This assignment will assessthe following learning outcomes:
- Critically evaluate the key information governance principles, practices and security frameworks to demonstrate your understanding in the design, development, implementation and monitoring of information security management system of an organisation.
- Ability to critically evaluate the risk assessment methodology to determine appropriate control objectives for a given organisational scenario
- Demonstrate ability to work as a member of a team and make contributions to team success and effectiveness
- Critically appraise, social, ethical and legal responsibilities of an Information security auditor to comply with.
Wallington Trust Hospital (WTH) provides secondary health services to the suburb of London borough of Sutton. The hospital management acknowledge the significance of reliable information security need for their clinical management system to maintain integrity and provide confidentiality and privacy to patients’ digital information which is coupled with electronic medical records. Information Governance play a vital role in Healthcare, it establishes policies, procedures and accountability, which is imperative for an effective management lifecycle of patient data and maximise data privacy and confidentiality. The aim of Information governance is to provide data confidentiality and protection assurance to WTH management, individual patients and help staff to understand the importance of data handling procedures to adhere with clinical information assurance, corporate information assurance, information security assurance and perform their duties ethically to provide best possible care as well as respecting data subjects rights while processing their personal data.
Your task is to develop an information governance policy for WTH and write an accompanying report, which provides justification of policy contents, chosen framework, risk assessment methodologies and strategy to implement strong information governance for the given organisation.