NTISthis.com

Evidence Guide: PSPSEC016 - Define information systems framework

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

PSPSEC016 - Define information systems framework

What evidence can you provide to prove your understanding of each of the following citeria?

Establish the organisational context

  1. Identify and document legislative and regulatory requirements for the organisation.
  2. Analyse legislation for any information management security implications and document outcomes.
  3. Review organisational purpose and function for compliance requirements.
  4. Analyse broad social context in which the organisation operates to determine community expectations.
Identify and document legislative and regulatory requirements for the organisation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse legislation for any information management security implications and document outcomes.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review organisational purpose and function for compliance requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse broad social context in which the organisation operates to determine community expectations.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine the principal areas of risk requiring information strategy

  1. Review and update existing risk analyses.
  2. Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.
  3. Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.
Review and update existing risk analyses.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine the information system requirements for each business function

  1. Analyse risks, liabilities and regulatory requirements.
  2. Document and communicate identified requirements as evidence to be captured as records.
  3. Formulate information system specifications from the evidence requirements.
  4. Determine information security requirements.
  5. Determine specifications for information systems security measures.
Analyse risks, liabilities and regulatory requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document and communicate identified requirements as evidence to be captured as records.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Formulate information system specifications from the evidence requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine information security requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine specifications for information systems security measures.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish information systems framework for organisation

  1. Develop and communicate an overview of responsibilities for information management within the organisation.
  2. Define responsibilities and authorities in relation to regulatory requirements.
  3. Define information management responsibilities and rights for each business function.
  4. Integrate identified risks and liabilities managed by information systems.
  5. Define, assign and document levels of accountability and responsibility within the framework.
  6. Formulate and document security procedures for information systems.
Develop and communicate an overview of responsibilities for information management within the organisation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define responsibilities and authorities in relation to regulatory requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define information management responsibilities and rights for each business function.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Integrate identified risks and liabilities managed by information systems.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define, assign and document levels of accountability and responsibility within the framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Formulate and document security procedures for information systems.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain approval for framework

  1. Communicate completed and documented framework for review and endorsement.
  2. Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.
Communicate completed and documented framework for review and endorsement.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish the organisational context

  1. Identify and document legislative and regulatory requirements for the organisation.
  2. Analyse legislation for any information management security implications and document outcomes.
  3. Review organisational purpose and function for compliance requirements.
  4. Analyse broad social context in which the organisation operates to determine community expectations.
Identify and document legislative and regulatory requirements for the organisation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse legislation for any information management security implications and document outcomes.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review organisational purpose and function for compliance requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse broad social context in which the organisation operates to determine community expectations.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine the principal areas of risk requiring information strategy

  1. Review and update existing risk analyses.
  2. Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.
  3. Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.
Review and update existing risk analyses.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine the information system requirements for each business function

  1. Analyse risks, liabilities and regulatory requirements.
  2. Document and communicate identified requirements as evidence to be captured as records.
  3. Formulate information system specifications from the evidence requirements.
  4. Determine information security requirements.
  5. Determine specifications for information systems security measures.
Analyse risks, liabilities and regulatory requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document and communicate identified requirements as evidence to be captured as records.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Formulate information system specifications from the evidence requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine information security requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine specifications for information systems security measures.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish information systems framework for organisation

  1. Develop and communicate an overview of responsibilities for information management within the organisation.
  2. Define responsibilities and authorities in relation to regulatory requirements.
  3. Define information management responsibilities and rights for each business function.
  4. Integrate identified risks and liabilities managed by information systems.
  5. Define, assign and document levels of accountability and responsibility within the framework.
  6. Formulate and document security procedures for information systems.
Develop and communicate an overview of responsibilities for information management within the organisation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define responsibilities and authorities in relation to regulatory requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define information management responsibilities and rights for each business function.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Integrate identified risks and liabilities managed by information systems.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define, assign and document levels of accountability and responsibility within the framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Formulate and document security procedures for information systems.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain approval for framework

  1. Communicate completed and documented framework for review and endorsement.
  2. Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.
Communicate completed and documented framework for review and endorsement.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Establish the organisational context

1.1 Identify and document legislative and regulatory requirements for the organisation.

1.2 Analyse legislation for any information management security implications and document outcomes.

1.3 Review organisational purpose and function for compliance requirements.

1.4 Analyse broad social context in which the organisation operates to determine community expectations.

2. Determine the principal areas of risk requiring information strategy

2.1 Review and update existing risk analyses.

2.2 Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.

2.3 Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.

3. Determine the information system requirements for each business function

3.1 Analyse risks, liabilities and regulatory requirements.

3.2 Document and communicate identified requirements as evidence to be captured as records.

3.3 Formulate information system specifications from the evidence requirements.

3.4 Determine information security requirements.

3.5 Determine specifications for information systems security measures.

4. Establish information systems framework for organisation

4.1 Develop and communicate an overview of responsibilities for information management within the organisation.

4.2 Define responsibilities and authorities in relation to regulatory requirements.

4.3 Define information management responsibilities and rights for each business function.

4.4 Integrate identified risks and liabilities managed by information systems.

4.5 Define, assign and document levels of accountability and responsibility within the framework.

4.6 Formulate and document security procedures for information systems.

5. Obtain approval for framework

5.1 Communicate completed and documented framework for review and endorsement.

5.2 Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.

Required Skills and Knowledge

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Establish the organisational context

1.1 Identify and document legislative and regulatory requirements for the organisation.

1.2 Analyse legislation for any information management security implications and document outcomes.

1.3 Review organisational purpose and function for compliance requirements.

1.4 Analyse broad social context in which the organisation operates to determine community expectations.

2. Determine the principal areas of risk requiring information strategy

2.1 Review and update existing risk analyses.

2.2 Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.

2.3 Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.

3. Determine the information system requirements for each business function

3.1 Analyse risks, liabilities and regulatory requirements.

3.2 Document and communicate identified requirements as evidence to be captured as records.

3.3 Formulate information system specifications from the evidence requirements.

3.4 Determine information security requirements.

3.5 Determine specifications for information systems security measures.

4. Establish information systems framework for organisation

4.1 Develop and communicate an overview of responsibilities for information management within the organisation.

4.2 Define responsibilities and authorities in relation to regulatory requirements.

4.3 Define information management responsibilities and rights for each business function.

4.4 Integrate identified risks and liabilities managed by information systems.

4.5 Define, assign and document levels of accountability and responsibility within the framework.

4.6 Formulate and document security procedures for information systems.

5. Obtain approval for framework

5.1 Communicate completed and documented framework for review and endorsement.

5.2 Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.

applying legislation, regulations and policies relating to government information systems security

analysing process functions and problems

preparing, compiling and writing complex documents and reports

communicating complex relationships and processes effectively to users and management

documenting complex relationships and processes

identifying and viewing component parts as integral elements of the whole system

reading and interpreting mathematical concepts and values embedded in specifications and complex technical documentation

analysing and interpreting legal, regulatory and security requirements and organisation policies and procedures

analysing and synthesising documentation, verbally delivered information, and observed behaviours

consulting with diverse stakeholders to elicit relevant information for analysis

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.

Operational knowledge of:

legislation, regulations, policies, procedures and guidelines relating to government information system security

equal employment opportunity, equity and diversity principles

public sector legislation in the context of government information systems security

sources of information about jurisdictional requirements for information systems

equal employment opportunity, equity and diversity principles

public sector legislation, including WHS and environment, in the context of government information systems security

requires comprehensive knowledge of functions and structures in the organisation

policies and strategies that apply across the jurisdiction

information management principles and processes

information security requirements