SEMESTER PROJECT Description
Introduction to the Company:
Security Transport Professionals Incorporated (STP), has its home office located in Lexington, Kentucky and in addition has more than 3,000 employees located in each of its branch offices located in Houston, Texas and San Diego, California.
STP is primarily a nationwide freight hauler. Its customer are comprised of major market retailers particularly in the medical and pharmaceutical industry, the federal government, and several state governments. STP operates a fleet of trucks and private cargo planes that it uses to move “goods” belonging to its customers from one destination to another across the continental United States. Its fleet of truck carriers are located in Lexington, Kentucky with it planes located in Louisville, Kentucky.
STP carries and transports highly controlled, narcotics and scheduled prescription drugs, toxic, radioactive, nuclear, and top secret materials from one facility belonging to its customer to another. The method of transport depends on the type of cargo being hauled. In addition to hauling/forwarding its customers products/goods, STP is required from time to time to store its customer goods for brief periods of time. Two years ago STP began contracting with a number of subcontractors hereafter referred to as either “limited joint partners (LJPs)” or “independent subcontractor alliances (ISAs)” for the purpose of expanding its freight forwarding, storage, and delivery service. Due to the confidential nature of the freight that it transports, STP vets its employees, as well as any subcontractors (LJPs and ISAs) that it engages.
STP’s business objectives and goals include the confidential, safe and secure movement of its customer goods, from the customer/distributor to its client, or from one of its customer’s locations to another of the customer’s locations in a timely and efficient manner using costeffective methods. Alternatively, STP may transfer this responsibility to one of its limited joint partners (LJPs) or independent subcontractor alliances (ISAs), if it is more cost-effective and the income differential is within acceptable limits. There are 3 LJPs with which STP had entered into contracts. LJPs are corporate organizations in the same industry that offer essentially the same services as STP, and who are generally competitors of STP. However, when the job requires resources that exceed those of STP or its competitor, the two will enter into an agreement to jointly undertake the contract together, and will together provide the same full range of services, with both entering into the same contract or joint venture with the customer.
Independent subcontractor alliances (ISAs) differ from Limited Joint Partners (LJPs) in that a ISA is not a direct competitor of STP. Rather, the ISA is a company that offers a subset of services to STP, or contracts with STP to provide it with necessary resources to perform the particular job at h.
SEMESTER PROJECT DescriptionIntroduction to the Company S.docx
1. SEMESTER PROJECT Description
Introduction to the Company:
Security Transport Professionals Incorporated (STP), has its
home office located in Lexington, Kentucky and in addition has
more than 3,000 employees located in each of its branch offices
located in Houston, Texas and San Diego, California.
STP is primarily a nationwide freight hauler. Its customer are
comprised of major market retailers particularly in the medical
and pharmaceutical industry, the federal government, and
several state governments. STP operates a fleet of trucks and
private cargo planes that it uses to move “goods” belonging to
its customers from one destination to another across the
continental United States. Its fleet of truck carriers are located
in Lexington, Kentucky with it planes located in Louisville,
Kentucky.
STP carries and transports highly controlled, narcotics and
scheduled prescription drugs, toxic, radioactive, nuclear, and
top secret materials from one facility belonging to its customer
to another. The method of transport depends on the type of
cargo being hauled. In addition to hauling/forwarding its
customers products/goods, STP is required from time to time to
store its customer goods for brief periods of time. Two years
ago STP began contracting with a number of subcontractors
hereafter referred to as either “limited joint partners (LJPs)” or
“independent subcontractor alliances (ISAs)” for the purpose of
expanding its freight forwarding, storage, and delivery service.
Due to the confidential nature of the freight that it transports,
STP vets its employees, as well as any subcontractors (LJPs and
ISAs) that it engages.
2. STP’s business objectives and goals include the confidential,
safe and secure movement of its customer goods, from the
customer/distributor to its client, or from one of its customer’s
locations to another of the customer’s locations in a timely and
efficient manner using costeffective methods. Alternatively,
STP may transfer this responsibility to one of its limited joint
partners (LJPs) or independent subcontractor alliances (ISAs),
if it is more cost-effective and the income differential is within
acceptable limits. There are 3 LJPs with which STP had entered
into contracts. LJPs are corporate organizations in the same
industry that offer essentially the same services as STP, and
who are generally competitors of STP. However, when the job
requires resources that exceed those of STP or its competitor,
the two will enter into an agreement to jointly undertake the
contract together, and will together provide the same full range
of services, with both entering into the same contract or joint
venture with the customer.
Independent subcontractor alliances (ISAs) differ from Limited
Joint Partners (LJPs) in that a ISA is not a direct competitor of
STP. Rather, the ISA is a company that offers a subset of
services to STP, or contracts with STP to provide it with
necessary resources to perform the particular job at hand. For
example, an ISA may be a warehousing company that provides
only storage facilities for STP. Alternatively, an ISA may be a
company that is engaged in service and repairs for STP’s trucks
and planes, and/or provide sterilization and cleaning services
for STP’s trucks and planes upon completion of a job, where
STP had transported hazardous or toxic materials, requiring
specific types of sterilization or cleaning services for its
transport vehicles. There are other types of ISA that STP
engages and contracts with. With regard to ISAs, STP is the
only organization that will contract with its customer or who
will be identified to the customer. It will then enter into its own
separate subcontractor contract with its ISA, and the ISA is not
identified to STP’s customer. There is no definitive number of
3. ISAs that contract with STP. The specific ISAs used (if any)
will vary depending on the geographic location or area of the
country involved and the availability and cost of the ISA
available to service the area.
STP is also under pressure from several of its competitors in the
industry. The competitive market is driving STP to improve its
routes, delivery methods, fleet vehicles, and other facets of its
business to increase profits (a strategic goal) and to reduce
costs. The company realizes that its information technology
infrastructure has been neglected for some time and that many
operating locations are running on outdated hardware and
software. On several occasions last year, STP suffered no less
than four network compromises through one of its LJP Internet
sites that led to the disclosure of sensitive and strategic
information on contracts and mergers.
The chief information officer (CIO) made a strategic
presentation to the board of directors and executive management
to first assess the aging infrastructure and then, develop a
multi-year phased approach to have all sites (except for LJP and
ISA) on the same hardware and software platforms.
Information about the assessment indicates that the current state
core infrastructure (switches, routers, firewalls, servers, and so
on) must be capable of withstanding 10-15% growth every year
for the next seven years with a three-to-four-year phased
technology refresh cycle.
There is a hodgepodge of servers, switches, routers, and internal
hardware firewalls. Nearly all of the infrastructure is woefully
out-of-date in terms of patches and upgrades. This operational
neglect has unduly increased the risk to the network, in terms of
confidentiality, integrity, and availability. Since this will be a
multi-year technology upgrade project, something must be done
to reduce STP’s exposure to vulnerabilities to increase the
4. overall security profile and reduce the risk profile.
Now that the funding has been approved for the infrastructure
assessment, the CIO has decided that it might be a good idea to
implement an Information Governance Program into the
organization, assuming he can sell the corporation on its
benefits. To that end, the CIO has hired you as IG Project
Manager to assist in initial preparatory stages.
STP Job Roles:In addition to the CIO, below is a list of
individuals at STP to whom you have been introduced. The CIO
has informed you that you can call upon any or all of the
individuals who hold these job roles/titles for assistance and
may name any of them to be on your project team. You may
also call upon any of the heads of the various business units for
assistance, as well as a designated contact person for each of
STP’s LJPs and ISAs.
· Chief Executive Officer (CEO)*
· Chief Information Officer (CIO)*
· Chief Financial Officer (CFO)*
· Executive VP of Marketing*
· VP of Human Resources
· In-house Counsel
· In-house Financial Analyst and Risk Manager
· Senior Records Manager
· Senior IT Manager
· IT Security Expert
· Overland Transport Manager
· Airway Transport Manager
· Overland Transport Manager
· Airway Transport Manager
· Southern Region General Manager (Houston, Florida)
· Western Region General Manager (San Diego, California)
· Information Security Specialist
* This individual is also a member of STP’s Board of Directors
5. SEMESTER PROJECT
ADDITIONAL INFORMATION FOR PROJECT
Security Transport Professionals (STP) Incorporated desires to
increase its share of the transportation market for high risk,
sensitive, top secret, regulated “goods” by establishing itself as
being the premier freight hauler who can rise to the task of
moving its customer’s product to its destination in the quickest,
most efficient, confidential, safe and secure manner possible,
while maintaining a comparable cost of moving and storage.
This means that it wants to be identified as THE hauler who
incurs the smallest amount of damage, destruction, and delays
to the customer’s product while the product is in STP’s care and
possession, and who transports the product in a legally
defensible manner, exposing its customers the smallest legal
exposure possible. STP’s objectives include having a system of
management and governance of its data that is readily
accessible for decision making, secure and exposes the
organization to the smallest degree of risk possible. The
strategic plan for achieving this organizational objective
includes designing, planning, implementing, testing, auditing,
evaluating, and continual updating or revising an overall
organizational Information Governance program that is aligned
and synchronized with the organizations’ overall strategic
plans, goals and business objectives. The Information
Governance program should include key concepts from records
management, content management, Information Technology and
data governance, information security, data privacy, risk
management, litigation readiness, regulatory compliance, long-
term digital preservation and business intelligence. To do this,
STP recognizes that in order to support the organizational
objectives, its Information Governance (IG) goal must be to
design and implement a plan/program that provides for a
standardized and systematized method of handling information
6. wherein it can efficiently analyze and optimize how information
is accessed, controlled, managed, shared, stored, preserved and
audited.
You are now ready to design your first Information Governance
Program.
While it should go without stating, information related to each
of STP’s customers and their products is highly sensitive, and in
some cases top secret. You want to make sure that the IG
Program that STP implements will allow STP to retain all of the
information about its customers, the product transported, and
the particular haul that it is required to keep pursuant to federal
and state law. You want to insure STP that the proper
information will be retained that it might need for purposes of
litigation and e-discovery. You will need to consider disaster
recovery and business continuity. You don’t want STP to keep
unnecessary information for extended periods of time, thereby
increasing the cost and time involved with processing and
retention, and also increasing STP and its customers to
litigation risks. Therefore, you will want to give serious
consideration to STP’s data disposition or disposal plans.
INSTRUCTIONS
You are to prepare an Information Governance Policy/Program
for STP. All IG policies or programs are somewhat different and
unique to the industry and to the organization. There are a
number of sample Information Governance Policy/Program
templates and samples on the internet. Attached to the end of
this document is a sample Information Governance Policy
template that was copied verbatim from the website
https://www.infogovbasics.com/creating-a-policy/.
Please feel free to browse the internet to get a flavor for what
an actual IG Policy/Program might look like. If you desire, use
7. the template attached to the end of this document as an outline
for how you might choose to format your IG Policy/Program for
STP and what you might want to include in your IG
policy/program. It is certainly not a requirement that you use
the attached sample as a
guideline for formatting your own. You may determine that you
have something better! This sample at the end of this document
is merely attached as one example of what might be contained
in your IG policy/program, and in what format. Browse as much
as you want to determine how you want to format your own IG
Policy/program, and the types of things you will include. Even
if you do decide to use the attached sample, still you are
required to customize this sample to meet the distinct
characteristics and needs of STP.
Please do not misconstrue the sample/example format attached
hereto. You must complete the actual content or provide
instruction for each section listed, and include your own
sections where appropriate. For example, you will see on one
portion of the attached example the following:
Roles and Responsibilities
The first major section of most frameworks clearly define key
roles and their responsibilities, including:
Information Governance
Committee
Information Governance Team
Information Risk Management
Information Asset Management
Records Manager
Line
8. -
of
-
Business Managers
Employees
“Roles and Responsibilities” is merely a category or heading for
one portion of the IG policy/program. The sentence that reads,
“The first major section of most frameworks clearly define key
roles and their responsibilities including:” is nothing more than
an instruction from me to you describing the section. Then the
7 lines that follow is just an example of the key players for this
particular example. It still needs to have the roles and
responsibilities inserted and described in sentence form for each
of those 7 positions listed. So you will not include in your IG
policy/program my description of what each category is used
for. Please remember that I said I want you to use sentence
form. Please don’t just give me listings like each of the 7 listed
in the Roles and Responsibility example above. The IG
policy/program that you submit should be so much more than
just bullet items with sentences of explanation. You will lose a
significant number of points if you decide to give me bulleted
items only.
However, please, please, please do not plagiarize by copying
another IG policy that you find on the internet (or anywhere
else). Remember I will run the IG Policy that you submit
through a plagiarism checker that will compare it with others on
the web and with those of the other students in the class. Where
it finds a match it will give me the source. In addition, it will
break down your paper and will tell me what percentage of your
entire paper was plagiarized from different sources. If you use
anything from an IG policy that you find on the Internet, please
9. give credit to the source so that the plagiarism issue will not
come up. If you find a good IG policy/program on the internet,
or from any other source, please give credit to the source by
listing it as a reference. If you use the sample that is attached
hereto, please reference it as well. References should be in the
form of endnotes, and not footnotes as footnotes would most
likely detract from the IP Policy/Program.
The IG Policy that you develop should be specific to STP and
unique to the organization’s needs. Where you decide that STP
should use cloud computing, mobile devices, and to the extent
that you decide that it is appropriate for STP to engage in
enterprise social media, state the decisions you have made as
those things will be reflected in your IG policy. Explain any
decisions or assumptions you have made for STP that were not
outlined in the description of the company.
SAMPLE TEMPLATE FOR FORMAT AND CONTENT OF AN
INFORMATION GOVERNANCE POLICY
The remainder of this paper was reproduced for educational
purposes in its entirety from:
https://www.infogovbasics.com/creating-a-policy/ A Definition
of Scope
The framework should begin by establishing the full extent of
the Information Governance program. An example of this could
be:
“The Information Governance framework covers all staff that
create, store, share and dispose of information. It sets out the
procedures for sharing information with stakeholders, partners
and suppliers. It concerns the management of all paper and
electronic information and its associated systems within the
organization, as well as information held outside the
organization that affects its regulatory and legal
obligations.”Roles and Responsibilities
10. The first major section of most frameworks clearly define key
roles and their responsibilities, including:
Information Governance Committee
Information Governance Team
Information Risk Management
Information Asset Management
Records M
anager
Line
-
of
-
Business Managers
Employees
Information Policies
Information Governance covers a wide range of policies. The
framework should set out which corporate policies are relevant
to the Information Governance program. These may include:
· Information security policy
· Records management policy
· Retention and disposal schedules
· Archiving policy
· Data privacy policy
· ICT policy
· Information sharing policy
· Remote working policy Information Procedures
11. A major part of the Information Governance framework should
set out how the organization and its employees work with
information. This can be broken into separate sections covering:
· Legal and regulatory compliance
· Creating and receiving information
· Acceptable content types
· Managing the volume of information
· Managing personal information
· Storing and archiving information
· Collaboration and sharing information
· Disposing of information Working with Third Parties
As more and more information that affects a business is created
and stored elsewhere it is essential to establish how the
organization operates and shares information with stakeholders,
partners and suppliers. The framework should:
· Define the policies for sharing information with third parties
· Define how the organization can manage how third parties
handle personal and confidential information
· Define how Information Governance fits within supplier
relationships and contractual obligations
· Define measurement and metrics for third party meeting the
organization’s Information Governance goals Disaster
Recovery, Contingency and Business Continuity
The framework should set out the organization’s approach to:
· Reporting information losses
· Reporting information security breaches
· Incident management and escalation
Business continuity
management Auditing, Measurement and Review
Information Governance is a continuous improvement process
so it must be underpinned by a continuous monitoring
procedure. The framework can set out the organization’s
approach to:
· Monitoring information access and use
· Monitoring effectiveness of regulatory compliance
· Monitoring the effectiveness of information security policy
12. and procedure
· Monitoring of ICT and storage infrastructure performance
· Risk assessment and auditing
· Information Governance review
Like many things in Information Governance, there is a balance
to be achieved with the Information Governance framework.
The more comprehensive the document, the better. However, it
shouldn’t become so large and unwieldy that it ends up
gathering dust on the shelf.