S2 MODULE 2

SYSTEM IMPLEMENTATION:
A key difference between System Implementation and all other phases of the lifecycle is
that all project activities up to this point have been performed in safe, protected, and
secure environments, where project issues that arise have little or no impact on day-to-
day business operations. Once the system goes live, however, this is no longer the
case. Any miscues at this point will almost certainly translate into direct operational
and/or financial impacts on the Performing Organization. It is through the careful
planning, execution, and management of System Implementation activities that the
Project Team can minimize the likelihood of these occurrences, and determine
appropriate contingency plans in the event of a problem.

The purpose of System Implementation can be summarized as follows:

• making the new system available to a prepared set of users

• positioning on-going support and maintenance of the system within the
Organization
• deploying the system consists of executing all steps necessary to educate the
Consumers on the use of the new system
• placing the newly developed system into production
• confirming that all data required at the start of operations is available and
accurate
• validating that business functions that interact with the system are functioning
properly

HARDWARE AND SOFTWARE PROCUREMENT (to obtain)

A. Understand the Need--The first step in the procurement process

is determining why new hardware and software may be needed.
Organizations may decide to procure new hardware and software because
their organizational needs have changed and they have outgrown their
current information system. They may wish to upgrade to improved
technology, or bring their system into year 2000 date compliance. A new
information system could help reduce costs, improve customer satisfaction,
increase the reliability and integrity of information, and assist with data
integration among newly merged entities.

B. Request for proposal-- The request for proposal (RFP) focuses

on thorough documentation of functional requirements of the hardware and
software. this approach does not guarantee that the selected product will
meet all of the organization's requirements. No matter how specifically the

1
 S2 MODULE 2

requirements are stated, there are still many ways for candidate vendors to
respond to an RFP.

C. Vendor demonstrations-- Demonstrations frequently are a

final step in information gathering. Vendors are asked to demonstrate their
products using scenarios that will show how the hardware and software
would support the organization's processes.

D.Top-two comparison--. The top-two-comparison approach relies

on a clear understanding of the marketplace and preliminary screening of
appropriate products by a knowledgeable internal or external resource to
determine which two products will best meet the organization's needs.

The procurement process sets the stage for success in implementing

selected hardware and/or software. By following the steps to managing
successful hardware and software procurement, organizations can maximize
benefits and ensure that their investment will enable their future success.

SYSTEM CONTROL & SECURITY

As the businesses are getting more dependent upon the use of information systems the
need for better IS security is also increasing. Thus, the main goal of defining an IS
security policy is the .Protection of information systems against unauthorized access
to or modification of information whether in storage, processing or transit, and
against the denial of service to authorized users, including those measures necessary
to detect, document, and counter such threats.

Basic Principles of Systems Security

The basic three principles as explained in the literature related to system security are
confidentiality, integrity and availability

a. Confidentiality- Preserving personal privacy is one of the major objectives of

confidentiality. It prevents the unauthorized disclosure of information and restricts the data
access to only those who are authorized.

b. Integrity -In any business organization, the values of data stored and manipulated, such as
maintaining the correct signs and symbols is an important issue of
concern. This issue is referred to integrity within an organization which is the
prevention of the unauthorized modification.

c. Availability -In its most simple form availability is referred to as accessibility of

information and in usable form when and where it is required. Sometimes it is also explained as
the prevention of unauthorized withholding of data or resources. Within any organization today
availability of resources and data is an important issue of
concern since system failure is an organizational security issue.

2
 S2 MODULE 2

Systems Risks

Poor System Administration Practices, Lack of Sufficient Operational Policies, Poor Physical
Security, System Compromises, Key Person Dependency, Loss of Critical Document Data or
Software, Data Disclosure, Functional Lockout, Poor Password Practices

Control risks

Build the system correctly in the first place

Train users about security issues
Once the system is in operation, maintain physical security
Given that it is physically secure, prevent unauthorized access to computers,
network and data
Having controlled access, make sure transactions are performed correctly

Even with transaction controls in place, motivate efficient and effective

operation and find ways to improve
Even if the system seems secure, audit it to identify problems
Even with continuing vigilance, prepare for disasters

Develop the Establish Control Anticipate

system Security operations problems
properly

Control system Provide security training Control transaction processing prepare for disasters
Development Maintain physical security Motivate efficient and effective
& Modifications Control access to data operation, Audit the system

Computers and networks

Effective Systems Controls

Few of the basic principles for effective system controls are listed below:

a. Acceptance
Extra effort to obtain acceptance from those affected before installing new
controls and practices may be warranted in times of distress. Putting new
constraints may be taken negatively by the employee as a sign of mistrust. Huge
or big warning should be avoided.

b. Transparency
Controls, where possible should be transparent or seen as positive contribution to
job performance. The extension of controls that increase constraints on people

3
 S2 MODULE 2

should be minimized.

c. Isolation
Communication among internal systems and networks and from public networks
should be isolated, at least when it is not being used or during critical processing
times.

d. Termination
Procedure for removing, constraining, and establishing user account and password
and log on token administration should be established.

e. Dormancy
All dormant user accounts should be cancelled and all administrative actions kept
current.

f. Accounting
Accounting controls, such as monitoring of suspense items, outstanding balances,
expense accounts, employee and other special accounts, and error accounts,
should be re-evaluated. Other control measures include increasing the frequency
of reconciling, exception reporting, and shortening closing periods.

DESIGNING & IMPLEMENTING ON-LINE SYSTEMS

The aim of using online technologies is to maximise benefit for all stakeholders.
Online assessment requires a careful mixture of several processes. The main aim in
focusing on the design criteria and underlying concepts is to identify heuristics (trial and
error method) for designing online information systems that offer improvements in some
or all of these processes. There are different process issues for each of the different
stakeholders, and in online scenarios these are often different in type and magnitude
from those in offline based assessment processes.

Advantages
• Automation of Administrative Functions-
The online medium offers the potential for designing systems that enablethe different
stakeholders to interact to gain value for themselves specific to their orientation. The
online environment offers many means of automating tasks in order to standardise the
structure and identify omissions

• Quality Assurance-

Sometimes it is only understood as being concerned with the demonstrating to external

assessors the “goodness” of the product or process. More useful from the point of view

4
 S2 MODULE 2

of assessment and education, however, is to view Quality Assurance as primarily

concerned with “quality improvement.”

In an online environment aimed at creating and distributing value for all stakeholder
groups, this implies that evaluation, moderation and feedback processes are created as
a parallel and integrated aspect of the online system – and by implication also be
implemented online.

• Equity Issues-

Equity is significantly reduced where access to technology is not ubiquitous or where

technology skill indirectly influences the online presentation of evidence. In many cases,
this implies standardizing the hardware and software, and training employees in that
hardware and software.

• Security, Fraud and Tampering with Records-

The flexibility of online system offers advantages in providing many different technical
ways to insert information into system and to access it. This flexibility of access
raises information security problems that need to be addressed informatically in
technically different ways dependent on the information processes and pathways.
Online system in these circumstances would likely require a secure
interface for external authorized and authenticated assessors to enter reports about
stakeholders

• Interface Issues-

Stakeholders interact with the online system via interfaces. These interfaces are directly
related to the underlying processes that provide stakeholders with the value and
benefits generated by the online system.

DATA COMMUNICATION REQUIREMENTS

1) Technical Requirements
a) Accessibility
b) Encryption
c) Hosting
d) Environment
e) Disaster Recovery

2) Operational Requirements
a) System Performance
b) Data Archival

5
 S2 MODULE 2

c) Audit and Controls

d) System Administration
e) SQA
f) Business Continuity

Accessibility –

ability to access information and services by minimizing the barriers of

distance and cost as well as the usability of the interface. In many countries
this has led to initiatives, laws and regulations that aim toward providing
universal access to the internet and to phone systems at reasonable cost to
citizens. data Accessibility Patterns are being built to help make it easier for
system developers to use best practices for greater accessibility.

Encryption-

encryption is the process of transforming information using an algorithm to make it

unreadable to anyone except those possessing special knowledge, usually referred to
as a key. Encryption can be used to protect data "at rest", such as files on computers
and storage devices. Encryption is also used to protect data in transit, for example data
being transferred via networks (e.g. the Internet, e-commerce), mobile telephones,
wireless microphones, wireless intercom systems, Bluetooth devices and bank
automatic teller machines. There have been numerous reports of data in transit being
intercepted in recent years. Encrypting data in transit also helps to secure it as it is often
difficult to physically secure all access to networks.

Hosting- hosting is a type of service that allows individuals and organizations to make
their own system accessible.

Environment - the environment is the remainder of the universe that lies outside the
boundaries of the system. It is also known as the surroundings, Depending on the type
of system, it may interact with the environment by exchanging mass, energy (including
heat and work), linear momentum, angular momentum, electric charge, or other
conserved properties.

Disaster Recovery- Disaster recovery is the process, policies and procedures related
to preparing for recovery or continuation of technology infrastructure critical to an
organization after a natural or human-induced disaster. Disaster recovery is a subset of
business continuity. While business continuity involves planning for keeping all aspects
of a business functioning in the midst of disruptive events, disaster recovery focuses on
the IT or technology systems that support business functions.

6
 S2 MODULE 2

System Performance- it is characterized by the amount of useful work accomplished

by a computer system compared to the time and resources used.eg Short response
time for a given piece of work, Low utilization of computing resource, High bandwidth /
short data transmission time etc

Data Archival – it is a collection of historical records, as well as the place they are
located. Archives contain primary source documents that have accumulated over the
course of an individual or organization's lifetime. In general, archives consist of records
that have been selected for permanent or long-term preservation on grounds of their
enduring cultural, historical, or evidentiary value. Archival records are normally
unpublished and almost always unique

Audit and Controls- it is an evaluation of a system. The term most commonly refers to
audits in accounting, but similar concepts also exist in project management, quality
management, and energy conservation. And Control is the ability to purposefully direct,
or suppress, change

System Administration- it includes scripting or light programming, project

management for systems-related projects, supervising or training computer operators,
and being the consultant for computer problems beyond the knowledge of technical
support staff. To perform their job well, a system administrator must demonstrate a
blend of technical skills and responsibility.

SQA- (Software quality assurance ) SQA encompasses the entire software

development process, which includes processes such as requirements definition,
software design, coding, source code control, code reviews, change management,
configuration management, testing, release management, and product integration. SQA
is organized into goals, commitments, abilities, activities, measurements, and
verifications

Business Continuity- Business continuity is the activity performed by an organization

to ensure that critical business functions will be available to customers, suppliers,
regulators, and other entities that must have access to those functions. These activities
include many daily chores such as project management, system backups, change
control, and help desk. Business Continuity is not something implemented at the time of
a disaster; Business Continuity refers to those activities performed daily to maintain
service, consistency, and recoverability.

7
 S2 MODULE 2

SYSTEM CONSERVATION APPROACHES

Almost always, the difficulty in solving a problem is not in the

calculations, but in the selection of an appropriate technique.

The first step in solving a problem is to draw a sketch of the

situation. It is important that the sketch clearly show the initial
and final states of the system and any interactions of the system
with the environment. This sketch aids in sorting out the
interactions of important objects so that you can decide on which
system to consider and what constitutes its initial and final state.
In your sketch, include all energy transfers that affect the system.
Also, include all of the relevant information given in the problem.

After determining the question, the next step is to decide how to

approach the problem. Before choosing a system, you need to
determine the important physical objects and how they interact in
the problem. Your system might consist of some combination of
those objects.

SYSTEM SELECTION ISSUES.

1. Structured approach- The first step in selection of a new

system is to adopt a structured approach to the process. The
set of practices are presented to all the stakeholders within
the enterprise before the system selection process begins.
Everyone needs to understand the method of gathering
requirements; invitation to tender; how potential vendors will
be selected; the format of demonstrations and the process for
selecting the vendor. Thus, each stakeholder is aware that the
decision will be made on an objective and collective basis and

8
 S2 MODULE 2

this will always lead to a high level of co-operation within the

process.

2. Focused demonstrations- Demonstrations by potential

vendors must be relevant to the business. However, it is
important to understand that there is considerable amount of
preparation required by vendors to perform demonstrations
that are specific to a business. Therefore it is imperative that
vendors are treated equally in requests for demonstrations and
it is incumbent on the company [and the objective consultant
assisting the company in the selection process] to identify
sufficient demonstrations that will allow a proper decision to be
made but will also ensure that vendors do not opt out of the
selection process due to the extent of preparation required.

3. Emphasis on system cost- Is the cost of an system is

significant for a company, other important decision criteria,
such as functionality; future proofing; underlying infrastructure

4.Selection bias- It is not unusual that the decision on which

system to purchase is made by one individual or by one
department within the company. In these situations, a system
that may be excellent at one function but weak at other
processes may be imposed on the entire enterprise with
serious consequences for the business.

5. Incomplete requirements- it is very important to

understand user requirements, not only for current processes,
but also future processes (i.e., before and after the new system
is installed). Without detailed user requirements, review of
9
 S2 MODULE 2

systems for functional best-fit rarely succeeds. The

requirements must go into sufficient detail for complex
processes, or processes that may be unique to a particular
business.

10