AVCE ICT – Unit 2. ICT Serving Organisations. D9e2a36a-Fe2c-4955-831b-Efd52c1bbef8.Doc Management Information Systems Information Systems versus Data Processing Systems… Data on items sold is collected by the data processing system and stored within a computerised system (e.g., a database); An operational information system then reads this data and produces a list of items that require some form of action to be taken (e.g., re-ordering); A management information system may analyse the sales data to highlight sales trends and use this information to plan a new marketing campaign, adjust price levels or plan an increase or reduction in production facilities. The Role of a Management Information System To support management in routine functions and decision-making. The 5 classical functions of managers are: Planning Organising Coordinating Decision-making Controlling Management information systems must be designed to support managers in as many of these functions as possible, at different levels (operational, tactical, strategic) of an organisation. Figure 5: Illustrates the basic Information Outputs functions of a generalised Capture Reports Management Information System; how information is gathered, processed, stored and accessed by Processing authorised personnel in order to External Data Internal Data present information in different Storage Query Responses formats (e.g., reports). Provision of Access Expert System Advice Management Information System Environment Organisation Decision-Making Supported by the MIS… The four stages of management decision- How each stage can be supported by the making… MIS… Recognition that there is a problem Timely, accurate reports can highlight problems within the organisation. Consideration of possible solutions What-if scenarios can be run to provide best possible outcomes. Choosing a solution Solutions can be decided upon based on the results of financial and logistical analysis. Implementing the solution Trends can be monitored as a solution is implemented to make sure all goes according to plan. The form of the decision can then be… Which can be supported by the MIS as follows… Structured (i.e. repetitive, routine, definite The decisions themselves can be built-in to procedures) processing systems which feed their results back to the MIS to be monitored and/or summarised. Unstructured (i.e. require judgement, insight, Given all of the available information – evaluation) provided by the MIS – a manager may make a decision based on their evaluation of the current state of the organisation. Typical Functions of a Management Information System… A comprehensive database holding all the information about products, customers, suppliers and finance that would be needed to provide managers with reports for decision-making. The ability to analyse the information in the database to highlight situations that need attention. The ability to show figures over a period of time, perhaps in graphical format including production and sales figures. Ability to show a snapshot of the company’s financial situation over a period of time. Ability to perform ‘what-if’ calculations to show what the effect would be of raising production levels, hiring more staff, acquiring a new building etc. Warning signals to indicate that decisions are required, such as low stock levels, expenditure exceeding information, numbers of faulty products exceeding expectations Audio and visual warnings when incoming orders exceed production capacity. Daily calculation of productivity levels by analysis of costs and output. Monthly graphs of price comparison with competitor goods or services resulting from regular market research. Information Systems Can Be Drawn… Members of staff “swipe in” and HelpDesk staff take “swipe out”, admin’ staff record support call holidays and sick leave etc. Admin’ staff record stock received, Engineers record Data on operational status of network is collected as an automated process. stock used in response to HDR call. Staff presence/absence Local Area Network (LAN) or and other data. Wide Area Network (WAN) Changes in stock levels. Support call details (e.g., project, fault call or other). HelpDesk Reference (HDR) Software Provides list of engineers on Personnel Database Holds details of the status of all shift with relevant experience Contains staff data, e.g., which ICT support calls (e.g., to which (e.g., infrastructure, applications, shifts should be worked, staff engineer a call has been project management or programming). number, contact details etc. assigned and what work has been done on it to date). Provides details of network status (e.g., whether a server is running [up or on-line], hardware and Provides details of what hardware and software installed and network statistics). software is in stock for a given support call. Stock Control Each module of the MIS Network Management Software contributes to the management Software Holds details of the hardware decision-making process... Holds details of the current and software kept by operational status of the department for use in projects network, plus hardware and and fault calls. software inventories. Reports Queries HelpDesk: HelpDesk: What are the major fault calls? Retrieve details of specific support calls. What are the major user requests? How many fault calls or projects are “in-hand” at present? How fast are they being dealt with (meets Service Level Agreement)? What engineer is dealing with a specific call/s. How are individual engineers performing? What user has placed a given call or number of calls and user details. What’s the average workload of an engineer? Stock Control: Stock Control: Is a given item in stock? How much stock is being held? How many are in stock? Does this meet or exceed operational requirements (e.g., too much Is it or are they marked for work in progress? sitting around doing nothing)? Any stock missing without explanation? Personnel: Who is on holiday or sick leave? Personnel: What holiday is due to a given member of staff. Sick leave - are any staff taking more sick leave than others? How many hours has a given member of staff worked in the last week How many hours are staff working? or month? Training requirements. Network Management: Network Management: Is a given server “up”? How has the network been running? What Operating System (OS) is running on a given server? How many PC’s, what software to bill for support? Status of server OS or other software (e.g., anti-virus status). Information Systems and the Law… Any organisation (i.e., any business, charity, public service organisation or even a small village social club) using a computer to store information has a legal responsibility under at least two very specific pieces of legislation*. The Data Protection Act 1998. All computer systems dealing with personal data (i.e., data that can identify a living individual) must be registered under the Data Protection Act 1998. This school deals with a great deal of personal data (that of students and staff) and the responsibility for registering the school’s information systems will be with either the school (e.g., a nominated member of staff) or possibly with the Local education Authority (LEA). Users in a company who develop their own systems for processing personal data should inform their manager and seek advice on registration from someone familiar with the process. Users of personal data must be aware of the eight principles which apply to such information, these are detailed below as an extract from the Information Technology Security and Licence Control Standards – Data Protection Act 1998… Personal data shall be: 1) Obtained and processed fairly and lawfully. 2) Held for specified lawful purposes. 3) Not used or disclosed in a way not compatible with the purpose(s). 4) Adequate, relevant and not excessive for the purpose. 5) Accurate and up-to-date. 6) Not kept longer than necessary. 7) Available to the data subject. 8) Kept secure. The Data Protection Act 1998 affects the operations of business communications systems in the following ways… Access to individual’s information – only those who need such access should have it. Security of information – Information should be kept secure. Ownership of information – It should be plain which departments/individuals are responsible for the information. Accuracy of information – Processes should be in place to make sure that information collected is accurate and that such accuracy is maintained (e.g., changes of address/marital status). Ability to sell the information – Some businesses collect information with the intention of selling it on to third parties (e.g., lists of names & addresses of people that have purchased new cars may be useful to motor insurance agencies). Costs incurred in meeting the Act – ICT hardware and software, training, staff to maintain databases. The Computer Misuse Act 1990. The Computer Misuse Act 1990 was passed to deal with the problem of hacking of computer systems. In the early days of hacking the problem wasn’t taken very seriously – it was seen as mischievous behaviour, rather than as something which could cause serious loss or problems to companies, organisations and individuals. However, with developments in technology the issue has become more serious and hence legislation was introduced to recognise three key offences: 1) Unauthorised access to computer material. 2) Unauthorised access with intent to commit or facilitate commission of further offences. 3) Unauthorised modification of computer material. Most organisations therefore require that users must be able to demonstrate that adequate precautions have been taken to prevent the occurrence of any of the following three criminal offences: Unauthorised access to computer material This is the lowest level of offence. It includes, for example, finding or guessing someone’s password, then using that to get into a computer system and have a look at the data it contains. This is an offence even if no damage is done, and no files deleted or changed. The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine. Unauthorised access with intent to commit or facilitate commission of further offences. This builds on the previous offence. The key here is the addition of ‘intent to commit...further offences’. It therefore includes guessing or stealing a password, and using that to access material or services without the consent of the owner. For this offence the penalty is up to five years’ imprisonment and/or a fine. Unauthorised modification of computer material. This could include deleting files, changing the desktop set-up or introducing viruses with the intent to impair the operation of a computer, or access to programs and data. The word ‘intent’ means it has to be done deliberately, rather than someone deleting files by mistake. This also includes using a computer to damage other computers outside of the organisation, even though the computer used to do this is itself not modified in any way. This offence carries a penalty of up to five years and/or a fine. * Legislation – Laws that are enacted, in the case of the United Kingdom, by parliament or the European Community. Task (40 to 50 Minutes): (1) From the diagram above, what measures could be taken to minimise errors in the stock control system through incorrect manual data entry? Automate the system – use bar codes on stock items which can be scanned upon receipt, matched to a database of orders placed and awaiting delivery. Items delivered can be automatically marked as in stock. When items leave stock, they can be scanned again and the system will remove the item from the stock list and can be set to warn when stock runs low and needs to be re-ordered. (2) Why is it important that key data, such as personnel details are adequate, relevant and not excessive for the purpose, kept secure, accurate and up-to-date, not kept longer than necessary and are available to the subject? These are the stipulations laid down in the Data Protection Act 1984 by which any company that operates a computer system containing personal data must abide, in addition it is important that all users take precautions against offences committed under the Computer Misuse Act 1990 (e.g., not securing personal data would breach the Data Protection Act and allow unauthorised access to the system, a breach of the Computer Misuse Act). (3) What security procedures should any organisation follow in holding/accessing the information shown above? Require log-ins – usernames and passwords for each individual user accessing the information. Users can be allocated levels of access to the system – e.g., admin’ staff may only have access to add stock to the database, but not remove it. Managers may be given access to personnel details restricted to all other users. Network administrators may have full access to the network management software, whilst managers might have access to viewing/printing reports. Where there is a realistic possibility of the theft of a computer or disk that holds personal data, that data should be password protected or encrypted. This applies particularly to data held on portable PC’s or where offices are particularly vulnerable. Floppy disks holding personal data that is not encrypted should be securely locked away. Users should log off or use password protected screen savers if their PC is left unattended for any length of time. Care should be taken to prevent unauthorised viewing of screens holding personal data, by proper positioning of the hardware and the use of screen savers. Print-outs of personal data should be securely locked away, or disposed of using confidential waste disposal procedures. Regular backups, stored in a secure location – discuss the following basic (industry standard) strategy: Grandfather, Father, Son (GFS)… GFS The GFS tape rotation strategy is based on a 7-day schedule (Sunday through Saturday), in which you create at least one full backup each week. The rest of that week's backups can be full or differential. (A differential backup saves only the files that changed since the last full backup.) Regardless of the number of full backups you create during the week, the LAST full backup of the week is considered the WEEKLY backup. You can reuse (recycle) the DAILY and WEEKLY backup tapes or take them offsite for permanent storage. In GFS terminology, the DAILY backup is the son and the FULL WEEKLY backup is the father. The last full backup of each month is considered the MONTHLY backup. In GFS terminology, it is the grandfather. The MONTHLY backup is always permanent – it cannot be reused. It’s a good idea to store permanent tapes offsite and all other tapes in a secure location (e.g., a fireproof safe). Lastly, physical security – secure premises, locks alarms, steel cables secured to PC’s and other equipment can guard against theft. (4) How can information stored in the above Management Information System (MIS) be used to help… The Network Manager – at her monthly meeting where she has to report on the performance of the network (e.g., whether all servers were up and running and performing tasks properly; were there any security breaches, i.e., hacking?; was the system badly infected by any new viruses or not?) Supplemental – What information would the network management software of the school’s network have recorded in the last two months – has there been a period where there were any problems? What information would you expect the school system to provide and does it do what you would expect? Check with the school’s network manager and see if it’s convenient to ask a few questions about the sort of network management systems the school uses. The Personnel Manager – reporting on the amount of sickness absence amongst staff in the last two months and on the amount of overtime paid last month to the… Operations Manager – who has to report on all aspects of the organisation to the managing director. In his monthly meeting, he has to report on (amongst other things) the amount of stock held and whether he should hold more or less, he has to report on his staffing levels and whether he needs more or less staff to cover for holidays, sickness and the workload generated by the HelpDesk Reference calls. Write an account (of no more than 200 words for each manager; 600 in total) of how the MIS will help each manager to achieve their objectives, drawing information system diagrams of where the information for each manager comes from, what system (e.g., stock control, network management or personnel) processes the information and how the information is presented (i.e., the format of the output – reports or queries). Review of answers and class discussion (10 to 15 minutes). This is an open-ended task. Questions 1 to 4 can be discussed with a huge variety of suggestions, however, those pointed out are the most obvious and cover the requirements of the AVCE syllabus. For example, the physical security of a building or site can be discussed in far greater detail than befits the AVCE. Also note that there is no particularly right or wrong answer for question four. The information system diagrams required either clearly show the information flow, processing and output or they do not. In addition, a student’s explanation of how the MIS can aid management decisions can include various examples of what specific information is drawn from the system (e.g., number of holiday days an employee is allowed and how many they may have left to take), but the answer for each manager must include one or more clear examples of specific information and how this aids the manager present information and thus make decisions.
Pages to are hidden for
"Data Management Systems"Please download to view full document