UNIVERSITY OF THE CUMBERLANDS
ITS 833 – INFORMATION GOVERNANCE
SEMESTER PROJECT – PHASE III
ADDITIONAL INFORMATION FOR PHASE III
Security Transport Professionals (STP) Incorporated desires to increase its share of the transportation market for high risk, sensitive, top secret, regulated “goods” by establishing itself as being the premier freight hauler who can rise to the task of moving its customer’s product to its destination in the quickest, most efficient, confidential, safe and secure manner possible, while maintaining a comparable cost of moving and storage. This means that it wants to be identified as THE hauler who incurs the smallest amount of damage, destruction, and delays to the customer’s product while the product is in STP’s care and possession, and who transports the product in a legally defensible manner, exposing its customers the smallest legal exposure possible. STP’s objectives include having a system of management and governance of its data that is readily accessible for decision making, secure and exposes the organization to the smallest degree of risk possible. The strategic plan for achieving this organizational objective includes designing, planning, implementing, testing, auditing, evaluating, and continual updating or revising an overall organizational Information Governance program that is aligned and synchronized with the organizations’ overall strategic plans, goals and business objectives. The Information Governance program should include key concepts from records management, content management, Information Technology and data governance, information security, data privacy, risk management, litigation readiness, regulatory compliance, long-term digital preservation and business intelligence. To do this, STP recognizes that in order to support the organizational objectives, its Information Governance (IG) goal must be to design and implement a plan/program that provides for a standardized and systematized method of handling information wherein it can efficiently analyze and optimize how information is accessed, controlled, managed, shared, stored, preserved and audited.
During Phase I, you as the project manager have had an opportunity to give some thought to which members of the organization you would want to have on your IG team from those listed in the project description who have expressed an interest in assisting in the creation of the IG program at STP. You have also had an opportunity to give some thought to what you expect might be the greatest security risks that STP may face through your risk analysis and risk profile. You have had an opportunity to research the differing regulations in the different states where STP operates primarily. In Phase II you had an opportunity to consider the types of records STP deals with through your records inventory for a least one area of the organization. You have considered a records retention plan and have identified the types of records that may be periodically tagged for destruction, which should be archived, and which are subject to long term digital preservation. You are now ready to design your first Information Governance Program.
While it should go without stating, information related to each of STP’s customers and their products is highly sensitive, and in some cases top secret. You want to make sure that the IG Program that STP implements will allow STP to retain all of the information about its customers, the product transported, and the particular haul that it is required to keep pursuant to federal and state law. You want to insure STP that the proper information will be retained that it might need for purposes of litigation and e-discovery. You will need to consider disaster recovery and business continuity. You don’t want STP to keep unnecessary information for extended periods of time, thereby increasing the cost and time involved with processing and retention, and also increasing STP and its customers to litigation risks. Therefore, you will want to give serious consideration to STP’s data disposition or disposal plans.