3.3.1Achieving Organisational Goals |
Organisations have mission and vision statements which state their future direction and what they aim to achieve. The departments and individuals within the organisation support these goals using appropriate information systems and procedures. |
3.3.2Information System Goals and Objectives |
The various goals and objectives within an organisation require different types of information system to support them. An information system
includes:
The main types of information system used in organisations are:
|
3.3.3Components of Information Systems |
The components of an information system
include:
|
3.3.4Legal Obligations |
Organisations must ensure that all their staff obey the laws regarding the acquisition and use of data and information. New laws, and amendments to existing laws, are regularly passed in parliament. In January 2002, the laws relating to the collection and use of information included:
Because these laws change, it is necessary for organisations to check their legal requirements regularly and revise their procedures accordingly. |
3.3.5Ethical Considerations |
It is up to each individual and organisation to make sure that they behave ethically. In areas not directly covered by laws, organisations should develop and adhere to industry codes of practice, and ensure that staff within the organisation maintain professional standards. Ethical behaviour also involves abiding by the law even when you know you could probably break the law without being discovered, as in the case of making or using unauthorised copies of software, games or music. |
3.3.6Managing Information Storage |
Most organisations have file management procedures that must be followed when files
are:
The files must be named according to a logical system and stored in folders or directories that are logically named. File storage, transfer, back-up, archiving and disposal procedures ensure that files are current and that the integrity of the data and information is secure. |
3.3.7Data & Information Security |
Procedures for handling data and information must take account of all the possible threats to its security and integrity. The procedures should minimise the possibility of damage or loss of data for each threat. Typical threats to the security of data and information include:
|
3.3.8Protecting Data/Information |
Organisations need to have procedures in place to protect data and information from activities or events that could damage files. This damage could be caused by many things including fire, theft, hardware or software failure, human error, malicious tampering, or power outage. The security procedures should cover issues such as:
|
3.3.9Security Measures |
All employees are required to follow organisational procedures. It is especially important to follow procedures relating to the confidentiality of information. These procedures include the security of equipment and files to prevent:
There are laws relating to the security and privacy of information. Organisational procedures are designed to ensure that the organisation does not break the law. Failure to follow the procedures means that you may be breaking the law. |
3.3.10Equipment Types, Roles, Function |
A range of equipment can be used to protect data and information from different types of security threats. These include:
|
3.3.11Evaluating File Management Strategies |
File management strategies must be evaluated to make sure they are effective. To do this you need to develop criteria based on the objectives of the file management strategies, for example that:
|
|