Learning Outcomes tested in this assessment
This assignment will assessthe following learning outcomes:
1. Critically evaluate the key information governance principles, practices and security frameworks to demonstrate your understanding in the design, development, implementation and monitoring of information security management system of an organisation.
2. Ability to critically evaluate the risk assessment methodology to determine appropriate control objectives for a given organisational scenario
3. Demonstrate ability to work as a member of a team and make contributions to team success and effectiveness
4. Critically appraise, social, ethical and legal responsibilities of an Information security auditor to comply with.
This assignment consists of two parts;
• Part B – Group work (30%)
Wallington Trust Hospital (WTH) provides secondary health services to the suburb of London borough of Sutton. The hospital management acknowledge the significance of reliable information security need for their clinical management system to maintain integrity and provide confidentiality and privacy to patients’ digital information which is coupled with electronic medical records. Information Governance play a vital role in Healthcare, it establishes policies, procedures and accountability, which is imperative for an effective management lifecycle of patient data and maximise data privacy and confidentiality. The aim of Information governance is to provide data confidentiality and protection assurance to WTH management, individual patients and help staff to understand the importance of data handling procedures to adhere with clinical information assurance, corporate information assurance, information security assurance and perform their duties ethically to provide best possible care as well as respecting data subjects rights while processing their personal data.
Your task is to develop an information governance policy for WTH and write an accompanying report, which provides justification of policy contents, chosen framework, risk assessment methodologies and strategy to implement strong information governance for the given organisation.
Assessment Criteria/Marking Scheme:
Part B: Group Task
Task 4: Policy – 30%
(suggested word limit for this section is 2500 words)
The information security policies should include Introduction, purpose, scope, roles and responsibilities, Information Governance Policy Framework, implementation plan and monitoring mechanisms to address security threats and mitigate security vulnerabilities in the context of given scenario. Presentation should include appropriate language, referencing, clarity of expression style, format and length.
The group work should all have 2500 words but I only need 500 words for my part
1. Purpose of the policy (100 words)
2. The organisation’s approach to Information Governance (400 words)
Highlighting information governance key principles that the hospital should have
CIA confidentiality, integrity and availability
Following the regulations and the legislations
Key components of IG structure