3.3.1Achieving Organisational Goals
Organisations have mission and vision statements which state their future direction and what they aim to achieve. 
The departments and individuals within the organisation support these goals using appropriate information systems and procedures.

3.3.2Information System Goals and Objectives
The various goals and objectives within an organisation require different types of information system to support them. An information system includes:
  • The people who design solutions, operate the system or maintain the equipment 
  • The equipment, including hardware, software, peripherals and connections
  • The procedures for all activities 
  • The data, all the facts and figures that are processed by the system. 

The main types of information system used in organisations are:

  • transaction processing systems (TPS)
  • office automation systems (OAS)
  • management information systems (MIS)
  • decision support systems (DSS)
  • executive support systems (ESS)
  • expert systems (ES).

3.3.3Components of Information Systems
The components of an information system include:
  • the people involved at various stages and parts of the system including the solution designers, the users, managers and executives and the people who maintain the equipment 
  • the equipment, including hardware such as the processing unit, plugs, ports, chips and cable; operating system and application software; and peripheral devices such as modems, printers and cameras.
  • the procedures, from user documentation to safety procedures 
  • the data: all the facts, figures, images and sound processed by the system. 

3.3.4Legal Obligations
Organisations must ensure that all their staff obey the laws regarding the acquisition and use of data and information. 
New laws, and amendments to existing laws, are regularly passed in parliament. In January 2002, the laws relating to the collection and use of information included:
  • The Privacy Act 1988
  • The Privacy Amendment (Private Sector) Act 2000
  • The Information Privacy Act (IPA), Victoria 2000
  • The Health Records Act 2001, Victoria
  • The Copyright Act 1968
  • The Copyright Amendment (Digital Agenda) Act 2000. 

Because these laws change, it is necessary for organisations to check their legal requirements regularly and revise their procedures accordingly. 
For more details about these laws, see the extra web links for this module. (Click the hi.com.au link.)

3.3.5Ethical Considerations
It is up to each individual and organisation to make sure that they behave ethically.
In areas not directly covered by laws, organisations should develop and adhere to industry codes of practice, and ensure that staff within the organisation maintain professional standards. 
Ethical behaviour also involves abiding by the law even when you know you could probably break the law without being discovered, as in the case of making or using unauthorised copies of software, games or music.

3.3.6Managing Information Storage
Most organisations have file management procedures that must be followed when files are:
  • created
  • saved
  • stored
  • transferred
  • backed up
  • archived
  • disposed of.

The files must be named according to a logical system and stored in folders or directories that are logically named. File storage, transfer, back-up, archiving and disposal procedures ensure that files are current and that the integrity of the data and information is secure.

3.3.7Data & Information Security
Procedures for handling data and information must take account of all the possible threats to its security and integrity. The procedures should minimise the possibility of damage or loss of data for each threat. 
Typical threats to the security of data and information include:
  • viruses
  • unauthorised access
  • tampering with files
  • failure to follow file management procedures (deliberate or accidental)
  • equipment failure or damage.

3.3.8Protecting Data/Information
Organisations need to have procedures in place to protect data and information from activities or events that could damage files. This damage could be caused by many things including fire, theft, hardware or software failure, human error, malicious tampering, or power outage. 
The security procedures should cover issues such as:
  • general equipment maintenance and security procedures
  • equipment access restrictions
  • software access restrictions
  • back-up procedures
  • a disaster recovery plan.

3.3.9Security Measures
All employees are required to follow organisational procedures. It is especially important to follow procedures relating to the confidentiality of information. 
These procedures include the security of equipment and files to prevent:
  • damage by fire, theft and flood
  • unauthorised access
  • malicious tampering. 

There are laws relating to the security and privacy of information. Organisational procedures are designed to ensure that the organisation does not break the law. Failure to follow the procedures means that you may be breaking the law.

3.3.10Equipment Types, Roles, Function
A range of equipment can be used to protect data and information from different types of security threats. 
These include:
  • emergency power and power control management equipment
  • virus protection software
  • firewalls
  • encryption software
  • biometric systems
  • back-up media
  • surveillance technology.

3.3.11Evaluating File Management Strategies
File management strategies must be evaluated to make sure they are effective. 
To do this you need to develop criteria based on the objectives of the file management strategies, for example that:
  • power failure does not cause corruption of files
  • it is not possible to open files without the correct password
  • passwords cannot be guessed or by-passed
  • virus scanning programs are regularly updated to add new virus definitions
  • virus scanning programs are always enabled.