Wallington Trust Hospital (WTH) provides secondary health services to the suburb of London borough of Sutton. The hospital management acknowledge the significance of reliable information security need for their clinical management system to maintain integrity and provide confidentiality and privacy to patients’ digital information which is coupled with electronic medical records. Information Governance play a vital role in Healthcare, it establishes policies, procedures and accountability, which is imperative for an effective management lifecycle of patient data and maximise data privacy and confidentiality. The aim of Information governance is to provide data confidentiality and protection assurance to WTH management, individual patients and help staff to understand the importance of data handling procedures to adhere with clinical information assurance, corporate information assurance, information security assurance and perform their duties ethically to provide best possible care as well as respecting data subjects rights while processing their personal data.
Your task is to develop an information governance policy for WTH and write an accompanying report, which provides justification of policy contents, chosen framework, risk assessment methodologies and strategy to implement strong information governance for the given organisation.
Assessment Criteria/Marking Scheme:
The work will be marked out of 100 in line with the University’s marking grades and according to the following assessment criteria:
|Part A: Individual Task|
|Task 1: Information Governance Need & Cyber Security Threats – 25%
(suggested word limit for this section is 900 words)
|Critically appraise understanding of latest cyber security threats to information assets and demonstrate requirements of Information Governance need in the context of given scenario. The role of Information Security auditors to comply with social, ethical and legal requirements to assess the effectiveness of Information Security Management System. Report should include appropriate language, referencing, clarity of expression style, format and length.||25|
|Task 2: Framework – 20%
(suggested word limit for this section is 700 words)
|Justification of the approach taken and rationale for the scope and content of the Information Security Management Systems (ISMS) based on a critical evaluation and understanding of the organisation, and reference to principles and best practice. This could include critical evaluation of Information governance frameworks and rationale of the choice considered for a given context. Presentation should include appropriate language, referencing, clarity of expression style, format and length.||20|
|Task 3: Risk Assessment – 25%
(suggested word limit for this section is 900 words)
|Justification of the importance of information governance to the organisation based on a critical evaluation of the organisational context. This should include risk assessment methodologies either qualitative or quantitative. Identify information assets, identify threats, vulnerabilities and risks associated with assets. Presentation should include appropriate language, referencing, clarity of expression style, format and length.||25|
|Part B: Group Task|
|Task 4: Policy – 30%
(suggested word limit for this section is 2500 words)
|The information security policy should include Introduction, purpose, scope, roles and responsibilities, Information Governance Policy Framework, implementation plan and monitoring mechanisms to address security threats and mitigate security vulnerabilities in the context of given scenario. Policy should include appropriate language, referencing, clarity of expression style, format and length.||30|
Distinction (70 and above):
Excellent in-depth understanding of the risk assessment process, critical appraisal of different Information Governance frameworks and contemporary cyber threats to information assets in the context of given scenario. A robust policy detailing assurance, governance and responsibilities in the context of given scenario, mentioning best practices to adhere with ethical standards. Thorough critical analysis is made to deliver successful implementation of all tasks and justification of choices are made.
Very good application and synthesis of successful implementation of all tasks is delivered. Report contents are relevant and original but lack excellence in explanation and would need more academic rigour. The robustness and correctness of the risk assessment is not through.
Provide basic understanding of the deliverables. Some deliverables are incomplete. There are number of inconsistencies in each task. Inadequate evaluation and incomplete justification of the choices made. Report shows some errors and not detailed. There is limited consideration to implement design and implementation strategies.
Fail (less than 50):
Provide little or no understanding of the risk process. Incomplete attempt or lacks substantial parts of the deliverables. Fail to demonstrate understanding of the concepts required to implement deliverables. Work lacks serious clarity and detail relevant to the assignment. There are several errors in the submitted report.
Academic Integrity Statement: You must adhere to the university regulations on academic conduct. Formal inquiry proceedings will be instigated if there is any suspicion of plagiarism or any other form of misconduct in your work. Refer to the University’s Assessment Regulations for Northumbria Awards if you are unclear as to the meaning of these terms. The latest copy is available on the University website. https://northumbria-cdn.azureedge.net/-/media/corporate-website/new-sitecore-gallery/services/academic-registry/documents/qte/assessment/guidance-for-students/pl,-d-,005-v003-academic-misconduct-policy.pdf?modified=20190605171211&la=en&hash=A55A56D5BAD5746FC530D31C6291B10F861275CE
(last accessed on 13th August 2019)
There will be an opportunity for formative feedback during the semester. You are advised to start working on this assignment as early as possible so that you can seek clarification from the module tutor regarding any questions you might have during the semester. Note that tutors will not predict your grade, and you should not take the lack of comment on any aspect of your work as indicating that it is correct. You should make every effort to take advantage of formative feedback as tutors will not comment on draft work at other times. Remember that you will get more useful feedback from us by asking specific questions than just presenting us with your documentation and asking, ‘Is this right?’