Information Governance Portfolio

This assessment constitutes 100% of the overall module mark. It covers all the module  learning outcomes as detailed below:

Personal & Transferable Skills

1. Critically evaluate a data governance implementation plan created for a specified business  need and reflect on any potential changes and improvements (PT2)

2. Communicate effectively and professionally in order to present arguments clearly (PT3) 3. Demonstrate a comprehensive and detailed knowledge of the goals and principles of Data  Governance and what it means to work ethically and professionally in accordance with these  goals and principles. (PT6)

Research, Knowledge & Cognitive Skills

4. Demonstrate an understanding of the legal frameworks and international standards  underpinning information governance. (RKC1)

5. Design an appropriately researched data governance implementation plan appropriate for  a specified business need that includes business continuity and disaster recovery planning.  (RKC4)

6. Be able to advise on, and evaluate, the ethical and social issues arising from security  measures used by business. (RKC6)

7. Demonstrate a complex understanding of the breadth and depth of the physical and  environmental security issues for a given scenario and demonstrate a critical awareness of  current problems and issues informed by research findings and professional practice. (RKC2)

Professional Skills

8. Provide professional advice and guidance on legal and regulatory compliance. (PS3) 9. Plan, analyse and evaluate a risk management framework and recommend appropriate  operations security measures. (PS1)

         Case Study

Cross:Train is a national gym brand offering a cross training solution to clients through  personal training, scheduled classes and bootcamps. They believe in a holistic approach to  health and fitness, teaching clients Olympic weightlifting moves, cardiovascular sessions and  general fitness, as well as nutrition advice and bootcamps. 

Cross:Train have 23 gyms around the country, located in cities, suburbia and rural areas. Three  of the locations are in a high flood risk area. They employ over 200 staff members nationwide.  They offer a flat monthly rate of £60 for full membership which includes access to all  scheduled classes. Bootcamps and other special events carry additional cost but are  discounted by 40% for members. 

In a recent review it came to light that there have been some data protection issues where  personal data was inadvertently shared, and the senior management team want to ensure  that their staff are better trained and have access to devices which are controlled by the  company. All gym staff are provided with a tablet to manage bookings, complete attendance  registers and conduct one-to-one online sessions with clients who request advice. They also  use the tablet to put together personal training programmes for clients. 

There are several points senior management want to address with the new system:

• A new set of IT related policies and processes will be developed using the ITIL  framework

• Staff will exclusively use their supplied tablet for work purposes and although they can  take them home they will be carefully protected and monitored

• A small team of technicians will be employed to provide technical support from a  distance, with one national manager

• Gym managers will have access to a desktop PC in addition to the tablet and every PC  in the company will be identical in set up

• Every gym will have password protected WiFi installed and senior management would  like to offer access to clients

• In the near future a mobile app will be deployed to clients so they can make online  payments, manage their own direct debit, sign up to sessions, cancel sessions, chat  with other clients, track their fitness progress and share achievements

• Staff training in information security and data protection will be mandatory and must  be completed at the point of first employment followed up with annual refresher  training

• All systems will need to be password protected backed up and consistent across all  locations

• Backups and routine maintenance for all systems will take place either overnight or  on a Sunday afternoon

All gyms are open 7am-10pm every day except Sunday, which opens 10am-2pm.

Assessment Requirements

Your task is to put together the following items (in total around 4000 words):

1. A risk assessment analysis relating to IT services and data security and your recommendations for risk mitigation to ensure business continuity. [25 marks] • Guide: 1200 words

• To include identified risk name, description, likelihood and severity, overall risk  score, specific mitigation with justification linked to business continuity • All risks should be clearly related to this scenario

2. A summary of ethical, social, legal and regulatory compliance issues relating to this  case study, to include clear information on all applicable laws and industry best  practice (such as ISO27K). The summary should demonstrate an understanding of the  differences between ethical and legal considerations. It should include a clear list of  controls you plan to implement with justification for each. [35 marks]

• Guide: 2000 words

• To include a comprehensive list of all pertinent legislation and ethical and  social issues with clear controls identified and justified

• To include clear links between issues identified, suggested controls and  associated legislation/standards

• To include an indication of consequences to the organisation in the event of  non-compliance

3. An A4 electronic poster showing the steps to be taken for Disaster Recovery. It should  indicate responsibilities and have a clear start and end. This process is to be followed  by your IT team in the event of an IT related disaster. [20 marks]

• Guide: 200 words (mostly design but some explanatory text could be present) • Should be relevant to the target audience

• Should be generic enough to be followed in the event of any IT related disaster • Use formal process flow notation

4. A reflection on the portfolio you have produced: its strengths and weaknesses and  your own learning based on your degree route. [10 marks]

• Guide: 600 words

• The reflection needs to be honest and identify areas for improvement within  the portfolio, with justifications

• You can reflect on every aspect of the portfolio you have produced, including  presentation, your recommendations, content, references, time management  etc.

• It should link to your prior learning, and future career choice

5. The entire portfolio needs to be professionally presented. [10 marks] • References should be included in appropriate places

• It should be free from major spelling/grammatical issues and in a publishable  state

• It should include page numbers, a table of contents, sensible headings, list of  references and appendices (if appropriate).

• The structure should be easy to follow and logical

• Any assumptions should be listed throughout

Hand in Requirements

Please upload your portfolio as one document to Blackboard by the deadline, in .pdf format.

Marking Criteria

Part Criteria Marks

70% + Excellent work to an extremely high professional standard which covers all conceivable 

risks. Descriptions are highly detailed and include excellent appropriate information. May 

exceed expectations at this level. 

60-69% Very good work to a professional standard which covers a wide range of risks. 

Descriptions are detailed and include very good appropriate information. 

Item 1

Risk Assessment

Item 2


50-59% Good work to a reasonable professional standard which covers a range of conceivable risks.  25%

Descriptions are reasonable and include appropriate information. 

40-49% An attempt has been made to identify appropriate risks but there are some missing and/or  they are not appropriate. Descriptions are included but are not always appropriate or lack  detail. 

<40% A poor attempt which does not meet the module learning outcomes. It may have missing  information or has missed the point. 

70% + Excellent summary to an extremely high professional standard. Includes excellent detail. It  could be implemented in industry. May exceed expectations at this level.

60-69% Very good summary to a professional standard. Includes good detail. Could be implemented  in industry with some minor adjustments. 


50-59% Good summary to a reasonable professional standard. Includes reasonable detail. It could be  implemented in industry with more work.

Item 3

40-49% An attempt has been made to write a summary. Details have been included but are not clear  or have no meaning in this context. The document is somewhat vague and needs quite a lot 

more work.

<40% A poor attempt which does not meet the module learning outcomes. It may have missing  information or has missed the point entirely.

70% + An excellent informative poster which includes an excellent process flow diagram with  references. The steps are logical, realistic and accurate.

60-69% A very good poster which includes a very good process flow diagram and references. The steps  are accurate and logical. 50-59% A good poster with a reasonable process flow diagram (may have missing points) and  Disaster Recovery Poster

Item 4


references. There may be some minor errors present but it’s mostly accurate and logical.

20% 40-49% A poster has been submitted but it lacks detail and the process flow diagram may be too  simple or incorrect, or missing. Referencing is present but could be improved. Steps could be  more accurate and logical.

<40% A poor attempt which does not meet the module learning outcomes. It may have missing  information or has missed the point entirely.

70% + An excellent reflection which identifies strengths and areas for improvement with detailed  reasoning. Professional layout and could be published. It clearly links the current module 

learning to prior learning and experiences and considers future learning and/or career choices  in detail. Incorporates references and/or best practice examples.


60-69% A very good reflection which identifies a number of strengths and areas for improvement with  some reasoning. Layout is good enough to publish with minor amendments. It links learning  experiences well and includes references.

50-59% A good reflection with a selection of points raised. It could be more reflective and make use of  references. There is some linking of learning experiences. There may be some minor errors 

present. Reasonable layout but needs more work.

40-49% A reflection has been written but it lacks detail and does not provide justifications. No linking  of learning experiences included. Layout could be improved, and it needs more work.

<40% A poor attempt which does not meet the module learning outcomes. It may have missing  information or has missed the point entirely.

70% + Presentation is excellent all round and makes use of industry-appropriate language. All items  could be implemented in industry.

60-69% Presentation is very good and could be implemented in industry with minor amendments.

Professional Presentation

50-59% Presentation is acceptable but may lack some of the requirements listed in the specification. 10%

40-49% Presentation could be improved based on the requirements listed in the specification.

<40% A poor attempt which does not meet the module learning outcomes. It may have missing  information or has missed the point entirely.