ITS 833 – INFORMATION GOVERNANCE
SUMMER IG BI-TERM 2018
SEMESTER PROJECT – PHASE I
Introduction to the Company:
Security Transport Professionals Incorporated (STP), has its home office located in
Lexington, Kentucky and in addition has more than 3,000 employees located in each of its branch
offices located in Houston, Texas and San Diego, California.
STP is primarily a nationwide freight hauler. Its customer are comprised of major market
retailers particularly in the medical and pharmaceutical industry, the federal government, and
several state governments. STP operates a fleet of trucks and private cargo planes that it uses to
move “goods” belonging to its customers from one destination to another across the continental
United States. Its fleet of truck carriers are located in Lexington, Kentucky with it planes located
in Louisville, Kentucky.
STP carries and transports highly controlled, narcotics and scheduled prescription drugs,
toxic, radioactive, nuclear, and top secret materials from one facility belonging to its customer to
another. The method of transport depends on the type of cargo being hauled. In addition to
hauling/forwarding its customers products/goods, STP is required from time to time to store its
customer goods for brief periods of time. Two years ago STP began contracting with a number of
subcontractors hereafter referred to as either “limited joint partners (LJPs)” or “independent
subcontractor alliances (ISAs)” for the purpose of expanding its freight forwarding, storage, and
delivery service. Due to the confidential nature of the freight that it transports, STP vets its
employees, as well as any subcontractors (LJPs and ISAs) that it engages.
STP’s business objectives and goals include the confidential, safe and secure movement of
its customer goods, from the customer/distributor to its client, or from one of its customer’s
locations to another of the customer’s locations in a timely and efficient manner using cost-
effective methods. Alternatively, STP may transfer this responsibility to one of its limited joint
partners (LJPs) or independent subcontractor alliances (ISAs), if it is more cost-effective and the
income differential is within acceptable limits. There are 3 LJPs with which STP had entered into
services as STP, and who are generally competitors of STP. However, when the job requires
resources that exceed those of STP or its competitor, the two will enter into an agreement to jointly
undertake the contract together, and will together provide the same full range of services, with
both entering into the same contract or joint venture with the customer.
Independent subcontractor alliances (ISAs) differ from Limited Joint Partners (LJPs) in that a ISA
is not a direct competitor of STP. Rather, the ISA is a company that offers a subset of services to
STP, or contracts with STP to provide it with necessary resources to perform the particular job at
hand. For example, an ISA may be a warehousing company that provides only storage facilities
for STP. Alternatively, an ISA may be a company that is engaged in service and repairs for STP’s
trucks and planes, and/or provide sterilization and cleaning services for STP’s trucks and planes
upon completion of a job, where STP had transported hazardous or toxic materials, requiring
specific types of sterilization or cleaning services for its transport vehicles. There are other types
of ISA that STP engages and contracts with. With regard to ISAs, STP is the only organization
that will contract with its customer or who will be identified to the customer. It will then enter into
its own separate subcontractor contract with its ISA, and the ISA is not identified to STP’s
customer. There is no definitive number of ISAs that contract with STP. The specific ISAs used
(if any) will vary depending on the geographic location or area of the country involved and the
availability and cost of the ISA available to service the area.
STP is also under pressure from several of its competitors in the industry. The competitive market
is driving STP to improve its routes, delivery methods, fleet vehicles, and other facets of its
business to increase profits (a strategic goal) and to reduce costs. The company realizes that its
information technology infrastructure has been neglected for some time and that many operating
locations are running on outdated hardware and software. On several occasions last year, STP
suffered no less than four network compromises through one of its LJP Internet sites that led to
the disclosure of sensitive and strategic information on contracts and mergers.
The chief information officer (CIO) made a strategic presentation to the board of directors and
executive management to first assess the aging infrastructure and then, develop a multi-year
Information about the assessment indicates that the current state core infrastructure (switches,
routers, firewalls, servers, and so on) must be capable of withstanding 10-15% growth every year
for the next seven years with a three-to-four-year phased technology refresh cycle.
There is a hodgepodge of servers, switches, routers, and internal hardware firewalls. Nearly all of
the infrastructure is woefully out-of-date in terms of patches and upgrades. This operational
neglect has unduly increased the risk to the network, in terms of confidentiality, integrity, and
availability. Since this will be a multi-year technology upgrade project, something must be done
to reduce STP’s exposure to vulnerabilities to increase the overall security profile and reduce the
Now that the funding has been approved for the infrastructure assessment, the CIO has decided
that it might be a good idea to implement an Information Governance Program into the
organization, assuming he can sell the corporation on its benefits. To that end, the CIO has hired
you as IG Project Manager to assist in initial preparatory stages.
STP Job Roles: In addition to the CIO, below is a list of individuals at STP to whom you have
been introduced. The CIO has informed you that you can call upon any or all of the individuals
who hold these job roles/titles for assistance and may name any of them to be on your project team.
You may also call upon any of the heads of the various business units for assistance, as well as a
designated contact person for each of STP’s LJPs and ISAs.
Chief Executive Officer (CEO)*
Chief Information Officer (CIO)*
Chief Financial Officer (CFO)*
Executive VP of Marketing*
VP of Human Resources
In-house Financial Analyst and Risk Manager
Senior Records Manager
Senior IT Manager
IT Security Expert
Overland Transport Manager
Airway Transport Manager
Airway Transport Manager
Southern Region General Manager (Houston, Florida)
Western Region General Manager (San Diego, California)
Information Security Specialist
* This individual is also a member of STP’s Board of Directors
INSTRUCTIONS: While it should go without stating, information related to each of STP’s
customers and the products that you are transporting for them is highly sensitive, and in some cases
top secret. You want to make sure that any IG Program that STP ultimately implements will allow
STP to retain all of the information about its customers, the product transported, and the particular
haul that it is required to keep pursuant to federal and state law. You want to insure STP that the
proper information will be retained that it might need for purposes of litigation and e-discovery.
At the same time, you don’t want STP to keep unnecessary information for extended periods of
time, thereby increasing the cost and time involved with processing and retention.
1. First, select and list 10 individuals to serve on your IG project team. Explain why you
selected the team members that you did.
2. Conduct the necessary research for each of STP’s state of home office (Kentucky), and for
the state of each of its primary hubs (Texas and California), that will allow you to (a)
educate yourself and your team members on the mandatory information retention
requirements and privacy consideration for each of the three states, and (b) be able to
intelligently discuss the legal and regulatory requirements with in-house counsel. You will
want to conduct internet research on this and may also want to review Appendix B in your
text book. Do not ignore this area of the project.
3. Ultimately, your team will be required to create a “risk profile” and risk analysis, that will
describe the set of risks facing STP in achieving its business objectives while protecting its
information and that of its customers, LJPs and ISAs, and which will allow STP to assess
the likelihood these risks hold and their potential impact, if materialized, and in addition
will permit STP to identify risk mitigating factors to be implemented. You need to
brainstorm in order to present the information to your team members that will facilitate the
creation of a risk profile and analysis. To that end, create a top-10 list of the greatest risks
to information that STP will face, ranking your list in order from highest or greatest risk to
lowest, for each risk identified, state whether you believe the risk could be assumed,
transferred or mitigated in full or in part. Also, for each risk identified identify the
individual, title or business unit that the team member will want to contact in order to obtain
additional information about the fundamental activity that will assist your team in fully
completing the risk profile and analysis.
a WORD format. Use 1 inch margins on each page. Include a cover page that will contain the
Course name and number, semester term, your full name, student id, and the title “STP IG
PROGRAM IMPLEMENTATION – PHASE 1”.
You should submit this assignment using iLearn. Go to the content section where you will see a
folder labeled “SEMESTER PROJECT-STP”. Select that folder. You will then see selections for
submitting Phases I, II, and III. Please select Phase I, and upload the WORD document that you
This assignment must be submitted no later than 11:30 p.m. on Sunday, May 27, 2018 –
Assignments will not be accepted late!