Professional Documents
Culture Documents
Manage Knowledge Information System
Manage Knowledge Information System
Module description
This Module covers knowledge of the development and maintenance of information processing
systems to support decision making and optimize the use of and learning throughout the
organisation.
LEARNING OUTCOMES
Learning Activities
Instruction sheet...............................................................................................................................2
Introduction......................................................................................................................................5
Self-check-1...............................................................................................................................17
Self-check-2...............................................................................................................................27
Self-check-3...............................................................................................................................45
4.4 design and test Systems to meet information requirements of decision makers.............51
4.5 Information is up-to-date, accurate and relevant and sufficient for the recipient...........56
Self-check-4...............................................................................................................................74
Reference.......................................................................................................................................75
Below you can find an info graphic of the main differences, with a short explanation below.
Please keep in mind that IM in many ways is a useful tool for KM, in that information can help
create and refine knowledge, but as a discipline it is a different one.
As I showed in the previous sections, knowledge and information are actually quite different, as
is tacit and explicit knowledge. So, while information and data management are certainly very
useful, particularly as information sources are growing at exponential rates and with the new
focus on big data, it is not synonymous with KM.
When you chose a paper topic and determined your research questions, you conducted
preliminary research to stimulate your thinking. Your research proposal included some general
ideas for how to go about your research—for instance, interviewing an expert in the field or
analyzing the content of popular magazines. You may even have identified a few potential
sources. Now it is time to conduct a more focused, systematic search for informative primary and
secondary sources.
Writers classify research resources in two categories: primary sources and secondary
sources. Primary sources are direct, firsthand sources of information or data. For example, if you
were writing a paper about the First Amendment right to freedom of speech, the text of the First
Amendment in the Bill of Rights would be a primary source.
Other primary sources include the following:
Research articles
Literary texts
Historical documents such as diaries or letters
Autobiographies or other personal accounts
Secondary sources discuss, interpret, analyze, consolidate, or otherwise rework information from
primary sources. In researching a paper about the First Amendment, you might read articles
about legal cases that involved First Amendment rights, or editorials expressing commentary on
the First Amendment. These sources would be considered secondary sources because they are
one step removed from the primary source of information.
The following are examples of secondary sources:
Magazine articles
Biographical books
Literary and scientific reviews
Policy Statement Information has varying degrees of sensitivity and criticality. Some items may
require an additional level of protection or special handling. The City University of Hong Kong
(“University”) shall classify, label and handle information resources based on their sensitivity,
criticality, value, nature and impact of unauthorized disclosure in accordance with legal,
regulatory and contractual requirements. This standard outlines the specific requirements and
guidelines for the implementation of “Information Classification and Handling” in “Information
Security Policies”.
Objective The objective of this Information Classification and Handling Standard is to provide
guidance on how the information should be handled in accordance with its classification
standard. All the University members that may come into contact with such information shall
familiarize themselves with this information classification standard and follow it consistently.
Scope This Information Classification and Handling Standard apply to the electronic data and
printed documents stored in any form within the University or in relation to the University. 4
Information Identification Before establishing security controls, the Information Owner/Delegate
must identify and classify information assets to be protected. The “Information & IT Asset
Inventory and Ownership Standard” provides guidance on how assets should be identified and
registered.
5 Information Classifications the University must classify all its information assets into
appropriate levels to indicate the need, priority and degree of protection required. When handling
personal data, the personal data user must ensure compliance with the Personal Data (Privacy)
Ordinance, and the University’s “Code of Practice for Personal Data (Privacy) Issues”. Research
data and research information are important assets to the University. The University shall protect
the confidentiality and integrity of research data and research information without creating
unjustified obstacles to research activities. Information related assets funded by research grants
shall also conform to the “Policies and Guidelines relating to Research” maintained by Research
Grants and Contracts Office of the University. The degree of protection required for different
types of information is based on security and legislative compliance requirements. The following
1. RESTRICTED This classification applies to the information that is very sensitive in nature
and is strictly confidential to the University, the government or any other agreements
between the University and third parties (including the government). Such information is
considered critical to the University’s capacity to conduct its business. Generally, this
information shall be used exclusively by a small number of predetermined and authorized
named individuals, roles or positions and business partners. Either disclosure of it to
unauthorized parties or being shared internally could have significant adverse impact on the
University’s reputation, its staffs, students and third parties. Inappropriate release of
“RESTRICTED” information could cause unforeseeable damage to or endanger an
individual, and result in financial lost or damage to standing or reputation at University level.
Examples of information with this classification include:
examination papers before being released,
privileged accounts’ passwords of the University’s key information systems
pending criminal investigation “RESTRICTED” and “SECRET” used
interchangeably in the scope of this set of Information Security Policies and
Standards. “RESTRICTED” is the preferred classification label. Existing
information classified as “SECRET” should be reclassified into “RESTRICTED”
upon review of classification.
2. CONFIDENTIAL This classification applies to sensitive information that is intended for
use by specific group of authorized personnel within the University and business partners,
assigned on a need-to-use basis and for authorized intended purpose. The unauthorized
disclosure, modification or destruction of this information would adversely affect the
business performance or the continuity of operations. Inappropriate release of
“CONFIDENTIAL” information could cause inconvenience to individuals, and result in
limited financial lost or damage to a standing or reputation at unit level. Information of
interest for news media, pressure group or electorates is also classified as
“CONFIDENTIAL”. Such information shall not be copied or removed from the University’s
In Information summary do not include anything that does not appear in the original. (Do not
include your own comments or evaluation.) And be sure to identify your source.
4. When writing the summary there are three main requirements: sate:
Objectives
Objectives are specific statements of outcomes that a jurisdiction is aiming to achieve through
its transport system.
Objectives support the high-level goals and can be expressed for each planning level: the whole
transport system, city or region, a network, an area or corridor, or a specific route or link.
Objectives can also be set for specific initiatives, transport modes and local areas.
The suite of objective statements should be consistent and integrated across planning levels.
The difference between objectives and outcomes should be noted. Objectives are statements
about desired outcomes. Outcomes are the end results that are achieved by meeting the
objectives. For example, reducing fatalities from road trauma is an objective; the number of
fatalities is an outcome. Similarly, reducing greenhouse gas emissions is an objective; the level
of greenhouse gas emissions is an outcome.
Statistics is a branch of science that deals with the collection, organisation, analysis of data and
drawing of inferences from the samples to the whole population. This requires a proper design of
the study, an appropriate selection of the study sample and choice of a suitable statistical test. An
adequate knowledge of statistics is necessary for proper designing of an epidemiological study or
a clinical trial. Improper statistical methods may result in erroneous conclusions which may lead
to unethical practice.
VARIABLES
Variable is a characteristic that varies from one individual member of population to another
individual. Variables such as height and weight are measured by some type of scale, convey
quantitative information and are called as quantitative variables. Sex and eye color give
qualitative information and are called as qualitative variables.
These DSS has file drawer systems, data analysis systems, analysis information systems, data
warehousing and emphasizes access to and manipulation of large databases of structured data
Model driven
The underlying model that drives the DSS can come from various disciplines or areas of
specialty and might include accounting models, financial models, representation models,
optimization models, etc. With model drive DSS the emphasize is on access to and
manipulation of a model, rather than data, i.e. it uses data and parameters to aid decision
makers in analyzing a situation. These systems usually are not data intensive and
consequently are not linked to very large databases.
Knowledge driven
These systems provide a recommendation and/or suggestion scheme which aids the user in
selecting an appropriate alternative to a problem at hand. Knowledge driven DSS are often
referred to as management expert systems or intelligent decision support systems. They focus
on knowledge and recommends actions to managers based on an analysis of a certain
knowledge base. Moreover, it has special problem solving expertise and are closely related to
data mining i.e. sifting through large amounts of data to produce contend relationships.
2. Document driven
These systems help managers retrieve and mange unstructured documents and web pages by
integrating a variety of storage and processing technologies to provide complete document
retrieval and analysis. It also access documents such as company policies and procedures,
product specification, catalogs, corporate historical documents, minutes of meetings,
This breed of DSS is often called group decision support systems (GDSS). They are a special
type of hybrid DSS that emphasizes the use of communications and decision models intended
to facilitate the solution of problems by decision makers working together as a group. GDSS
supports electronic communication, scheduling, document sharing and other group
productivity and decision enhancing activities and involves technologies such as two-way
interactive video, bulletin boards, e-mail, etc.
4. Inter- and Intra-organization DSS
These systems are driven by the rapid growth of Internet and other networking technologies
such as broadband WAN’s, LAN’s, WIP, etc. Inter-organization DSS are used to serve
companies stakeholders (customers, suppliers, etc.), whereas intra-organization DSS are
more directed towards individuals inside the company and specific user groups. The latter,
because of their stricter control, are often stand-alone units inside the firm.
5. New breeds of DSS
Hybrid Systems, which are combinations units using aspects of more than one different type
of DSS. A very popular example is Web based DSS, which can be driven by a combination
of different models such as document-driven, communication driven and knowledge drive.
Web-based DSS are computerized systems that delivers decision support information or
decision support tools to a manager or business analyst using a "thin-client" Web browser
like Netscape Navigator or Internet Explorer.18
On-line Analytical Processing (OLAP) - a category of software technology that enables
analysts, managers and executives to gain insight into data through fast, consistent,
interactive access to a wide variety of possible views of information that has been
transformed from raw data to reflect the real dimensionality of the enterprise as understood
by the user.
Keeping the various distinctions and classifications of DSS in mind, a DSS should be described
in terms of:
The dominant technology component or model underlying the system
Targeted users
Data Data are numbers, words or images that have yet to be organised or analysed
to answer a specific question.
Information Produced through processing, manipulating and organizing data to answer
questions, adding to the knowledge of the receiver.
Knowledge What is known by a person or persons? Involves interpreting information
Data should be sufficiently accurate for the intended use and should be captured only once,
although it may have multiple uses. Data should be captured at the point of activity.
Data is always captured at the point of activity. Performance data is directly input into
Performance Plus1 (P+) by the service manager or nominated data entry staff.
Access to P+ for the purpose of data entry is restricted through secure password controls
and limited access to appropriate data entry pages. Individual passwords can be changed
by the user and which under no circumstances should be used by anyone other than that
user.
Where appropriate, base data, i.e. denominators and numerators, will be input into the
system which will then calculate the result. These have been determined in accordance
with published guidance or agreed locally. This will eliminate calculation errors at this
stage of the process, as well as provide contextual information for the reader.
Data used for multiple purposes, such as population and number of households, is input
once by the system administrator.
Validity
Data should be recorded and used in compliance with relevant requirements, including the
correct application of any rules or definitions. This will ensure consistency between periods
and with similar organisations, measuring what is intended to be measured.
Data should reflect stable and consistent data collection processes across collection points
and over time. Progress toward performance targets should reflect real changes rather than
variations in data collection approaches or methods.
Source data is clearly identified and readily available from manual, automated or other
systems and records. Protocols exist where data is provided from a third party, such as
Hertfordshire Constabulary and Hertfordshire County Council
Timeliness
Data should be captured as quickly as possible after the event or activity and must be
available for the intended use within a reasonable time period. Data must be available
quickly and frequently enough to support information needs and to influence service or
management decisions.
Performance data is requested to be available within one calendar month from the end of
the previous quarter and is subsequently reported to the respective Policy and Scrutiny
Panel on a quarterly basis. As a part of the ongoing development of PerformancePlus it is
intended that performance information will be exported through custom reporting and
made available via the Three Rivers DC website. This will improve access to information
and eliminate delays in publishing information through traditional methods.
Relevance
Data captured should be relevant to the purposes for which it is to be used. This will require a
periodic review of requirements to reflect changing needs.
We have a duty to collect and report performance information against a wide range of
statutory indicators. These are set out in the context of the Government’s White Paper –
Strong and Prosperous Communities. Where appropriate each service will identify
The Risk Management Plan should identify the risk management activities you anticipate and
plan throughout the product’s life-cycle. It is dynamic and should be revisited and updated often.
This is not a do it one time and it’s done activity.
A Risk Management Plan must include the following criteria:
1. Scope of the Risk Management activities. Define the product included. It is possible to
have multiple products described within a single Risk Management Plan.
2. Describe the intended use of the product(s).
3. Identify all Risk Management activities planned throughout the product lifecycle.
4. Define roles and responsibilities. Identify the Risk Management team that will be
reviewing and approving risk documentation.
5. Criteria for the product’s risk acceptability. (Note, that often times this is likely to be
defined within your Risk Management Procedure.)
6. Specify methods to verify Risk Control measures are implemented and reduce risks.
7. Define how post-production information will be captured and fed into Risk Management
activities for the product.
The Risk Management Plan evolves and should be kept current--even after product development
is completed.
The Role of Executive Leaders in the Risk Management Plan
People often thinks that Risk Management is a job for developers, designers, and engineers. The
product people. While it is true that these resources provide valuable insights to Risk
Management efforts, these individuals are not the only contributors. .
Your goal in conducting quantitative research study is to determine the relationship between one
thing [an independent variable] and another [a dependent or outcome variable] within a
population. Quantitative research designs are either descriptive [subjects usually measured once]
or experimental [subjects measured before and after a treatment]. A descriptive study
establishes only associations between variables; an experimental study establishes causality.
Quantitative research deals in numbers, logic, and an objective stance. Quantitative research
focuses on numeric and unchanging data and detailed, convergent reasoning rather than
divergent reasoning [i.e., the generation of a variety of ideas about a research problem in a
spontaneous, free-flowing manner].
Its main characteristics are:
1. Explain the data collected and their statistical treatment as well as all relevant results in
relation to the research problem you are investigating. Interpretation of results is not
appropriate in this section.
In my experience decision making is a process and happens over a period of time. It is when
the decision is constructed and built (made).
A decision is taken at a moment, in an instance. The decision is taken at the moment the
choice is made: the decision is taken from the available options.So, decision making, precedes
decisions being taken.
Decision taking
It is quite easy to spot decisions being taken. Or rather, attempts to take decisions. These
often occur as votes in a meeting. They might be a statement from the chairman or leader
that says, “Right, this is what I have decided” or “This is what we will do”.
What is decision-making?
Decision making is about how you get to the decision. It is about making sure you understand
the whole decision process.
There is an important first step, which is realizing that you have to make a decision. I call this
“decision awareness”.
Decision making can include gathering information, creating options, discussing potential
actions and their implications “what if?”.
Decision making can involve judgment and/or more detailed analysis and thought.
(See Thinking fast and slow about decision making)
We have been involved in lots of executive decision making and noticed that the most effective
teams talk about where they are in the decision making process (how they are deciding) as well
as the content of the decision (what they are deciding). Listening to these conversations and
diagnosing where problems are occurring in these processes, has helped us to devise a five step
decision process. This process provides the team with a language to discuss where they are
with a decision, individually and collectively.
In simple words, strategic planning is a planned process in which an organisation defines what it
aims to achieve and how it is going to achieve it.
For an organisation a strategic plan is the fundamental starting point for all its operations. A
strategic plan guides the direction of the organisation by defining explicitly its purpose of
existence and by providing mid-term goals and measurable success indicators. Having clear
indicators or markers allows the organisation to assess whether goals are being reached.
Ethics Filters
The ethical component of the decision making process takes the form of a set of "filters." Their
purpose is to surface the ethics considerations and implications of the decision at hand. When
decisions are classified as being "business" decisions (rather than "ethics" issues), values can
quickly be left out of consideration and ethical lapses can occur.
At key steps in the process, you should stop and work through these filters, ensuring that the
ethics issues imbedded in the decision are given consideration.
We group the considerations into the mnemonic PLUS.
P = Policies
Is it consistent with my organization's policies, procedures and guidelines?
L= Legal
is it acceptable under the applicable laws and regulations?
U = Universal
Does it conform to the universal principles/values my organization has adopted?
S= Self
Does it satisfy my personal definition of right, good and fair?
The PLUS filters work as an integral part of steps 1, 4 and 7 of the decision-making process. The
decision maker applies the four PLUS filters to determine if the ethical component(s) of the
decision are being surfaced/addressed/satisfied.
Step 1: Define the problem (use PLUS to surface the ethics issues)
Does the existing situation violate any of the PLUS considerations?
Step 2: Seek out relevant assistance, guidance and support
Step 3: Identify available alternative solutions to the problem
Step 4: Evaluate the identified alternatives (use PLUS to assess their ethical impact)
Will the alternative I am considering resolve the PLUS violations?
Will the alternative being considered create any new PLUS considerations?
Maichew ATVET College Pby: Hagos G. 2010 E.C 41
Is the ethical trade-offs acceptable?
Step 5: Make the decision
Step 6: Implement the decision
Step 7: Evaluate the decision (PLUS surface any remaining/new ethics issues)
Does the resultant situation resolve the earlier PLUS considerations?
Are there any new PLUS considerations to be addressed?
The PLUS filters do not guarantee an ethically-sound decision. They merely ensure that the
ethics components of the situation will be surfaced so that they might be considered.
How Organizations Can Support Ethical Decision-Making
Organizations empower employees with the knowledge and tools they need to make ethical
decisions by
Intentionally and regularly communicating to all employees:
Organizational policies and procedures as they apply to the common workplace ethics
issues.
Applicable laws and regulations.
Agreed-upon set of "universal" values (i.e., Empathy, Patience, Integrity, Courage
[EPIC]).
Providing a formal mechanism (i.e., a code and a helpline, giving employees access to a
definitive interpretation of the policies, laws and universal values when they need
additional guidance before making a decision).
It’s not enough to make the right decision. You have to ensure that decision is properly
communicated if you want it to be successfully implemented. The bigger the decision, the more
rigorous you have to be in communicating it. Here are 5 keys to communicating that decision
well.
At some point in your career, you’re going to have to “make the call.” You’ll make a big
decision that will affect a lot of people. Some will be happy. Some will be bent. If you want your
decision to be successful, you’ve got to dedicate a significant amount of thought to how you’re
going to communicate the decision to the organization.
Clarity- First, be clear about the call being made. Tell people exactly what the decision is. The
crisper you are in explaining the decision, the higher the likelihood that they’ll carry it out.
Documentation- Document that decision so you have something to true back to. Remember, big
decisions can take a long time to make. The results of those decisions can take a long time to
mature and for you to see what happens. You’ll want a document to go back to and say “Here’s
the decision we made and here was the underlying rationale.” It will help you and your
successors understand why the decision was made. If things go awry, people can dissect the
original rationale and understand what mistakes were made so those mistakes can be avoided in
the future.
Rationale- Lay out the rationale for making the decision. Include the assumptions you made, the
facts you were using to make the decision, and the sources of the information you used for
making the call. When things change, you can go back to that rationale and find root errors in the
data you had. You can understand how the market has changed from when you originally made
the decision. You might find new opportunities to make a better decision. Business cases and
“board decks” are good documentation vehicles for laying out the rationale for the call that
you’ve made.
Dissemination- When making the call, do so in writing and disseminate your decision broadly
across the organization. Avoid the most common problem that happens when people make a
decision: misinterpretation. Many times, if you announce your decision verbally, the game of
telephone occurs. Somebody who was there heard it firsthand. They heard the rationale but they
interpreted it slightly differently than you meant to say it. Then they tell the members of their
team and the rationale you shared changes slightly. Then those team members tell the members
of their team and the rationale changes even more. By the time it gets disseminated across the
entire organization, your rationale can be completely twisted. Sometimes folks will even
communicate a decision contrary to the one you made. By documenting your decision in writing
and making sure everybody gets the same information, the decision and your rationale for
making it will be clear and consistent.
I know of an acquisition that was done, where when the acquisition was announced, the CEO of
the company performing the acquisition went to the company that was being acquired. The
acquisition was announced in a large group forum. He laid out “here’s why we’re doing this deal,
here’s how this deal is going to affect your daily life, here’s what’s going to change, and here’s
what’s not.” There was time allowed for Q & A. People had something they could true back to
because the entire organization heard that message from the decision maker at the same time.
After the meeting, an email communication went out to every associate. That email shared the
same information the CEO had shared in the meeting. Everyone got the same message and
understood why things were happening. It made the transition to being a combined company
much smoother than if the CEO had relied on “cascading” the information through the company.
At each major or significant organisational stage or proposal, assess whether you need to
communicate information to groups of staff or individuals (or a wider audience). Both can be
critical in making sure that you have communicated effectively.
Planning communication
When planning communication, remember to:
build in opportunities for employees and volunteers to feed in their views
ensure that all employees and volunteers can access information: if your only communication
method is by email, check whether everyone has regular access to a computer or a personal
email account
deliver information via a variety of methods but consistently, so that people know what to
expect and where to obtain or access information
maintain communication by regular and timely flows of information: try to avoid the last
minute ‘news scoop’
Review your communication methods regularly and assess their effectiveness to ensure that
your messages are getting through.
Communication methods
When your message is really important, deliver it using more than one method. For example, you
could follow up a general staff meeting with an email, and then confirm the information in a
personalized letter to ensure that it has been received and understood. Possible communication
methods include:
notice boards
newsletters/in-house magazines/e-magazines
letters to staff/volunteers
press releases
annual reports
Anyone has a right to request information from a public authority. You have two separate duties
when responding to these requests:
to tell the applicant whether you hold any information falling within the scope of their
request; and
to provide that information
For a request to be valid under the Freedom of Information Act it must be in writing, but
requesters do not have to mention the Act or direct their request to a designated member of staff.
It is good practice to provide the contact details of your freedom of information officer or team,
if you have one, but you cannot ignore or refuse a request simply because it is addressed to a
different member of staff. Any letter or email to a public authority asking for information is a
request for recorded information under the Act.
This doesn’t mean you have to treat every enquiry formally as a request under the Act. It will
often be most sensible and provide better customer service to deal with it as a normal customer
enquiry under your usual customer service procedures, for example, if a member of the public
wants to know what date their rubbish will be collected, or whether a school has a space for their
child. The provisions of the Act need to come into force only if:
This request handling flowchart provides an overview of the steps to follow when handling a
request for information.
be in writing. This could be a letter or email. Requests can also be made via the web, or even on
social networking sites such as Face book or Twitter if your public authority uses these;
Include the requester’s real name. The Act treats all requesters alike, so you should not normally
seek to verify the requester’s identity. However, you may decide to check their identity if it is
clear they are using a pseudonym or if there are legitimate grounds for refusing their request and
you suspect they are trying to avoid this happening, for example because their request is
vexatious or repeated. Remember that a request can be made in the name of an organisation, or
by one person on behalf of another, such as a solicitor on behalf of a client;
Include an address for correspondence. This need not be the person’s residential or work address
– it can be any address at which you can write to them, including a postal address or email
address;
Describe the information requested. Any genuine attempt to describe the information will be
enough to trigger the Act, even if the description is unclear, or you think it is too broad or
unreasonable in some way. The Act covers information not documents, so a requester does not
have to ask for a specific document (although they may do so). They can, for example, ask about
a specific topic and expect you to gather the relevant information to answer their enquiry. Or
they might describe other features of the information (e.g. author, date or type of document).
This is not a hard test to satisfy. Almost anything in writing which asks for information will
count as a request under the Act. The Act contains other provisions to deal with requests which
are too broad, unclear or unreasonable.
Even if a request is not valid under the Freedom of Information Act, this does not necessarily
mean you can ignore it. Requests for ‘environmental information’, for example, can be made
verbally. You also have an obligation to provide advice and assistance to requesters. Where
somebody seems to be requesting information but has failed to make a valid freedom of
information request, you should draw their attention to their rights under the Act and tell them
how to make a valid request.
The type of information required by decision makers in a company is directly related to:
i. develop short- and medium-range plans, schedules, budgets and specify policies,
procedures, and business objectives for their sub-units of the company, and
ii. Allocate resources and monitor the performance of their organizational sub-units,
including departments, divisions, process teams, project teams, and other
workgroups.
Operational management: Operating managers and members of self-directed teams
Decision makers need information products whose characteristics, attributes or quality are
having the three dimensions of time, content, and form
Decision maker at different levels of the organization are making more or less structured
decisions. Typically there are three types of decision structure:
Unstructured decisions (usually related to the long-term strategy of the organization);
Semi-structured decisions (some decision procedures can be pre-specified but not enough to lead
to a definite recommended decision);
Structured decisions (the procedure to follow, when a decision is needed, can be specified in
advance).
Earlier in this course we discussed the concept of system as a set of interrelated components,
with a clearly defined boundary, working together to achieve a common set of objectives. With
respect to the information system, it can be any organized combination of people, hardware,
The applications of information systems that are implemented in today's business world can be
classified as either operations or management information systems – see the figure, below
(O'Brien, p.13)
How does the general rule that information must be accurate apply to information we
compile?
Where you use your own resources to compile personal data about an individual, then you must
make sure the information is correct. You should take particular care if the information could have
serious implications for the individual. If, for example, you give an employee a pay increase on the
basis of an annual increment and a performance bonus, then there is no excuse for getting the new
salary figure wrong in your payroll records.
Purpose The purpose of this policy is to outline the principles that must be adhered to by all who
work within and have access to personal information and sensitive personal information.
Personal information incorporates the following factors:
Surname, forename, initials
Address, postcode
Telephone number
Date of birth (any other dates e.g. medical dates, dates of diagnosis)
Occupation
Sex
National insurance number
Sensitive personal information is data that contains details of a person’s:
Racial or ethnic origin
Political opinions
Religious beliefs or other beliefs of a similar nature
Membership of a trade union
Physical or mental health or condition
Sexual life, convictions
Legal proceedings
Why Personal Information is collected Information is collected about patients to:
Support patient care
Improve health and social care services
Disclosure of Personal Information for Care Purposes Personal information can be shared
between healthcare professionals when it is in the best interests of an individual and they are
providing direct care.
INFORMATION SECURITY
Physical Security Personal information must always be held securely. In any area which is
not secure, and which can be accessed by a wide range of people (including possibly the
public), such information must be locked away immediately after it has been finished with.
This can provide the communications team with a full understanding of all of the issues, which
will be useful in developing tactics and approaches.
Audience
The following includes the core audiences you will need to consider with any communications
around area reviews. This is not an exhaustive list, and will have different local variations.
Governors Parents
Staff Employers/partners who work with the
Unions college
Students Potential students
Students Union MPs
Aims
From the outset you should have aims for the communication work. The following are
suggestions:
Ensure that internal audiences are kept up to date with the area review process.
Provide timely, accurate, consistent information to stakeholders.
Develop a partnership working approach with other colleges for a strategic
communications approach.
Messages
Creating and maintaining a limited number of key messages promotes consistency across
audiences and channels, whether it is a media release, website update or staff meeting.
Contradictory statements weaken a college’s position and can lead to the perception that it is
hiding something and that nothing it says is to be believed.
It is therefore essential that messages are consistent, open and honest and the fewer people
involved in writing or delivering them, the stronger they will be. The below provide ideas of core
messages you may want to consider using for all communication activities.
When developing these, it is important to understand that negative messages may not be in the
best interest of the college.
How often should we update our communications plan?
Since a strategic communications plan is not a list of tactics, you need to know what you are
supporting so your communications plan can drive outcomes set forth in the business plan. Said
another way, update your communications plan when you update your business plan, ideally
annually. That will ensure you work smarter, not harder.
That doesn’t, however, mean it should collect dust throughout the year. Here are five simple but
important exercises to ensure your communications stay fresh:
goodwill.
Consider the following examples:
Failure to protect your data’s confidentiality might result in customer credit card numbers
being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential
information and you may have fewer of them in the future.
A data integrity failure might result in a Trojan horse being planted in your software,
allowing an intruder to pass your corporate secrets on to your competitors. If an integrity
failure affects your accounting records, you may no longer really know your company’s true
financial status.
Having a security program means that you’ve taken steps to mitigate the risk of losing data in
any one of a variety of ways, and have defined a life cycle for managing the security of
information and technology within your organization.
Hopefully the program is complete enough, and your implementation of the program is faithful
enough, that you don’t have to experience a business loss resulting from a security incident. If
you have a security program and you do experience a loss that has legal consequences, your
written program can be used as evidence that you were diligent in protecting your data and
following industry best practices.
Elements of a good security program
a good security program provides the big picture for how you will keep your company’s data
secure. It takes a holistic approach that describes how every part of your company is involved in
the program. A security program is not an incident handling guide that details what happens if a
4. The type of information required by decision makers in a company is directly related to:
Version:
SensitivityAnalysis https://www.investopedia.com/terms/s/
sensitivityanalysis.asp#ixzz5FAs6mOc1
Guidance for designing, monitoring and evaluating peace building projects: Using theories of
change, CARE
Published with permission from Cass Centre for Charity Effectiveness. This material is taken
from "Tools for Success: doing the right things and doing them right", published in October
2008. Download or buy your copy from Cass Centre for Charity Effectiveness.
(andrea_jones@aoc.co.uk)
4. The type of information required by decision makers in a company is directly related to:
5pts