Data Management Systems by vxs15442


More Info
									                                                 AVCE ICT – Unit 2.
                                              ICT Serving Organisations.

Management Information Systems
Information Systems versus Data Processing Systems…
    Data on items sold is collected by the data processing system and stored within a
      computerised system (e.g., a database);
    An operational information system then reads this data and produces a list of items that
      require some form of action to be taken (e.g., re-ordering);
    A management information system may analyse the sales data to highlight sales trends
      and use this information to plan a new marketing campaign, adjust price levels or plan an
      increase or reduction in production facilities.

The Role of a Management Information System
To support management in routine functions and decision-making.

The 5 classical functions of managers are:
    Planning
    Organising
    Coordinating
    Decision-making
    Controlling

Management information systems must be designed to support managers in as many of these
functions as possible, at different levels (operational, tactical, strategic) of an organisation.

                                                                                        Figure 5: Illustrates the basic
                                                                  Information Outputs
                                                                                        functions of a generalised
                                 Capture                Reports                         Management Information System;
                                                                                        how information is gathered,
                                                                                        processed, stored and accessed by
                                                                                        authorised personnel in order to
 External Data   Internal Data                                                          present information in different
                                 Storage                Query Responses
                                                                                        formats (e.g., reports).

                                 Provision of Access

                                                        Expert System
                                   Information System

Environment      Organisation
Decision-Making Supported by the MIS…

The four stages of management decision-           How each stage can be supported by the
making…                                           MIS…

Recognition that there is a problem               Timely, accurate reports can highlight
                                                  problems within the organisation.

Consideration of possible solutions               What-if scenarios can be run to provide best
                                                  possible outcomes.

Choosing a solution                               Solutions can be decided upon based on the
                                                  results of financial and logistical analysis.

Implementing the solution                         Trends can be monitored as a solution is
                                                  implemented to make sure all goes according
                                                  to plan.

The form of the decision can then be…             Which can be supported by the MIS as
Structured (i.e. repetitive, routine, definite    The decisions themselves can be built-in to
procedures)                                       processing systems which feed their results
                                                  back to the MIS to be monitored and/or
Unstructured (i.e. require judgement, insight,    Given all of the available information –
evaluation)                                       provided by the MIS – a manager may make a
                                                  decision based on their evaluation of the
                                                  current state of the organisation.

Typical Functions of a Management Information System…
       A comprehensive database holding all the information about products, customers,
        suppliers and finance that would be needed to provide managers with reports for
       The ability to analyse the information in the database to highlight situations that need
       The ability to show figures over a period of time, perhaps in graphical format including
        production and sales figures.
       Ability to show a snapshot of the company’s financial situation over a period of time.
       Ability to perform ‘what-if’ calculations to show what the effect would be of raising
        production levels, hiring more staff, acquiring a new building etc.
       Warning signals to indicate that decisions are required, such as low stock levels,
        expenditure exceeding information, numbers of faulty products exceeding expectations
       Audio and visual warnings when incoming orders exceed production capacity.
       Daily calculation of productivity levels by analysis of costs and output.
       Monthly graphs of price comparison with competitor goods or services resulting from
        regular market research.
Information Systems Can Be Drawn…

                                                                                                  Members of staff “swipe in” and
                                                                 HelpDesk staff take              “swipe out”, admin’ staff record
                                                                     support call                   holidays and sick leave etc.

                                   Admin’ staff record
                                     stock received,
                                    Engineers record

                                                                                                                                                                                  Data on operational status of network is collected as an automated process.
                                      stock used in
                                 response to HDR call.
                                                                                                      Staff presence/absence             Local Area Network (LAN) or
                                                                                                          and other data.                 Wide Area Network (WAN)
 Changes in stock levels.

                                                              Support call details (e.g.,
                                                              project, fault call or other).

                                       HelpDesk Reference
                                          (HDR) Software
                                                                                         Provides list of engineers on                             Personnel Database
                                  Holds details of the status of all
                                                                                         shift with relevant experience                       Contains staff data, e.g., which
                                  ICT support calls (e.g., to which
                                                                                       (e.g., infrastructure, applications,                    shifts should be worked, staff
                                      engineer a call has been
                                                                                    project management or programming).                         number, contact details etc.
                                    assigned and what work has
                                      been done on it to date).

                                                                                               Provides details of network status (e.g., whether
                                                                                               a server is running [up or on-line], hardware and
                              Provides details of what hardware and                               software installed and network statistics).
                            software is in stock for a given support call.

                                          Stock Control                                     Each module of the MIS                               Network Management
                                            Software                                     contributes to the management                                  Software
                                   Holds details of the hardware                           decision-making process...                          Holds details of the current
                                       and software kept by                                                                                     operational status of the
                                   department for use in projects                                                                              network, plus hardware and
                                          and fault calls.                                                                                        software inventories.

        Reports                                                                                              Queries

        HelpDesk:                                                                                            HelpDesk:
        What are the major fault calls?                                                                      Retrieve details of specific support calls.
        What are the major user requests?                                                                    How many fault calls or projects are “in-hand” at present?
        How fast are they being dealt with (meets Service Level Agreement)?                                  What engineer is dealing with a specific call/s.
        How are individual engineers performing?                                                             What user has placed a given call or number of calls and user details.
        What’s the average workload of an engineer?
                                                                                                             Stock Control:
        Stock Control:                                                                                       Is a given item in stock?
        How much stock is being held?                                                                        How many are in stock?
        Does this meet or exceed operational requirements (e.g., too much                                    Is it or are they marked for work in progress?
        sitting around doing nothing)?
        Any stock missing without explanation?                                                               Personnel:
                                                                                                             Who is on holiday or sick leave?
        Personnel:                                                                                           What holiday is due to a given member of staff.
        Sick leave - are any staff taking more sick leave than others?                                       How many hours has a given member of staff worked in the last week
        How many hours are staff working?                                                                    or month?
        Training requirements.
                                                                                                             Network Management:
        Network Management:                                                                                  Is a given server “up”?
        How has the network been running?                                                                    What Operating System (OS) is running on a given server?
        How many PC’s, what software to bill for support?                                                    Status of server OS or other software (e.g., anti-virus status).
Information Systems and the Law…
Any organisation (i.e., any business, charity, public service organisation or even a small village
social club) using a computer to store information has a legal responsibility under at least two
very specific pieces of legislation*.

The Data Protection Act 1998.
All computer systems dealing with personal data (i.e., data that can identify a living individual)
must be registered under the Data Protection Act 1998.

This school deals with a great deal of personal data (that of students and staff) and the
responsibility for registering the school’s information systems will be with either the school
(e.g., a nominated member of staff) or possibly with the Local education Authority (LEA).

Users in a company who develop their own systems for processing personal data should inform
their manager and seek advice on registration from someone familiar with the process.

Users of personal data must be aware of the eight principles which apply to such information,
these are detailed below as an extract from the Information Technology Security and Licence
Control Standards – Data Protection Act 1998…

Personal data shall be:
   1) Obtained and processed fairly and lawfully.
   2) Held for specified lawful purposes.
   3) Not used or disclosed in a way not compatible with the purpose(s).
   4) Adequate, relevant and not excessive for the purpose.
   5) Accurate and up-to-date.
   6) Not kept longer than necessary.
   7) Available to the data subject.
   8) Kept secure.

The Data Protection Act 1998 affects the operations of business communications systems in the
following ways…
       Access to individual’s information – only those who need such access should have it.
       Security of information – Information should be kept secure.
       Ownership of information – It should be plain which departments/individuals are
        responsible for the information.
       Accuracy of information – Processes should be in place to make sure that information
        collected is accurate and that such accuracy is maintained (e.g., changes of
        address/marital status).
       Ability to sell the information – Some businesses collect information with the intention
        of selling it on to third parties (e.g., lists of names & addresses of people that have
        purchased new cars may be useful to motor insurance agencies).
       Costs incurred in meeting the Act – ICT hardware and software, training, staff to
        maintain databases.
The Computer Misuse Act 1990.
The Computer Misuse Act 1990 was passed to deal with the problem of hacking of computer
systems. In the early days of hacking the problem wasn’t taken very seriously – it was seen as
mischievous behaviour, rather than as something which could cause serious loss or problems to
companies, organisations and individuals.

However, with developments in technology the issue has become more serious and hence
legislation was introduced to recognise three key offences:
    1) Unauthorised access to computer material.
    2) Unauthorised access with intent to commit or facilitate commission of further offences.
    3) Unauthorised modification of computer material.

Most organisations therefore require that users must be able to demonstrate that adequate
precautions have been taken to prevent the occurrence of any of the following three criminal

Unauthorised access to computer material
This is the lowest level of offence. It includes, for example, finding or guessing someone’s
password, then using that to get into a computer system and have a look at the data it contains.
This is an offence even if no damage is done, and no files deleted or changed. The very act of
accessing materials without authorisation is illegal. This offence carries a penalty of
imprisonment up to six months and/or a fine.

Unauthorised access with intent to commit or facilitate commission of further offences.
This builds on the previous offence. The key here is the addition of ‘intent to commit...further
offences’. It therefore includes guessing or stealing a password, and using that to access material
or services without the consent of the owner. For this offence the penalty is up to five years’
imprisonment and/or a fine.

Unauthorised modification of computer material.
This could include deleting files, changing the desktop set-up or introducing viruses with the
intent to impair the operation of a computer, or access to programs and data. The word ‘intent’
means it has to be done deliberately, rather than someone deleting files by mistake. This also
includes using a computer to damage other computers outside of the organisation, even though
the computer used to do this is itself not modified in any way. This offence carries a penalty of
up to five years and/or a fine.

 Legislation – Laws that are enacted, in the case of the United Kingdom, by parliament or the
European Community.
Task (40 to 50 Minutes):

    (1)       From the diagram above, what measures could be taken to minimise errors in the
              stock control system through incorrect manual data entry?

Automate the system – use bar codes on stock items which can be scanned upon receipt, matched
to a database of orders placed and awaiting delivery. Items delivered can be automatically
marked as in stock. When items leave stock, they can be scanned again and the system will
remove the item from the stock list and can be set to warn when stock runs low and needs to be

    (2)       Why is it important that key data, such as personnel details are adequate, relevant
              and not excessive for the purpose, kept secure, accurate and up-to-date, not kept
              longer than necessary and are available to the subject?

These are the stipulations laid down in the Data Protection Act 1984 by which any company that
operates a computer system containing personal data must abide, in addition it is important that
all users take precautions against offences committed under the Computer Misuse Act 1990 (e.g.,
not securing personal data would breach the Data Protection Act and allow unauthorised access
to the system, a breach of the Computer Misuse Act).

    (3)       What security procedures should any organisation follow in holding/accessing the
              information shown above?

         Require log-ins – usernames and passwords for each individual user accessing the
          Users can be allocated levels of access to the system – e.g., admin’ staff may only
          have access to add stock to the database, but not remove it. Managers may be
          given access to personnel details restricted to all other users. Network
          administrators may have full access to the network management software, whilst
          managers might have access to viewing/printing reports.
         Where there is a realistic possibility of the theft of a computer or disk that holds
          personal data, that data should be password protected or encrypted. This applies
          particularly to data held on portable PC’s or where offices are particularly
         Floppy disks holding personal data that is not encrypted should be securely
          locked away.
         Users should log off or use password protected screen savers if their PC is left
          unattended for any length of time.
         Care should be taken to prevent unauthorised viewing of screens holding personal
          data, by proper positioning of the hardware and the use of screen savers.
         Print-outs of personal data should be securely locked away, or disposed of using
          confidential waste disposal procedures.
         Regular backups, stored in a secure location – discuss the following basic
      (industry standard) strategy: Grandfather, Father, Son (GFS)…
      The GFS tape rotation strategy is based on a 7-day schedule (Sunday through
      Saturday), in which you create at least one full backup each week. The rest of that
      week's backups can be full or differential. (A differential backup saves only the
      files that changed since the last full backup.)

      Regardless of the number of full backups you create during the week, the LAST
      full backup of the week is considered the WEEKLY backup. You can reuse
      (recycle) the DAILY and WEEKLY backup tapes or take them offsite for
      permanent storage.

      In GFS terminology, the DAILY backup is the son and the FULL WEEKLY
      backup is the father. The last full backup of each month is considered the
      MONTHLY backup. In GFS terminology, it is the grandfather. The MONTHLY
      backup is always permanent – it cannot be reused. It’s a good idea to store
      permanent tapes offsite and all other tapes in a secure location (e.g., a fireproof
     Lastly, physical security – secure premises, locks alarms, steel cables secured to
      PC’s and other equipment can guard against theft.

(4)       How can information stored in the above Management Information System (MIS)
          be used to help…
          The Network Manager – at her monthly meeting where she has to report on the
          performance of the network (e.g., whether all servers were up and running and
          performing tasks properly; were there any security breaches, i.e., hacking?; was
          the system badly infected by any new viruses or not?)
          Supplemental – What information would the network management software of the
          school’s network have recorded in the last two months – has there been a period
          where there were any problems? What information would you expect the school
          system to provide and does it do what you would expect? Check with the school’s
          network manager and see if it’s convenient to ask a few questions about the sort of
          network management systems the school uses.
          The Personnel Manager – reporting on the amount of sickness absence amongst
          staff in the last two months and on the amount of overtime paid last month to
          Operations Manager – who has to report on all aspects of the organisation to the
          managing director. In his monthly meeting, he has to report on (amongst other
          things) the amount of stock held and whether he should hold more or less, he has
          to report on his staffing levels and whether he needs more or less staff to cover for
          holidays, sickness and the workload generated by the HelpDesk Reference calls.
          Write an account (of no more than 200 words for each manager; 600 in total) of
          how the MIS will help each manager to achieve their objectives, drawing
          information system diagrams of where the information for each manager comes
          from, what system (e.g., stock control, network management or personnel)
          processes the information and how the information is presented (i.e., the format of
          the output – reports or queries).
Review of answers and class discussion (10 to 15 minutes).
This is an open-ended task. Questions 1 to 4 can be discussed with a huge variety of suggestions,
however, those pointed out are the most obvious and cover the requirements of the AVCE

For example, the physical security of a building or site can be discussed in far greater detail than
befits the AVCE.

Also note that there is no particularly right or wrong answer for question four. The information
system diagrams required either clearly show the information flow, processing and output or
they do not. In addition, a student’s explanation of how the MIS can aid management decisions
can include various examples of what specific information is drawn from the system (e.g.,
number of holiday days an employee is allowed and how many they may have left to take), but
the answer for each manager must include one or more clear examples of specific information
and how this aids the manager present information and thus make decisions.

To top