Key Policies, Procedures, and the Operating Environment Should Be Documented Those who maintain computer systems should follow documented management programs, detailing the ongoing operation and control of the computer system.
Management programs are valuable for increasing software use as productivity, maintaining system stability, and reducing operational costs by well as training, limiting computer downtime.
The cost and detail of a management program should be proportionate to the complexity of the computer system and level of its benefits. Although the responsibility for setting policies and procedures may vary among jurisdictions, for local governments relying on their own staff to maintain computers, policy makers, technology staff, and end users all have a role to play.
By contrast, technology specialists should, with input from users, set procedures that both implement the policies and support the needs of staff using the system. Laudon and Jane P. Some of the policies in a management program will be driven by state and federal laws. The security-related elements of a computer management program are described in more detail later in this chapter. The Robbinsdale Area School District, which serves more than 13, students, developed a technology plan encompassing many elements of a sound computer management program.
For example, in the plan the district identifies specific technology needs, such as the need for additional staff technical training, and it presents strategies to fill the gaps between what is needed and what is available. The plan also differentiates among management duties for different levels of staff. See the Robbinsdale School District technology plan at www.
They should communicate policies and Technology policies and procedures should be communicated to staff. For large policy changes that are likely to be controversial, giving users an opportunity to voice questions and discuss issues may be useful. The city of Fergus Falls developed policies to communicate acceptable computer uses to city staff. A committee of managers and staff jointly developed the policies, and the city council approved them. The policy document covers security procedures, such as forbidding users to share passwords and requiring them to change passwords every 90 days.
Among other items covered are procedures measures, such related to virus scanning and downloading files or software from the Internet. All as requiring employees who use computers in the course of their work receive the document. Information systems staff passwords supplement the written guidelines with various procedures, such as setting up new periodically.
Adherence to Computer System Policies and Procedures Should Be Monitored Local governments should ensure that their own users adhere to computer policies and procedures. For example, some jurisdictions have policies prohibiting users from downloading programs off the Internet, and monitoring helps ensure that users comply.
Some monitoring may be done with software applications, such as those that strip certain attachments from all e-mail messages to prevent harmful files from corrupting the system. Computer users should have input on updating policies and procedures, even when external providers are managing the computer system and developing the procedures. Surveying users is one way of systematically allowing them to suggest changes and identify computer system problems. Knowledgeable Staff Should Maintain and Use the Computer System For optimal performance, computer systems require properly trained staff to operate and maintain them.
In addition, computer users need training and support to use the systems efficiently and responsibly. The Expertise of Technology Staff Should Be Assessed Managers of computer system services should know the strengths of their Computer information technology IT staff, and local governments must understand the systems require extent of these strengths when considering computer management options.
Identifying gaps in computer system support technology staff needs will also help identify necessary staff training. Technology Staff Managers of computer systems should be aware of the need to actively recruit and retain technology staff. For example, internships or partnerships with local educational institutions can help recruit potential employees. Local governments need to determine whether the computer system managers they are considering follow recruitment and retention practices.
Local governments that choose to manage systems with their own personnel will be competing with private business for skilled workers, and they should recognize that qualified IT staff can be difficult to find and keep although this varies with labor market conditions.
Training for Technology Staff Should Be Ongoing Because technology evolves quickly, IT staff need training on an ongoing basis to provide efficient and effective services. A variety of information for keeping technology staff updated is available on the Internet. It recommends that IT staff review on-line resources daily to learn about new developments in computer system security and prepare themselves to take action as necessary.
For example, staffing for security is a function of system complexity and the likelihood it will change. Gartner Group estimates that through , 75 percent of government agencies will face chronic staff shortages unless they implement a comprehensive staffing plan that addresses compensation, civil service reform, and expanded use of outsourcing.
Gartner Group quantifies the relationship between training and productivity for IT professionals and end users, suggesting that each hour of training saves five hours of time spent experimenting, requesting help, and reworking tasks. For example, the Robbinsdale Area School District uses salary incentives to encourage ongoing training of its technology staff. The stipends offer financial rewards to technology staff who successfully complete technical certification programs as part of their approved training plans.
User Training Should Be Available Local governments should ensure that whoever manages the computer system has an adequate plan for training local government staff expected to use the system. Training saves time that users would otherwise spend experimenting with software applications. It increases productivity by minimizing the need to rework tasks.
In addition, users need to be educated on the importance of computer system security. The city of Lakeville has used an innovative way of training its computer users.
Lakeville has contracted with a technology-training firm to provide user training when the city upgrades software. Using their own computer files, employees typically learned the software more quickly and gained a deeper understanding of its utilities.
User Support Should Be Provided In addition to user training, local governments should ensure that computer system managers offer an appropriate type and level of ongoing user support. New users will need support as they become acquainted with the computer system, and experienced users will require support when new applications are added or other changes are made. Because users learn in different ways and need help at different times, a variety of help options may be necessary, such as those listed in Table 3.
The Robbinsdale Area School District uses an internal computer network to provide user support. Also see Derek Simmel et al. For example, one module instructs staff on changing passwords.
The district expanded its user-support options because teachers had difficulty finding time outside of the classroom to help them take full advantage of available technology. Managing computer systems means understanding and controlling risks, which is necessary whether computers are managed by in-house staff, computer vendors, or intergovernmental technology collaborations. Whether local governments use external providers or manage their own computers systems, they should understand the risks inherent to the system.
Computer Security risks come from both outside and inside local governments and may security risks threaten physical property or the availability and quality of data. Consequently, computer system managers should assess the risks to their systems. Unknown to users, viruses can be present on a diskette or CD, transmitted as attachments to an e-mail note, or downloaded from files off the Internet.
The goal of the security policy is to prevent unauthorized access, theft, or alteration of information systems, and the level of security should be commensurate with the Computer identified risks. Security policies and procedures should identify what can go security policies wrong, determine measures to reduce the likelihood of problems, lay out steps for should address detecting and responding to security breaches, and specify who will undertake the identified risks.
Because of the need to balance security against issues of privacy, access, and costs, it is important to have senior officials of an organization involved with setting security policies. One focus of the assessment was security, and the second addressed network infrastructure performance. Part of the response was updating certain security policies, such as formally documenting procedures for data backups and off-site storage of backups. In most cases, limited numbers of staff should have access rights to production programs and data.
For managing security risks due to employee use of the system, computer system managers should set procedures that define acceptable and unacceptable user behavior. For example, a policy may prohibit employees from downloading Internet files to the local network. Microsoft TechNet produces Security Planning, which includes a section on basic risk assessment at www. The policy should be developed with user and IT staff input and updated as needed to reflect computer system changes.
Another control over internal access to a computer system is requiring user authentication through passwords. Procedures for password administration should address closing dormant accounts, requiring difficult-to-crack passwords, changing passwords periodically, and limiting the number of times a user may retry entering a password.
Managers should test the rigor of user passwords with any of several passwords may password-cracking tools. For instance, require users to change their passwords every 30 to 45 days.
Limit the number of times a person may reenter passwords to prevent unauthorized users from gaining access to the system. Passwords offer a first level of authenticating users, but for high-risk systems, managers may need to consider second-level authentication controls, such as requiring multiple passwords.
Other controls include tokens, keys, and biometric Sensitive data devices that recognize a person based on biological characteristics, such as require higher fingerprints. The computer network allows employees to use only those files to which their user account has been granted access rights. Many tasks in the business environment involve the use of computers. Employees input data in software applications and programs that allow other individuals to view the information.
Owners and managers rely on computers to access the information from the management information systems Computers can process certain types of business data quicker and more accurately than employees. Accounting and finance departments, for example, typically input data and allow the computer and software application to generate reports based on the financial numbers.
Using computers can restrict employee access to business or financial information in the management information systems. Most computers or software applications require usernames and passwords to access data.
This prevents individuals from filtering or altering information prior to review by owners and managers. Payroll: Payroll is the sum of all financial records of salaries, wages, bonuses and deductions for an employee. In accounting, payroll refers to the amount paid to employees for services they provided during a certain period of time.
The payroll management module has the basic task of automating the pay process in an organization. The outstanding its easy implementation. The Payroll Management System deals with the financial aspects of employee's salary, allowances, deductions, gross pay, net pay etc. It has the following benefits that are briefly enlisted below: Manage Employee Information Efficiently. Benefits administration -Benefits administration involves the creation and management of employee benefits, as well as providing a means for employees to be trained in understanding how the benefits work and what types of standards employees must meet in order to qualify for the benefits.
This module helps provide a system for organizations to administer and track employee participation in benefits programs. The system, normally called a "learning management system" LMS if a standalone product, allows HR to track education, qualifications and skills of the employees, as well as outlining what training courses, books, CDs, web based learning or materials are available to develop skills. Recruitment: One way in which human resources has been significantly impacted by technology is in the area of recruiting.
Before the Internet, HR recruiters had to rely on print publications, such as newspapers, to post jobs views for open positions. Other methods such as networking also were used, but HR recruiters did not have the ability to post a job in one or more locations and have millions of people see it all at once. Technology has made recruiting more efficient andin the hands of the right recruiter, more effective as well. Service module The employee self service module allows employees to query HR related data and perform some HR transactions over the system.
Employees may query their attendance record from the system without asking the information from HR personnel. The module also lets supervisors approve overtime requests from their subordinates through the system without overloading the task on HR department.
Many organizations have gone beyond the traditional functions and developed human resource management information systems, which support recruitment, selection, hiring, job placement, performance appraisals, employee benefit analysis, health, safety and security, while others integrate an outsourced applicant tracking system that encompasses a subset of the above.
0コメント