Development of an Information Strategy for Scottish University - Case Study Example

Development of an Information Strategy for Scottish Information Technology plays a pivotal role in educationalinstitutions. An efficient IT and telecommunications system makes information manageable. It also eases communication, provides privacy and maintains the system. A policy document provides a critical guideline to a quality IT management system. IT designers must ensure that the system designed is useful to both students and staff members. This report will develop IT and Telecommunications-use policy and discuss what a robust system design requires. It will begin by evaluation of the existing IT system using several data collection and information analysis systems. The evaluation is the basis upon which the status of the system finds establishment. The policy will then be drafted on the basis of the findings. The strengths and weaknesses of the policy will then be tested for effectiveness in management of the university’s information and knowledge resources. Evaluation Methods The Information Technology department is an indispensable department in any organization. It manages the technological resources for the university. Management of the information system focuses on the technology used to gather information and data which is essential to run the university. The information should be safe and retrievable. Data collection methods collect the relevant information. There are several methods for gathering information and knowledge in the IT department: A survey is one of the methods used to assess satisfaction the users of the information system get from its utilization. An online survey (Shapiro, 2004) can be used to collect the feedback on IT functionalities. It will gauge the strengths and weaknesses of the system. It will also be used to measure trends and attitudes toward new information technology. The IT survey design examines the use of information technology such as computers and programs. The survey should be close ended. It collects quantitative data. The information collected will help the university decide what information technology is available to support, plan, implement and evaluate new programs. It will enumerate and describe the programs available for the different groups of staff and students of the university. It will gather data on suggestions as to which programs and equipment could ameliorate the efficiency of the information management system. A survey is affordable and efficient. However, it lacks the flexibility required to capture certain qualitative information. It finds its application in lieu with interviews. Interviews can obtain in depth information on topics. Interviews capture qualitative information. They gather this information with high accuracy. They can be carried out on one basis with the leaders of the three unions of the university. These three represent the mass opinions of the groups they represent. They can be used to obtain information such as how the users feel about its efficiency. Focus groups comprising of members of staff and students in different groupings will be efficient in obtaining unbiased opinions. They are a source of interactive information. Structured interviews with a trained interviewee will yield quality information in a short time. The interviews are tools used to collect information on personal experiences with the information system. Focus groups are ideal in identifying group think. This method will yield high quality subjective data for the study. Direct observation is the most efficient technique. Information and Telecommunication experts follow and observe the users of the system. This enables a first hand, real-time perspective of the system. It is, however, a time consuming and tedious method. It finds application in a limited manner. Each representative group has One observatory session assigned to it. The trained professional will sit for a specified amount of time with representative s of each group as they go use the system. They will be able to gather information on how the systems find usage. The technician notes down any undesirable information system applications. The technician also has to note down the level of proficiency of the users. Document review is another method that can be used to collect data on the information system. The documents include official papers on the running of the information and telecommunication system at the university. Every department must present its ad hoc guidelines for the information system. These should be presented to the data collection technician. These documents provide a view into the current policies. It provides a basis for refinement and polishing of policy documents for the institute. Data from the interviews, focus group discussion, direct observation, document review and the online survey is applicable in the next which is the competitive analysis of the information system at the university (Common data collection methods, 2012). Competitive analysis of the Scottish University (Using Porter’s model) The information system is a critical portion of the university’s competitive ability. The Porter’s model stipulates that competition in any industry has its governance in five forces. These forces are Threat of new entrants, Threat of substitute product/services, bargaining power of suppliers, bargaining power of buyers and Rivalry among current competitors. The Professor Michael E. Porter of Harvard business School created this model to enable strategic planning. This model identifies the weaknesses and strength of every industry. With this knowledge, businesses and other organizations can set up various strategies. These strategies include those that will improve their visibility and widen their profit margins (Kara Giannopoulos et al, 2005). This model is a thorough method for analysis of competitive status of the Scottish university. The higher education sector can be broken down to fit the model as follows: The buyers are the students while the suppliers are members of the academic staff. The services are the courses offered by the university to students. The services also include auxiliary systems like research, the information system and management. A new entrant refers to any new higher education institution in Scotland. Threat of new entrants In the higher education sector, there are high barriers to entry. This is because the capital cost of setting up a university is remarkably high. The research, academic, administrative and real estate investments involved in running a university are vast. There are government policies that govern accreditation. These pose yet another barrier to new entrants. Universities thrive on reputation. New entrants have to earn their reputations. They have to go through the proprietary curve before they are under consideration as substantial threats. New entrants must be ready for retaliation by the universities that are in establishment. The Scottish University is already in the sector. It does not face much competition from new entrants in the sector (Kara Giannopoulos et al, 2005). Bargaining power of buyers The buyers in this scenario are the students they are quite many in volume (3000). They do not have bargaining power. This is because the number of students seeking higher education is large. They are not sensitive to the price of higher education. This is because education has valuation as an important asset. There is no threat of forward integration by the students as running a university has high specialization. Incentives that can be presented to students include state of the art facilities and robust academic courses. The Scottish University is slightly affected by the bargaining power of its students. The university needs an excellent reputation (Kara Giannopoulos et al, 2005). Threat of substitute services Substitute services refer to programs from other universities that are similar to those offered at the Scottish university. They pose a significant threat to the Scottish University. Universities thrive on reputations. A solid reputation earns recognition for the university. Recognition brings in research and grant money. It also attracts star students to the university. These students excel in research programs. This earns the university an outstanding reputation. If other universities offer better programs at fair prices, the Scottish university may lose its reputation Bargaining power of suppliers The suppliers are the academic staff. They have limited effects on the university. There are many qualified academicians willing to teach at universities. This means that the university holds the competitive advantage. However, highly specialized academicians with a great reputation may require incentives to provide their services at the university. Rivalry amongst existing competitors The higher education sector has high barriers to exit. This is because their assets have high specialization. This means that the university has no option but to compete with its rivals. The fixed costs and value added costs of running a university are high. The cost of switching the university to another enterprise is restrictive. There are high brand stakes. The reputation of the university is its brand. All these factors make exit extremely difficult to leave the competitive atmosphere. The Scottish University has no option but to stay put and compete for a good reputation. This analysis gives a clear picture of the competitive status of the Scottish university. Porter further went on to suggest generic strategies that can help a firm beat its competition. The strategies are cost leadership strategy, differentiation strategy and focus strategy. The Scottish University has access to research facilities, highly skilled teams and a reputation. It, therefore, qualifies to apply this strategy. The differentiation strategy(Kara Giannopoulos et al, 2005) involves making the services offered by the university better than those offered by its competitors. This will ensure that the students cannot get substitutes of services from any other university. This strategy will earn the university an upstanding reputation. The information strategy is a vital part of the differentiation strategy for the Scottish University. Outline of the university’s Information Strategy The ORNA method Elizabeth Orna developed a precise method of information management. The method outlines clear progression from information audit to information strategy. The outline is in the pictorial representation below: To information strategy Information policy statement Matching what it is doing with what it should be doing What it should be doing with knowledge and information Understanding the organization The first step is the establishment of what the information system should be doing. This is the information gathered from the expectations of the users of the university’s information system. This information can be captured is available from the results of the survey, interviews and focus group discussions. The expectations for the system from the information can be summarized as follows (direct citation): Qualitative characteristics of good information for information systems (Information Management,2008) Reliable Information users must be able to trust that information received from a system is trustworthy. In the realm of Information Security, this suggests that it should not be corrupted or contaminated while it is being stored or processed. Data protection, data modeling, process validation, and testing are some methods that help to ensure that users can rely on the outputs of systems. Relevant The characteristic of relevance suggests that information should be specific to the purpose for which it is needed. For example, the full details of the operational level might be interest, but not relevant to a top-level manager. What is pertinent to one user is not relevant to others. This principle is also helpful when determining user access and privileges in database development. Concise Our brains process information selectively. Information that is brief and succinct is better process and remembered than meandering information. IS outputs should therefore be summarized according to the needs of the users. Complete While incomplete information might be useful, its value is far less when compared to complete information. For instance, imagine a database for members of a social club without required contact information. Incomplete records give limited information without providing a fuller picture. Complete information is valuable because it gives a better representation of reality and has fewer unknowns. Understandable Information is only such if it can be properly understood by users. Understandable information is properly formatted, meaningful to an array of users, and unambiguous. Timely and up-to-date Records that are up-to-date and can be furnished on demand are more valuable than stale information that cannot be provided when needed. Information usually has a shelf-life; users have deadlines to meet and decisions to make based on it. In some cases, information past a decision-date is rendered totally useless – no one wants useless information. In addition, reliable information is sufficiently detailed; properly communicated and presented (through the correct media/forums); and contextual (users can see why the information is vital). Information that has most of these characteristics would generally have higher value than those with few. In some instances, certain criteria are more important than others are. Indeed, there are fine lines separating quality information from average and useless information (end citation). The next step in the Orna analysis system is to compare and contrast the expectations the users have of the system versus what is the real scenario (Information Management, 2008) . The summary of the quality of the information system is as follows: The students felt that the ratio 5:1 of students to the computers was too high. They felt that there is a real need to increase computer accessibility by students. This would ease their academic research and improve their proficiency by practice. They also expressed that the default applications were inadequate and dated. They had to use non licensed software to meet the demands of some of their academic sources. The librarians have limited access to the network. They felt that their applications were out of date. They would like a system with efficient retrieval systems. They had tried using non licensed software, but it was not compatible with the default network system. The administrators felt there is no sense in increasing the number of computer units. This is due to the high rates of thefts of computer equipment. Hardware disappeared without a trace and software has been mysteriously missing. There arose a need to keep the losses at a minimum. The administration decided to put a halt to the purchase of Information and Telecommunications technology. The administrators also complained about frequent network problems. The system has files that corrupted by virulent activity. These infections occur due to the number of users that access the network daily. It is on the rise due to unrestricted use of internet in the university. Important files crucial in the running of the institute are corrupt. The academic staff has difficulty interacting with the computer systems. When the academic staff needs to upgrade their material and use new software, they are not able to use the information system. This is because they lack training to enable further research. The executives would desire that their secretaries have restricted access to certain documentation. The secretaries require that the network is concise to ease their work. They also try to complement the system using unlicensed software. The analysis of this system is as follows: the system is not reliable as some of the files in the network are severely corrupt. It lacks relevance to different groups that is the root of the unregistered software use. It is not concise and usable to various users. The groups struggle to use the system. Name of institution: Scottish University The primary phase of the strategy is to set up an all-encompassing policy document. This document will take into account the requirements of the users. It will replace the departmental guidelines creating a universal code for the university’s information system. It will also consider amelioration and maintenance of the system. The second phase is the communication of the policy to all users. Each group will be aware of the new policy and informed of its genesis. The information gathering phase, which took place at the beginning, will have the users on board. This is because their opinion in the matter was sought. Voicing their opinion gives them a feeling of ownership of the policy. They must be educated on the sections of the policy that apply to them. The third phase of the strategy is the formulation and implementation of the Information and Telecommunication policy. This is the most involving step. It includes documentation and authorization. The stakeholders in the IT department will come up with a policy document such as the one suggested below. The document shall describe in details the provisions in every information management area. This document shall outline every crucial area in the overhaul of the system. The network and the equipment used should be given the proper upgrade it requires accordingly. Maintenance and updating intervals must be set. The users will receive compulsory training on how to use the information system. For students, it can be taught as a compulsory introductory unit. Members of staff can have workshops to equip themselves with the tools necessary to ease their information management. Intranet with controlled access must be set up for information that specifically applies to the institution only. Controls on the internet should be applied. The fourth phase is a preliminary analysis of the policy to check on its effectiveness. The data gathering techniques at the beginning of this paper should be applied once again to gauge the effectiveness of the policy as it is. Using the guidelines as to what an effective system should be, necessary changes can be made to the policy as needed. This phase is the refinement phase. The final phase is monitoring adherence to the policy (Mertins 2003). Policy document outline (T2P, 2011) Name of the Institution: Scottish University (Using an Information Policy template): Acceptable use (Administrative access policy) Scottish University departments must submit to the IT department a list of administrative contacts for their systems that have connections to the Scottish University’s network. All users must sign a Scottish University Agreement to Protect Sensitive Data before enablement of account access. All users of Administrative access accounts must have account management instructions, documentation, training, and authorization. Everyone that uses Administrative access accounts must refrain from abuse of privilege. The individual must only do investigations under the direction of the IT and Telecommunications department. Everyone that uses Administrative access accounts must use the account privilege most appropriate with work in performance (for instance. User accounts, Administrator accounts) Each account used for administrative access must meet the Scottish University Password Policy. The password for a shared administrator access account must change when an individual with the password leaves the department or upon a change in the Scottish University. In cases where a system has only one administrator, a password escrow procedure must ensure that someone other than the administrator can gain access to the administrator account in an emergency situation. When Special Access accounts are in need for Internal or External Audit, software development, software installation, or other needs, they: must be authorized, must be created with an expiration date and must be removed when work is complete. Internet policy All files downloaded from the Internet must be scanned for viruses using approved software and current virus detection software. Any corporate data posted on the intranet must not be available to access by a broader online audience than is appropriate for the materials themselves. All sensitive Scottish University materials transmitted over external networks must be encrypted. No files or documents may be sent or received that may cause legal liability for, or embarrassment to the Scottish University All software used to access the Internet must be part of the Scottish University’s standard software suite or approved by IT management. IT staff must update Internet clients and browsers as vendor-provided security patches find release. Internet clients and browsers must be configured to use the Scottish University firewall http proxy. Prohibited Use Employees may not use Scottish University’s Information Resources, either during working hours or on personal time, to: Access, retrieve, or print text and graphics information that violate the Acceptable Use Policy Participate in unlawful and/or demeaning activities that could in any way discredit Scottish University Engage in any activity that would compromise the security of Scottish University’s systems, resources, or networks Engage in any fundraising activity, endorse any product or services, participate in any lobbying activity, or engage in any active political activity Access or download video and voice from the Internet, except in the service an approved research or job function. Store personal files obtained via the Internet on Scottish University’s drives, servers, or other devices Virus Detection Policy All workstations whether connected to the Scottish University network, or standalone, must use the Scottish University IT approved virus protection software and configuration. The virus protection software must not be disabled or bypassed. The settings for the virus protection software must not be altered in a manner that will reduce the effectiveness of the software. The automatic update frequency of the virus protection software must not be altered to reduce the frequency of updates. Each file server attached to the Scottish University network must utilize Scottish University IT approved virus protection software. The server must use the setup to detect and clean viruses that may infect file shares. Each Email gateway must utilize Scottish University IT approved email virus protection software and must adhere to the IT rules for the setup and use of this software. Every virus that is not automatically cleaned by the virus protection software constitutes a security incident and must be reported to the IT department. Physical Security Policy Procedures will be in place. These procedures are to ensure that maintenance and repair activities find accomplishment. This should be done without adversely affecting system security. The procedures shall: Establish who performs maintenance and repair activities, have procedures for performance of emergency repair and maintenance, contain the management of hardware/software warranties and upgrade policies to maximize use of such items to minimize costs, Describe how the items must be serviced through on-site and off-site maintenance for example, escort of maintenance personnel, sanitize devices removed from the site Describe control of remote maintenance services where diagnostic procedures or maintenance must be performed through telecommunications arrangements. The following configuration management practices should be documented and maintained for all Scottish University’s applications: The version controller that associates the system components with the appropriate system version. Procedures for testing and/or approving system components (operating system, other system, utility, applications) prior to promotion to production Impact analyses to determine the effect of proposed changes on existing security controls, to include the required training of both technical and user communities associated with the change in hardware/software. Change identification, approval, and documentation procedures. Procedures for ensuring that contingency plans and other associated documentation should be updated to reflect system changes. Procedures for using test “live” test data or made-up data. Procedures on, how emergency fixes must be handled. All software, operating systems, and patches should be installed in accordance with Scotland’s copyright regulations, applicable licenses, and policy. Lastly, this strategy is thorough and well researched. Its strength lies in the identification of the Problems of the information system that are particular to the Scottish University. The solutions are, therefore, tailor made for their information system(Brynteson 1991). The strategy finds its basis on Orna’s postulates, which led to the onset of information policies. The strategy finds its basis on universal standards for complete information systems. The other strength is in authoritative enforcement. The IT department in lieu with the university’s administration will have to enforce these policies to protect their information. The physical security policy protects the physical elements of the network. It also ensures regular maintenance. Adherence monitoring of the strategy will go a long way in engraving the policy in the minds and behavior of the students and staff of the Scottish University. Works cited Kara Giannopoulos, G.D., N. Georgopoulos, and K. Nikolopoulos. "Fathoming Porters Five Forces Model in the Internet Era." Info 7.6 (2005): 66-76. Print.. Mertins, Kai, Peter Heisig, and Jens Vorbeck. Knowledge management. Berlin: Springer, 2003. Shapiro, J. S. "Automating Research Data Collection." Academic Emergency Medicine 11.11 (2004): 1223-228. Print. Brynteson, Susan. Information policies: A compilation of position statements, principles, statutes, and other pertinent statements. Washington, DC: Coalition for Networked Information, 1991. Davenport, Thomas H., and Laurence Prusak. Information ecology: Mastering the information and knowledge environment. New York: Oxford UP, 1997. Mertins, Kai, Peter Heisig, and Jens Vorbeck. Knowledge management. Berlin: Springer, 2003. Nonaka, Ikujirō, and Hirotaka Takeuchi. The knowledge-creating company: How Japanese companies create the dynamics of innovation. New York: Oxford UP, 1995. Seybold, Patricia B., and Ronni T. Marshak. Customers.com: How to create a profitable business strategy for the Internet and beyond. New York: Times Business, 1998. Read More