throughout their lifecycle.
- Candidate can demonstrate the requisite skills at analysing and navigating conflicting and non-aligned rule systems in order to structure unified approaches to governing information that are defensible and capable of rapid adaptation to changing requirements.
- Candidate can evaluate alternative strategies for implementing information governance objectives across various tools, including policies, procedures, contracts, application designs, and cloud-based services.
- Candidate can use knowledge gained to develop an integrated, substantive proposal for establishing or improving information governance within a defined scope of application.