Document

Download Report

Transcript Document

Slide 11.1

Chapter 11 Managing Information Services Quality

Chaffey and Wood

Business Information Management

Slide 11.2

Learning outcomes

After reading this chapter, you will be able to: • Identify different types of information service delivery; • Explain the concept of total cost of ownership; • Define approaches for managing end-user computing and outsourcing.

Chaffey and Wood

Business Information Management

Slide 11.3

Management issues

Typical questions facing managers related to this topic: • How do we evaluate service levels delivered to end users?

• How do we manage end-user development?

• How do we minimize total cost of ownership for information systems?

Chaffey and Wood

Business Information Management

Slide 11.4

What is information services delivery?

Together, the operational management of access to information and data management is known as

Information services delivery

. The type and name of the organizational unit which delivers information services varies widely according to the type of organization. Typical titles of this unit or department arranged from modern to traditional labels are: • Information services • Information and library services • Information Center (typically a US term) • Computing services • IT department • IT helpdesk • IS department • Data Processing (DP department) Chaffey and Wood

Business Information Management

Slide 11.5

End-user computing

• End-user computing

• (1) The resourcing and delivery of information services to end-users, (2) The development of business applications by end-users.

Chaffey and Wood

Business Information Management

Slide 11.6

Different aspects of information service quality management

Figure 11.1

Different aspects of information service quality management

Source:

BIM Chaffey and Wood

Business Information Management

Slide 11.7

The service gap model

Figure 11.2

The service gap model

Source:

Parasuraman et al. (1985) Chaffey and Wood

Business Information Management

• • • • •

Slide 11.8

Service quality attributes

reliability

– the ability to perform the service dependably and accurately – for an intranet this would be influenced by the speed with pages can be downloaded and the availability – the average amount of ‘down-time’ there is each day;

responsiveness

– a willingness to help customers and provide prompt service – for an intranet this could refer to response time to download information, but also how responsive the staff supporting the intranet were;

assurance

– the knowledge and courtesy of employees and their ability to convey trust and confidence – this is again something that is conveyed by the support or help-desk staff;

tangibles

– the physical appearance of facilities and communications – in the context of an intranet this is the information quality attributes such as relevance, accuracy, timeliness and presentation which is covered separately in the next section and was in the previous chapter;

empathy

– providing caring, individualised attention – for an intranet this would refer to how helpful the staff supporting the intranet were. It could also refer to the overall ‘look and feel’ of the service indicating the degree to which it could help solve users’ tasks. Empathy could be increased by interactive services such as asking questions online.

But, what about cost?

Chaffey and Wood

Business Information Management

Slide 11.9

Information delivery options

• Push information from central resource • Pull information resources from web-pages or databases

Chaffey and Wood

Business Information Management

Slide 11.10

Different Google Search Appliance options

Figure 11.3

Different Google Search Appliance options

Source:

Google, Mountain View California (www.google.com/appliances/products.html) Chaffey and Wood

Business Information Management

Slide 11.11a

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

Figure 11.4

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

Source:

DTI (2004) Chaffey and Wood

Business Information Management

Slide 11.11b

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

Figure 11.4

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

Source:

DTI (2004) Chaffey and Wood

Business Information Management

Slide 11.12

COBIT controls on information service delivery

• • • • • • • • • • • • •

DS1 define and manage service levels DS2 manage third-party services DS3 manage performance and capacity DS4 ensure continuous service DS5 ensure systems security DS6 identify and allocate costs DS7 educate and train users DS8 assist and advise customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 manage facilities DS13 manage operations

Chaffey and Wood

Business Information Management

Slide 11.13

Addressing organizational security

Information Commissioner suggests these questions that an organization needs to ask to ensure it has adequate security: 1. Does the data controller have a security policy setting out management commitment to information security within the organization? 2. Is responsibility for the organization’s security policy clearly placed on a particular person or department? 3. Are sufficient resources and facilities made available to enable that responsibility to be fulfilled? Chaffey and Wood

Business Information Management

Slide 11.14

• • • • • • • • • •

Business continuity planning

Managing for insufficient.

business continuity

disaster recovery

seeks to control disruption if the methods for protection of information are Disruption can result from malicious deletion of information through a hacker, employee or as a result of a virus as described in Chapter 12. Disruption can also occur through so called ‘Acts-of-God’. Here natural hazards such as fire, flood or storm cause computers holding information to be destroyed. Acts of terrorism can also destroy computers and the information they contain. Organizations need to plan for business continuity in the event of a major incident that destroys the working environment and/or IT by ensuring that if information or technology is lost or destroyed, the business can continue with the minimum disruption possible.

Chaffey and Wood

Business Information Management

Slide 11.16

Questions on business continuity

The UK Information Commissioner gives guidelines based on asking these questions to check that protection measures are adequate to ensure business continuity: • Are the precautions against burglary, fire or natural disaster adequate? • Is the system capable of checking that the data are valid and initiating [automatically scheduling] the production of back-up copies? • If so, is full use made of these facilities? • Are back-up copies of all the data stored separately from the live files? • Is there protection against corruption by viruses or other forms of intrusion? Chaffey and Wood

Business Information Management

Slide 11.17

Computer viruses

Computer viruses are a major threat to company and personal information since it is estimated that there are over 60,000 computer viruses. They are a specific instance of a security breach.

Computer viruses

A program capable of self-replication allowing it to spread from one machine to another. It may be malicious and delete data or benign.

Chaffey and Wood

Business Information Management

Slide 11.18

Boot-sector viruses

Boot-sector virus

These . Some of the most successful or most destructive viruses spread when floppy disks were widely used.

boot-sector viruses

exist on the first sector on a floppy disk or hard disk known as the Master Boot Record (MBR). If a computer is switched on with an infected floppy-disk in the drive this activates the virus which was then transferred to the hard disk and all floppy-disks subsequently used in that machine. • ‘Brain’ was one of the first boot sector viruses which emerged in 1986. A more recent example from the start of the 1990s is ‘Michelangelo’ which was one of the most destructive boot sector viruses. The name was given to it by a researcher who noticed that its trigger date was the same as Michelangelo's birthday, 6 March (1475). Chaffey and Wood

Business Information Management

Slide 11.19

Worms

Worms

. A

worm

is a small computer program that replicates itself and then transfers itself from one machine to the next. One of the first worms was developed in 1988 by Robert Morris and is described in the previous section on hacking. • Since no human interaction is required, worms can spread very rapidly. In 2003, the slammer worm exploited a security loophole in Microsoft SQL server database product and rapidly infected 75,000 machines. • Each infected machine sent out so much traffic that many other servers failed also. This was one of the fastest spreading viruses of all time as Figure 11-5 shows. In future it seems such worms will bring the Internet to a complete standstill.

Chaffey and Wood

Business Information Management

Slide 11.20

Macro-viruses

Macro-viruses

. Macro-viruses are a more recent phenomenon. They piggyback on documents created by Office applications such as Microsoft Word and Excel. Office software such as this has a macro-facility to help users record common actions such as formatting or to develop more complex applications in Visual Basic for Applications (VBA). Macro-virus writers develop viruses that spread when a document is opened. Typically it will attach itself to all subsequent documents that are opened. Since documents and spreadsheets are commonly shared in and between offices, these viruses can spread very rapidly. • One of the first Word macro viruses was the Word ‘concept’ virus from 1995. One of the best known macro viruses is ‘Melissa’. This struck in March 1999 and it marked a new trend as it combined a macro virus with one that accessed the address book of Microsoft Outlook to e-mail itself to new victims. This was one of the fastest spreading viruses in history and it is estimated that it affected over a million PCs. In 2002, the author of the Melissa virus, David L. Smith, was sentenced to 20 months in prison in the US. Chaffey and Wood

Business Information Management

Slide 11.21

4. E-mail attachment viruses

E-mail attachment viruses

. These viruses are activated when a user of an e-mail program opens an attachment. Melissa is an example of such a virus. They typically replicate by accessing the address book and sending copies of an e-mail with the same attachment to everyone in the address book. Effectively they are then acting as a worm. • An even more destructive virus was launched in 2000. ‘The Love Bug’ virus contain the subject line ‘I love you’. While the message contains the text ‘kindly check the attached LOVELETTER from me’ which is an attached file called LOVE-LETTER-FOR YOU.TXT.VBS. The virus deleted image and audio files and accessed Internet servers to send out different versions of itself. According to Cyberatlas (2003) it was estimated that nearly $9 billion damage was done through this virus. • Much of the cost is not the loss of data, but the cost of hiring specialists to rectify the problem or staff time lost.

Chaffey and Wood

Business Information Management

Slide 11.22

Trojans

Trojan viruses

. A Trojan is a virus that masquerades as a bona fide application. They are named after the Greek myth of the giant wooden horse used by attackers to gain access to Troy in order to attack it. • Examples include utilities such as a file sharing program, a screen saver, upgrades to some system components or even imitation anti-virus programs. The advantage for virus writers is that the programs can be much larger. • One of the most famous Trojans is ‘Back Orifice’, reputedly developed by a hacking group known as ‘Cult of the Dead Cow’. This could be attached to other larger files and gave complete access to a machine for a hacker. Chaffey and Wood

Business Information Management

Slide 11.23

Hoax e-mail viruses

Hoax e-mail viruses

. These are warnings about viruses which are not real viruses which ask the recipient to send the warning on to their friends. They are not usually malicious, but can contain instructions on how to remove the virus by deleting files which could cause damage. They cause disruption through time lost.

• This is a typical example of a carefully crafted hoax e-mail which was widespread in 2003: •

To all of my email contacts, Unfortunately a virus has been passed to me and many other people, you may already have it from some other source - through an address book virus which also infected my address book. Since you are in my address book, you will probably find it in your computer, too. The virus (called jdbg.exe) is not detected by Norton or McAfee Anti-virus systems.

…I was sent this email and am now passing it on to you as to how to check for the virus and how to get rid of it. Please do this! It's very simple to do and takes about 3 mins.

Chaffey and Wood

Business Information Management

Slide 11.24

An anti-virus policy

1. The preferred anti-virus software to be used on all machines.

2. The frequency and mechanism for updating anti-virus software.

3. The frequency with which the whole end-user PC is system scanned for viruses.

4. organizational blocking of attachments with uncommon extensions.

5. organizational disabling of macros in Office applications.

6. Scanning to be performed on mail servers when e-mails first received and before viruses sent.

7. Recommendations on use of SPAM filtering software.

8. Backup and recovery mechanisms.

Chaffey and Wood

Business Information Management

Slide 11.25

What you can do…

1. Do not switch off machines when the floppy disk is still in the drive (reduces transmission of boot-sector drives). PCs can also be configured such that they do not boot off the floppy drive. 2. Do not open attachments to e mails from people you don’t know (reduces transmission of e-mail attachment viruses). Since some viruses will be sent from trusted sources, only open attachments which look legitimate, for example Word documents with relevant names. Some viruses use file extensions that are not common used such as .pif, .scr or .vbs. Viewing documents rather than opening them for editing can also reduce the risk of transmission.

3. Download software only from the official source, and always check for viruses before installing the software (reduces risk of Trojan horse viruses).

4. Disable or turn off macros in Word or Excel unless you use them regularly (reduces risk of macro viruses). 5. Backup important files daily if this function is not performed by a system administrator.

Chaffey and Wood

Business Information Management

Slide 11.26

The geographic spread of the Slammer worm 30 minutes after release

Figure 11.5

The geographic spread of the Slammer worm 30 minutes after release

Source:

University of Berkeley (www.cs.berkley.edu/-nweaver/sapphire/) Chaffey and Wood

Business Information Management

Slide 11.27

Managing information service usage

Monitoring of information service usage includes checking for: 1. Use of e-mail for personal purposes.

2. Inappropriate use of e-mail, possibly leading to legal action against the company. 3. Use of Internet / web sites for personal use.

Chaffey and Wood

Business Information Management

Slide 11.28

E-mail controls

Controls can be introduced as part of an e-mail management policy to minimise the volume of: 1. SPAM (unsolicited e-mail).

2. Internal business e-mail.

3. External business e-mail.

4. Personal e-mail (friends and family).

Chaffey and Wood

Business Information Management

Slide 11.29

E-mail volume problems

• In 2002 it was estimated that there 31 billion e-mails sent each day, this amounts to 31 billion per year.

• The volume of e-mails amounts to 1,829 terabytes per day or 3.35 terabytes per year.

• By 2006, e-mail volumes are expected to increase to 60 billion per day.

• The number of business e-mails sent each day varies between 10 and 50 per person according to the type of role of the individual. A similar number are received each day for processing.

• The volume and proportion of SPAM has increased dramatically from one in every 1,000 e-mails in 2,0001 to one in every three e-mails as is shown in Figure 11.6.

• The amount of time spent reading and writing e-mail can amount to over an hour per working day. Incredibly, a 2003 survey by the American Management association found that the average employee spends 25% of the workday on e-mail, with 8% of workers devoting over four hours a day to e-mail! This highlights the importance of making e-mail use efficient.

• Despite these problems, 86% of respondents still agreed that e-mail has made them more efficient.

Chaffey and Wood

Business Information Management

Slide 11.30

Proportion of global e-mail traffic which is SPAM

Figure 11.6

Proportion of global e-mail traffic which is SPAM

Source:

Message Labs Chaffey and Wood

Business Information Management

Slide 11.31

Minimising SPAM

1. Avoid harvesting of addresses

. 2.

Educate staff not to reply to SPAM

.

3. Use filters

. 4.

Use ‘Peer-to-Peer’ blocking services

. 5.

Use Blacklist services

.

6. Use whitelist services

. 7. Challenge/respond.

8. Keep lists, filters and software up-to-date.

Chaffey and Wood

Business Information Management

Slide 11.32

Progression of attempts to combat SPAM

Figure 11.7 Progression of attempts to combat SPAM

Source:

BIM Chaffey and Wood

Business Information Management

Slide 11.33

E-mail processing in businesses

• Of seven common management tasks, meetings took up 2.8 hours on average, dealing with e-mail came second with an average of 1.7 hours and accessing information from the Internet accounted for a further 0.75 of an hour.

• Respondents reported receiving on average 52 e-mails per day while 7 per cent received 100 e-mails per day or more. • Managers reported that less than half of e-mails (42 per cent) warranted a response. 35 per cent were read for information only and nearly a quarter were deleted immediately. On average only 30 per cent of e-mails were classified as essential, 37 per cent as important and 33 per cent as irrelevant and unnecessary. • Despite the reservations about the quality and volume of e-mails received the majority of respondents (81 per cent) regarded e-mail as the communications technology which has had the most positive impact on the way they carried out their job, alongside the Internet and the mobile phone.

Chaffey and Wood

Business Information Management

Slide 11.34

• • • • • • • • • • • •

Sample E-mail management guidelines

Only send the e-mail to employees for which it is essential to inform or act-upon.

Banning certain types of e disturbed).

mail, such as the classic ‘e-mail to the person who sits next to you’ or individuals in the same office (although there are strong arguments for this since e mail is an asynchronous medium and colleagues are not always available or don’t wish to be Avoid ‘flaming’ – these are aggressive e-mails which often put voice to feelings that wouldn’t be said face-to-face. If you receive an annoying e-mail it is best to wait 10 minutes to cool down rather than ‘flaming’ the sender.

Avoid ‘trolls’ – these are a species of e-mail closely related to flame-mails. They are postings to a newsgroup deliberately posted to ‘wind-up’ the recipient. They are best ignored.

Combine items from separate e-mails during the day/week into a single e-mail for the day/week.

Write clear subject lines.

Structure e-mails so that they can be scanned quickly using sub-heads, numbered and bulleted lists.

Make follow-up actions clear.

When reading e-mail, use folders to categorise e-mails according to content and priority.

Perform e-mail reading and checking in batches, e.g. once per morning/afternoon rather than being alerted to and opening every e-mail that arrives.

Delete e-mails which are not required for future reference (large volumes are taken up on servers through staff not deleting e-mails and their attachments).

Etc. – all common sense guidelines, but often common sense isn’t common!

Chaffey and Wood

Business Information Management

Slide 11.35

Personal e-mail

communication.

– the Phones 4 U case 1

• Phones 4U became the first UK company to ban the use of internal e-mail across the entire business. This was partly as a result of use of e-mail for personal purposes and partly due to the management feeling other methods were better for internal •

Computer Weekly

(2003) claimed that the move will save each employee three hours a day, adding up to £1m per month. Surprisingly the article reported that with ‘13,000 internal e-mails passing through its system every week, individual e-mail accounts were taking up too much of the IT department’s time, the company said.’ Communication between Phones 4U head office and its stores now occurs by telephone and the company intranet, which is used for ordering equipment and services, is already showing positive results.

• The move was instigated by John Caudwell, the company’s multi millionaire owner, who believed his 2,500 staff had been spending too much time sending and receiving e-mails and not enough time dealing face to face with customers. Chaffey and Wood

Business Information Management

Slide 11.36

Personal e-mail – the Phones 4 U case 2

• John Cauldwell • ‘

I saw that email was insidiously invading Phones4U so I banned it immediately effect

. ,’ he said. ‘

Management and staff at HQ and in the stores were beginning to show signs of being constrained by email proliferation - the ban brought an instant, dramatic and positive Phones4U staff have been told to get off the keyboards, get face-to-face or on the phone to colleagues.

’ • It doesn’t seem as if all companies will follow suit; Charles Dunstone, chief executive of rival Carphone Warehouse, said: ‘

We trust our people to know how to use email properly

.’ Chaffey and Wood

Business Information Management

Slide 11.37

Policy for managing employee e-mail use

To minimise this problem and some of the problems of over using e-mail for business use, the following steps can be taken: 1. Create written guidelines defining the policy on acceptable e-mail use and disciplinary procedures for when guidelines are breached.

2. Use increasing levels of control or sanctions for breaches including: performance reviews, verbal warnings, removal of e-mail privileges, termination and legal action.

3. Providing training for staff on acceptable and efficient e mail use.

4. Monitor e-mails for signatures of personal use and any breaches of the policy, e.g. swearing and take action accordingly.

Chaffey and Wood

Business Information Management

Slide 11.38

Litigation due to e-mail

• A well-known example from 2000 involved a statement made on the Norwich Union Healthcare internal e-mail system in England which was defamatory towards a rival company, WPA. The statement falsely alleged that WPA were under investigation and that regulators had forced them to stop accepting new business. • The posting was published on the internal e-mail system to various members of Norwich Union Healthcare staff. Although this was only on an internal system, it was not contained and became more widespread. WPA sued for libel and the case was settled in an out of court settlement when Norwich Union paid £415,000 to WPA. Despite this, such cases are relatively rare.

• See also the Claire Swires ‘Swallowing’ e-mail dialogue which led to several staff dismissals for reputational damage.

Chaffey and Wood

Business Information Management

Slide 11.39

Typical IS services

1 Help desk support for user problems Research Insight . These are typically problems with hardware or using software. An indication of the types of problems faced by users is in the – Press Delete for IT Time Wasters. Most queries seem to be about applying hardware and software rather than information management.

2 Advice on software purchase . This ensures that the software is suitable for its purpose and is compatible with hardware, other software and company purchasing schemes and standards.

3 Advice on hardware purchase . This will usually be a centralised standard, again to take advantage of discounts and limiting support contracts.

4 Advice on how end-user development should be approached . The support person will suggest the best approaches for developing software, such as following the main parts of the lifecycle described in Chapter 7. These can be supported through more detailed training and advice on how to use applications building such as Visual Basic which are intended for end-user development.

5 Application development programming.

. For larger systems, the IC staff may be involved in performing the systems analysis and design or more difficult aspects of the 6 Training . In particular, on packages or development techniques.

7 Data management . Management and supply of data to end-users or explanations of formats used.

Chaffey and Wood

Business Information Management

Slide 11.40

Press Delete for IT time wasters 1

• 1.

IT staff waste an average of 20 hours a month solving simple problems that today’s office workers should be computer literate enough to do themselves, according to latest research from Computer People, the UK’s leading IT recruitment consultancy.

Why isn’t my monitor working? My printer’s jammed - can you make it print properly? Why can’t I send any more emails? 4. Please could you format this for me? 5.

Why won’t it let me save onto a floppy disk?

But where does responsibility lie?

Chaffey and Wood

Business Information Management

Slide 11.41

Press Delete for IT time wasters 2

• Problems such as these are usually easily solved and 86% of the time they don’t require IT support. However, 64% of IT professionals are surprised at how often they are called out to look at ‘broken’ monitors only to find they aren’t plugged in, 52% claim that they are regularly asked to un-block paper jams in printers and 54% are often asked to change toners!

• 46% of IT professionals say they are repeatedly questioned by employees who have simply run out of storage space on e-mail, even though this can be easily avoided simply by deleting e-mails regularly. 35% of support staff despaired at those who didn’t take the disk lock off before trying to save documents.

• Carole Hepburn, Commercial Director for Computer People says, ‘In this age of technology there is no excuse for office workers not spending a couple of minutes trying to think through the problem, rather than being too quick to pick up the phone and call for unnecessary help. The amount of time IT professionals spend each month solving the simple problems that today’s workers should be able to do themselves is equivalent to nearly three working days.’ Chaffey and Wood

Business Information Management

Slide 11.42

Press Delete for IT time wasters 3

Computer People’s top tips to help IT professionals when those around are fretting about their computer problems: 1. Send weekly Top Tips – An excellent way to not only let all the computer users in the office know how to solve any simple problems that may arise, but also to pass on timesharing shortcuts you may have. 2. Always appear willing to help – Don’t forget this is what you are trained in! Those needing help aren’t, so try to be as patient and helpful as possible even if the problem is very simple. 3. Keep calm and be reassuring – If a major predicament occurs, the worker may panic and show distress. To help calm them down, give lots of reassurance and keep calm yourself. 4. Talk in non-technical language – There will be a far better chance of workers understanding what the problem is and how it can be avoided in the future if they understand what you are saying.

Chaffey and Wood

Business Information Management

Slide 11.43

End-user development applications

1. Reports from an enterprise database or data warehouse using

ad hoc

or standard queries to databases defined by the user. For someone in an airline, for example, these might include access to a frequent flier database, customer reservation system or crew rostering system to monitor performance of each.

2. What-if? analysis using tools such as spreadsheet models or more specialised tools such as risk or financial management packages or business intelligence software, used for monitoring sales and marketing performance of information stored in a data warehouse.

3. Creating company information for a company intranet page.

4. Development of applications such as a job costing tool or production scheduling system, using easy-to-use, high-level tools such as application generators, PC database management systems such as Microsoft Access or visual programming environments such as Microsoft Visual Basic, Borland Delphi, Powerbuilder or Centura.

Chaffey and Wood

Business Information Management

Slide 11.44

Huff’s stage model of end-user development

1 2 3 4 5

Isolation

. A few scattered pioneers of EUD develop small-scale business tools within their area. Initially, little support from central IS.

Standalone

services.

. Larger-scale applications are developed that may be of importance to a department. Examples might include a staff rostering system or an application for anticipating demand for raw materials. At this stage, an information centre may be developed to support an increase in demand for user computing

Manual integration

. Here, different EU applications need to exchange data. This happens through manual intervention, with files being transferred by floppy disk or across the network or even with rekeying of information. IC development has continued to support the needs of these larger-scale applications by providing training and skills and specifying standards for hardware, software and the development process.

Automated integration

. Users start to link into corporate applications to gain seamless access to information. For example, end-users may download information from a central data warehouse, which is then used to profile customers for a new product launch or marketing campaign.

Distributed integration

to help achieve this.

. At this stage of development, there is a good level of integration between different end-user applications and corporate systems. Good standards of metadata (or data describing data in a data dictionary) are required Chaffey and Wood

Business Information Management

1 2 3 4 5 6 Slide 11.45

End-user development controls

Training

. Provision of relevant training courses both in how to program or use the tools and in how to approach systems development in a structured way (the second of these is often omitted).

Suitability review

. Authorisation of major end-user new developments by business and IS managers to check that they are necessary (this should not be necessary for smaller-scale developments since otherwise creativity may be stifled).

Standards for development

and security measures.

. Such standards will recommend that documentation and structured testing of all user developed software occurs. Detailed standards might include clear data definitions, validation rules, backup and recovery routines

Guidance from end-user support personnel

. IC or help desk staff can provide training in techniques used to develop software.

Software and data audits

pounds each year!

. Regular audits should occur of software produced by end-users for data and application quality. There is an apocryphal story of a company that had an end-user developed spreadsheet for making investment decisions which had an error in a formula that lost the company millions of

Ensuring corporate data security

. Ensure that users are not permitted to enter data directly into enterprise databases except via applications especially written for the purpose by the IS department which have the necessary validation rules to ensure data quality. For analysis of corporate data, data should regularly be downloaded from the central database to the PC for analysis, where it can be analysed without causing performance problems to the corporate system.

Chaffey and Wood

Business Information Management

Slide 11.46

Network infrastructure problems

• Reduction in the quality of service delivery caused by problems with ICT infrastructure is relatively common according to a survey of 450 IT directors in the UK, France and Germany by research analyst IDC. The majority of those surveyed said they sometimes suffered "major faults" with their IT systems, with six per cent saying that such problems were common. • Just under two-thirds of companies admitted to slowed down applications, while 59 per cent admitted to particular functions becoming unusable and 38 per cent said problems rendered applications completely unavailable.

• Companies are leaving themselves open to major system faults because they lack an IT quality policy, according to research by analyst IDC. • In the report, IDC found that three-quarters of companies with no IT quality policy in place are faced with major faults. Half of UK companies said they had a policy in place to improve the quality of IT by making systems more flexible, scalable and free of faults or downtime. Half said they planned to introduce a policy, with 80 per cent of those claiming it would be in the next year.

Chaffey and Wood

Business Information Management

Slide 11.47

Total cost of ownership

• Since the modern organization requires many different types of hardware and software, then the savings can be large if both purchase price and maintenance costs can be reduced. • As a consequence, the person responsible for information services or IT is constantly looking for ways to reduce the

Total cost of ownership (TCO)

of hardware and software whether it is the finance director or owner/manager in a small to medium enterprise or the IT Director or Chief Information Officer in a larger company. Chaffey and Wood

Business Information Management

Slide 11.48

Breakdown of the total cost of ownership of a PC

Figure 11.8

Breakdown of the total cost of ownership of a PC

Source:

Gartner Group (1996) Chaffey and Wood

Business Information Management

Slide 11.49

Guidelines on controlling IT TCO

• • • HP (Compaq) summarises the approach as follows:

‘People

– training end-users and IT staff to make optimal use of cost-controlling processes and technologies.

Processes

– automating some tasks and streamlining others, ranging from asset tracking to software updating.

Technologies

– deploying information technologies that minimize and in some cases eliminate the widest range of labor intensive tasks.’ Chaffey and Wood

Business Information Management

Slide 11.50

Example TCO costs

1. Category Desktop Environment [Client computer purchase and upgrade] 2. Human Resources [End-user time wasted with client computer software problems and configuration] 3. Help Desk and Support Loss of Productivity [End-user time wasted with client hardware problems] 4. Training Application Software [Software licences and upgrades] 5. Heterogeneous Cross Platform Applications Access [Supporting communications between hardware and software from different vendors] 6. Network and Secure Remote Access 7. Operating System Upgrade and Maintenance 8. Desktop Application Upgrade and Maintenance 9. Server Cost 10.Backup and Utilities Chaffey and Wood

Business Information Management

Slide 11.51

Peregrine software AssetCenter used for management of software and hardware

Figure 11.9

Peregrine software AssetCenter used for management of software and hardware

Source:

Business Information Management

Slide 11.52

Outsourcing defined

•

Outsourcing

refers to an organization using a third party to complete business activities. Typically these activities have previously been completed in-house. Operations that are commonly outsourced include catering, cleaning, public relations, call-centres and information systems.

• Outsourcing of all types is a common business activity. Outsourcing of information services is no exception. An important role of CIO and IT managers is deciding which information services to outsource and to whom. Chaffey and Wood

Business Information Management

Slide 11.53

Outsourcing examples

• A snapshot of major IT outsourcing deals in 2003 included: – Consumer goods company Procter & Gamble signed a $3 billion, 10-year IT contract with Hewlett Packard; – ABB, a Swiss power and automation technologies company signed a $1.1 billion, 10-year IT services contract with IBM; – French tire maker Michelin, a $1.21 billion contract with IBM; – Beverage company Diageo, a $500million IT outsourcing contract with IBM; – Rome-based telecommunications company Telecom Italia, a $244 million, five-year outsourcing deal with Hewlett Packard; – Central governments in the United Kingdom and the United States signed contracts with different suppliers worth $18.5 billion in the year. Chaffey and Wood

Business Information Management

Slide 11.54

Outsourcing mini-case – Boots 1

• On Oct. 1, 2002 European high street retailer and pharmacy The Boots Company and IBM announced a 10 year, $1.1 billion (£710 million) outsourcing agreement. • According to the IBM Press release this was intended to ‘enhance the customer experience and generate cost efficiencies for Boots' information technology (IT) operations. IBM will deliver consulting, services, hardware and software as part of the deal. Over the term of the contract, Boots expected to save £130 million (more than $200 million). The IBM press release stated that ‘These savings will be reinvested in change-enabling and first-of-a-kind technologies that will enable Boots to increase customer loyalty and gain competitive advantage.’ • Under the outsourcing agreement, IBM will manage all of Boots' computing infrastructure, including its data center, in store systems, data networks and telecommunications. IBM will deploy and manage new point of sale systems in Boots' 1,600 stores, together with in-store kiosks for their Advantage Card holders.

Chaffey and Wood

Business Information Management

Slide 11.55

Outsourcing mini-case – Boots 2

• As part of the deal, an innovation centre will be created in Nottingham that will develop new uses for advanced technologies at Boots. IBM will also provide database management and applications maintenance to support the Advantage Card programme.

• As a result of the agreement, more than 400 Boots employees will join IBM.

• At around the same time, Boots also signed a deal with IT supplier Xansa to outsource its central application development and support operations. This contract is worth at least £54m over a seven year period and is expected to save Boots up to £30m over the full term of the contract. The Xansa contract will involve an additional 200 staff from Boots' information systems and technology group transfer to the Xansa.

• Source:

Computer Weekly

(2002) Chaffey and Wood

Business Information Management

Slide 11.56

Types of information services functions outsourced

Figure 11.10

Types of information services functions outsourced

Source:

IT Toolbox (2003) Chaffey and Wood

Business Information Management

Slide 11.57

Responses to question ‘What is your main strategic reason for outsourcing IT services?’

Figure 11.11

Responses to question ‘What is your main strategic reason for outsourcing IT services?’

Source:

IT Toolbox (2003) Chaffey and Wood

Business Information Management

Slide 11.58

Proportion of expenditure on IS services

Figure 11.12

Proportion of expenditure on IS services (excluding payments for the use of capital equipment)

Source:

UK Government NAO Chaffey and Wood

Business Information Management

Slide 11.59

“Offshoring”

• Offshore outsourcing

is a major trend in outsourcing. It refers to a company’s processes being undertaken by staff who are located in another country, typically with lower wages for employees. Lower wages and overheads lead to more cost-effective outsourcing. The best known example is financial services.

Chaffey and Wood

Business Information Management

Slide 11.60

Offshoring example

• In 2003, the

Financial Times

reported that Tata Consultancy Services (TCS) had become the first Indian software and services company to earn $1 billion in annual revenue. (2003) reported that this activity does not only occur in India since applications development may also need to occur on the company’s site. • Nearly a quarter of TCS’s 24,000 software professionals are abroad for periods of between two weeks and two years. About half of Wipros 13,000 IT engineers are overseas on short-term assignments, while some 4,000 out of Infosys’s 14,000 engineers are on overseas assignments at any one time.

Financial Times

• The number of staff involved in India’s three largest IT companies show the significance of this trend. IT staff in India are university educated, but the salaries are such that the overall costs of outsourcing are typically reduced by a third. In 2003, the average Indian programmer salary was $5,880/year which is around a quarter of the minimum salary in a developed country. Chaffey and Wood

Business Information Management

Slide 11.61

Offshoring issues

• Costs are such that if around 25% of the offshore workforce, is in fact onshore (a not uncommon figure), then the contract benefits become insignificant. • If this face-to-face meeting doesn’t happen, then specifications are often insufficient to define application needs and a poor quality system results. • Once the contract is set-up the staff time involved in managing the contract can add another 6-10% to the total cost of the contract.

• Secure, dedicated network links can also cost tens of thousands of dollars each month. • The cost of reducing headcount is high also with severance and retention bonuses – it is not possible to sack staff immediately since skills transfer needs to happen. Chaffey and Wood

Business Information Management

Slide 11.62

ASP Outsourcing for SMEs

• Examples of information services outsourcing that can be performed through use of ASPs include: – E-mail services which scan, filter and archive all ( inbound and outbound e-mail so that no e-mail server needs to be managed inside the company.

– Web site management – all files are hosted on a third party server which provides support.

– Remote data backup services such as IBackup www.ibackup.com

). Data is automatically backed-up to external servers.

– Internal network outsourcing. The network and firewalls can be administered externally and maintenance staff supplied to fix problems.

Chaffey and Wood

Business Information Management

Slide 11.63

Top 10 outsourcing reasons:

The main reasons for outsourcing in order of importance are: 1. Reduce and control operating costs 2. Improve company focus 3. Gain access to world-class capabilities 4. Free internal resources for other purposes 5. Resources are not available internally 6. Accelerate reengineering benefits 7. Function difficult to manage/out of control 8. Make capital funds available 9. Share risks 10. Cash infusion Chaffey and Wood

Business Information Management

Slide 11.64

Structure for managing the relationship between The Inland Revenue and EDS

Figure 11.13

Structure for managing the relationship between The Inland Revenue and EDS Chaffey and Wood

Business Information Management

Source:

UK Government NAO

Document

Transcript Document

Chapter 11

Managing Information Services Quality

Learning outcomes

After reading this chapter, you will be able to: • Identify different types of information service delivery; • Explain the concept of total cost of ownership; • Define approaches for managing end-user computing and outsourcing.

Management issues

Typical questions facing managers related to this topic: • How do we evaluate service levels delivered to end users?

• How do we manage end-user development?

• How do we minimize total cost of ownership for information systems?

What is information services delivery?

End-user computing

•

End-user computing

• (1) The resourcing and delivery of information services to end-users, (2) The development of business applications by end-users.

Different aspects of information service quality management

The service gap model

Service quality attributes

Information delivery options

• Push information from central resource • Pull information resources from web-pages or databases

Different Google Search Appliance options

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

UK Information security breaches (a) Types of breaches (b) Cost of worst incident.

COBIT controls on information service delivery

Addressing organizational security

More security questions

Business continuity planning

Questions on business continuity

Computer viruses

Computer viruses

Boot-sector viruses

Worms

Macro-viruses

4. E-mail attachment viruses

Trojans

Hoax e-mail viruses

An anti-virus policy

What you can do…

The geographic spread of the Slammer worm 30 minutes after release

Managing information service usage

Monitoring of information service usage includes checking for: 1. Use of e-mail for personal purposes.

2. Inappropriate use of e-mail, possibly leading to legal action against the company. 3. Use of Internet / web sites for personal use.

E-mail controls

Controls can be introduced as part of an e-mail management policy to minimise the volume of: 1. SPAM (unsolicited e-mail).

2. Internal business e-mail.

3. External business e-mail.

4. Personal e-mail (friends and family).

E-mail volume problems

Proportion of global e-mail traffic which is SPAM

Minimising SPAM

1.

Avoid harvesting of addresses

. 2.

Educate staff not to reply to SPAM

.

3.

Use filters

. 4.

Use ‘Peer-to-Peer’ blocking services

. 5.

Use Blacklist services

.

6.

Use whitelist services

. 7. Challenge/respond.

8. Keep lists, filters and software up-to-date.

Progression of attempts to combat SPAM

E-mail processing in businesses

Sample E-mail management guidelines

Personal e-mail

– the Phones 4 U case 1

Personal e-mail – the Phones 4 U case 2

Policy for managing employee e-mail use

Litigation due to e-mail

Typical IS services

Press Delete for IT time wasters 1

Press Delete for IT time wasters 2

Press Delete for IT time wasters 3

End-user development applications

Huff’s stage model of end-user development