UNIVERSITY OF THE CUMBERLANDS ITS 833 – INFORMATION GOVERNANCE FALL – IIG BI-TERM 2018 SEMESTER PROJECT – PHASE III Before beginning work on Phase III of your semester project, please refer back to the company description for INSURANCE ASSURANCE OF THE SOUTH (herein after “IAS”), which is in the CONTENT folder, and within that in the SEMESTER RESEARCH PROJECT folder. ADDITIONAL INFORMATION FOR PHASE III INSURANCE ASSURANCE OF THE SOUTH (“IAS”) desires to increase is share of insurance market across all lines of insurance sold, at least in part by becoming and in marketing itself as the most sound and secure insurance provider in the Southeast (and long term, in the nation). The desire and expectation is that it will become recognized as that insurance provider who is the quickest to respond to your needs in times of emergency, and to provide the most comprehensive relief, while at the same time insuring your privacy and your security. The company hopes to become a household name by establishing itself as the premier insurance service corporation who can rise to the task of achieving the greatest return on your dollar. The desire is to have access its customer data in the safest, quickest and most efficient manner possible so as to also improve its reputation in the area of customer service. This means that IAS wants to be identified within its own industry and by its colleagues and competition as THE insurance service corporation that incurs the smallest amount of compromise, breach or wrongful destruction and the greatest degree of return and satisfaction as possible in the industry. IAS’s objectives include having a system of management and governance of its data that is readily accessible for decision making, while at the same time has the highest level of data security and the least amount of exposure to risk possible. The strategic plan for achieving this organizational objective includes designing, planning, implementing, testing, auditing, evaluating, and continual updating or revising an overall organizational information governance program that is aligned and synchronized with the organization’s overall strategic plans, goals and business objectives. To do this, an IG Plan/Policy/Program will be developed for each of the major lines of insurance identified in the instructions for Phase II and in Assessment 2. The management, Information Technology and data governance, information security, data privacy, risk management, litigation readiness, regulatory compliance, long-term digital preservation and business intelligence units/functional departments will be available to assist every team and line of insurance. To do this, IAS recognizes that in order to support the organizational objectives, its Information Governance (“IG”) goal must be to design and implement a plan/program that provides for a standardized and systematic method of handling information, in each functional line of insurance, wherein IAS can effectively analyze and optimize how information is accessed, controlled, managed, shared, stored, preserved, and audited for that line of coverage. Representatives identified in the general project description have been selected for what they bring to the table in order to assist you in implementing effective Information Governance in your organization, and particularly in the line of insurance you selected to focus on in Phase II. You and your team have had an opportunity to identify both high level goals and problem areas for your organization, and for the line of insurance that you selected. (See company description in the SEMESTER PROJECT folder, within CONTENT). In Phase I you and your team had an opportunity to familiarize yourself and your team with different organizations, associations, affiliates and accrediting agencies who can provide guidance on the implementation of information governance in the insurance industry. Also, in Phase I you had an opportunity to begin thinking about the tasks that would be necessary in the design and implementation of a comprehensive Information Governance plan or program, and to develop a plan that sets out the steps and order in which the tasks are to be performed in order to design and implement an IG plan for your organization. The same set of tasks and steps will also work for designing and implementing an IG plan in the line of insurance you selected. Further, you have had an opportunity this semester to conduct research necessary to familiarize yourself with both the federal and Kentucky laws governing the insurance industry, as well as the insurance laws of one other state in which IAS operates, that would have an impact on your organization and your IG Plan. In Phase II, you were to select one line of insurance from the many lines of coverage sold by IAS, and then to design what you expect would be included in the master or major record type or record series for the line you selected with your design to be depicted in the form of a diagram, table, hierarchy chart, taxonomy, or other form that you believe would be most descriptive of the record type you designed for two departmental areas or units within the line of insurance you selected for Phase II. Then, also in Phase II, you were to design questions to be used in surveying the two departments you selected within your line of insurance chosen, and then additional questions to be used as follow up after you have tabulated your surveys of the two departmental units. Lastly, as part of Phase II, you were to develop a records retention plan for the master record series that you designed, and to describe the method of destruction, where applicable, for the line of coverage that you selected. Phases I and II were designed to assist you in beginning to analyze major components or factors that ultimately affect the Information Governance Plan that you design for IAS. INSTRUCTIONS FOR PHASE III It is your task to now add the “content” to the outline for the Information Governance Plan/Program. That is you are to prepare an Information Governance Policy/Program for INSURANCE ASSURANCE OF THE SOUTH, for the line of insurance that you either selected or were assigned for Phase II.. All IG policies or programs are somewhat different and unique to the industry and to the organization. Here, your IG program will be unique to the line of insurance that you covered. There are a number of sample Information Governance Policy/Program templates and samples on the internet. Attached to the end of this document is just one sample Information Governance Framework template that was copied verbatim from the website https://www.infogovbasics.com/creating-a-policy/. This framework gives you an idea of the minimum items that might be included generally in an IG Plan. Please take into consideration that it may not be complete for your company and line of insurance you chose to focus on. I have downloaded and saved for your review in the CONTENT section, subdirectory on SEMESTER PROJECT¸ subfolder SAMPLE IG PLANS a few samples from the internet. You may review them for a flavor of how different IG Plans may be for organizations in the same industry, and even for companies managed by the same organization. Also, please feel free to browse the internet to get a flavor for what an actual IG Policy/Program might look like. Also, take into consideration the recommendations of the organizations, associations, affiliates and accrediting agencies that you identified in Phase I that govern or provide oversight to the insurance industry. Or, if you desire, you may use the template attached to the end of this document as an outline for how you might choose to format your IG Policy/Program for the line of insurance you decided to focus on for Phase II of your project, but remember you will need to make modifications that will make it best suited for the insurance industry and specifically for IAS, and the line of insurance coverage that you have been assigned or chose. It is certainly not a requirement that you use either the attached sample as a guideline for formatting your own IG Policy/Program, or that you use anything that you may find on the internet prepared by the insurance industry organizations, affiliates or oversight bodies. You may design your own format for an IG Policy/Program for IAS that is far superior to anything that you find online. If that is the case, then use your own model! It makes no difference how you arrived at the final format you use for the IG Policy/Plan/Program that you submit, as long as you give credit to all source(s), that you looked to in formulating or designing your IG Plan or any portion of your plan. The sample at the end of this document is merely attached for your convenience as one example of the minimum type of information that might be contained in your IG policy/program. Do as much research from all sources you have access to or can locate to determine how you want to format your own IG Policy/program, and the types of things you will include. If you decide to use the attached sample, or anything you find on the internet, you are required to customize either to meet the distinct characteristics and needs of IAS and to add the detail required. Please know, this assignment DOES NOT consist of submitting an outline for IAS. This assignment is to submit “THE” Information Governance Plan for IAS, complete with detail. That is, please do not misconstrue the sample/example format attached hereto or any outlines that you find on the internet that are generic in nature. Those are merely outlines for what I am asking you to develop in this assignment. They are skeletons that contain only headings for the content that you will include in the IG Policy/Plan/Program that you develop in Phase III. That is, what follows is merely an Information Governance Framework. “The purpose of the Information Governance framework is to formally establish an organisation’s approach to Information Governance. No two Information Governance programmes are the same, so each framework will be unique to the organisation but any programme should, as a minimum, cover the following areas:” https://www.infogovbasics.com/creating-a-policy/ In other words, in Phase III, you must include actual content or provide instruction for a minimum of the sections listed below, and include your own additional subsections where appropriate. For example, should you find an example or sample IG Program/Policy/Program similar to the following framework you should interpret it as follows: Roles and Responsibilities Use sentence here that talks about the Roles and Responsibilities of those responsible for the IG Plan/Program/Policy. The first major section of most frameworks clearly defines key roles of the individuals responsible for implementation, audit, update, accountability and revision of the IG plan for the organization, and the responsibilities for each, and may include: Information Governance Committee: Description of the representatives of the committee goes here, followed by a description of their roles and responsibilities. Information Governance Team:____ Information Risk Management:____ Information Asset Management:___ Records Manager:____ Line-of-Business Managers:____ Employees:____ “Roles and Responsibilities” is merely a category or heading for one portion of the IG policy/program that you design. The section that reads, “Use sentence here that talks about the Roles and Responsibilities of those responsible for the IG Plan/Program/Policy. The first major section of most frameworks clearly defines key roles of the individuals responsible for implementation, audit, update, accountability and revision of the IG plan for the organization, and the responsibilities for each, and may include:” is nothing more than an instruction from me to you describing the section. It is more of a tip from me to you, and is not to be construed as the actual content for your IG Program/Policy/Plan. Then the 7 lines that follow are just examples of what might be key players in this particular example. In your IG Plan that you submit to me, if you have a section that looks like this, then you must also include an actual description of the roles and responsibilities for each entity/position that you have listed. You will not include in your IG policy/program that you design the descriptions of what each category is used for as I did in my example to you. Please use entire sentences rather than phrases in your IG Program/Plan/Policy (whichever you choose to call it). Remember that I said I want you to use complete sentences, and complete paragraphs where applicable. Please do not just give me listings like that which is included in the outline for Roles and Responsibility example above. DO NOT GIVE ME BULLETED ITEMS with no descriptions or explanations in sentence form. The IG policy/program that you submit should be so much more than just bullet items followed by phrases (or nothing at all). You will lose a significant number of points if you ignore this instruction. Phase III is not conducive to using the AMA format or any other similar format. Use your own formatting but make sure that you follow my guidelines and do not simply give me bullet items or lists with no explanation of what it is or why you are including it in your list. Please, do not attempt to plagiarize or copy another IG policy that you find on the internet (or anywhere else). Remember, I will run the IG Policy that you submit through a plagiarism checker that will compare it with others on the web and with those of the other students in the class. Where a match is found, the source is also disclosed. In addition, your paper will be broken down and will display the percentage of your entire paper was plagiarized from a source other than your own independent creation. If you use anything from an IG policy that you find on the Internet, please give credit to the source so that the plagiarism issue will not come up. If you and another student both copy directly from the same outside source, but do not give credit to that source, there are times when the plagiarism checker will tag your paper as being identical to that of the other student. And the other student’s paper is identified as being plagiarized from the outside source. So, if you use anything from an outside source, please cite to the source and provide me with the source so that I may look at the source to see just how similar your work is. The IG Policy that you develop should be specific to INSURANCE ASSURANCE OF THE SOUTH and designed specifically to meet the organizational needs, and should be limited in scope to the line of insurance that you selected for Phase II of your project. To the extent that you decide that IAS should use cloud computing, mobile devices, and to the extent that you decide that it is appropriate for line of insurance you selected in Phase II to engage in enterprise social media, state the decisions you have made as those things will be reflected in your IG policy. Explain any decisions or assumptions you have made for IAS that were not outlined in the description of the company. This phase (phase III) of your project is due no later than at 11:30 p.m. Eastern Standard Time on Saturday, December 8, 2018. Make sure to submit the project in WORD format. Use 1 inch top, bottom, left and right margins on each page. Include a cover page that will contain the Course name and number, semester term, your full name, student id, and the title of your paper: INSURANCE ASSURANCE OF THE SOUTH, INC. INFORMATION GOVERNANCE POLICY/PROGRAM IMPLEMENTATION PHASE III This portion of the semester project is worth 10% of the overall grade. You should submit this assignment using iLearn. Go to the content section where you will see a folder labeled “SEMESTER PROJECT. Select that folder. You will then see a subfolder for PHASE III, and in that the instructions and link for uploading Phase III in the form of a WORD document. Again, this assignment must be submitted no later than 11:30 p.m. Eastern Standard Time on Saturday, December8, 2018. Assignments will not be accepted late. This means that you should not plan to contact me at 11:35 p.m. or 11:59 p.m. in order to request that I accept a late submission. I will not. SAMPLE TEMPLATE FOR THE MINIMUM FRAMEWORK AND FORMAT OF AN INFORMATION GOVERNANCE POLICY The remainder of this paper was reproduced for educational purposes in its entirety from: https://www.infogovbasics.com/creating-a-policy/ A Definition of Scope The framework should begin by establishing the full extent of the Information Governance program. An example of this could be: “The Information Governance framework covers all staff that create, store, share and dispose of information. It sets out the procedures for sharing information with stakeholders, partners and suppliers. It concerns the management of all paper and electronic information and its associated systems within the organization, as well as information held outside the organization that affects its regulatory and legal obligations.” Roles and Responsibilities The first major section of most frameworks clearly define key roles and their responsibilities, including: Information Governance Committee Information Governance Team Information Risk Management Information Asset Management Records Manager Line-of-Business Managers Employees Information Policies Information Governance covers a wide range of policies. The framework should set out which corporate policies are relevant to the Information Governance program. These may include: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Information security policy Records management policy Retention and disposal schedules Archiving policy Data privacy policy ICT policy Information sharing policy Remote working policy Information Procedures A major part of the Information Governance framework should set out how the organization and its employees work with information. This can be broken into separate sections covering: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Legal and regulatory compliance Creating and receiving information Acceptable content types Managing the volume of information Managing personal information Storing and archiving information Collaboration and sharing information Disposing of information Working with Third Parties As more and more information that affects a business is created and stored elsewhere it is essential to establish how the organization operates and shares information with stakeholders, partners and suppliers. The framework should: ▪ ▪ ▪ ▪ Define the policies for sharing information with third parties Define how the organization can manage how third parties handle personal and confidential information Define how Information Governance fits within supplier relationships and contractual obligations Define measurement and metrics for third party meeting the organization’s Information Governance goals Disaster Recovery, Contingency and Business Continuity The framework should set out the organization’s approach to: ▪ ▪ ▪ ▪ ▪ Reporting information losses Reporting information security breaches Incident management and escalation Back up and disaster recovery Business continuity management Auditing, Measurement and Review Information Governance is a continuous improvement process so it must be underpinned by a continuous monitoring procedure. The framework can set out the organization’s approach to: ▪ ▪ ▪ ▪ ▪ ▪ Monitoring information access and use Monitoring effectiveness of regulatory compliance Monitoring the effectiveness of information security policy and procedure Monitoring of ICT and storage infrastructure performance Risk assessment and auditing Information Governance review Like many things in Information Governance, there is a balance to be achieved with the Information Governance framework. The more comprehensive the document, the better. However, it shouldn’t become so large and unwieldy that it ends up gathering dust on the shelf.
Purchase answer to see full attachment