Project assessment: Update, implement and

monitor policies and procedures

Trainer & Assessor Marking Guide
Criteria
Unit code, name and release number
ICTICT418 - Contribute to copyright, ethics and privacy in an ICT environment (1)

Qualification/Course code, name and release number

ICT40115 - Certificate IV in Information Technology (2)

ICT40315 - Certificate IV in Web-Based Technologies (2)

ICT40415 - Certificate IV in Information Technology Networking (2)

ICT40515 - Certificate IV in Programming (2)

22334VIC - Certificate IV in Cyber Security (1)

ICT50415 - Diploma of Information Technology Networking (2)

Document title: ICTICT418_MG_Pro_2of2 Page 1 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Version: 1.0
Date created: 7 December 2018
Date modified: 22 February 2022

For queries, please contact:

Technology and Business Services SkillsPoint
Ultimo

© 2018 TAFE NSW, Sydney

RTO Provider Number 90003 | CRICOS Provider Code: 00591E
This assessment can be found in the Learning Bank
The contents in this document is copyright © TAFE NSW 2018, and should not be reproduced without the
permission of the TAFE NSW. Information contained in this document is correct at time of printing: 22 February
2022. For current information please refer to our website or your teacher as appropriate.

Document title: ICTICT418_MG_Pro_2of2 Page 2 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Assessment instructions
Table 1 Assessment instructions

Assessment details Instructions

Instructions for the This is a project-based assessment and will be assessing the student on
trainer and assessor their knowledge and performance of the unit.

This assessment is in three parts:

 Update policies and procedures

 Implement policies and procedures

 Monitor policies and procedures.

This assessment is supported by the following:

 Appendix 1 – Assessment Checklist

 Appendix 2 – Observation Checklist 1

 Appendix 3 – Observation Checklist 2

 Assessment Feedback.

Students must ensure that they have completed Part 1 before

attempting Part 2.

On completion of this assessment the student is required to submit the

following for marking:

 Part 1

o Policies and procedures report

 Part 2

o They will be observed by the assessor

 Part 3

o Email to client

o Email to supervisor

o They will be observed by the assessor.

Model answers, sample responses or a criteria for each question are

provided below.

Use these to support your judgement when determining a satisfactory

Document title: ICTICT418_MG_Pro_2of2 Page 3 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Assessment details Instructions

result.

The student’s project/product must contain the information indicated

in this marking guide in order to deem it satisfactory. However, if a
student provides information other than indicated below, and in the
professional opinion of the assessor it is appropriate and meets the
intent of the criteria, it may be considered correct.

The assessment feedback page must be signed by both the student and
the assessor so the student displays that they have received,
understood and accepted the feedback.

Complete the assessment feedback to the student and ensure you have
taken a copy of the assessment prior to it being returned to the
student.

Ensure the student’s name appears on the bottom of each page of the
submitted assessment.

All items in the Assessment and Observation Checklists must be

marked Satisfactory for the student to satisfactorily complete
the assessment.

About this marking All tasks and activities must responded to correctly in order to
guide satisfactorily complete this assessment event.

Assessors will need to make a judgement call as to whether each

answer/response meets the criteria based upon the:

 Rules of Evidence:
o Validity – does the answer address the assessment
question and does the evidence reflect the four
dimensions of competency?
o Sufficiency – is the answer sufficient in terms of length
and depth?
o Currency – has the work been done so recently as to
be current?
o Authenticity – is this work the student’s own authentic
work?
 Principles of Assessment:
o Fairness – individual student’s needs are considered in
the assessment process
o Flexibility – assessment is flexible to the individual
student

Document title: ICTICT418_MG_Pro_2of2 Page 4 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Assessment details
Instructions
o Validity – any assessment decision is justified, based on
the evidence of performance of the student
o Reliability – evidence presented for assessment is
consistently interpreted and assessment results are
comparable irrespective of the assessor conducting the
assessment
 Dimensions of Competency
o Task skills
o Task Management Skills
o Contingency Planning Skills
o Job Role Environment Skills

Assessment Assessment conditions for Parts 2 and 3.1 should replicate the
conditions workplace, including noise levels, production flow, interruptions and
time variances.

Assessment will be undertaken in normal classroom conditions, which is

assumed to be noisy and similar to workplace conditions. This may
include phones ringing, people talking and other interruptions.

If the assessment environment is too quiet, the assessor must ensure

there are disruptions and noise, similar to the workplace.

Student must provide  USB drive or other storage method to save work to, with at
least 500KB free space.

 Personal computer with internet access.

Assessor must  Access to the Learning Management System

provide  Scenario documents as outlined in assessment:

o DataTrust report template (DT_Report.dotx)

o Video and audio upload instructions (Video upload

instructions_2017.pdf)

o DataTrust PowerPoint template

(DT_Powerpoint.potx)

o DataTrust Privacy Policy (Privacy Policy.pdf)

o Email template (DT_Email.dotx).

Due date and time Indicative time to complete assessment:

allowed

Document title: ICTICT418_MG_Pro_2of2 Page 5 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Assessment details Instructions

 Three hours.

Parts 2 and 3.2 will be completed in class, or, for online students, via an
Assessment location online meeting with the assessor.

All other parts may be completed outside of the classroom.

Parts 1, 3.1 and 3.3 of this assessment are an unsupervised, take-home

assessment.

If you are unable to verify the authenticity of the student’s submission

Supervision
you will need to gather additional evidence to confirm that the
assessment task was completed by the student. This may include oral
questioning, comparison with in-class work samples, or observation.

Document title: ICTICT418_MG_Pro_2of2 Page 6 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Specific task instructions
In your role as IT Trainee at DataTrust, you’ve completed some preliminary research on copyright,
privacy and ethics. Now you’ve been asked to make some suggestions for additions to the policies, as
well as how they’ll be implemented and monitored.

Part 1: Update policies and procedures

Use the DataTrust report template (DT_Report.dotx) to write the following policies and procedures
(minimum 50 and maximum 200 words each).

1. First, the copyright statement needs to be expanded into a copyright policy covering the
whole organisation. Write a clause for the copyright policy dealing specifically with the
responsibility of DataTrust employees towards copyright and intellectual property within the
organisation. The clause must align with legislation and industry standards (list the relevant
legislation and industry standards).

2. Outline the procedures (in point form) that DataTrust employees must follow in order to
apply the copyright policy, ensuring that they’re ethical.

3. Previously you looked at how well DataTrust’s privacy policy covers APP 11. What
amendments can you suggest to the privacy policy regarding storage and security of personal
information, to make sure it aligns with privacy legislation? (List the relevant legislation).

4. Outline the physical and operating system security procedures and features (in point form)
as recommendations to be implemented or enhanced, to complement your privacy policy
amendments.

5. DataTrust doesn’t have a code of ethics so you’ll need to develop one. Write at least two
points for a code of ethics that align to legislation and industry standards (list the relevant
legislation and industry standards).

6. Along with the new code of ethics, management needs a grievance procedure (this should
include a review process) to enable confidential reporting of any ethical issues. Write a
procedure (in point form) that could be followed for this.

7. Develop an implementation and review plan that DataTrust could use to ensure that the
policies will be effectively employed by its staff members, including regular checks and
reviews of work practices. This must include the following:

o List timeframes to implement the plan

o Outline three appropriate methods and processes to communicate the policies and
procedures to staff members and clients (the stakeholders).

Sample answers (answers may vary)

1. All employees working on any project must abide by the Copyright Act of 1968.

Document title: ICTICT418_MG_Pro_2of2 Page 7 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 It is the responsibility of all employees to ensure that if they are contributing material to any
form of communication which will be published by DataTrust, that either they are the
original author of the material, or that they have obtained appropriate authorisation from
the copyright holder of the material, in accordance with the Copyright Act 1968.
When working on any and all of the DataTrust projects, systems and innovative information
in a tangible form are protected by intellectual and copyright law. The company information
that is covered by this policy includes all projects and documentation, system plans, company
information, all computer and internet information stored on company computers and
servers. Any product designs should be registered under the Designs Act 2003. Innovative
devices should be discussed with DataTrust’s legal team for possible patent registration.
2. Procedures to follow may include determining the copyright owner of any item (e.g. image,
video etc) that they wish to use and request permission. This may involve obtaining a licence.
Other options are when searching for content on the internet, to look for a Creative
Commons licence or work in the public domain. All works must be attributed appropriately
according to the licence, if necessary.
3. The DataTrust Privacy Policy should describe more explicitly what data will be kept and when
specific data sets will be destroyed. Destruction should be both physical and virtual. Should
describe actions to be taken if data is compromised. Encryption of data should be applied but
it is not mentioned in the policy. The relevant legislation is the Privacy Act 1988.
4. Physical security practices include: clear desk, lock screen, lock office doors, secure
shredding, secure printing.
Windows Server 2016 (a server OS) uses Credential Guard to prevent ‘pass-the-hack’ attacks,
where the password can be compromised by using the hash rather than the plain text
password.
5. Integrity - Lead with courage in a professional, trusting workplace.
Honesty - conduct all business honestly and adhere to laws and legislation.
Trust – Manage challenges and conflict as trusted professionals who support and work
together as one team.
Teamwork – Work together in an environment of mutual respect and diversity, to achieve
the best outcome for the team.
Do not discriminate - treat all stakeholders with fairness.
Service – Provide the customer with value for money that meets their needs.
Accountability - honour all contracts and responsibilities
Contribute to society and human well-being
Avoid harm
These values align to Equal Opportunity Act 1984, Australian Privacy Act 1988, Australian
Copyright Act 1968
6. Train staff in the process.
Ensure staff understand that the grievance will be treated fairly, impartially and
confidentially.

Document title: ICTICT418_MG_Pro_2of2 Page 8 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Provide a means of escalating the grievance that does not unfairly punish either the
complainant or the person being investigated.
Have management talk to all relevant staff members.
If the grievance is potentially serious, involve police or legal support as required.
Document the grievance, outcomes of investigation and obtain legal advice.
Advise the relevant parties of the outcome.
The procedure should be reviewed by collecting information on previous incidents and
conducted a ‘lessons learned’ analysis of previous incidents.
This should be followed by a review by senior management with legal support to ensure the
policy complies with legislative requirements. Measures to track the success of the policy
should be established as part of this review.
Finally, training and the management of the policy delivery to staff should be considered and
a plan developed as part of the review.
7. The following is a plan that could be used to ensure the policies will be effectively employed.
The initial phase could be implemented over one month, with reviews held every three
months:

o Notify stakeholders of new policies

o Distribute the policies to all stakeholders for feedback

 Hold an initial meeting to inform the staff, then hold regular monthly
meetings to check that the procedures are being maintained and obtain
feedback

 Send out documents by email initially, then use email to report on the
monthly meetings

 Include an article in the client newsletter announcing the new policies and
procedures, emphasising DataTrust’s commitment to them. Include
information in the article about how to contact with any feedback.

 (Other methods may include intranet, posters within the workplace, training
etc.)

o Incorporate any amendments

o Provide training

o Stakeholder workshops

o Review work practices three months after implementation by observation and

surveys

o Continuous checking of work practices every three months.

Document title: ICTICT418_MG_Pro_2of2 Page 9 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Part 2: Implement policies and procedures
Participate in a role play (minimum three and maximum 10 minutes, including assessor questions) to
verbally discuss your copyright, privacy and ethics policies and procedures (from Part 1) in a meeting
with DataTrust staff members.

 For face-to-face students, your assessor will observe the role play.

 For online students, make an appointment with your assessor for an online meeting.
Assessors are to observe and ask questions the student’s role play via an online meeting such
as Skype or Adobe Connect.

 You must articulate your ideas and requirements clearly and appropriately for your audience
(staff members).

 You must use appropriate listening and questioning techniques to elicit feedback and ideas.

Role play participants:

 Staff members – arrange for two other people to participate as staff members

 IT Trainee (this is you).

Ensure that you include the following in your role play:

1. Distribute your policies and procedures either electronically, for example, as a PowerPoint
presentation using the DataTrust PowerPoint template (DT_Powerpoint.potx), or as a printed
document using the DataTrust report template (DT_Report.dotx), as appropriate.
2. Explain your clause for the Copyright Policy, including the procedures that employees will
need to follow.
3. Explain your amendments for the Privacy Policy, including the system security procedures
that employees will need to follow.
4. Explain your two points for the Code of Ethics.
5. Explain your grievance procedure.
6. Outline the implementation plan.
7. Ask your audience for feedback on the policies and procedures. If no one has any general
feedback, you must ask specific questions.
8. Your assessor will ask you additional questions relevant to the scenario.

See Observation Checklist for more specific information on role play

Document title: ICTICT418_MG_Pro_2of2 Page 10 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Part 3: Monitor policies and procedures
The new DataTrust Privacy Policy and Code of Ethics have recently been implemented, however
there have still been several breaches within DataTrust.

Requirements have also been established under the Privacy Act for entities in responding to data
breaches, known as the Notifiable Data Breaches (NDB) scheme, which DataTrust is obliged to abide
by.

You’ve been asked to monitor the implementation of DataTrust’s Privacy Policy and Code of Ethics by
following up with two clients who have been affected by data breaches, as well as report to your
supervisor on the outcome of your review.

1. The CIO, Mark Thrift received a complaint from a client, Tricia Portman. Tricia called the Accounts
section to query an invoice and spoke to Brian Cotswald. Brian went on to disclose her personal
information without having verified her identify.

Tricia sees this as a breach of privacy and is very upset that the DataTrust Privacy Policy has not
been adhered to by Brian.

You’ve been asked to follow up with Tricia, so you’ll need to review the DataTrust Privacy Policy
(Privacy Policy.pdf).

Write an email to Tricia, using the email template (DT_Email.dotx), as follows (minimum 75 and
maximum 200 words):

o Thank Tricia for her feedback, explaining how it will be used to assist the organisation

o Outline DataTrust’s requirements that should have been followed, according to the
Privacy Policy, to ensure good customer service.

Sample answers (answers may vary)

Hi Tricia

Thank you for your feedback on the incident with one of our staff members regarding the disclosure
of your personal information without verification.

This information will assist us to improve our policies and procedures, which I’ll be looking into.

According to our privacy policy, our staff members are not allowed to give out any client information
on the telephone to anyone who isn’t authorised. Unfortunately, this procedure wasn’t followed in
this instance. We will endeavour to assist this staff member to follow the correct procedure in the
future.

Thanks

John Doe

Document title: ICTICT418_MG_Pro_2of2 Page 11 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 2. Jessica is a new member of the IT Support team and one of her first tasks was to create an urgent
backup of customer information (including the customers’ and DataTrust’s intellectual property),
which was requested by the Company Director. As she was new, she hadn't yet been given
access to the shared backup drive. Instead of reporting this and waiting for access, she saved the
backup data onto her personal hard drive, which she took home at the end of the day with the
data still on it. When she got home, she couldn’t find the hard drive. As she caught the train
home, she realised that it could have fallen out of her bag or been stolen anywhere between
work and home. The following day, you asked Jessica about the backup and she confessed what
had happened.

After this incident, management would like you to verbally interview the affected clients to make
sure that they’re receiving appropriate service from staff members, according to the newly
implemented Code of Ethics (your suggestions from Part 1).

Participate in a role play (minimum two and maximum five minutes, including assessor
questions) to verbally interview a client ensuring you meet assessment conditions.

 For face-to-face students, your assessor will observe the role play.

 For online students, make an appointment with your assessor for an online meeting.
Assessors are to observe the student’s role play via an online meeting such as Skype or
Adobe Connect.

 You must articulate your ideas and requirements clearly and appropriately for your
audience (staff members).

 You must use appropriate listening and questioning techniques to elicit feedback and
ideas.

Role play participants:

 Client – another student or other person

 IT Trainee (this is you).

Ensure that you include the following in your role play:

1. Explain to the client the reason for the interview, referring to your obligations under the
NDB scheme

2. Outline DataTrust’s requirements for ethical customer service (i.e. your two points for
the code of ethics)

3. Ask three appropriate questions to:

a. ascertain whether the Code of Ethics is being applied by staff members

b. obtain their opinions on the implementation of the Code of Ethics

See Observation Checklist for more specific information on role play

Document title: ICTICT418_MG_Pro_2of2 Page 12 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 3. Write an email to your supervisor, using the email template (DT_Email.dotx), to report on your
review of the work practices and feedback you’ve collected (minimum 150 and maximum 300
words).

o Summarise the feedback you received from the staff members (Part 2) and clients
(Part 3)

o Identify and list the section of the Privacy Policy that wasn’t adhered to by Brian

o Suggest two procedures that could be implemented to avoid this situation in the
future, including one that relates to system security.

Sample answers (answers may vary)

Feedback from staff members will vary, should be according to the role play.

Feedback from the client in 3.1 is that she believes that there has been a breach of privacy and the
policy hasn’t been adhered to.

Feedback from the client in 3.2 will vary, should be according to the role play.

The section from the Privacy Policy that wasn’t adhered to by Brian is under the heading “How do we
protect the information we store?” as follows:

DataTrust staff or sub-contractors may not give out any information regarding our clients via the
telephone to non-authorised parties, unless directly related to a current business activity for a
client.

This implies that the person on the phone should have been verified to ascertain whether they were
an authorised party.

To improve work practices:

 additional and regular staff training

 staff scripts for phone calls
 IT system measures to provide pop-up messaging before staff can access customer details
 technical reports monitored for system security
 document system security measures (e.g. log-in).

Document title: ICTICT418_MG_Pro_2of2 Page 13 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Appendix 1: Assessment Checklist
The student’s copy of the Assessment Checklist will be used by you to capture evidence of their
performance in any type of project. This checklist outlines all the required criteria you will be marking
the student on. All criteria must be met. The following checklist contains benchmark responses for
you to use when assessing to ensure reliability of judgement. You may ask questions during the
demonstration or if appropriate directly after the assessment has been completed noting that both
the question and student response needs to be captured on the checklist.

See sample responses under each question.

Table 2: Assessment Checklist

TASK/STEP Instructions
S U/S Assessor Comments
#

Part 1.1 Writes a clause that deals with the

responsibility of employees towards
copyright and intellectual property
that aligns with legislation and
industry standards

Part 1.1 Lists the relevant legislation and

industry standards for both copyright
and intellectual property

Part 1.2 Outlines ethical procedures for

following the copyright policy

Part 1.3 Writes an amendment to the privacy

policy regarding storage and security
of personal information to align with
legislation

Part 1.3 Lists the relevant privacy legislation

Part 1.4 Outlines recommended physical and

operating system security procedures
and features

Document title: ICTICT418_MG_Pro_2of2 Page 14 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

Part 1.5 Writes at least two points for a code

of ethics that align with legislation
and industry standards

Part 1.5 Lists the relevant legislation and

industry standards for ethics

Part 1.6 Writes an appropriate grievance

procedure and review process to
enable confidential reporting of any
ethical issues

Part 1.7 Develops an appropriate

implementation plan with
timeframes, checks and reviews

Part 1.7 Outlines three appropriate

communication methods and
processes

Part 1 Minimum of 50 and maximum of 200

words each

Part 2 Performs a role play of minimum

three and maximum 10 minutes,
including assessor questions

Part 3.1 Writes an appropriate email to the

client of a minimum 100 and
maximum 300 words, explaining how
the feedback will be used

Part 3.1 Outlines DataTrust’s requirements

that should have been followed,
according to policy, for good
customer service

Document title: ICTICT418_MG_Pro_2of2 Page 15 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

Suggests two appropriate procedures

to be implemented, including one
that relates to system security

Part 3.2 Performs a role play of minimum two

and maximum five minutes, including
assessor questions

Part 3.3 Writes an appropriate email to their

supervisor of a minimum 75 and
maximum 200 words

Part 3.3 Summarises the feedback received

from stakeholders

Part 3.3 Lists the section of the Privacy Policy

not adhered to

Part 3.3 Suggests two procedures to

implement to avoid a privacy breach

Part 3.3 One procedure relates to system

security

Document title: ICTICT418_MG_Pro_2of2 Page 16 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Appendix 2: Observation Checklist 1
The Observation Checklist will be used by your assessor to mark your performance in the role play
scenario in Part 2. Use this Checklist to understand what skills you need to demonstrate in the role
play. The Checklist lists the assessment criteria used to determine whether you have successfully
completed this assessment event. All the criteria must be met. Your demonstration will be used as
part of the overall evidence requirements of the unit. The assessor may ask questions while the
demonstration is taking place or if appropriate directly after the activity has been completed.

Table 3: Observation Checklist 1

TASK/STEP Instructions
S U/S Assessor Comments
#

Part 2 Effectively undertakes role play Student should remain

despite noise and distractions calm, may take action
such as moving away from
the noise

Part 2 Articulates clearly and appropriately Language used can be

for the audience (staff members) informal but not too
technical, they should be
polite and use business-
appropriate language (no
jargon, slang etc.)

Part 2 Uses appropriate listening and This may include active

questioning techniques to elicit listening techniques
feedback and ideas (nodding, making eye
contact, reflecting etc.)

This is a meeting and they

Part 2.1 Distributes policies and procedures
may choose to have
using an appropriate method
printed documents,
PowerPoint presentation
etc.

Part 2.2 Explains their clause for the copyright This should reflect their
policy answers for Part 1

Part 2.2 Explains the employee procedures for This should reflect their

Document title: ICTICT418_MG_Pro_2of2 Page 17 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

applying the copyright policy answers for Part 1

Part 2.3 Explains their amendments for the This should reflect their
privacy policy answers for Part 1

Part 2.3 Explains the system security

This should reflect their
procedures relevant to the privacy
answers for Part 1
policy

Part 2.4 Explains their points for the Code of This should reflect their
Ethics answers for Part 1

Part 2.5 Explains their grievance procedure This should reflect their
answers for Part 1

Part 2.6 Outlines their implementation plan This should reflect their
answers for Part 1

Part 2.7 Asks for, and receives, feedback on

policies and procedures

Part 2.8 Responds appropriately to additional Additional questions to ask

questions during role play (if not
already answered):

1. Why do you think

DataTrust and its
employees need to be
concerned with
copyright and IP
legislation?

Suggested answer

DataTrust and its

employees need to be
concerned with copyright
and IP legislation because
the digital era means that
it has become very easy

Document title: ICTICT418_MG_Pro_2of2 Page 18 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

to access content from

the internet without
considering its copyright.
If employees are doing
the wrong thing with
copyright and IP, it
reflects badly on the
organisation and
DataTrust may be liable
for their mistakes.

2. How is privacy
legislation relevant to
ICT organisations?

Suggested answer

Privacy legislation is
relevant to ICT
organisations because
they will be the ones
responsible for
implementing privacy
procedures on websites
and in systems and so
must be aware of the
requirements.

3. How is your code of

ethics relevant to
DataTrust?

Suggested answer

My code of ethics is
relevant to DataTrust
because we provide
customer service, we are
a security company so
should be held to a
higher standard (etc. as

Document title: ICTICT418_MG_Pro_2of2 Page 19 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

relevant to their
particular points).

Document title: ICTICT418_MG_Pro_2of2 Page 20 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 Appendix 3: Observation Checklist 2
The Observation Checklist will be used by your assessor to mark your performance in the role play
scenario in Part 3.2. Use this Checklist to understand what skills you need to demonstrate in the role
play. The Checklist lists the assessment criteria used to determine whether you have successfully
completed this assessment event. All the criteria must be met. Your demonstration will be used as
part of the overall evidence requirements of the unit. The assessor may ask questions while the
demonstration is taking place or if appropriate directly after the activity has been completed.

Table 4: Observation Checklist 2

TASK/STEP Instructions
S U/S Assessor Comments
#

Part 3.2 Effectively undertakes role play Student should remain calm,
despite noise and distractions may take action such as moving
away from the noise

Part 3.2 Articulates clearly and Language used can be informal

appropriately for the audience but not too technical, they
(client) should be polite and use
business-appropriate language
(no jargon, slang etc.)

Part 3.2 Uses appropriate listening and This may include active listening
questioning techniques to elicit techniques (nodding, making eye
feedback and ideas contact, reflecting etc.)

According to the NDB scheme,

Part 3.2.1 Explains reasons for interview
individuals whose personal
and refers to obligations under
information is involved in a data
the NDB scheme
breach that is likely to result in
serious harm must be notified.
This must also include what steps
the individuals should take. The
Australian Information
Commissioner must also be
notified of eligible data breaches.
Therefore, the reason for this
interview is the data breach.

Document title: ICTICT418_MG_Pro_2of2 Page 21 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2
 TASK/STEP Instructions
S U/S Assessor Comments
#

Part 3.2.2 Outlines DataTrust’s This will reflect the student’s

requirements for ethical Code of Ethics from Part 1
customer service

Questions may include:

Part 3.2.3 Asks three appropriate
feedback questions relating to  How has the new code
the Code of Ethics impacted your dealings
with our organisation?
 Do you think having a
Code of Ethics is
important in a
workplace?
 Have you come across
any instances of
dishonesty/discrimination
etc.?
 What would you change
about the new code?
 Describe any further
changes that need to be
made to the new code
 There may be questions
specific to the student’s
Code of Ethics

Document title: ICTICT418_MG_Pro_2of2 Page 22 of 22

Resource ID: TBS_18_028_ICTICT418_MG_Pro_2of2