Phases I and II were designed to assist you in beginning to analyze major components or factors that ultimately affect the Information Governance Plan that you design for Superior Card Processors, Inc. (hereafter “SPC”).
INSTRUCTIONS FOR PHASE III
It is your task to now add the “content” to the outline for the Information Governance Plan/Program. That is you are to prepare an Information Governance Policy/Program for SPC. Recall, for each of merchant customer who engages in credit card sales, SCP processes the transaction, which involves interacting with the issuing bank, deducting its fee from the sales proceeds, deposits the relevant merchant bank’s credit card processing fee into the merchant bank’s account, and deposits the merchant’s net revenue into the merchant’s bank account with the merchant bank. SCP will be required to retain details of the transactions and provide detail and summary reports to each relevant third party, including the issuing banks, merchant banks and merchants. Your IG program must protect sensitive information and must comply with the law regarding what SPC can and cannot retain and/or share. It must also be complaint with PCI DSS. You want a program that will allow you to identify information early that is required for legal holds, but you do not want to retain information beyond the required period of time. All IG policies or programs are somewhat different and unique to the industry and to the organization. Here, your IG program will be unique to SCP, and to the merchant banks and merchants that it services. There are a number of sample Information Governance Policy/Program templates and samples on the internet. Attached to the end of this document is just one sample Information Governance Framework template that was copied verbatim from the website https://www.infogovbasics.com/creating-a-policy/. This framework gives you an idea of the minimum items that might be included generally in an IG Plan. Please take into consideration that it may not be complete for your industry or organization. I have downloaded and saved for your review in the CONTENT section, subdirectory on SEMESTER PROJECT¸ subfolder SAMPLE IG PLANS a few samples from the internet. You may review them for a flavor of how different IG Plans may be for organizations in the same industry, and even for companies managed by the same organization. Also, please feel free to browse the internet to get a flavor for what an actual IG Policy/Program might look like. Also, take into consideration the requirements promulgated by the PCI DSS security council. If you desire, you may use the template attached to the end of this document as GENERAL outline for
how you might choose to format your IG Policy/Program for SCP, INC., but remember you will need to make modifications that will make it suited for the industry and specifically for SCP, as it applies to its merchant customers and banks. It is certainly not a requirement that you use either the attached sample as a guideline for formatting your own IG Policy/Program, or that you use anything that you may find on the internet. You may design your own format for an IG Policy/Program for SCP that is far superior to anything that you find online. If that is the case, then use your own model! It makes no difference how you arrived at the final format you use for the IG Policy/Plan/Program that you submit, as long as you give credit to all source(s), that you looked to in formulating or designing your IG Plan or any portion of your plan. The sample at the end of this document is merely attached for your convenience as one example of the minimum type of information that might be contained in your IG policy/program. Do as much research from all sources you have access to or can locate to determine how you want to format your own IG Policy/program, and the types of things you will include. If you decide to use the attached sample, or anything you find on the internet, you are required to customize either to meet the distinct characteristics and needs of SCP and to add the detail required. Please know, this assignment DOES NOT consist of submitting an outline for SCP’s IG Plan. This assignment is to submit “THE” Information Governance Plan for SCP, complete with detail. That is, please do not misconstrue the sample/example format attached hereto or any outlines that you find on the internet that are generic in nature. Those are merely outlines for what I am asking you to develop in this assignment. They are skeletons that contain only headings for the content that you will include in the IG Policy/Plan/Program that you develop in Phase III. That is, what follows is merely an Information Governance Framework. The purpose of the Information Governance framework is to formally establish an organization’s approach to Information Governance. No two Information Governance programs are the same, so each framework will be unique to the organization but any program should, as a minimum, cover the following areas.