After completing the module, you should be able to:
1. Demonstrate an understanding of information needs within different functional areas of organisations.
2. Identify and compare information systems within different functional areas of organisations.
3. Use information systems to produce management information at middle and senior management levels of organisations.
4. Identify and examine the legal implications associated with information handling and security.
5. Identify and examine the ethical implications associated with information handling and security.
Responsible Global Citizen - Understand global issues and their place in a globalised economy, ethical decision-making and accountability. Adopt self-awareness, openness and sensitivity to diversity in culture.
You have been engaged as a MIS consultant for the following organization.
“Secure Asset Management” – often known as SAM - specialize in ultra-high secure data storage and digital asset management. Their clients are primarily in the banking and financial services industries – but not exclusively. SAM is not a bank or traditional financial institution. It does not store money in any form. However, it does store something even more important – sensitive corporate data. Examples of such data include: internal accounts (as opposed to publicly disclosed accounts), auditing reports, staff and salary data, back-ups and archives of operational data, regulatory & legal data, corporate strategy data including market share, competitor analysis and take-over/merger & acquisition target data. Not the kind of stuff their clients want floating around on the internet.
Because of their main client base, they are headquartered in the City of London, where existing and prospective new clients can come in and meet the firm face-to-face. The staff here include all central services plus the CEO and senior management team.
Apart from the London HQ, the company also owns and operates two ultra-secure data centres – named DC1 and DC2 - where all the above client data is held. Security is obviously of utmost importance. For that reason, DC1 is located on an abandoned oil rig 100 miles out from Aberdeen, Scotland in the North Sea while DC2 is located in a de-commissioned nuclear bunker complex somewhere in remote Wales. For enhanced resilience, data is ‘mirrored’ (duplicated) at both centres. All data is managed locally ‘on-premise’.
When trying to win new business, most clients want to see high-quality video presentations of the data centre security and what services the company can offer. Sometimes the clients will come to the London HQ, other times they want to view the presentations at their own premises. All this audio-video data has to be stored, transferred and presented smoothly and securely in the conference room – potentially at any time.
Another lucrative part of the business is the installation of tamper-proof hard drives and other physical computer security devices to the actual client laptops and desktop computers. This cannot be done on client premises and so the company has a specialized facility on the outskirts of London where all such work is done by company technicians. Unlike data itself, the laptops and desktops cannot be sent down a wire or transmitted over the air – they must be physically collected and delivered by company vehicles – known as Secure Transit Vehicles. Each has a unique number (STV1, STV2 etc.) There are currently ten such vehicles. This transit operation is a major security concern and so all vehicles – as well as being physically secure – must be tracked at all times. Each client device must also be uniquely trackable. The whole collection-delivery-fix-return lifecycle must be fully tracked and audited – just in case a device goes missing or there is an attempted robbery.
Clients have also expressed a desire to be able to track their devices in real-time.
More recently, the company has added a third type of service - over and above the traditional secure data centres and the enhancing of client devices at its factory. This involves the supply of a Personal Data Guard - like a bodyguard but for data rather than people. Many staff at blue-chip banking and financial clients have to regularly go overseas – often to hostile environments and they are naturally concerned about their own personal safety but also the safety of their computing devices and the sensitive data held on them. They want to feel safe. SAM satisfies this need by supplying – either on a regular, contract basis or an irregular ad-hoc basis – a dedicated individual (or even a whole team) who can protect the client, their computing devices and their data from unwanted attention. Such staff are almost exclusively drawn from the special forces who have the training to deliver this service.
At present, the company have several major concerns:
1. The safety and security of ‘on-premise’ data storage, backup and recovery and business continuity in the case of a catastrophic data loss at one of the sites – even allowing for the mirroring across both data centres.
2. The current weakness in using data more strategically to plan the future growth of the business. For example, the board would like to know which clients are least/most profitable? Which types of service and data are most common and which are most/least profitable? Are there any patterns or trends hidden in the vast amount of data they store?
3. The impact of the new GDPR data protection legislation coming into effect. The company are very sensitive to data leaks and reputational damage – probably more than most companies – for obvious reasons. Staff vetting, secure data storage and data transit are vital.
4. The lack of in-house IT skills and due to the central London location of the company HQ (where the small IT department is based) – they are worried about the cost of recruiting and retaining the required new IT skills in such a competitive IT recruitment market.
5. The company wants secure 24 x 7 off-site access to the London HQ systems by HQ staff – perhaps because they are working at home or away seeing a client. For security reasons, only the staff physically inside the London HQ can access the two data centres and so remote access to DC1 and DC2 is not needed.
For the specified case study, use the information provided, plus your own research into similar organizations, to list and describe the various functional business units that you deem necessary for it to carry out its business. Take care to describe not only the primary purpose and function of each unit, but also the in-going and out-going types of data to that functional unit. To what end is that data used within each business unit?
It is recommended that you support your discussion with a fully annotated structure chart and one or more data flow diagrams to represent how these various business units relate to each other and how data flows in, out and around the organization.
For the specified case study, explain to the company board, in your role as an MIS consultant, the key concepts and differences between:
• Operational data
• Tactical data
• Strategic data
You should clarify how these three levels relate to the hierarchy of business units you described in Task 1 and identify and compare information systems within different functional areas of this organisation. It is recommended, for ease of comparison, that you present this analysis as a table or matrix. Well-annotated diagrams are also a good idea.
For the specified case study, by conducting suitable, fully referenced research, advise the board, in your role as MIS consultant, on suitable technological solutions to implement the following ideas:
• Operational database and CRM technologies and products
• Data warehousing, data mining and data analytics (‘big data’) options
• Cloud-based and out-sourced data management platforms & services
• Web-based and mobile (24 x 7) access to all these platforms
For each category, describe the key concepts, applications and business benefits before looking in detail at least one specific real-world example from each category. Be sure to include a website image and the full web address of each product.
Whereabouts in this case study organization will each of these technologies be best used? Who will use them and for what purpose?
Your final task is to advise the board of this case study on the professional, ethical, legal and social considerations of implementing and using MIS platforms, or indeed, of any IT system.