Information Governance Portfolio
This assessment constitutes 100% of the overall module mark. It covers all the module learning outcomes as detailed below:
Personal & Transferable Skills
1. Critically evaluate a data governance implementation plan created for a specified business need and reflect on any potential changes and improvements (PT2)
2. Communicate effectively and professionally in order to present arguments clearly (PT3) 3. Demonstrate a comprehensive and detailed knowledge of the goals and principles of Data Governance and what it means to work ethically and professionally in accordance with these goals and principles. (PT6)
Research, Knowledge & Cognitive Skills
4. Demonstrate an understanding of the legal frameworks and international standards underpinning information governance. (RKC1)
5. Design an appropriately researched data governance implementation plan appropriate for a specified business need that includes business continuity and disaster recovery planning. (RKC4)
6. Be able to advise on, and evaluate, the ethical and social issues arising from security measures used by business. (RKC6)
7. Demonstrate a complex understanding of the breadth and depth of the physical and environmental security issues for a given scenario and demonstrate a critical awareness of current problems and issues informed by research findings and professional practice. (RKC2)
Professional Skills
8. Provide professional advice and guidance on legal and regulatory compliance. (PS3) 9. Plan, analyse and evaluate a risk management framework and recommend appropriate operations security measures. (PS1)
Case Study
Cross:Train is a national gym brand offering a cross training solution to clients through personal training, scheduled classes and bootcamps. They believe in a holistic approach to health and fitness, teaching clients Olympic weightlifting moves, cardiovascular sessions and general fitness, as well as nutrition advice and bootcamps.
Cross:Train have 23 gyms around the country, located in cities, suburbia and rural areas. Three of the locations are in a high flood risk area. They employ over 200 staff members nationwide. They offer a flat monthly rate of £60 for full membership which includes access to all scheduled classes. Bootcamps and other special events carry additional cost but are discounted by 40% for members.
In a recent review it came to light that there have been some data protection issues where personal data was inadvertently shared, and the senior management team want to ensure that their staff are better trained and have access to devices which are controlled by the company. All gym staff are provided with a tablet to manage bookings, complete attendance registers and conduct one-to-one online sessions with clients who request advice. They also use the tablet to put together personal training programmes for clients.
There are several points senior management want to address with the new system:
• A new set of IT related policies and processes will be developed using the ITIL framework
• Staff will exclusively use their supplied tablet for work purposes and although they can take them home they will be carefully protected and monitored
• A small team of technicians will be employed to provide technical support from a distance, with one national manager
• Gym managers will have access to a desktop PC in addition to the tablet and every PC in the company will be identical in set up
• Every gym will have password protected WiFi installed and senior management would like to offer access to clients
• In the near future a mobile app will be deployed to clients so they can make online payments, manage their own direct debit, sign up to sessions, cancel sessions, chat with other clients, track their fitness progress and share achievements
• Staff training in information security and data protection will be mandatory and must be completed at the point of first employment followed up with annual refresher training
• All systems will need to be password protected backed up and consistent across all locations
• Backups and routine maintenance for all systems will take place either overnight or on a Sunday afternoon
All gyms are open 7am-10pm every day except Sunday, which opens 10am-2pm.
Assessment Requirements
Your task is to put together the following items (in total around 4000 words):
1. A risk assessment analysis relating to IT services and data security and your recommendations for risk mitigation to ensure business continuity. [25 marks] • Guide: 1200 words
• To include identified risk name, description, likelihood and severity, overall risk score, specific mitigation with justification linked to business continuity • All risks should be clearly related to this scenario
2. A summary of ethical, social, legal and regulatory compliance issues relating to this case study, to include clear information on all applicable laws and industry best practice (such as ISO27K). The summary should demonstrate an understanding of the differences between ethical and legal considerations. It should include a clear list of controls you plan to implement with justification for each. [35 marks]
• Guide: 2000 words
• To include a comprehensive list of all pertinent legislation and ethical and social issues with clear controls identified and justified
• To include clear links between issues identified, suggested controls and associated legislation/standards
• To include an indication of consequences to the organisation in the event of non-compliance
3. An A4 electronic poster showing the steps to be taken for Disaster Recovery. It should indicate responsibilities and have a clear start and end. This process is to be followed by your IT team in the event of an IT related disaster. [20 marks]
• Guide: 200 words (mostly design but some explanatory text could be present) • Should be relevant to the target audience
• Should be generic enough to be followed in the event of any IT related disaster • Use formal process flow notation
4. A reflection on the portfolio you have produced: its strengths and weaknesses and your own learning based on your degree route. [10 marks]
• Guide: 600 words
• The reflection needs to be honest and identify areas for improvement within the portfolio, with justifications
• You can reflect on every aspect of the portfolio you have produced, including presentation, your recommendations, content, references, time management etc.
• It should link to your prior learning, and future career choice
5. The entire portfolio needs to be professionally presented. [10 marks] • References should be included in appropriate places
• It should be free from major spelling/grammatical issues and in a publishable state
• It should include page numbers, a table of contents, sensible headings, list of references and appendices (if appropriate).
• The structure should be easy to follow and logical
• Any assumptions should be listed throughout
Hand in Requirements
Please upload your portfolio as one document to Blackboard by the deadline, in .pdf format.
Marking Criteria
Part Criteria Marks
70% + Excellent work to an extremely high professional standard which covers all conceivable
risks. Descriptions are highly detailed and include excellent appropriate information. May
exceed expectations at this level.
60-69% Very good work to a professional standard which covers a wide range of risks.
Descriptions are detailed and include very good appropriate information.
Item 1
Risk Assessment
Item 2
Controls
50-59% Good work to a reasonable professional standard which covers a range of conceivable risks. 25%
Descriptions are reasonable and include appropriate information.
40-49% An attempt has been made to identify appropriate risks but there are some missing and/or they are not appropriate. Descriptions are included but are not always appropriate or lack detail.
<40% A poor attempt which does not meet the module learning outcomes. It may have missing information or has missed the point.
70% + Excellent summary to an extremely high professional standard. Includes excellent detail. It could be implemented in industry. May exceed expectations at this level.
60-69% Very good summary to a professional standard. Includes good detail. Could be implemented in industry with some minor adjustments.
35%
50-59% Good summary to a reasonable professional standard. Includes reasonable detail. It could be implemented in industry with more work.
Item 3
40-49% An attempt has been made to write a summary. Details have been included but are not clear or have no meaning in this context. The document is somewhat vague and needs quite a lot
more work.
<40% A poor attempt which does not meet the module learning outcomes. It may have missing information or has missed the point entirely.
70% + An excellent informative poster which includes an excellent process flow diagram with references. The steps are logical, realistic and accurate.
60-69% A very good poster which includes a very good process flow diagram and references. The steps are accurate and logical. 50-59% A good poster with a reasonable process flow diagram (may have missing points) and Disaster Recovery Poster
Item 4
Reflection
references. There may be some minor errors present but it’s mostly accurate and logical.
20% 40-49% A poster has been submitted but it lacks detail and the process flow diagram may be too simple or incorrect, or missing. Referencing is present but could be improved. Steps could be more accurate and logical.
<40% A poor attempt which does not meet the module learning outcomes. It may have missing information or has missed the point entirely.
70% + An excellent reflection which identifies strengths and areas for improvement with detailed reasoning. Professional layout and could be published. It clearly links the current module
learning to prior learning and experiences and considers future learning and/or career choices in detail. Incorporates references and/or best practice examples.
10%
60-69% A very good reflection which identifies a number of strengths and areas for improvement with some reasoning. Layout is good enough to publish with minor amendments. It links learning experiences well and includes references.
50-59% A good reflection with a selection of points raised. It could be more reflective and make use of references. There is some linking of learning experiences. There may be some minor errors
present. Reasonable layout but needs more work.
40-49% A reflection has been written but it lacks detail and does not provide justifications. No linking of learning experiences included. Layout could be improved, and it needs more work.
<40% A poor attempt which does not meet the module learning outcomes. It may have missing information or has missed the point entirely.
70% + Presentation is excellent all round and makes use of industry-appropriate language. All items could be implemented in industry.
60-69% Presentation is very good and could be implemented in industry with minor amendments.
Professional Presentation
50-59% Presentation is acceptable but may lack some of the requirements listed in the specification. 10%
40-49% Presentation could be improved based on the requirements listed in the specification.
<40% A poor attempt which does not meet the module learning outcomes. It may have missing information or has missed the point entirely.
END OF PORTFOLIO