Information Governance is a complex idea or system that helps out one organization to make its organizational structure to be risk-free. The main goal of the system is to provide and implement a strategy that can strengthen the security and safety measures especially when it comes to cyber security. In the age of digitalization, it is important to make the cyber walls of the company to be thicker so that it cannot be penetrated by criminals and no breaching can take place. It is highly connected with the Risk management programs. Most security standards, like HIPAA, assert that full compliance is neither possible nor desirable when following a cookie-cutter approach, urging organizations to examine the entire culture and mindset of their offices. This includes periodic audits, simulated scenarios, and so forth. The dairy farming business gives identity to rural women. India is one of the leading dairy product suppliers in the world and the industry in India is dominated by a big farm located in the state of Gujarat. Dairy consumption has plunged worldwide in the past two decades.
The efforts to make India dependent on milk is still on and if our policymakers make a policy mistake, India, the largest producer and consumer of milk (of nearly 18% world’s total) will become import-dependent and cause an upheaval not only in the domestic market but also in the international market for milk powder which is a highly volatile market with a high beta value for its price. This has been cautioned by very many teachers across the World for the past 15 years, including the undersigned. It must be noted that the international market is controlled by a handful of countries with milk surplus and hence very shallow. Therefore, in this chapter, various areas of the legal and policy-making process of the leading dairy farm of the country will be discussed. Information Governance is a system that will showcase the current mechanism and operation of the organization and the system that is maintained by the same.
The legal compliance of the company along with the cyber security measures and the breaching cases that have been faced by the same will be discussed. Apart from that a Portfolio for the desired information governance system will be described that can potentially improve the security measures of the company and make it less vulnerable to get attacked by cyber-criminals.
Scope of the framework
In general, the board, by means of the practice of corporate governance, puts aims and objectives in focus. It represents the risk mitigated issues for long-term operations in the dairy industry.
- Risk-mitigated: That the business has identified, mitigated the risks that may result in the organization not achieving its objective.
- Long-term: That the business is sustainable and that it is not going to collapse.
- Value creation: That the business performs according to the stakeholder’s expectations which at the same time include environmental, financial, and social measures.
Stakeholders’ interest is one such is which enables the scope of using the information governance framework. The industry which has a greater area of business has much more scope to process information through the mentioned system. As the discussion is related to the leading dairy company of the country, the risks in terms of Information Technology are higher and therefore, the scope for maintaining the information governance framework.
An outline information
As mentioned earlier it is very crucial for an organization to understand the risks that are approaching for the organization and make a proper provision to ensure that the same can be condemned to a certain extent, therefore, as the information governance system deals with the risk mitigation and advanced system to minimize them. There is a team or committee that is assigned for the job to look after whether they are about-face any sorts of data breaching or data misconduct by the internal as well as external entities. Hence, here the discussion will be made on the committee and the members that are formed to ensure these security measures are properly managed. The current committee and management of the organization for cyber and other security are mentioned below.
The members must be
- A Chairperson who is a senior executive officer or chief information officer
- A chief technology officer of the company
- A legal officer who is working with the company
- Security advisors
- Freedom of information manager
- Corporate governance officer
The senior representative who keeps and collects the data for the betterment of the same.
The leading organization of the dairy industry shall consist of such a number of members to look m after that the organizational security is properly managed and the legal and regulatory compliances are properly maintained. The committee will investigate from time to time to make sure that the measures are maintained and will provide a report on the performance of the same.
Each of the members is entitled to various functions or roles to be maintained to ensure that the possible risks that are approaching or the areas where the organization is lacking in to maintain their security shall be more stringent and strengthen to make sure such problems do not repeat in future.
The team is also entitled to look after the overall maintenance and keeping up of the records and the overall system of information governance framework within the organization. Not only that the organization is also looking forward to keep the track of the auditing and financial information of the organization. Identification of the staff and third-party agents who are responsible for the auditing of the existing assets of the company and also to ensure and bring a report on what tools and techniques are used by the Information Security Management System of the same. The ISMS framework and maintenance have been discussed in the latter part of the paper.
The information governance team
The information governance team must consist of various members of different levels of security or and safety measure. Information governance mainly deals with the structural areas of the organization. The team shall be properly drawn and operated by a team of workers from various different departments such as IT, the legal team who will look after the company policies, and legal or regulatory compliances of the same.
Information Technology officers are there to keep the records of the total business performance of the organization, third-party tie-ups, and many other records that are required to keep. The IT staffs keep the records by password protection and also by using various other security and cyber-attack protected measures so that tracks are maintained and also cannot be penetrated by any breached.
A team of legal officers who are aware of the legal compliances of the company such as maintenance of Company Act, Cyber Security Act, Food Safety and Security Act, etc. Not only that they are required to draft and design the company policies regarding cyber security and other security, safety measures.
ISMS-oriented team shall also be there to look after the breaching and failure of the organization in that position.
Account and finance management staffs are also part f the team as they look after the auditing and tender-related issues and faults that can occur or may have occurred in the past.