List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENTS | PERFORMANCE CRITERIA |
Elements describe the essential outcomes | Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. |
1. Establish the organisational context | 1.1 Identify and document legislative and regulatory requirements for the organisation. 1.2 Analyse legislation for any information management security implications and document outcomes. 1.3 Review organisational purpose and function for compliance requirements. 1.4 Analyse broad social context in which the organisation operates to determine community expectations. |
2. Determine the principal areas of risk requiring information strategy | 2.1 Review and update existing risk analyses. 2.2 Review and document regulatory requirements and legal liabilities for their impact on the information systems framework. 2.3 Determine and document risks and liabilities to be managed by information systems, informing the development of the framework. |
3. Determine the information system requirements for each business function | 3.1 Analyse risks, liabilities and regulatory requirements. 3.2 Document and communicate identified requirements as evidence to be captured as records. 3.3 Formulate information system specifications from the evidence requirements. 3.4 Determine information security requirements. 3.5 Determine specifications for information systems security measures. |
4. Establish information systems framework for organisation | 4.1 Develop and communicate an overview of responsibilities for information management within the organisation. 4.2 Define responsibilities and authorities in relation to regulatory requirements. 4.3 Define information management responsibilities and rights for each business function. 4.4 Integrate identified risks and liabilities managed by information systems. 4.5 Define, assign and document levels of accountability and responsibility within the framework. 4.6 Formulate and document security procedures for information systems. |
5. Obtain approval for framework | 5.1 Communicate completed and documented framework for review and endorsement. 5.2 Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework. |
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.
applying legislation, regulations and policies relating to government information systems security
analysing process functions and problems
preparing, compiling and writing complex documents and reports
communicating complex relationships and processes effectively to users and management
documenting complex relationships and processes
identifying and viewing component parts as integral elements of the whole system
reading and interpreting mathematical concepts and values embedded in specifications and complex technical documentation
analysing and interpreting legal, regulatory and security requirements and organisation policies and procedures
analysing and synthesising documentation, verbally delivered information, and observed behaviours
consulting with diverse stakeholders to elicit relevant information for analysis
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.
Operational knowledge of:
legislation, regulations, policies, procedures and guidelines relating to government information system security
equal employment opportunity, equity and diversity principles
public sector legislation in the context of government information systems security
sources of information about jurisdictional requirements for information systems
equal employment opportunity, equity and diversity principles
public sector legislation, including WHS and environment, in the context of government information systems security
requires comprehensive knowledge of functions and structures in the organisation
policies and strategies that apply across the jurisdiction
information management principles and processes
information security requirements
Assessment of this unit requires evidence gathered over time in a workplace environment or one that closely resembles normal work practice and replicates the diverse conditions likely to be encountered when defining information systems.
Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors.