It is your task to now add the “content” to the outline for the Information Governance Plan/Program. That is you are to prepare an Information Governance Policy/Program for INSURANCE ASSURANCE OF THE SOUTH, for the line of insurance that you either selected or were assigned for Phase II.. All IG policies or programs are somewhat different and unique to the industry and to the organization. Here, your IG program will be unique to the line of insurance that you covered. There are a number of sample Information Governance Policy/Program templates and samples on the internet. Attached to the end of this document is just one sample Information Governance Framework template that was copied verbatim from the website https://www.infogovbasics.com/creating-a-policy/. This framework gives you an idea of the minimum items that might be included generally in an IG Plan. Please take into consideration that it may not be complete for your company and line of insurance you chose to focus on.
I have downloaded and saved for your review in the CONTENT section, subdirectory on SEMESTER PROJECT¸ subfolder SAMPLE IG PLANS a few samples from the internet. You may review them for a flavor of how different IG Plans may be for organizations in the same industry, and even for companies managed by the same organization. Also, please feel free to browse the internet to get a flavor for what an actual IG Policy/Program might look like. Also, take into consideration the recommendations of the organizations, associations, affiliates and accrediting agencies that you identified in Phase I that govern or provide oversight to the insurance industry. Or, if you desire, you may use the template attached to the end of this document as an outline for how you might choose to format your IG Policy/Program for the line of insurance you decided to focus on for Phase II of your project, but remember you will need to make modifications that will make it best suited for the insurance industry and specifically for IAS, and the line of insurance coverage that you have been assigned or chose.
It is certainly not a requirement that you use either the attached sample as a guideline for formatting your own IG Policy/Program, or that you use anything that you may find on the internet prepared by the insurance industry organizations, affiliates or oversight bodies. You may design your own format for an IG Policy/Program for IAS that is far superior to anything that you find online. If that is the case, then use your own model! It makes no difference how you arrived at the final format you use for the IG Policy/Plan/Program that you submit, as long as you give credit to all source(s), that you looked to in formulating or designing your IG Plan or any portion of your plan.
The sample at the end of this document is merely attached for your convenience as one example of the minimum type of information that might be contained in your IG policy/program. Do as much research from all sources you have access to or can locate to determine how you want to format your own IG Policy/program, and the types of things you will include. If you decide to use the attached sample, or anything you find on the internet, you are required to customize either to meet the distinct characteristics and needs of IAS and to add the detail required. Please know, this assignment DOES NOT consist of submitting an outline for IAS. This assignment is to submit “THE” Information Governance Plan for IAS, complete with detail.
That is, please do not misconstrue the sample/example format attached hereto or any outlines that you find on the internet that are generic in nature. Those are merely outlines for what I am asking you to develop in this assignment. They are skeletons that contain only headings for the content that you will include in the IG Policy/Plan/Program that you develop in Phase III. That is, what follows is merely an Information Governance Framework.
“The purpose of the Information Governance framework is to formally establish an organisation’s approach to Information Governance. No two Information Governance programmes are the same, so each framework will be unique to the organisation but any programme should, as a minimum, cover the following areas:” https://www.infogovbasics.com/creating-a-policy/ In other words, in Phase III, you must include actual content or provide instruction for a minimum of the sections listed below, and include your own additional subsections where appropriate. For example, should you find an example or sample IG Program/Policy/Program similar to the following framework you should interpret it as follows:
Use sentence here that talks about the Roles and Responsibilities of those responsible for the IG Plan/Program/Policy. The first major section of most frameworks clearly defines key roles of the individuals responsible for implementation, audit, update, accountability and revision of the IG plan for the organization, and the responsibilities for each, and may include:
Information Governance Committee: Description of the representatives of the committee goes here, followed by a description of their roles and responsibilities.
Information Governance Team: Information Risk Management: Information Asset Management: Records Manager:
“Roles and Responsibilities” is merely a category or heading for one portion of the IG policy/program that you design. The section that reads, “Use sentence here that talks about the Roles and Responsibilities of those responsible for the IG Plan/Program/Policy. The first major section of most frameworks clearly defines key roles of the individuals responsible for implementation, audit, update, accountability and revision of the IG plan for the organization, and the responsibilities for each, and may include:” is nothing more than an instruction from me to you describing the section. It is more of a tip from me to you, and is not to be construed as the actual content for your IG Program/Policy/Plan. Then the 7 lines that follow are just examples of what might be key players in this particular example. In your IG Plan that you submit to me, if you have a section that looks like this, then you must also include an actual description of the roles and responsibilities for each entity/position that you have listed. You will not include in your IG policy/program that you design the descriptions of what each category is used for as I did in my example to you.
Please use entire sentences rather than phrases in your IG Program/Plan/Policy (whichever you choose to call it). Remember that I said I want you to use complete sentences, and complete paragraphs where applicable. Please do not just give me listings like that which is included in the outline for Roles and Responsibility example above. DO NOT GIVE ME BULLETED ITEMS with no descriptions or explanations in sentence form. The IG policy/program that you submit should be so much more than just bullet items followed by phrases (or nothing at all). You will lose a significant number of points if you ignore this instruction. Phase III is not conducive to using the AMA format or any other similar format. Use your own formatting but make sure that you follow my guidelines and do not simply give me bullet items or lists with no explanation of what it is or why you are including it in your list.
Please, do not attempt to plagiarize or copy another IG policy that you find on the internet (or anywhere else). Remember, I will run the IG Policy that you submit through a plagiarism checker that will compare it with others on the web and with those of the other students in the class. Where a match is found, the source is also disclosed. In addition, your paper will be broken down and will display the percentage of your entire paper was plagiarized from a source other than your own independent creation. If you use anything from an IG policy that you find on the Internet, please give credit to the source so that the plagiarism issue will not come up. If you and another student both copy directly from the same outside source, but do not give credit to that source, there are times when the plagiarism checker will tag your paper as being identical to that of the other student. And the other student’s paper is identified as being plagiarized from the outside source. So, if you use anything from an outside source, please cite to the source and provide me with the source so that I may look at the source to see just how similar your work is.
The IG Policy that you develop should be specific to INSURANCE ASSURANCE OF THE SOUTH and designed specifically to meet the organizational needs, and should be limited in scope to the line of insurance that you selected for Phase II of your project. To the extent that you decide that IAS should use cloud computing, mobile devices, and to the extent that you decide that it is appropriate for line of insurance you selected in Phase II to engage in enterprise social media, state the decisions you have made as those things will be reflected in your IG policy. Explain any decisions or assumptions you have made for IAS that were not outlined in the description of the company.
This phase (phase III) of your project is due no later than at 11:30 p.m. Eastern Standard Time on Saturday, December 8, 2018. Make sure to submit the project in WORD format. Use 1 inch top, bottom, left and right margins on each page. Include a cover page that will contain the Course name and number, semester term, your full name, student id, and the title of your paper:
SAMPLE TEMPLATE FOR THE MINIMUM FRAMEWORK AND FORMAT OF AN INFORMATION GOVERNANCE POLICY
The remainder of this paper was reproduced for educational purposes in its entirety from: https://www.infogovbasics.com/creating-a-policy/
A Definition of Scope
The framework should begin by establishing the full extent of the Information Governance program. An example of this could be:
“The Information Governance framework covers all staff that create, store, share and dispose of information. It sets out the procedures for sharing information with stakeholders, partners and suppliers. It concerns the management of all paper and electronic information and its associated systems within the organization, as well as information held outside the organization that affects its regulatory and legal obligations.”
Roles and Responsibilities
The first major section of most frameworks clearly define key roles and their responsibilities, including:
Information Governance Committee Information Governance Team Information Risk Management Information Asset Management Records Manager
Information Governance covers a wide range of policies. The framework should set out which corporate policies are relevant to the Information Governance program. These may include:
Information security policy
Records management policy
Retention and disposal schedules
Information sharing policy
Remote working policy
A major part of the Information Governance framework should set out how the organization and its employees work with information. This can be broken into separate sections covering:
Legal and regulatory compliance
Creating and receiving information
Acceptable content types
Managing the volume of information
Managing personal information
Storing and archiving information
Collaboration and sharing information
Disposing of information
Working with Third Parties
As more and more information that affects a business is created and stored elsewhere it is essential to establish how the organization operates and shares information with stakeholders, partners and suppliers. The framework should:
Define the policies for sharing information with third parties
Define how the organization can manage how third parties handle personal and confidential information
Define how Information Governance fits within supplier relationships and contractual obligations
Define measurement and metrics for third party meeting the organization’s Information Governance
Disaster Recovery, Contingency and Business
The framework should set out the organization’s approach to:
Reporting information losses
Reporting information security breaches
Incident management and escalation
Back up and disaster recovery
Business continuity management
Auditing, Measurement and Review
Information Governance is a continuous improvement process so it must be underpinned by a continuous monitoring procedure. The framework can set out the organization’s approach to:
Monitoring information access and use
Monitoring effectiveness of regulatory compliance
Monitoring the effectiveness of information security policy and procedure
Monitoring of ICT and storage infrastructure performance
Risk assessment and auditing
Information Governance review
Like many things in Information Governance, there is a balance to be achieved with the Information Governance framework. The more comprehensive the document, the better. However, it shouldn’t become so large and unwieldy that it ends up gathering dust on the shelf.