Recent Question/Assignment
Assessment 1 – Written Report
Instructions:
This is an individual assessment.
In this assessment, you will need to analyse the scenario based on Herriard Pty Ltd.’s IT requirements and a possible IT solution and then write a report regarding procedures to assess, validate, manage and communicate that solution.
The company detail and other supporting information are provided in the Appendix A.
Trainer will be the representative for the company and your main point of contact regarding the assessment.
He will be also providing further clarification if required to complete the task.
Duration:
Trainer will set the duration of the assessment.
Assessment task will be handed out on the 1st week of the cluster and need to be completed over the 4 weeks of cluster duration.
Your tasks:
Write a report (approx. 1500 words) on assessing, validating, managing and communicating procedure for Herriard Pty Ltd.’s IT requirements and a sample IT solution.
The report should address:
1. Manage identified client IT requirements and scope of solution
? Purpose of this task
? Solution Scope Management
? Conflict and Issue Management
? Presenting Requirements for Review
? Techniques for this task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
2. Assess Proposed Solution
? Purpose of this task
? Ranking of Solution Options
? Identification of Additional Potential Capabilities
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
3. Allocate Requirements
? Purpose of this task
? Solution Components
? Release Planning
? Techniques for this task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of the task
4. Assess Organisational Readiness ? Purpose of this task
? Cultural Assessment
? Operational or Technical Assessment
? Stakeholder Impact Analysis
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
5. Define Transition Requirements
? Purpose of this task
? Data
? Ongoing Work
? Organisational Change
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
6. Validate Solution
? Purpose of this task
? Investigate Defective Solution Outputs
? Assess Defects and Issues
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
7. Evaluate Solution Performance
? Purpose of this task
? Understand Value Delivered By Solution
? Validate Solution Metrics
? Solution Replacement or Elimination
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
8. Manage requirement relationships and dependencies
? Purpose of this task
? Relationships
? Configuration Management System
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
? Requirements management tools (only one which is the most appropriate/applicable to this scenario)
9. Maintain Requirements for Re-use ? Purpose of this task
? Ongoing Requirements
? Satisfied Requirements
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
10. Prepare Requirements Package
? Purpose of this task
? Work Products and Deliverables
? Format
? Additional Considerations for Requirements Documentation
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
11. Communicate Requirements
? Purpose of this task
? General Communication
? Presentations
? Effectiveness Measures for communication skills
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
Appendix-A
Herriard Pty Ltd Case Study
Introduction
Herriard Pty Ltd is a company that manufacturers office furniture for businesses. It specialises in office fit outs and most of the production is made to measure. It produces desks, cabinets, cupboards, shelves, etc., in a variety of wood types and melamine finishes. It prides itself in its craftsmanship and currently all design drawings are produced manually and there is no automation of the factory.
There are sales offices in Sydney, Melbourne and Brisbane. The manufacturing takes place in Wollongong (NSW) and furniture is shipped using contract hauliers from the factory direct to the customer’s site. The head office is also in Wollongong on the same site as the factory.
Herriard also purchases furniture such as chairs so that it can provide the client with a one-stop furniture facility. It started seven years ago and has grown steadily over those years with all growth financed internally. In the last two years sales really took off and increased by 40% each year. It now has a turnover of $35M and around 1000 customers.
Staffing
There are head office/factory staffs of around 30 and the following organisation chart shows the senior managers.
Excluding the managers shown, there are 5 people working in Finance, 3 in general administration. There are 15 people working in the factory and 2 in HR.
In each branch there are managers and staff as shown in the table.
Branch Manager’s Name Staff
Sydney Frank Gifford 13
Melbourne Julia Stern 10
Brisbane David Wong 7
Sales office activities
Each sales office has account managers who spend time on the telephone calling prospective customers, visiting customer sites and also working in the sales office. They have some basic brochures but most of the sales are made to order. Customers may also walk in 'off the street' to visit the showrooms, which contain examples of the furniture produced laid out in office displays. The offices have been strategically located in areas where there are many business offices such as North Sydney. Each customer will be allocated an account manager who will look after that customer.
Once a customer has expressed interest in the furniture the account manager will obtain the details, measurements, style, finish, etc., and produce a simple diagram of the requirements. The account manager should also be able to give the customer an estimate of the likely price at this stage. When this ballpark figure is agreed with the client the diagram and sales notes are passed to a designer, also in the local office, who will develop the detailed plan which will be used in manufacturing. The designer will then work out the final price for the customer. This may require the designer to contact head office to check prices, availability, etc.
Once this plan has been completed the account manager will usually visit the customer, or get the customer to come to the office, so that the customer can sign off the plan as representing their requirements. A 20% deposit is asked for and a handwritten receipt is given to the customer.
The agreed plan is then sent to Wollongong to be manufactured.
If the client has ordered other furniture which is not made by Herriard then the local sales office will place orders on the distributor and will ask the distributor to hold the items until the bulk of the Herriard furniture is ready to be shipped to the customer.
Purchasing
There are three types of purchasing processes, which are currently performed independently.
Factory
The factory maintains small amounts of raw materials but since Herriard prides itself in making furniture in many different finishes it normally orders in sheets of timber or melamine when it gets the customer order.
When the customer order is received a clerk at the factory will check the design and then work out the materials that are required. These will then be ordered specifically for that customer.
Sales offices
Each sales office will place orders for items that customers require which Herriard does not manufacture. These tend to be local suppliers and each office is free to negotiate their own terms.
In addition each office has a budget for other purchases such as office supplies, sundry requirements, etc. Any item over $2,000 has to be approved by the head office.
Head office
All other purchases are made through head office.
Computer systems
Herriard has the following computer systems in place:
Location Hardware Software Used for
Head Office 15 PCs, on average about two years old. All networked together. One Windows Server 2003 and all others running on
Operating System Windows XP
Office suite,
Accounting software with inventory module. Accounting and finance, letters and
documentation, keeping track of materials in the factory.
Sydney Sales office 3 PCs used standalone Windows XP and
Office suite Letters and quotes.
Melbourne
Sales office 2 PCs used standalone Windows XP and
Office suite Letters and quotes.
Brisbane Sales office 2 Mac computers used standalone Windows XP and
Office suite Letters and quotes.
With such a small company no one has really been responsible for the computers and each sales office has been allowed to do their own thing provided they had the budget to cover the cost. At head office, each department had acquired PCs and about two years ago they were networked using the services of a local Systems Integration firm called Wollocomp who has provided support as required since then.
Customers
Customers may be analysed as small, medium and large. The small customer may be a small organisation with two or three offices to equip. The average order value for these customers is around $7,000.
Large customers may be equipping whole buildings or floors of buildings and these average orders are around $75,000.
Medium customers average around $20,000 orders.
The breakdown of customers is shown below:
Location Small Medium Large
Sydney 400 75 10
Melbourne 300 40 8
Brisbane 100 15 2
The business is such that once a customer has purchased from Herriard they may go two or three years before they need any more major purchases and so each year the sales force has to find new customers. There would be around 1000 to 1200 invoices issued each year.
There does not appear to be any seasonal trend in the sales patterns and sales are fairly even throughout the year.
Purchases
To obtain the best prices Herriard has restricted the purchase of raw materials to a few suppliers. Each order is normally for the equipment to be made out of the same material and so would generate maybe four or five purchase orders. Herriard will keep in stock, items such as handles, hinges, locks, etc. and again only purchases these from a handful of suppliers.
Since each office is allowed to make use of local suppliers for items not manufactured by Herriard there are also several suppliers for each sales office. The details are shown below:
Location Suppliers
Head Office Manufacturing 20
Head Office Administration 60
Sydney 30
Melbourne 20
Brisbane 15
It is rare that a sales office will purchase from the same supplier as used by another sales office since each will use a local supplier.
The sales office will place an order with the local supplier but all financial transactions are processed at Wollongong. When the goods are received a copy of the delivery document is posted to Wollongong and the supplier will send invoices directly to Wollongong.
Payment to suppliers is normally made within thirty days.
Sales processing
When the customer signs the contract a copy of the contract, the design and the deposit is sent to head office and the originals are filed in the sales office.
The cheque is banked and the transaction is recorded in a spreadsheet. It is not put into the accounting system at this time since cheques cannot be received unless there is a corresponding invoice already in the system.
When the designs are received in Head Office they are checked and an estimator works out the requirements for the design. This is costed and compared to the quoted selling price. Herriard normally expects to make 40 to 50% gross profit on orders.
The order is passed to the manufacturing manager who looks at the factory schedule and estimates how long this will take to make and when it can be competed. A fax is sent back to the sales office so that the customer can be informed and the delivery and fit out scheduled.
The sales order will be entered into the accounting system.
Meanwhile, in the sales office a list of non-Herriard items is compiled and these are given to a clerk who will contact the appropriate supplier and confirm prices and times for delivery. Orders are placed on these suppliers.
In the factory the orders are scheduled basically as they are received and placed in a large in-tray. The foreman is responsible for ensuring that the carpenters are kept busy and will allocate the orders when required.
When the order is completed a fax is sent to the sales office detailing the date of delivery. The sales office will convey this information to the customer and organise final delivery details. At the same time the suppliers of other furniture will be contacted and their deliveries scheduled to coincide with that from Herriard.
When the furniture is delivered a dispatch document is created and a copy of this is sent to the accounts department. When this is entered into the system an invoice will be generated and this is mailed to the customer.
Terms are payment within 30 days and debtors are tracked in the accounting system.
Herriard Pty Ltd Report Guidelines
Herriard Pty Ltd has been conducting business at a lower than ideal profit margin due to inadequate Network and systems security policies and procedures. Head office has provided an overview audit of current problems affecting the business that need to be addressed.
Information Technology Goals at Herriard Furniture Pty Ltd
The following targets have been set at Herriard Pty Ltd:
? Inventory Management System to solve problems like processes based on paperwork, high human fault rate, untraceable process and tracing of the inventory losses, no efficient logging systems
? To have equipment operational for 99.5% of the time
? Downtime on primary servers should be covered by appropriate secondary sources of information, in light of the recent unfortunate event of the server disk becoming full.
? More secured staff system. (in terms of the permissions and access rights given to them) ? The internal network of head office which they use needs to be more secured.
? They also want the system and network protected from the external threats which may cause trouble in the network functioning and lead to monetary loss.
? A secure means of notifying head office of that a local sales office has ordered stock from third party suppliers.
? A clear escalation policy and procedure is to be in place to handle the situations beyond the scope of the problems that IT staff have been trained to accommodate (in line with company guidelines)
? Given the present company security policy of email data to desktop machines being accessible only from the office computers, the company wants to provide staff with a form of free roaming email access.
? The company has been experiencing a high frequency of interstate administration calls. This has in turn caused a rather high telephony bill between the three offices, each averaging sixty dollars a day on interstate phone calls, which is diminishing the budget for other services. The head office has ordered that a solution be implemented as high priority. Notably suggested by Wollongong computer support was the possible implementation of a VoIP system, to allow more phone calls between interstate offices without incurring high costs, and to allow further customization and better communication of the existing telephony system across the country.
? The Information Technology advice on the VoIP system obtained must state which Voice service provider will best provide service to Herriard as a communication carrier and why. An in-depth comparison is requested for the purposes of keeping the management and finance department content about the provider.
Herriard Pty LTD
Information Technology - General Policy
1. Introduction
Herriard Pty LTD has a growing dependency on its information systems, data, and information processing capabilities. The use of IT systems and infrastructure is critical to the organization in achieving its business goals.
The objective of this policy statement is to specify the IT requirement for the organization along with the associated roles and responsibilities.
For the purposes of this policy the following definitions are assumed:
? Data - this is any information stored on electronic media or sourced through network connections;
? Information - in most cases this is interchangeable with data but also includes reports generated from Herriard Pty LTD systems; and
? Information Systems - this includes all hardware, software, applications, source code, network equipment and communications equipment.
2. Purpose
This policy provides general IT requirements for the Herriard Pty LTD computing environment along with the roles and responsibilities to implement and maintain the organizational IT environment. All other policies, procedures and practices must comply with these requirements. Additional policies will identify more detailed procedures to be used in operating, securing and protecting the various Herriard Pty LTD IT resources. Where no specific policy is available, this policy can be used as a guide.
3. Scope
This policy applies to all Herriard Pty LTD employees, whether on a permanent, temporary or volunteer basis and covers all Herriard Pty LTD IT infrastructure including Hardware, Software, Firmware and Communications.
4. Statement of Policy
It is the policy of Herriard Pty LTD that all systems and information utilized in the course of business are considered as assets and as such, managers, supervisors and employees are responsible and accountable for their protection. It is the IT Security Manager's responsibility to maintain security and integrity through the introduction and administration of appropriate controls. It is each manager's responsibility to comply with the CEO directives, formalized controls and statutory requirements, regulations, directions in order to:
? Protect systems and information from intentional or accidental disclosure, modification or destruction;
? Ensure the integrity and audit ability of information created and maintained within the Systems department;
? Minimize the duplication of effort; and
? Prevent the introduction of Computer viruses on computer systems.
Herriard Pty LTD retains the exclusive right of ownership of all computer systems and information assets. Each Department’s staff is the custodians of these assets and are responsible for the integrity of processing and safeguarding of these assets.
Any developments produced with the aid of departmental systems remain the property of Herriard Pty LTD unless specific agreement to the contrary has been made and documented. Work products are defined as including, but not limited to, departmental related computer programs and documentation, any related data, plans, images, reports and procedures.
5. Responsibility for Information Systems
The overall responsibility for IT systems and infrastructure resides with the Chief Executive Officer and senior management.
The IT Manager is responsible for determination, recommendation, implementation and maintenance IT Systems. Any determination, recommendation, implementation and maintenance of IT Systems must be reviewed by the IT Security Manager and request for any activity is undertaken as directed or approved by the Chief Executive Officer.
The IT department is responsible for making sure that all affected parties are aware of this policy and that this policy is being observed. Every employee is responsible for protection of Herriard Pty LTD information assets, including information systems equipment, software and data. Every employee is responsible for the protection of access to his/her accounts on the various Herriard Pty LTD systems (i.e. UserlDsand their associated passwords).
Information systems security is the responsibility of every employee. No employee shall divulge Herriard Pty LTD information to outsiders except on a need-to-know basis subject to the approval of the Manager of the department deemed to own the data. In cases where information is deemed to be owned by more than one department then approval must be sought from the Managers of each concerned department. Additionally, appropriate nondisclosure agreements should be signed.
Every Herriard Pty LTD employee who observes or suspects any actions by others which appear to be in noncompliance with this policy should notify the following:
? Their Manager; and
? The Chief Executive Officer or the IT Manager directly.
6. User Identification
No one can access Herriard Pty LTD information systems without an authorized UserlD.
To receive a UserlD requires approval of the staff member's Department Manager. Applications should be made in writing or using available forms via the staff member's Department Manager.
Staff who require their UserlD to have access to data owned by another department require the approval of the Manager of that department.
Each user is responsible for all activity that is carried out by their UserlD.
UserlDs may be revoked at any time.
UserlDs will be disabled if they are not used for period of 90 days.
UserlDs should be locked or disabled when an incorrect password is entered three consecutive times.
Each user must change his or her password at least every 60 days. Information Systems applications should be programmed to require this.
Systems developed or implemented by Herriard Pty LTD employees should be configured so that only users with authorized UserlDs can access them.
Users should be aware that any access or operations on any of Herriard Pty LTD systems may be logged.
7. Human Resources Practices
The Human Resources Department will ensure all new employees are informed of the importance of information systems security and their responsibilities during induction and orientation.
The IT department will be notified by the Human Resources officers promptly of every employee commencement, transfer or termination of service in order to ensure that information systems access privileges are adjusted or revoked as needed.
The Systems department should be notified by Herriard Pty LTD Departments of changes to employees' job functions in order to ensure that information systems access privileges are adjusted as needed.
All employees must sign that they have read, understood, and shall abide by the associated security and operations policy.
8. Access to Equipment
Only authorized Herriard Pty LTD staff and authorized non-Herriard Pty LTD personnel will be provided access to information systems equipment resources.
All authorized Herriard Pty LTD and authorized non-Herriard Pty LTD staff will make their best efforts to protect all information systems resources assigned to their responsibility against physical damage, and theft.
The IT department is responsible for controlling access and providing adequate protection to Herriard Pty LTD information systems resources.
The individual Departments are responsible for controlling physical access to the workstations and any servers in their department domains.
9. Access to Data
All data files on Herriard Pty LTD information systems will be protected against unauthorized changes by the best efforts of the concerned staff. Sensitive data files (as determined by the owner of the data) will be protected against unauthorized reading and copying.
Herriard Pty LTD information systems shall be programmed to control which UserlDs can read and which ones can write to any given file. These permission levels will be determined by the Department Manager and Data Owners.
10. Data Storage
All corporate data will be centrally stored on appropriate storage systems. This data will be adequately protected and retrievable to any day within the current calendar month and then to the last day of each calendar month.
Unless otherwise stated by system / application requirements, data will have an availability of 99.99% to users.
All users will have access to a personal storage area (home directory), shared departmental storage and shared corporate storage. The shared corporate storage is to be a temporary storage area available to the entire organization and will not be the permanent location for any data. Data older than one month will be automatically deleted from this storage.
Additional data storage will be provided by the IT department as required in line with business requirements.
11. Data Classification
Information assets are to be classified according to their sensitivity and criticality. Where possible every data file (with the exception of those designated -unclassified-) shall be associated with an owner or an application. Unless otherwise specified, the owner of a data file is the Herriard Pty LTD department which requested or paid for the systems or programs that created it. The classification categories to be used are described below:
Confidential - Distribution is to be limited to employees who have an explicit business need to know. Access to or copying of confidential information is at the discretion of the owning department manager. Confidential information must be stored under security. Included in this category, but not restricted to, are object locations, name and address details of donors wishing to remain anonymous, building security data, technical documentation, passwords and source code.
Restricted - Distribution is limited to employees who in performing their duties have a need to know this information. Restricted information should be stored under security. Access to or copying of restricted information should be permitted only with officers with a business need to know. Included in this category, but not limited to, are payroll information, some accounting information, name and address listings, building plans.
Internal Use Only - Distribution is restricted to use within Herriard Pty LTD for business related purposes. Locking is optional. No controls over disclosure or copying within Herriard Pty LTD are required.
Unclassified - All information which does not fall into the above categories and therefore does not require control over disclosure.
12. Access to External Networks
All access to external networks is prohibited unless the connection is made by a secured method approved by Senior Management and implemented by the IT Department.
Confidential data files and passwords must be encrypted whenever they are being transmitted across or exposed to publicly accessible networks.
Passwords must be encrypted when stored on any system and when transmitted across publicly accessible networks.
Internet access is governed by the Internet Policy.
13. Access to On-line Systems
Access to any on-line system is allowed only to UserlDs that have been authorized and approved to have access to that system. A number of techniques will be used to control access to on-line systems and terminals. (Physical barriers, access control software, dial-back system, automatic shutdown of idle terminals.)
14. Personal Computers (Workstations)
Microcomputers are high value, easily transportable items. Care must be given to environmental protection, including electrical power, management, anti-static measures, good housekeeping procedures and sound magnetic media protection practices.
Information processed by microcomputers must be protected to assure availability, accuracy, integrity and privacy. Media should be handled, stored and disposed of in a manner consistent with its importance and sensitivity. Access to data files and software must be restricted to authorised personnel.
Monitoring of all microcomputer hardware and software will be an ongoing program, to ensure that:
? There is optimum system performance;
? Efficient configurations;
? Software copyright is adhered; and ? No software viruses.
The IT department is responsible for the implementation and maintenance of user workstations. The department will develop a standard operating environment for all users to access within the organization. This will include operating systems, access methods, applications and appearance. Appropriate training will be provided by the IT department.
The IT department is responsible for developing guidelines and procedures for protection of standalone computers and the data processed on them. When standalone computers are connected to telephone lines, they are considered to be networked and therefore subject to the same threats as networked workstations. Therefore, they are to be controlled and protected in the same way as those on Herriard Pty LTD networks.
The IT department will maintain an appropriate asset register for these devices and ensure hardware specifications match organizational requirements
14. Centralised Equipment
The IT Department is responsible for the procurement, implementation and maintenance of all centralized IT equipment. This includes but is not limited to items such as file servers, application servers, network devices, communications devices and printers.
Monitoring of all centralized hardware and software will be an ongoing program, to ensure that:
? There is optimum system performance;
? Efficient configurations;
? System and data integrity is maintained
? Logs containing access information is available as required.
The IT department will maintain an appropriate asset register for these devices along with appropriate configurations, management and fault history documentation.
15. Information Systems Contingency Plans
The IT department is responsible for developing and coordinating disaster recovery plans for all departments in the event of a short-term loss or the destruction of Herriard Pty LTD information systems processing function. These plans will detail the ability to effect resumption of business in the shortest possible time in the event of a contingency being realized. Senior Management, Department managers and Application Owners will be required to advise the IT department as to the required availability of each system, application or network.
Review and testing of Herriard Pty LTD information systems disaster recovery plan must be undertaken on an annual basis.
16. Acceptable Use
All users of Herriard Pty LTD systems are responsible for their actions. They are responsible for their actions regardless of any security mechanisms that may or may not be in place. It is not acceptable to bypass (or to attempt to bypass) any security measures. Examples of such unacceptable actions include:
? breaking into other users' or locked accounts;
? attempting to -crack- passwords; and
? Deliberately disrupting any service provided on Herriard Pty LTD systems.
Access by any person to any system except by the use of their assigned UserlD is prohibited. The sharing of any UserlD with anyone is prohibited.
It is prohibited for users with -SuperUser-, system administration or network administration rights to access files (or network traffic) that they do not own for any purpose not detailed in their job descriptions.
17. Private Use
Herriard Pty LTD information systems resources shall not be used for purposes not related to Herriard Pty LTD business. Use of Herriard Pty LTD information systems resources for personal or private business matters, unless specific agreement to the contrary has been made and documented, is prohibited.
Internet access is governed by the Internet Policy and use of the E-mail facility is governed by the E-mail Policy.
18. Authorised Software and Data
The use of unauthorized or pirated software and/or data is prohibited, may be in breach of copyright law and can serve as grounds for disciplinary action. The copying of licensed software or data for private use or unauthorized distribution is prohibited and can also serve as grounds for disciplinary action.
The IT department is responsible for the purchasing, licensing and maintenance of all software required by Indigo Productions. The IT department will maintain appropriate software registers.
19. Service Provision
The IT Department will be responsible for the provisioning of all IT services to the organization. It will provide point of contact for all staff, Managers and employees for the requesting of IT assistance. The IT department will undertake any request for IT service, review the request as per business requirements / processes, perform technical evaluations if required and present an appropriate solution. Should the solution fall outside the budget delegation of the IT Manager approval will be needed from senior management?
20. Breaches of Security
It is the responsibility of all staff to report any breaches of security to their supervisor or manager. It is the responsibility of all supervisors and managers to record any reported breaches of security and to notify the Chief Executive Officer. It is the responsibility of the Chief Executive Officer to determine the appropriate course of action to be taken in regards to a breach of security.
21. Security Procedures and Standards
The responsibility to recommend and develop Information Security Procedures and Standards rests with the IT Manager as delegated by the Chief Executive Officer.
The approval process for new or amended security procedures and standards shall pass through the Chief Executive Officer for approval and distribution.
22. Policy Maintenance
The IT Manager has the authority to initiate recommendations for revisions to this policy, which are then approved by the Chief Executive Officer. Any requests for amendments to this policy should be forwarded to the IT Manager through the Chief Executive Officer. Changes to the policy will then be evaluated and implemented as stated above. All staff will then be advised of the amendments at the earliest opportunity.
A sample IT Solution (according to Herriard’s IT goals):
Software based Inventory Management System (IMS) is designed and implemented.
Determination of the Requirements
Inventory Management System (IMS) is generally used by IT Office/Department or Accounting Office of a company. Therefore, searching the basic needs for implementation is the first step of IMS design. Several meetings with IT Office and Accounting Office are arranged. Accounting Office needs detailed reporting tools, detailed categorization and declaration of specifications on each item, purchasing and billing info. The Information Technologies Office needs another module except the requirements of Accounting Office. The module is about the interior maintenance and exterior product service flow. For interior maintenance flow, there will be a section. This section will be available for all users. Basically, a maintenance request will be created by the users, and the IT Office will respond to these requests. Finally, it is necessary to consider the end user’s needs that are also important part of the IMS software design. This leaded to use barcode based system.
Software Requirements
After gathering all the requirements and information next state was achieved which was quite important for the project. If the decision was not well organized, it may cause re-organization and programming the algorithms at the beginning.
At the beginning, first thing to decide is the general structure. It was decided to build the system browser based. The system is going to be used by a large number of users, so it should have been designed to be reachable for every single user, instead of having a desktop application for every user. Also if considered that Herriard already has a similar system—Information Management System, it would be easy to integrate. By using the user database of the existing systems, the login parameters are ready to use for IMS. So, the portability would be provided.
The next step is to decide the language to implement. There are several parameters to decide in realization period. First is the compatibility, and then came the time which is related with ease of implementation. In the light of these redirections, we decided to use PHP as the language to code the system. It is compatible with the other software and hardware, and it is easy to integrate everything. PHP is an open source environment and there are a large range of resources to get help. Information Management System is already developed by using PHP. It was also decided to use AJAX to obtain a faster system. In AJAX, only the needed data is being requested from the server, this method speeds up the loading time. While thinking how to code with PHP, it was decided to use Model View Controller based structure. This structure separates the visual design.
Code Igniter Framework was also used for decreasing the amount of code lines. It gives ability to program faster with less effort. Code Igniter also supports MVC structure. So it was decided to use PHP, MySQL and APACHE trio. MySQL was used as database. It is the best fit for PHP and it has the open source advantages. “innodb engine” was used because it is transaction based, which is necessary for the project. To get the user data, it was required to communicate with the database of company, which is programmed by ORACLE. It was needed to have the login information to have a fully integrated system, and also several details such as e-mail addresses and so on.
Barcode System
A barcode is an optical machine readable representation of data, which shows certain data on certain products. There are different types of barcodes, some of them have to be worldwide unique and need license. ‘‘code39’’ was chosen because first of all, code39 does not need license, have the possibility to print for unlimited products, supports full ASCII, number, letter and special character usage (capacity of 26 capital letters, 10 numbers, 7 special characters). And also it was the easiest to read and was the best fit for the barcode generators for PHP. The barcode generator which was found was the one compatible with PHP. It was using PHP’s GD Graphics Library. The script was used and modified it to be able to print serial barcodes. It prints barcodes in increasing order (in multiple prints) on the screen, and sends to the printer. The script is distributed under GNU License. And the hardware part of the system is out of a label printer and a barcode scanner. Barcode scanner is a USB connected model. It scans the barcode, writes to the field where the cursor is, and presses enter.
This function eases the usage. So the only extra hardware to be used by the staff will be a barcode scanner after the system is implemented to the enterprise.
Implementation of the System
Database Design
The most important component of the system implementation was the database design. It can be easily realized, if we consider the amount and the scale of the inventories. To have a strong and flexible system, the design must be well studied.
Two important structures of the system were the database and the Graphic User Interface (GUI). In between,
JavaScript and PHP provide the connection and interaction. GUI is located in the view section. With XHTML and CSS, the visual part is generated. JavaScript updates the HTML by the data sent by other layers and connects the GUI with working PHP structure. An Admin Panel called ‘‘CompleteLiquid admin control panel’’ was used. It was suitable for our MVC structure.
With CSS and other related modifications, it could be arranged to the system. In the controller layer, dataflow decision codes take place which were JavaScript and PHP. And in the Model section, PHP logic base code was placed. All codes were produced with Code Igniter framework.
Modules
IMS was designed as several modules, separated by their specific roles and functions. There are six modules in the system.
1. Definitions/Setup
2. Inventory Management
3. Service Management
4. Maintenance Management
5. Debit Management
6. Deposit Management
Fig. General IMS architecture
The functions of each module are explained step by step below:
Definitions/Setup
This module is the most important part of the system. Because if the definition of the enterprise is not implemented correctly to the system, it wont work efficiently.
To have a successful, operational system, introducing the enterprise to the system is a must. And this is the first step of implementing the system to the enterprise.
In this module, there are four sections, which are mentioned below.
a. User Setup
b. Location Hierarchy
c. Categorization
d. Suppliers and Maintainers
(a) User Setup
In User Setup Menu, System Admin can create, edit or delete a user from the system.The table below is the user creation form. System admin can choose the role of the user from the picklist on the bottom. (b) Location Hierarchy
The Location Hierarchy section is the place where you set the ownership hierarchy of the enterprise. System Admin can create one sub unit under another by choosing a unit.
(c) Categorization
In this section, a categorization of the inventories in the enterprise is being created. First step is the main categorization. The second step is related titles, and the last one is the specific keyword. User can add subcategories under each category after choosing it.
(d) Suppliers and Maintainers
In this section, System Admin can define inventory suppliers and the maintainers of each supplier. To define a maintainer, user can choose related supplier, and add maintainers under it.
Inventory Management
This Module is the centre for all processes about incoming inventories. Module has two sections: a. New Registry
b. Instant Registry
(a) New Registry
If the inventory is ready to record, this is the section to use. First step is to print a new barcode for the new inventory. The system pops out an alert. After this alert, there comes the next page, where the user has a button to print to confirm the barcode by scanning it into the field.
After confirming the barcode, the next page is an information form. There are Category, Supplier, barcode number (auto entered), serial number, price, receipt date and extra info fields to be filled. Then, the next step is the product specifications part. The first part has the title group of related inventory category. The user can switch between titles and choose related specifications from the second list. Then the chosen specifications are added to the last field as related keywords of the inventory. And after clicking the button, the entry is on the database, and in ready state for other actions on the system.
(b) Instant Registry
This section allows user to print several barcodes when the inventory is not ready to record. For example, it may not be possible to bring label printer everywhere. So the user can print as much as needed, the system creates empty fields in the database to be filled in inventory registration process. When these barcodes are scanned, register page comes to complete the register, and the normal registry flow continues.
Fig. Use case diagram of IMS
Service Management
Interior maintenance may not be sufficient, or may cause warranty problems, when inventories have technical problems. In this situation, they may need to be fixed by authorized maintainers. This module is for management of exterior maintenance.
There are three search fields in this section with Barcode No, Serial No parameters to reach the inventory or User Name parameter to reach the inventories of a specific user. After reaching the inventory, the window below comes to take action.
The user can view the service history of the inventory, and open a new service record to send the inventory to service. There is a pick list to select the service firm, and an info box to write a brief explanation. Then, another ‘‘close service record’’ link appears on the inventory information table.
When the inventory is returned from the service firm, user reaches the table below to close the record. User can write the information, process done to the text field and closes the service record, which will be seen in service history from that moment. Also user can use the ‘‘User Name’’ search box to reach a specific user, and list the inventories on users debit. Then, the same program flow can be used to take action.
Maintenance Management
This module is for interior inventory maintenance flow. There are two sections: first is to create new maintenance request for device users, the other is maintenance task listing for related worker.
The user will fill the required fields and then the request will be an active task for maintenance staff and will drop in their task table that they have on their interface if a staff member is assigned to the task. Otherwise, the task will drop into task pool. Then staff deals with the problem, and closes the task after writing info about actions taken. If the problem gets fixed before maintenance arrive, the user also can close the task.
Debit Management
This module sets the relationship between users and inventories. Basically, assign an inventory to a user, and performs other operations based on debiting.
Deposit Management
This module manages the barrowed items. Assign the inventories to desired person. There is also a chance to list deposited inventories in this module. It is a manner of tracking.
Users
Users have an authority hierarchy according to their section, and they are only allowed to use related modules except system admin. System admin has the authority to use every module in the system. In order to prevent improper use, the system logs every act, every edit. Although users can only use their modules, they can also use some other features of the system. There are three user types and use case diagram of the IMS has shown above:
1. System Admin
2. Technical Users, Accounting: Has authority on Inventory Management, Deposit Management, Debit Management, Service Management and also reporting features.
3. Basic Users: Basic users are only able to report their debit inventories and request service for them.
Fig. Software architecture of—IMS
Login
The first step is ‘‘login’’ to the system. There are two login alternatives. First one is the system management, the other one is the end users. The login data is gathered from University database, so the users can login the system with their existing username and password.
Complete software architecture of IMS software has given in Fig. above.
Instructions:
This is an individual assessment.
In this assessment, you will need to analyse the scenario based on Herriard Pty Ltd.’s IT requirements and a possible IT solution and then write a report regarding procedures to assess, validate, manage and communicate that solution.
The company detail and other supporting information are provided in the Appendix A.
Trainer will be the representative for the company and your main point of contact regarding the assessment.
He will be also providing further clarification if required to complete the task.
Duration:
Trainer will set the duration of the assessment.
Assessment task will be handed out on the 1st week of the cluster and need to be completed over the 4 weeks of cluster duration.
Your tasks:
Write a report (approx. 1500 words) on assessing, validating, managing and communicating procedure for Herriard Pty Ltd.’s IT requirements and a sample IT solution.
The report should address:
1. Manage identified client IT requirements and scope of solution
? Purpose of this task
? Solution Scope Management
? Conflict and Issue Management
? Presenting Requirements for Review
? Techniques for this task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
2. Assess Proposed Solution
? Purpose of this task
? Ranking of Solution Options
? Identification of Additional Potential Capabilities
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
3. Allocate Requirements
? Purpose of this task
? Solution Components
? Release Planning
? Techniques for this task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of the task
4. Assess Organisational Readiness ? Purpose of this task
? Cultural Assessment
? Operational or Technical Assessment
? Stakeholder Impact Analysis
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
5. Define Transition Requirements
? Purpose of this task
? Data
? Ongoing Work
? Organisational Change
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
6. Validate Solution
? Purpose of this task
? Investigate Defective Solution Outputs
? Assess Defects and Issues
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
7. Evaluate Solution Performance
? Purpose of this task
? Understand Value Delivered By Solution
? Validate Solution Metrics
? Solution Replacement or Elimination
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
8. Manage requirement relationships and dependencies
? Purpose of this task
? Relationships
? Configuration Management System
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
? Requirements management tools (only one which is the most appropriate/applicable to this scenario)
9. Maintain Requirements for Re-use ? Purpose of this task
? Ongoing Requirements
? Satisfied Requirements
? Techniques for the task (only one which is the most appropriate/applicable to this scenario) ? Stakeholders of this task
10. Prepare Requirements Package
? Purpose of this task
? Work Products and Deliverables
? Format
? Additional Considerations for Requirements Documentation
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
11. Communicate Requirements
? Purpose of this task
? General Communication
? Presentations
? Effectiveness Measures for communication skills
? Techniques for the task (only one which is the most appropriate/applicable to this scenario)
? Stakeholders of this task
Appendix-A
Herriard Pty Ltd Case Study
Introduction
Herriard Pty Ltd is a company that manufacturers office furniture for businesses. It specialises in office fit outs and most of the production is made to measure. It produces desks, cabinets, cupboards, shelves, etc., in a variety of wood types and melamine finishes. It prides itself in its craftsmanship and currently all design drawings are produced manually and there is no automation of the factory.
There are sales offices in Sydney, Melbourne and Brisbane. The manufacturing takes place in Wollongong (NSW) and furniture is shipped using contract hauliers from the factory direct to the customer’s site. The head office is also in Wollongong on the same site as the factory.
Herriard also purchases furniture such as chairs so that it can provide the client with a one-stop furniture facility. It started seven years ago and has grown steadily over those years with all growth financed internally. In the last two years sales really took off and increased by 40% each year. It now has a turnover of $35M and around 1000 customers.
Staffing
There are head office/factory staffs of around 30 and the following organisation chart shows the senior managers.
Excluding the managers shown, there are 5 people working in Finance, 3 in general administration. There are 15 people working in the factory and 2 in HR.
In each branch there are managers and staff as shown in the table.
Branch Manager’s Name Staff
Sydney Frank Gifford 13
Melbourne Julia Stern 10
Brisbane David Wong 7
Sales office activities
Each sales office has account managers who spend time on the telephone calling prospective customers, visiting customer sites and also working in the sales office. They have some basic brochures but most of the sales are made to order. Customers may also walk in 'off the street' to visit the showrooms, which contain examples of the furniture produced laid out in office displays. The offices have been strategically located in areas where there are many business offices such as North Sydney. Each customer will be allocated an account manager who will look after that customer.
Once a customer has expressed interest in the furniture the account manager will obtain the details, measurements, style, finish, etc., and produce a simple diagram of the requirements. The account manager should also be able to give the customer an estimate of the likely price at this stage. When this ballpark figure is agreed with the client the diagram and sales notes are passed to a designer, also in the local office, who will develop the detailed plan which will be used in manufacturing. The designer will then work out the final price for the customer. This may require the designer to contact head office to check prices, availability, etc.
Once this plan has been completed the account manager will usually visit the customer, or get the customer to come to the office, so that the customer can sign off the plan as representing their requirements. A 20% deposit is asked for and a handwritten receipt is given to the customer.
The agreed plan is then sent to Wollongong to be manufactured.
If the client has ordered other furniture which is not made by Herriard then the local sales office will place orders on the distributor and will ask the distributor to hold the items until the bulk of the Herriard furniture is ready to be shipped to the customer.
Purchasing
There are three types of purchasing processes, which are currently performed independently.
Factory
The factory maintains small amounts of raw materials but since Herriard prides itself in making furniture in many different finishes it normally orders in sheets of timber or melamine when it gets the customer order.
When the customer order is received a clerk at the factory will check the design and then work out the materials that are required. These will then be ordered specifically for that customer.
Sales offices
Each sales office will place orders for items that customers require which Herriard does not manufacture. These tend to be local suppliers and each office is free to negotiate their own terms.
In addition each office has a budget for other purchases such as office supplies, sundry requirements, etc. Any item over $2,000 has to be approved by the head office.
Head office
All other purchases are made through head office.
Computer systems
Herriard has the following computer systems in place:
Location Hardware Software Used for
Head Office 15 PCs, on average about two years old. All networked together. One Windows Server 2003 and all others running on
Operating System Windows XP
Office suite,
Accounting software with inventory module. Accounting and finance, letters and
documentation, keeping track of materials in the factory.
Sydney Sales office 3 PCs used standalone Windows XP and
Office suite Letters and quotes.
Melbourne
Sales office 2 PCs used standalone Windows XP and
Office suite Letters and quotes.
Brisbane Sales office 2 Mac computers used standalone Windows XP and
Office suite Letters and quotes.
With such a small company no one has really been responsible for the computers and each sales office has been allowed to do their own thing provided they had the budget to cover the cost. At head office, each department had acquired PCs and about two years ago they were networked using the services of a local Systems Integration firm called Wollocomp who has provided support as required since then.
Customers
Customers may be analysed as small, medium and large. The small customer may be a small organisation with two or three offices to equip. The average order value for these customers is around $7,000.
Large customers may be equipping whole buildings or floors of buildings and these average orders are around $75,000.
Medium customers average around $20,000 orders.
The breakdown of customers is shown below:
Location Small Medium Large
Sydney 400 75 10
Melbourne 300 40 8
Brisbane 100 15 2
The business is such that once a customer has purchased from Herriard they may go two or three years before they need any more major purchases and so each year the sales force has to find new customers. There would be around 1000 to 1200 invoices issued each year.
There does not appear to be any seasonal trend in the sales patterns and sales are fairly even throughout the year.
Purchases
To obtain the best prices Herriard has restricted the purchase of raw materials to a few suppliers. Each order is normally for the equipment to be made out of the same material and so would generate maybe four or five purchase orders. Herriard will keep in stock, items such as handles, hinges, locks, etc. and again only purchases these from a handful of suppliers.
Since each office is allowed to make use of local suppliers for items not manufactured by Herriard there are also several suppliers for each sales office. The details are shown below:
Location Suppliers
Head Office Manufacturing 20
Head Office Administration 60
Sydney 30
Melbourne 20
Brisbane 15
It is rare that a sales office will purchase from the same supplier as used by another sales office since each will use a local supplier.
The sales office will place an order with the local supplier but all financial transactions are processed at Wollongong. When the goods are received a copy of the delivery document is posted to Wollongong and the supplier will send invoices directly to Wollongong.
Payment to suppliers is normally made within thirty days.
Sales processing
When the customer signs the contract a copy of the contract, the design and the deposit is sent to head office and the originals are filed in the sales office.
The cheque is banked and the transaction is recorded in a spreadsheet. It is not put into the accounting system at this time since cheques cannot be received unless there is a corresponding invoice already in the system.
When the designs are received in Head Office they are checked and an estimator works out the requirements for the design. This is costed and compared to the quoted selling price. Herriard normally expects to make 40 to 50% gross profit on orders.
The order is passed to the manufacturing manager who looks at the factory schedule and estimates how long this will take to make and when it can be competed. A fax is sent back to the sales office so that the customer can be informed and the delivery and fit out scheduled.
The sales order will be entered into the accounting system.
Meanwhile, in the sales office a list of non-Herriard items is compiled and these are given to a clerk who will contact the appropriate supplier and confirm prices and times for delivery. Orders are placed on these suppliers.
In the factory the orders are scheduled basically as they are received and placed in a large in-tray. The foreman is responsible for ensuring that the carpenters are kept busy and will allocate the orders when required.
When the order is completed a fax is sent to the sales office detailing the date of delivery. The sales office will convey this information to the customer and organise final delivery details. At the same time the suppliers of other furniture will be contacted and their deliveries scheduled to coincide with that from Herriard.
When the furniture is delivered a dispatch document is created and a copy of this is sent to the accounts department. When this is entered into the system an invoice will be generated and this is mailed to the customer.
Terms are payment within 30 days and debtors are tracked in the accounting system.
Herriard Pty Ltd Report Guidelines
Herriard Pty Ltd has been conducting business at a lower than ideal profit margin due to inadequate Network and systems security policies and procedures. Head office has provided an overview audit of current problems affecting the business that need to be addressed.
Information Technology Goals at Herriard Furniture Pty Ltd
The following targets have been set at Herriard Pty Ltd:
? Inventory Management System to solve problems like processes based on paperwork, high human fault rate, untraceable process and tracing of the inventory losses, no efficient logging systems
? To have equipment operational for 99.5% of the time
? Downtime on primary servers should be covered by appropriate secondary sources of information, in light of the recent unfortunate event of the server disk becoming full.
? More secured staff system. (in terms of the permissions and access rights given to them) ? The internal network of head office which they use needs to be more secured.
? They also want the system and network protected from the external threats which may cause trouble in the network functioning and lead to monetary loss.
? A secure means of notifying head office of that a local sales office has ordered stock from third party suppliers.
? A clear escalation policy and procedure is to be in place to handle the situations beyond the scope of the problems that IT staff have been trained to accommodate (in line with company guidelines)
? Given the present company security policy of email data to desktop machines being accessible only from the office computers, the company wants to provide staff with a form of free roaming email access.
? The company has been experiencing a high frequency of interstate administration calls. This has in turn caused a rather high telephony bill between the three offices, each averaging sixty dollars a day on interstate phone calls, which is diminishing the budget for other services. The head office has ordered that a solution be implemented as high priority. Notably suggested by Wollongong computer support was the possible implementation of a VoIP system, to allow more phone calls between interstate offices without incurring high costs, and to allow further customization and better communication of the existing telephony system across the country.
? The Information Technology advice on the VoIP system obtained must state which Voice service provider will best provide service to Herriard as a communication carrier and why. An in-depth comparison is requested for the purposes of keeping the management and finance department content about the provider.
Herriard Pty LTD
Information Technology - General Policy
1. Introduction
Herriard Pty LTD has a growing dependency on its information systems, data, and information processing capabilities. The use of IT systems and infrastructure is critical to the organization in achieving its business goals.
The objective of this policy statement is to specify the IT requirement for the organization along with the associated roles and responsibilities.
For the purposes of this policy the following definitions are assumed:
? Data - this is any information stored on electronic media or sourced through network connections;
? Information - in most cases this is interchangeable with data but also includes reports generated from Herriard Pty LTD systems; and
? Information Systems - this includes all hardware, software, applications, source code, network equipment and communications equipment.
2. Purpose
This policy provides general IT requirements for the Herriard Pty LTD computing environment along with the roles and responsibilities to implement and maintain the organizational IT environment. All other policies, procedures and practices must comply with these requirements. Additional policies will identify more detailed procedures to be used in operating, securing and protecting the various Herriard Pty LTD IT resources. Where no specific policy is available, this policy can be used as a guide.
3. Scope
This policy applies to all Herriard Pty LTD employees, whether on a permanent, temporary or volunteer basis and covers all Herriard Pty LTD IT infrastructure including Hardware, Software, Firmware and Communications.
4. Statement of Policy
It is the policy of Herriard Pty LTD that all systems and information utilized in the course of business are considered as assets and as such, managers, supervisors and employees are responsible and accountable for their protection. It is the IT Security Manager's responsibility to maintain security and integrity through the introduction and administration of appropriate controls. It is each manager's responsibility to comply with the CEO directives, formalized controls and statutory requirements, regulations, directions in order to:
? Protect systems and information from intentional or accidental disclosure, modification or destruction;
? Ensure the integrity and audit ability of information created and maintained within the Systems department;
? Minimize the duplication of effort; and
? Prevent the introduction of Computer viruses on computer systems.
Herriard Pty LTD retains the exclusive right of ownership of all computer systems and information assets. Each Department’s staff is the custodians of these assets and are responsible for the integrity of processing and safeguarding of these assets.
Any developments produced with the aid of departmental systems remain the property of Herriard Pty LTD unless specific agreement to the contrary has been made and documented. Work products are defined as including, but not limited to, departmental related computer programs and documentation, any related data, plans, images, reports and procedures.
5. Responsibility for Information Systems
The overall responsibility for IT systems and infrastructure resides with the Chief Executive Officer and senior management.
The IT Manager is responsible for determination, recommendation, implementation and maintenance IT Systems. Any determination, recommendation, implementation and maintenance of IT Systems must be reviewed by the IT Security Manager and request for any activity is undertaken as directed or approved by the Chief Executive Officer.
The IT department is responsible for making sure that all affected parties are aware of this policy and that this policy is being observed. Every employee is responsible for protection of Herriard Pty LTD information assets, including information systems equipment, software and data. Every employee is responsible for the protection of access to his/her accounts on the various Herriard Pty LTD systems (i.e. UserlDsand their associated passwords).
Information systems security is the responsibility of every employee. No employee shall divulge Herriard Pty LTD information to outsiders except on a need-to-know basis subject to the approval of the Manager of the department deemed to own the data. In cases where information is deemed to be owned by more than one department then approval must be sought from the Managers of each concerned department. Additionally, appropriate nondisclosure agreements should be signed.
Every Herriard Pty LTD employee who observes or suspects any actions by others which appear to be in noncompliance with this policy should notify the following:
? Their Manager; and
? The Chief Executive Officer or the IT Manager directly.
6. User Identification
No one can access Herriard Pty LTD information systems without an authorized UserlD.
To receive a UserlD requires approval of the staff member's Department Manager. Applications should be made in writing or using available forms via the staff member's Department Manager.
Staff who require their UserlD to have access to data owned by another department require the approval of the Manager of that department.
Each user is responsible for all activity that is carried out by their UserlD.
UserlDs may be revoked at any time.
UserlDs will be disabled if they are not used for period of 90 days.
UserlDs should be locked or disabled when an incorrect password is entered three consecutive times.
Each user must change his or her password at least every 60 days. Information Systems applications should be programmed to require this.
Systems developed or implemented by Herriard Pty LTD employees should be configured so that only users with authorized UserlDs can access them.
Users should be aware that any access or operations on any of Herriard Pty LTD systems may be logged.
7. Human Resources Practices
The Human Resources Department will ensure all new employees are informed of the importance of information systems security and their responsibilities during induction and orientation.
The IT department will be notified by the Human Resources officers promptly of every employee commencement, transfer or termination of service in order to ensure that information systems access privileges are adjusted or revoked as needed.
The Systems department should be notified by Herriard Pty LTD Departments of changes to employees' job functions in order to ensure that information systems access privileges are adjusted as needed.
All employees must sign that they have read, understood, and shall abide by the associated security and operations policy.
8. Access to Equipment
Only authorized Herriard Pty LTD staff and authorized non-Herriard Pty LTD personnel will be provided access to information systems equipment resources.
All authorized Herriard Pty LTD and authorized non-Herriard Pty LTD staff will make their best efforts to protect all information systems resources assigned to their responsibility against physical damage, and theft.
The IT department is responsible for controlling access and providing adequate protection to Herriard Pty LTD information systems resources.
The individual Departments are responsible for controlling physical access to the workstations and any servers in their department domains.
9. Access to Data
All data files on Herriard Pty LTD information systems will be protected against unauthorized changes by the best efforts of the concerned staff. Sensitive data files (as determined by the owner of the data) will be protected against unauthorized reading and copying.
Herriard Pty LTD information systems shall be programmed to control which UserlDs can read and which ones can write to any given file. These permission levels will be determined by the Department Manager and Data Owners.
10. Data Storage
All corporate data will be centrally stored on appropriate storage systems. This data will be adequately protected and retrievable to any day within the current calendar month and then to the last day of each calendar month.
Unless otherwise stated by system / application requirements, data will have an availability of 99.99% to users.
All users will have access to a personal storage area (home directory), shared departmental storage and shared corporate storage. The shared corporate storage is to be a temporary storage area available to the entire organization and will not be the permanent location for any data. Data older than one month will be automatically deleted from this storage.
Additional data storage will be provided by the IT department as required in line with business requirements.
11. Data Classification
Information assets are to be classified according to their sensitivity and criticality. Where possible every data file (with the exception of those designated -unclassified-) shall be associated with an owner or an application. Unless otherwise specified, the owner of a data file is the Herriard Pty LTD department which requested or paid for the systems or programs that created it. The classification categories to be used are described below:
Confidential - Distribution is to be limited to employees who have an explicit business need to know. Access to or copying of confidential information is at the discretion of the owning department manager. Confidential information must be stored under security. Included in this category, but not restricted to, are object locations, name and address details of donors wishing to remain anonymous, building security data, technical documentation, passwords and source code.
Restricted - Distribution is limited to employees who in performing their duties have a need to know this information. Restricted information should be stored under security. Access to or copying of restricted information should be permitted only with officers with a business need to know. Included in this category, but not limited to, are payroll information, some accounting information, name and address listings, building plans.
Internal Use Only - Distribution is restricted to use within Herriard Pty LTD for business related purposes. Locking is optional. No controls over disclosure or copying within Herriard Pty LTD are required.
Unclassified - All information which does not fall into the above categories and therefore does not require control over disclosure.
12. Access to External Networks
All access to external networks is prohibited unless the connection is made by a secured method approved by Senior Management and implemented by the IT Department.
Confidential data files and passwords must be encrypted whenever they are being transmitted across or exposed to publicly accessible networks.
Passwords must be encrypted when stored on any system and when transmitted across publicly accessible networks.
Internet access is governed by the Internet Policy.
13. Access to On-line Systems
Access to any on-line system is allowed only to UserlDs that have been authorized and approved to have access to that system. A number of techniques will be used to control access to on-line systems and terminals. (Physical barriers, access control software, dial-back system, automatic shutdown of idle terminals.)
14. Personal Computers (Workstations)
Microcomputers are high value, easily transportable items. Care must be given to environmental protection, including electrical power, management, anti-static measures, good housekeeping procedures and sound magnetic media protection practices.
Information processed by microcomputers must be protected to assure availability, accuracy, integrity and privacy. Media should be handled, stored and disposed of in a manner consistent with its importance and sensitivity. Access to data files and software must be restricted to authorised personnel.
Monitoring of all microcomputer hardware and software will be an ongoing program, to ensure that:
? There is optimum system performance;
? Efficient configurations;
? Software copyright is adhered; and ? No software viruses.
The IT department is responsible for the implementation and maintenance of user workstations. The department will develop a standard operating environment for all users to access within the organization. This will include operating systems, access methods, applications and appearance. Appropriate training will be provided by the IT department.
The IT department is responsible for developing guidelines and procedures for protection of standalone computers and the data processed on them. When standalone computers are connected to telephone lines, they are considered to be networked and therefore subject to the same threats as networked workstations. Therefore, they are to be controlled and protected in the same way as those on Herriard Pty LTD networks.
The IT department will maintain an appropriate asset register for these devices and ensure hardware specifications match organizational requirements
14. Centralised Equipment
The IT Department is responsible for the procurement, implementation and maintenance of all centralized IT equipment. This includes but is not limited to items such as file servers, application servers, network devices, communications devices and printers.
Monitoring of all centralized hardware and software will be an ongoing program, to ensure that:
? There is optimum system performance;
? Efficient configurations;
? System and data integrity is maintained
? Logs containing access information is available as required.
The IT department will maintain an appropriate asset register for these devices along with appropriate configurations, management and fault history documentation.
15. Information Systems Contingency Plans
The IT department is responsible for developing and coordinating disaster recovery plans for all departments in the event of a short-term loss or the destruction of Herriard Pty LTD information systems processing function. These plans will detail the ability to effect resumption of business in the shortest possible time in the event of a contingency being realized. Senior Management, Department managers and Application Owners will be required to advise the IT department as to the required availability of each system, application or network.
Review and testing of Herriard Pty LTD information systems disaster recovery plan must be undertaken on an annual basis.
16. Acceptable Use
All users of Herriard Pty LTD systems are responsible for their actions. They are responsible for their actions regardless of any security mechanisms that may or may not be in place. It is not acceptable to bypass (or to attempt to bypass) any security measures. Examples of such unacceptable actions include:
? breaking into other users' or locked accounts;
? attempting to -crack- passwords; and
? Deliberately disrupting any service provided on Herriard Pty LTD systems.
Access by any person to any system except by the use of their assigned UserlD is prohibited. The sharing of any UserlD with anyone is prohibited.
It is prohibited for users with -SuperUser-, system administration or network administration rights to access files (or network traffic) that they do not own for any purpose not detailed in their job descriptions.
17. Private Use
Herriard Pty LTD information systems resources shall not be used for purposes not related to Herriard Pty LTD business. Use of Herriard Pty LTD information systems resources for personal or private business matters, unless specific agreement to the contrary has been made and documented, is prohibited.
Internet access is governed by the Internet Policy and use of the E-mail facility is governed by the E-mail Policy.
18. Authorised Software and Data
The use of unauthorized or pirated software and/or data is prohibited, may be in breach of copyright law and can serve as grounds for disciplinary action. The copying of licensed software or data for private use or unauthorized distribution is prohibited and can also serve as grounds for disciplinary action.
The IT department is responsible for the purchasing, licensing and maintenance of all software required by Indigo Productions. The IT department will maintain appropriate software registers.
19. Service Provision
The IT Department will be responsible for the provisioning of all IT services to the organization. It will provide point of contact for all staff, Managers and employees for the requesting of IT assistance. The IT department will undertake any request for IT service, review the request as per business requirements / processes, perform technical evaluations if required and present an appropriate solution. Should the solution fall outside the budget delegation of the IT Manager approval will be needed from senior management?
20. Breaches of Security
It is the responsibility of all staff to report any breaches of security to their supervisor or manager. It is the responsibility of all supervisors and managers to record any reported breaches of security and to notify the Chief Executive Officer. It is the responsibility of the Chief Executive Officer to determine the appropriate course of action to be taken in regards to a breach of security.
21. Security Procedures and Standards
The responsibility to recommend and develop Information Security Procedures and Standards rests with the IT Manager as delegated by the Chief Executive Officer.
The approval process for new or amended security procedures and standards shall pass through the Chief Executive Officer for approval and distribution.
22. Policy Maintenance
The IT Manager has the authority to initiate recommendations for revisions to this policy, which are then approved by the Chief Executive Officer. Any requests for amendments to this policy should be forwarded to the IT Manager through the Chief Executive Officer. Changes to the policy will then be evaluated and implemented as stated above. All staff will then be advised of the amendments at the earliest opportunity.
A sample IT Solution (according to Herriard’s IT goals):
Software based Inventory Management System (IMS) is designed and implemented.
Determination of the Requirements
Inventory Management System (IMS) is generally used by IT Office/Department or Accounting Office of a company. Therefore, searching the basic needs for implementation is the first step of IMS design. Several meetings with IT Office and Accounting Office are arranged. Accounting Office needs detailed reporting tools, detailed categorization and declaration of specifications on each item, purchasing and billing info. The Information Technologies Office needs another module except the requirements of Accounting Office. The module is about the interior maintenance and exterior product service flow. For interior maintenance flow, there will be a section. This section will be available for all users. Basically, a maintenance request will be created by the users, and the IT Office will respond to these requests. Finally, it is necessary to consider the end user’s needs that are also important part of the IMS software design. This leaded to use barcode based system.
Software Requirements
After gathering all the requirements and information next state was achieved which was quite important for the project. If the decision was not well organized, it may cause re-organization and programming the algorithms at the beginning.
At the beginning, first thing to decide is the general structure. It was decided to build the system browser based. The system is going to be used by a large number of users, so it should have been designed to be reachable for every single user, instead of having a desktop application for every user. Also if considered that Herriard already has a similar system—Information Management System, it would be easy to integrate. By using the user database of the existing systems, the login parameters are ready to use for IMS. So, the portability would be provided.
The next step is to decide the language to implement. There are several parameters to decide in realization period. First is the compatibility, and then came the time which is related with ease of implementation. In the light of these redirections, we decided to use PHP as the language to code the system. It is compatible with the other software and hardware, and it is easy to integrate everything. PHP is an open source environment and there are a large range of resources to get help. Information Management System is already developed by using PHP. It was also decided to use AJAX to obtain a faster system. In AJAX, only the needed data is being requested from the server, this method speeds up the loading time. While thinking how to code with PHP, it was decided to use Model View Controller based structure. This structure separates the visual design.
Code Igniter Framework was also used for decreasing the amount of code lines. It gives ability to program faster with less effort. Code Igniter also supports MVC structure. So it was decided to use PHP, MySQL and APACHE trio. MySQL was used as database. It is the best fit for PHP and it has the open source advantages. “innodb engine” was used because it is transaction based, which is necessary for the project. To get the user data, it was required to communicate with the database of company, which is programmed by ORACLE. It was needed to have the login information to have a fully integrated system, and also several details such as e-mail addresses and so on.
Barcode System
A barcode is an optical machine readable representation of data, which shows certain data on certain products. There are different types of barcodes, some of them have to be worldwide unique and need license. ‘‘code39’’ was chosen because first of all, code39 does not need license, have the possibility to print for unlimited products, supports full ASCII, number, letter and special character usage (capacity of 26 capital letters, 10 numbers, 7 special characters). And also it was the easiest to read and was the best fit for the barcode generators for PHP. The barcode generator which was found was the one compatible with PHP. It was using PHP’s GD Graphics Library. The script was used and modified it to be able to print serial barcodes. It prints barcodes in increasing order (in multiple prints) on the screen, and sends to the printer. The script is distributed under GNU License. And the hardware part of the system is out of a label printer and a barcode scanner. Barcode scanner is a USB connected model. It scans the barcode, writes to the field where the cursor is, and presses enter.
This function eases the usage. So the only extra hardware to be used by the staff will be a barcode scanner after the system is implemented to the enterprise.
Implementation of the System
Database Design
The most important component of the system implementation was the database design. It can be easily realized, if we consider the amount and the scale of the inventories. To have a strong and flexible system, the design must be well studied.
Two important structures of the system were the database and the Graphic User Interface (GUI). In between,
JavaScript and PHP provide the connection and interaction. GUI is located in the view section. With XHTML and CSS, the visual part is generated. JavaScript updates the HTML by the data sent by other layers and connects the GUI with working PHP structure. An Admin Panel called ‘‘CompleteLiquid admin control panel’’ was used. It was suitable for our MVC structure.
With CSS and other related modifications, it could be arranged to the system. In the controller layer, dataflow decision codes take place which were JavaScript and PHP. And in the Model section, PHP logic base code was placed. All codes were produced with Code Igniter framework.
Modules
IMS was designed as several modules, separated by their specific roles and functions. There are six modules in the system.
1. Definitions/Setup
2. Inventory Management
3. Service Management
4. Maintenance Management
5. Debit Management
6. Deposit Management
Fig. General IMS architecture
The functions of each module are explained step by step below:
Definitions/Setup
This module is the most important part of the system. Because if the definition of the enterprise is not implemented correctly to the system, it wont work efficiently.
To have a successful, operational system, introducing the enterprise to the system is a must. And this is the first step of implementing the system to the enterprise.
In this module, there are four sections, which are mentioned below.
a. User Setup
b. Location Hierarchy
c. Categorization
d. Suppliers and Maintainers
(a) User Setup
In User Setup Menu, System Admin can create, edit or delete a user from the system.The table below is the user creation form. System admin can choose the role of the user from the picklist on the bottom. (b) Location Hierarchy
The Location Hierarchy section is the place where you set the ownership hierarchy of the enterprise. System Admin can create one sub unit under another by choosing a unit.
(c) Categorization
In this section, a categorization of the inventories in the enterprise is being created. First step is the main categorization. The second step is related titles, and the last one is the specific keyword. User can add subcategories under each category after choosing it.
(d) Suppliers and Maintainers
In this section, System Admin can define inventory suppliers and the maintainers of each supplier. To define a maintainer, user can choose related supplier, and add maintainers under it.
Inventory Management
This Module is the centre for all processes about incoming inventories. Module has two sections: a. New Registry
b. Instant Registry
(a) New Registry
If the inventory is ready to record, this is the section to use. First step is to print a new barcode for the new inventory. The system pops out an alert. After this alert, there comes the next page, where the user has a button to print to confirm the barcode by scanning it into the field.
After confirming the barcode, the next page is an information form. There are Category, Supplier, barcode number (auto entered), serial number, price, receipt date and extra info fields to be filled. Then, the next step is the product specifications part. The first part has the title group of related inventory category. The user can switch between titles and choose related specifications from the second list. Then the chosen specifications are added to the last field as related keywords of the inventory. And after clicking the button, the entry is on the database, and in ready state for other actions on the system.
(b) Instant Registry
This section allows user to print several barcodes when the inventory is not ready to record. For example, it may not be possible to bring label printer everywhere. So the user can print as much as needed, the system creates empty fields in the database to be filled in inventory registration process. When these barcodes are scanned, register page comes to complete the register, and the normal registry flow continues.
Fig. Use case diagram of IMS
Service Management
Interior maintenance may not be sufficient, or may cause warranty problems, when inventories have technical problems. In this situation, they may need to be fixed by authorized maintainers. This module is for management of exterior maintenance.
There are three search fields in this section with Barcode No, Serial No parameters to reach the inventory or User Name parameter to reach the inventories of a specific user. After reaching the inventory, the window below comes to take action.
The user can view the service history of the inventory, and open a new service record to send the inventory to service. There is a pick list to select the service firm, and an info box to write a brief explanation. Then, another ‘‘close service record’’ link appears on the inventory information table.
When the inventory is returned from the service firm, user reaches the table below to close the record. User can write the information, process done to the text field and closes the service record, which will be seen in service history from that moment. Also user can use the ‘‘User Name’’ search box to reach a specific user, and list the inventories on users debit. Then, the same program flow can be used to take action.
Maintenance Management
This module is for interior inventory maintenance flow. There are two sections: first is to create new maintenance request for device users, the other is maintenance task listing for related worker.
The user will fill the required fields and then the request will be an active task for maintenance staff and will drop in their task table that they have on their interface if a staff member is assigned to the task. Otherwise, the task will drop into task pool. Then staff deals with the problem, and closes the task after writing info about actions taken. If the problem gets fixed before maintenance arrive, the user also can close the task.
Debit Management
This module sets the relationship between users and inventories. Basically, assign an inventory to a user, and performs other operations based on debiting.
Deposit Management
This module manages the barrowed items. Assign the inventories to desired person. There is also a chance to list deposited inventories in this module. It is a manner of tracking.
Users
Users have an authority hierarchy according to their section, and they are only allowed to use related modules except system admin. System admin has the authority to use every module in the system. In order to prevent improper use, the system logs every act, every edit. Although users can only use their modules, they can also use some other features of the system. There are three user types and use case diagram of the IMS has shown above:
1. System Admin
2. Technical Users, Accounting: Has authority on Inventory Management, Deposit Management, Debit Management, Service Management and also reporting features.
3. Basic Users: Basic users are only able to report their debit inventories and request service for them.
Fig. Software architecture of—IMS
Login
The first step is ‘‘login’’ to the system. There are two login alternatives. First one is the system management, the other one is the end users. The login data is gathered from University database, so the users can login the system with their existing username and password.
Complete software architecture of IMS software has given in Fig. above.
This above price is for already used answers. Please do not submit them directly as it may lead to plagiarism. Once paid, the deal will be non-refundable and there is no after-sale support for the quality or modification of the contents. Either use them for learning purpose or re-write them in your own language. If you are looking for new unused assignment, please use live chat to discuss and get best possible quote.
Looking for answers ?
Recent Questions
Module code: BMA4005-20Module title: Professional PracticeAssignment: A1. Digital PosterWord count: 500Contribution to module mark: 40% of overall gradeAssessment type: IndividualWeight 40%Submission deadline:...Assessment Criteria for Written Report (20%)• Submission of a minimum 1500 to maximum 1800-words written report due from week 9. You will submit your written report one week after you have undertaken the...Assessment 2: (20%) Case Study Presentation Due Date weeks 10This assessment builds on your theoretical knowledge and tests your ability to apply this knowledge to practice.you are required to formulate...Assessment 2Assessment 2Report: 30%Word count: 1400 – 1600 wordsDue date: Sunday of Week 8DescriptionYou are playing the role of a community service worker supporting a young adult son who is 18 years...1500-1800 wordsInstructions From TutorPlease download the eTask3 spreadsheet from Canvas and save the eTask spread as an Excel file. The main content of the force method is taught in Lectures 6,7&8.eTask3.1 is a...ASSIGNMENT INSTRUCTIONSAssessment Practical assessmentAssessment code: 011Academic Year: 2023/2024Trimester: 2Module Title: Critical Perspectives on Cross-Border BusinessModule Code: MOD009194Level: 6Module...Show All Questions