Information Governance Policy for Snyk Enterprises

Question

Task: You are required to create an information governance policy for an organisation and write an accompanying report in which you justify the approach and content of the policy, and propose an implementation strategy. Choose an organisation you know sufficiently well to be able to complete the assignment.

Answer

1. Introduction
The study discusses the information governance policy for Snykwhich is a software developing company founded in 2015. It enables more than 1.5 million developers worldwide to stay secure. Snyk brought its total funding to £354 million over eight pounds of investment and secured £154 million. Snyk’s product has gained its high level throughout 2020 because of this worldwide pandemic situation due to COVID19. But in January 2020 it was valued at over $ 1billion and now it has increased to $ 2.6 billion.

2. Requirement for Mobile Policy at the Organization
Snyk Enterprises company is a software-based company. The company develops software programs to enhance the security system. It can help the development process of the company. Using new technology at the work can help the company to grow and work better in the business. Using mobile devices has also changed the work environment in the company (Stephens and Ford, 2016). Usage of mobile can also help the workers to work remotely in a pandemic situation too. However, using a mobile phone in the workplace has raised numerous issues. That is why the company needs mobile phone policies to deal with the challenges of the company.

• Usage of excessive mobile phone on the work premises for personal reason can distract the employee from the work. It will cause a reduction in productivity in the workplace.
• Excessive usage of a mobile phone while doing works can also create disturbance for the other workers in the office too. It will make the other employees distracted from the work and also cause a nuisance in the office premise.
• The company providing cell phones to the employees can also cause cost expenses for the company.
• Some employees decreased the professionalism and work ethics of the company. Sometimes sensitive data also got lost because of the over usage of the mobile phone.

The company should take some safety measures to manage mobile usage in the company (Ford, 2018). Some guidelines need to be maintained while implementing the policy:

• The mobile phone usage within the work premise should be limited.
• One should not use their mobiles while working on sensitive data analysis.
• Using the mobile camera to take pictures of the confidential works of the company should be strictly prohibited.
• Employees should not visit unethical websites in the workplace, it will be dangerous for the company. It can misplace the sensitive data from the database.

3. Policy
3.1 Introduction to the Policy
At the Snyk Enterprise, UK, the employees are allowed to access their mobile phones for their personal and professional conversation. An employee can also use their mobile devices for business activities or engaging with a client. However, frequent mobile usage causes distraction and interruption into the working process. The implementation of the Mobile Policy at Snyk Enterprise will establish a corporate call policy to prevent the employees from managing their phone calls. The policies include the regulations, such as not to use the cell phone for personal tasks at the work station, not to play games at the workplace, make the cell phone silent while being in the office and avoid using a cell phone while conducting any confidential documentation at the organization.

3.2 Aim or Purpose
Mobile Policy at Snyk Enterprise is aiming in restricting their employees from using their cell phones at their work stations and while conducting official works to not generate any distraction or make access to any sensitive information from the organization.

The main purpose of this policy is to maintain a corporate work environment at the organization to generate the employee's uninterrupted effort and attention to the official works.

3.3 Scope
The Mobile Policy will help the employees and management of Snyk Enterprise in maintaining their working activities inside the office premises to be uninterrupted. It will also help the organization in restricting its employees from handling sensitive and confidential information on their cell phone devices.

The scope of this policy will prevent the data breaching incidents at the organization and strengthen the security policies at the organization. Being an IT organization, Snyk Enterprise needs to develop its internal security maintenance and ethical regulations to secure important data.

3.4 Objectives
The objectives of the Mobile Policy at the Snyk Enterprise will decrease the risks associated with workplace distraction, data breaching incidents, and psychological tension among the employees. The potential objectives are,

• Applying the Mobile Policy will make the employees at Snyk Enterprise in maintaining the time and attention towards their official work
• Decreasing usage of the mobile phone will make the employees in reducing their additional time in personal problems during the work hours
• Excessive mobile usage can affect both mentally and physically a human being; the implementation of Mobile Policy will be an effective step in ensuring the health betterment of the employees
• The Bring Your Own Device (BYOD) policy is becoming risky at various organizations due to facing data breaching and cyber-attack incidents; implying the Mobile Policy will help the organization in controlling their internal consequences related to disseminating sensitive data on a personal device
• Frequent usage of the personal cell phone can cause disturbance to other employees, which can create unnecessary interruptions to other employees
• Many organizations have already implied the website blocked system where the employees are restricted to use a list of websites from their office devices; the implementation of Mobile Policy will make the employees not browsing the restricted websites from their cell phones

3.5 Roles and Responsibilities
The roles and responsibilities in the implementation of the Mobile Policy are important in understanding the importance of this change.

3.6 Requirement of the Policy
The professional and corporate relationship in Snyk Enterprise is important for engaging maximum effort during a work process. the implementation of the institutional governance to a mobile phone device helps in achieving positive effect and development to an entity. It requires a positive and effective correlation between the cell phone and the development objectives (Asongu and Nwachukwu, 2016). There is no doubt that the mobile phone is one of the most significant and important devices that a human cannot avoid. However, some rules and maintenance related to the usage of personal mobile phones at the workplace will provide various beneficial impacts on the employees. It has been identified that the audit and other active departments of an organization do not effectively work behind the improvement of the information governance activities (du Fresne, 2020). The effective implementation of the information governance policies in an organization can mitigate the risks related to the security and sensitive information breach via a mobile or computer device (du Fresne, 2020). The requirement of Mobile Policy is required in addressing the following areas,

• Reduction of frequent interruptions and distractions during any official activity
• Decreasing mental and psychological stress from the personal conflicts at the workplace
• Reducing the chances of facing data breaching or cyber-attack incidents by any internal sources
• Securing the security process and avoiding any nuisance activities at the workplace

3.7 Policy Framework
The new Mobile Policy at the Snyk Enterprise will be consisting of the following policies –
Policy 1:Making the mobile device silent after reaching the workstation and switch on to the airplane mode during any discussion and meeting

Despite becoming a professional and economic opportunity among many employees, the usage of mobile phones at the workplace disrupts the productivity of an employee (Heukelman, Mutasa and Rodríguez-Puente, 2019). The results related to mobile phone usage provide information related to the unfair usage of sensitive data inappropriately from an organization (Heukelman, Mutasa and Rodríguez-Puente, 2019).

Policy 2:Conduct useful works with mobile phones, such as making a task list, checking or sending any email, and communicating with a client
The increasing usage of computer devices and mobile phones results in increasing distractions from online activities(Mark, Czerwinski and Iqbal, 2018). However, implementing the blockage at the online distractions makes the employees becoming more productive with their mobile devices, such as contacting the clients or maintaining task lists (Mark, Czerwinski and Iqbal, 2018).

Policy 3:Keeping the mobile phone in your pocket or a safe locked place during any professional activities
Many employees do not feel secure at their workplace and often faces threats from using their devices, logging in with their passwords, and even in the company supplied devices (Sebescen and Vitak, 2017). The employees need to ensure that their devices are kept in a secure place.

Policy 4:Do not access the restricted websites during work hours or at the workplace from any personal devices, including the mobile phone
In the digital environment at the workplace, where employees can access any website can face difficulties in increasing their productivity. However, it has been identified that if an organization is a potential in adopting the digital platform to integrate their work process, it will increase their productivity and generate momentum (Attaran, Attaran and Kirkland, 2019). Under the Mobile Policy, a website block is necessary to restrict the websites that cause distraction.

Policy 5:The implementation of Mobile Policy is a beneficial step to the health and psychological stress; it is required to ensure an effective practice on reducing additional stress and distraction during work

The beneficial aspect of the mobile phone can be helpful from the network positioning and GPS-tracking process (Donaire-Gonzalez et al., 2016). The reduction of mobile phone usage at the workplace will reduce the stress and distraction among the employees.

3.8 Related Policies and/or Procedures
The usage of mobile sensing in understanding the work performance among the employees can monitor the screen time and cell phone usage outside professional activities. It can further help in differentiating higher and lower performing employees for their evaluation (Mirjafari et al., 2019).

The associated policies to the Mobile Policy can be,

• Strengthening the internal security procedure
• Sustaining the information governance system related to the organizational data and sensitive information
• Reducing the additional policies regarding BYOD and other technologies
• Maintaining privacy policies at the data policy, email policy, and remote access to the devices

3.9 Monitoring, Measurement, and Review Mechanisms
The monitoring process will be measured by the implementation of the tracking devices at the personal device of the employees to identify their mobile usage time. The motive is to reduce usage gradually. The measurement will also provide data regarding the productiveness and performance of each employee. The review process will be done by the management and IT expertise at Snyk Enterprise to continuously add and improve the Mobile Policy in the future.

3.10 Approval
The approval of the Mobile Policy will be based on the timeline mentioned in this report in the summary section. It will also provide elaborate details related to the costs and duration of the implementation of the new policy.

Information Governance Security
Mobile Solution at Organizations
Part-B (Report)
Executive Summary
Snyk enterprise is a software-based business developer company. The company has information governance which will help the company to maintain the workplace environment and also it secures the information of the company as a valuable asset. Information governance helps legal compliance and maintain transparency in the company. Any organization can create a logical framework for the employees of the company which will help them to maintain the company’s policy and procedures.

The current report is based on,

• The new mobile policy the company wants to implement. The usage of mobile phones has also made communication easy in the workplace.
• Employees of the company can easily communicate and increased the productivity of the company. But the company is facing a problem, about the excessive usage of the mobile within the work premise.

The report will show how the company will mitigate the risk and implement devices and software to control the usage of mobile phones in the office. The software will help the company to block the usage of the unethical website using.

4. Introduction:
Information Governance is an accountability and decision-making place to ensure that the creation, storage, use, disclosure, and archiving of information is handled with legal requirements and operational efficiency. This Policy sets up the key of high-level principles of information governance and arranges the responsibilities for staff members. This Policy applies to all staff by the company Any Organization can set up a strong and logical framework for its employees to handle data through its Information Governance Policies. Here, Snyk is recently noticing that their data is losing and their productivity has been decreasing. Hence, they want to change some policies to protect their security issues. Therefore, they are introducing a Mobile policy in their company so that they can observe everything.

4.1 Critical Evaluation and Demonstration of the Key Information Governance and Security Principles
Information Governance and security policy implemented in Snyk Enterprise; a UK-based company is very useful to implement the Mobile policy by the organization. Information governance helps to create a guideline, some set of standards, ensuring values, quality, and information compliance. The company tries to implement a mobile policy but the restriction of Social media is also very important. Social media governance is very useful to avoid the pitfalls that occurred from social media but it is often overlooked(Haynes, 2016). As the company tries to implement a new mobile policy, it is sometimes very difficult to track records of data. Employees reside in different places, go from various geographical tower locations.

There is a possibility of unauthorized data access. Surfing mobile outside office, use of personal email can cause security issues. The major problem is information cannot be stored within any corporate firewall. Information is always moving via mobile, laptop, email, social media, and etcetera. An organization can never make mobile data confidential as it always moving physically via a device and geographically via a tower. Restricted use of mobile phones within office premises, within a working hour, may restrict some information loss. Sending personal email through mobile from office location can be restricted to track location.

4.2 Critical Evaluation of the Organization’s Approach to Information Governance and Security
Snyk Enterprise has taken a new approach in its Information Governance and Security policy. To avoid risks of unauthorized data loss management, try to implement policies that will be beneficial for both management and employees.Effective record and information management is very important from the perspective of a company. Managing records and information with a meaningful approach is provided by the key implementation of proper information governance. The company makes a strict rule in the restriction of usage of Wi-Fi by its employees. No employees are allowed to use the Wi-Fi system of the company except for some chosen person.

IT department creates a jammer on the Wi-Fi network and installs a proper surveillance system.Mobile phone usage of everyemployee is restricted. Mobile phones are in silence and vibration mode. The Department head can allow an employee to make a call-in case of emergency. Employees are entitled to call during lunchtime and in the cafeteria. No calls are allowed inside the department room. There is also a restriction in usage of social media, chat facilities, unauthorized site surfing in mobile devices within office timing and also during lunchtime. IT department takes proper surveillance of mobile records of every mobile phone within the office during office time.

4.3 Legal, Regulatory, Organizational and Societal Requirement for the Information Governance and Security
Snyk Enterprise has taken some legal approach to implementing Information Governance and Security rules.New IT policies have been implemented and are included in company IT rules. Every employee has to instruct to follow the norm. A strong surveillance system is installed to monitor the mobile network system.It is very difficult to track the mobile network of every employee as there are different service providers. So, a common system is implemented to restrict data loss via a mobile service provider.Usage of mobile within a restricted area and for a limited time sometimes provide a negative impact on employees.The amounts of data transmitted through a mobile device are ever-growing.

It is very problematic to manage such valuable assets and sometimes there is chaos(Merkus, Helms and Kusters, 2019). Over restriction sometimes creates a conflict within the organization with management and employees.Implementation of Information governance and security culture in an organization is not easy. Sometimes employees are coming from different geographical locations, different ethnicity, and age groups. They have different ideas and beliefs. Protecting information and implementing a unique information security system sometimes is very difficult(Da Veiga and Martins, 2017). Young employees busy with social media also find it difficult to restricted usage of social media.

4.4 Information Governance and Security Culture and Reflection
Information governance and security are very important for an organization to secure correct information structure, guidance, and leadership. It helps an organization to ensure that that all personal information is handled securely, efficiently, effectively, and legally in the best possible way. Unauthorized access to data can also be restricted by implementing a strong organizational policy. Effective implementation of a policy provides six major outcomes such as –

• Alignment of strategy
• Measurement of risk factors
• Measurement of available resources
• Value delivery
• Integration

An employee of the organization, proper infrastructure, and procedures are three major keys to implement a policy. Snyk Enterprise has implemented its new policy keeping its employees in mind. Many employees will think this policy is irrelevant and will intervene in their right. Many will think about restricted mobile use as a punishment. Sometimes the emergency call will come from home. Not attaining that call on time may cause a serious issue. To avoid this confusion and conflict a proper HR policy should be implemented. Constant connectivity of the mobile network is a major challenge for an organization(Karyda, 2017). Snyk Enterprise can't ask all employees to shut their mobile and use only office land phone is not possible.

4.5 Ethical and Professional Values for Managing Assets Related to Information
Information security has a close relationship with managing the assets of a company. Apart from financial and material and related assets, employees are one of the major assets of a company. Managing employees with proper ethical and professional values is a big challenge for an organization. Information security is closely related to ethical values. Information governance and security and ethical values are referred to all activities that are needed to secure the information and systems of the organization.

It also helps to facilitate the ethical use of information and data. Sometimes it is unethical to restrict mobile use over employees. At the same time over the usage of the mobile phone causes a decrease in productivity. All employees need to comply with the policy. An employee can share valuable information unknowingly causes a huge risk. Sometimes employees are attached to their virtual world in social media. Unauthorized use of social media causes a security problem like cyberbullying(Huda et al., 2017). A strong policy may cause restricted mobile usage but at the same time influence the work culture. Employees become more focused and productive. Side effects of excessive mobile usage also are eliminated at the same time.

5. Summary
5.1 Findings from Policy and Report Analysis
1. Information governance is an important part of any IT related company. The information governance can manage the information about the company and it also balances the risk the company is facing. Mobile usage also makes the workplace better. It can control the security issues of the company and also treat the information as a valuable part of the company. Big data can be also managed by the information governance of the company (Mikalef et al., 2018). It can significantly enhance technologies to maintain big data. Here, Snyk Enterprise has faced challenges against the mobile usage of the company. The company has put rules regulations to mitigate the problems.

2. The company has faced a difficult situation because of the excessive usage of the mobile phone on the work premises. The company should implement some mobile policies, such as:

a. The employee should keep their phone on silent and should not use it while doing their work.
b. Employees should not use their phones while they are in meetings.
c. They can use phones to make office related works. Like discussed with the colleagues about the particular works and while responding emails to the client's ectara.

d. The usage of smartphones in the workplace can increase cyber-attacks and data breaches into the information system of the company (Shaikh, 2020). It will also affect the productivity of the company.

e. Implementing the mobile policy in the company can help the employee to reduce their workload.

f. If the company implements the policy, it can also improve the work productivity in the company.

5.2 Recommendations

• Snyk enterprise has lost sensitive data and also their productivity has been decreasing day by day. The company has been implemented the mobile policy to reduce the usage of the mobile in the work premise.
• Implementing a mobile policy in the workplace can mitigate the risk of losing sensitive data and information about the company.
• Surfing social media in the workplace can risk losing information about the company and also reduce the work ethics of the company. The mobile policy guideline should include the rule, that employees cannot use social media within the work premise.
• The workload of the employees can be reduced if the excessive usage of the mobile phone has been terminated.
• Using excessive mobile phones in the workplace can make a nuisance in the work environment and the other employees can get distracted by it. That’s why limiting the time of mobile users can help to maintain the work ethics and professionalism in the company.
• The mobile policy will also increase work activity in the company. Employees will get less depressed about works and can maintain the sustainability of the works in the company.

5.3 Potential Costs and Timeline

The Snyk Enterprise should implement some software and tracking device and also implement the software system, which will secure the personal data of the employees of the company.

The website blocking software should block some unethical websites. If any employee visits any unethical website, the software will block the site. It will cost the company £5000.

The tracking device will cost £4000. It will track the usage of the mobile in the company. It will give the authority information, how much time an employee is wasting on mobile usage.

The company will track the usage of the mobile phone should also implement software, that will secure the personal data of the users. The approval of the mobile policy in the organization will be on 24th December 2020. The implementation process will be conducted between 20th January to 28th February 2021.

6. Conclusion
Snyk is implanting their mobile policy to ensure its security and increase their productivity. The policy should be overarching i.e. a statement of intent that provides the organization with an approach to information governance. Here, Snyk wants to fix their issues. They hope that by implementing this mobile policy, they can recover their security issues. They want to legalize their documents by using this. After the mobile policy is implemented employees can’t use their mobiles as before and they have to restrict their uses. It is hoping that employees should have notbe given permission of checking their phones during office hours or they can’t call anyone through their phones. Also, any mobile tracking system will be implanted to track employee’s mobile usage. If anyone is found to use their mobiles, the company will take action against him or her. It can be said that the company will be very strict against this as they are very sensitive about this matter. Snyk hopes that by introducing this new policy their productivity will increase and the problem of leaking personal data will be recovered. The company has also announced that it will implement this mobile policy very soon.

Bibliography
Asongu, S. A. and Nwachukwu, J. C. (2016) ‘The role of governance in mobile phones for inclusive human development in Sub-Saharan Africa’, Technovation, 55, pp. 1–13. Attaran, M., Attaran, S. and Kirkland, D. (2019) ‘The need for digital workplace: increasing workforce productivity in the information age’, International Journal of Enterprise Information Systems (IJEIS), 15(1), pp. 1–23.

Donaire-Gonzalez, D. et al. (2016) ‘Benefits of mobile phone technology for personal environmental monitoring’, JMIR mHealth and uHealth, 4(4), p. e126.

Ford, J. L. (2018) ‘Revisiting high-reliability organizing: obstacles to safety and resilience’, Corporate Communications: An International Journal.

du Fresne, A. J. (2020) ‘Can Audits be an Effective Method to Improve Information Governance Compliance Objectives?’, University of Findlay, Education, p. 165.

Haynes, D. (2016) ‘Social media, risk and information governance’, Business Information Review, 33(2), pp. 90–93.

Heukelman, D., Mutasa, L. and Rodríguez-Puente, R. (2019) ‘Perceived use of Mobile Devices at the Workplace and it’s Perceived Effect on Performance’, family life, 26, p. 27. Huda, M. et al. (2017) ‘Strengthening interaction from direct to virtual basis: insights from ethical and professional empowerment’, International Journal of Applied Engineering Research, 12(17), pp. 6901–6909.

Karyda, M. (2017) ‘Fostering Information Security Culture In Organizations: A Research Agenda.’, in MCIS, p. 28.

Mark, G., Czerwinski, M. and Iqbal, S. T. (2018) ‘Effects of individual differences in blocking workplace distractions’, in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–12.

Merkus, J., Helms, R. and Kusters, R. J. (2019) ‘Data Governance and Information Governance: Set of Definitions in Relation to Data and Information as Part of DIKW.’, in ICEIS (2), pp. 143–154.

Mikalef, P. et al. (2018) ‘Information Governance in the big data era: aligning organizational capabilities’, in Proceedings of the 51st Hawaii International Conference on System Sciences.

Mirjafari, S. et al. (2019) ‘Differentiating higher and lower job performers in the workplace using mobile sensing’, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 3(2), pp. 1–24.

Sebescen, N. and Vitak, J. (2017) ‘Securing the human: Employee security vulnerability risk in organizational settings’, Journal of the Association for Information Science and Technology, 68(9), pp. 2237–2247.

Shaikh, A. (2020) ‘Smartphones usage at workplace: Assessing information security risks from accessibility perspective’, iConference 2020 Proceedings.

Stephens, K. K. and Ford, J. L., 2016. ‘Unintended consequences of a strategically ambiguous organizational policy selectively restricting mobile device use at work’, Mobile Media & Communication, 4(2), pp. 186–204.

Da Veiga, A. and Martins, N., 2017. ‘Defining and identifying dominant information security cultures and subcultures’, Computers & Security, 70, pp. 72–94.