The organisation to be used is a dental practice in the United Kingdom, named OD

The organisation to be used is a dental practice in the United Kingdom, named ODD. It is a madeup/fake organisation, so for points which need details regarding the organisation, there is freedom from the writer.
Task:
Creation of an information governance policy for a chosen organisation, accompanied by a report justifying the policy and recommending an implementation strategy.
Required to create an information governance policy for an organisation and write an accompanying report in which you justify the approach and content of the policy, and propose an implementation strategy
The report is required to be at least 3200 words of the total, the remaining can be used for the policy.
Policy
The main points to show throughout the policy are:
1. Critically evaluate and demonstrate your understanding of key information governance and security principles and practice
2. The ability to advise on the design and implementation of a strategy to meet the legal, regulatory, organisational and/or societal requirements for information governance and security
The policy should be overarching i.e. a statement of intent that provides the organisation with an holistic approach to information governance. It should therefore reference other relevant policies that are either already in place or in need of development; for example, an information security policy, email policy, data privacy policy. The policy should be fit-for purpose were it to be implemented in practice. As a minimum it should contain:
• Aim or purpose
• Scope (e.g. all of or selected functions or operating jurisdictions)
• Objectives
• Roles and responsibilities
• Related policies and/or procedures
• Monitoring, measurement and review mechanisms
• Approval
You may include other sections as appropriate for the organisational context. You are also free to determine the length of the policy – its word length is not part of the word limit for the assignment.
Report
The main points to show throughout the report are:
1. Critically evaluate and demonstrate your understanding of key information governance and security principles and practice
2. Ability to critically evaluate an organisation’s approach to information governance and security
3. Ability to advise on the design and implementation of a strategy to meet the legal, regulatory, organisational and/or societal requirements for information governance and security
4. Consider an organisation’s information governance and security culture and reflect on how it relates to your own ethical and professional values for managing information assets
The accompanying report should provide relevant information about the chosen organisation as context, including the nature of its business and the jurisdiction(s) in which it is situated. It should also establish the importance of information governance within the organisational context.
Justify the form and content of the policy based on principles and best practice, and set out an implementation strategy which should include details relating to any high-level resource investment involved (e.g. people, system investment etc) and a timescale.
The audience for the report is a tutor, not a member of the organisation, therefore it should include citations where relevant, formatted in accordance with academic standards.