Security and access to data - Sample Essay

I need to know whether security is an issue worth tackling in the new system, and whether there are any particular sets of data are most importantly kept private. Manufacturers:  Any companies who have a noticeable trend in wrong deliveries; general mistakes.  What information regarding the manufacturers is stored, and where is it stored? I need to know of any problems caused by the manufacturers resulting in profit loss instead for the user, who has not been able to provide evidence due to the lack of organisation of the data.

It is important to know how the amount of information that is stored on the manufacturers at this present time, so it would give a rough idea of the capacity required by the system. The user will be able to view outputs from selected time periods of a particular manufacturers performance. Current process of how the returns are dealt with:  Inquire the process as soon as the returns enter the shop to when the user receives a refund/ exchange for the returned goods.  Any areas of profit loss due to disorganisation of the returns. * Is the paperwork such as invoices, delivery notes received from manufacturers in an organised system?

Any areas of profit loss will obviously, be the focal point of the new system, to be amended quickly. I need to ask of the manager why he thinks the returns are such a problem, whether it is due to lack of time, or the insufficient existing storage places for the returns. 1st Interview SECURITY Has security been a problem in the past for you? Any legality areas you have faced with in the past? Network problems, for e. g. all users gaining access? Are there any security measures that are in place now? Username/ Password login. (If data is kept on paper) key?

Do you ever find it necessary to keep confidential information from particular members/ departments? Are all employees trusted with confidential information? Are there any particular members/ departments you would like to restrict data from? Is this a problem you would like to see rectified in the new solution? MANUFACTURERS Have you discovered any noticeable trends in the incompetence of any of your manufacturers? Wrong deliveries? Wrong calculations/ mistakes in invoices/ delivery notes? Any others? When you return the damaged goods to the manufacturers, do they acknowledge the delivery and prepare for a refund or perhaps an exchange?

Straight refund ASAP? Do you have to chase them up for a refund/ exchange? Would it be useful to be able to view a manufacturer’s history in terms of the number of wrong deliveries made, the number of rejected claims for refunds? Are there any other comments you would like to make regarding the manufacturers? Are there any specific requirements you would like to make regarding the new computerised solution for the organisation of the returns? DEALING WITH RETURNS How is the data needed to deal with the returns, (invoices, delivery notes), stored? Is it stored together? Are some pieces of data missing?

Is it stored manually or in computerised way? Can you talk me through the process of when an item that you later find needs returning to the manufacturer enters the shop, to the time when you (possibly) receive a refund or an exchange. Can I ask of any other possibility of the reason a huge amount of time is spent on the organisation of the returns? Lack of time? Would it decrease the pressure if the returns were dealt with as soon as they entered the premises? Have you suffered any areas of profit loss due to problems caused by returns? Items not returned within the warranty period? (Any others? )

Ask for other comments. 1st Interview SECURITY Has security been a problem in the past for you? Only restricting the data from any other user apart from myself. The most important data is the Customer Details. I feel I have an obligation to the public for the privacy and confidentiality of this data, for obvious reasons. Any legality areas you have faced with in the past? Again, with the Customer Details, the law specifically tells me in the Data Protection Act the data must not be exhibited in any way, to the public, or to any employed member of staff, like an engineer. Network problems, for e. g.

all users gaining access? No, no confidential information is kept on a network. Are there any security measures that are in place now? Username/ Password login? Yes, there is a screensaver password. (If data is kept on paper) key? Yes, all the invoices and delivery notes and any other important documents are kept together and stored in a secure way (with a key, which is kept with me all the time). Do you ever find it necessary to keep confidential information from particular members/ departments? Are all employees trusted with confidential information? No, I do not allow access to the confidential to anyone but myself.

Is this a problem you would like to see rectified in the new solution? I would like to see it improved, more security means more peace of mind. MANUFACTURERS Have you discovered any noticeable trends in the incompetence of any of your manufacturers? Wrong deliveries? Wrong calculations/ mistakes in invoices/ delivery notes? Any others? Yes, definitely. Highly annoying to me when I then end up rectifying their problems as well as my own work-load. When you return the damaged goods to the manufacturers, do they acknowledge the delivery and prepare for a refund or perhaps an exchange? Straight refund ASAP?

Do you have to chase them up for a refund/ exchange? They are reluctant to give a refund, you must understand. They sometimes tend to rely on your misjudgement and ability to ‘forget’ about the refund. This makes it even more important for me to have some sort of system that alerts me when a refund or an exchange is due, so I can therefore inform the manufacturer. Yes, with the new system this would actually be possible. That’s very reassuring. Would it be useful to be able to view a manufacturer’s history in terms of the number of wrong deliveries made, the number of rejected claims for refunds?

Yes. It would give me an idea of how useful a manufacturer is to me. Or, of course, how much of a hindrance they are to my overall profit. Are there any other comments you would like to make regarding the manufacturers? Yes, sometimes, I receive goods with no delivery note. If an invoice has also not been provided, than I have no idea of being able to relate the goods with the details of the manufacturer, or whether they are even the goods that I specified. Are there any specific requirements you would like to make regarding the new computerised solution for the organisation of the returns?

Least amount of effort in regard to form-filling, taking into consideration the lack of time I actually have to spend on the returns. DEALING WITH RETURNS How is the data needed to deal with the returns, (invoices, delivery notes), stored? Is it stored together? Are some pieces of data missing? Is it stored manually or in computerised way? Yes, they are stored together manually, as I stated before. All the information is there, none of it is missing. Can you talk me through the process of when an item that you later find needs returning to the manufacturer enters the shop, to the time when you (possibly) receive a refund or an exchange.

Well, when the item comes into the shop, it firstly acknowledged to be faulty, only when the time come for the item to be used. That, being, the first room for improvement, if you checked the items as soon they come in. Of course. However, if the item has been causing problems while it is in the hands of the customer, it is out job to check whether it is because of the item, or if the customer has been dissecting the PC and fiddling with the components. In which case, you are not entitled to the warranty? No. In that case it is up to the customer to buy another of the mishandled component.

When an item has been acknowledged to have been the result of a manufacturing fault, the item is stacked (along with others) in a corner of the shop to be returned. Due to the lack of time I actually have, it may not be possible for me to deal with the items straightaway, and I perhaps might even forget about them altogether if I have a lot of work to deal with. I need to request RMA forms from the suppliers so I can return the items, and I also need to link the items with a delivery note or an invoice to distinguish what suppliers the items need to be returned to.

When I do manage to send them off, if it is in the warranty period, I do expect a refund, but I may forget to expect one since no record is kept that I have sent the items off. If the items are not sent within the warranty period, I would be refused a refund and would probably accept a exchange, but again I would have to chase them up for that. Can I ask of any other possibility of the reason a huge amount of time is spent on the organisation of the returns? Lack of time? Yes, definitely.

Would it decrease the pressure if the returns were dealt with as soon as they entered the premises? Yes, definitely. Have you suffered any areas of profit loss due to problems caused by returns? Items not returned within the warranty period? (Any others? ) Yes, items not returned within the warranty period result in profit loss. Ask for other comments. Summary of the 1st Interview Looking back at the first Interview, it is obvious to see why the business needs desperately clear organisation of the returns and of the manufacturers, and needs a system, which can provide all that.

Therefore, the user will not have to worry about ‘forgetting’ about returning the items that are due before the warranty expires, since they will be alerted by the system; no worries about profit loss. The process of how the returns are dealt with is extracted from the Interview, and is as follows: * The item(s) enters the shop. If it happens to be not what was specified in the order (wrong quantity, wrong item) may go unnoticed, since the items are sometimes not checked against the delivery note, or delivery note is not provided.

The items are often acknowledged to be faulty or the wrong item later on after the delivery was made, perhaps several days, weeks. Note that care must be taken to ensure that the returns can only be made if it were the fault of the manufacturer, not for the mishandling of the item by the customer.  The item(s) would then be linked to the delivery note or the invoice if the delivery note was not provided, to distinguish what manufacturer the item(s) need to be sent off to.  An RMA form needs to be requested from the suppliers.

If the item(s) have been linked to some kind of document from the suppliers, then the item(s) is/are packed to be sent off.  The manager of KCL must then remember to inform the suppliers that (if the items were sent within the warranty period) that he is waiting for a refund. If the items were not sent during the warranty period, the suppliers need to be informed of the late delivery, and an exchange would be probable.  The manager expects either a refund/ exchange, but has to be careful from a convenient ‘forgetful’ mistake the suppliers often make when they do have to provide KCL with a refund/ exchange.

Security was also an issue which was raised during the Interview. The user did emphasise heavily on the importance that the customer details must be kept secure, and access should be limited only to the manager himself. I certainly do need to find more ways of increasing data security, particularly customer information, since the consequence of of the release of private data could lead to legal troubles. The computerised solution must therefore have a high level of security. The other area that was covered was about the manufacturers.

There was, in the Interview, a strong feeling that what the suppliers response is, cannot always be given as fact. They have been known to make mistakes, or perhaps simply reluctant to refund or exchange the goods. It is therefore important for the new system to give ‘real-time’ information to keep track of the returns and make sure that they are returned to the manufacturer within the warranty period. A section in the new solution would be given To provide details of individual manufacturers, for e. g. How many wrong deliveries have they actually made in the past six months?

If the digit is high, the company may hardly benefit from the association with the manufacturer due to the amount of hassle and grief costing to their mistakes. 2nd Interview For me to design a good user Interface, I need you to read through the summary for the previous interview that was carried out. (Summary is read) Any comments, discuss. Will you yourself be using the system for dealing with the returns? You obviously have a high standard of computer skills, but is there any sort of Interface you would prefer, such as a menu-based Interface, or perhaps one that requires the use of tick boxes?

Will the new system be used on a network? (What type of network) If so, how would you feel about a security system that allows only one person at a time to use the system on the network? Are there any other comments you would like to add about the new computerised system? (Requirements? ) 2nd Interview For me to design a good user Interface, I need you to read through the summary for the previous interview that was carried out. (Summary is read) I think I need to make it clear that when an item is returned out of the warranty period, I am not entitled a refund.

Also, I am not guaranteed an exchange always, it varies on the manufacturer and their policies on exchanges. Also, a company may refuse to refund or exchange if they believe the item has been mishandled by either the customer or one of the engineers. If it has been mishandled by one of the engineers, it means loss of profit for me. This highlights another problem of security of expensive items that should fall into the wrong hands. Will you yourself be using the system for dealing with the returns? Yes, but I may employ someone else instead if I find the work-load increases and the pressure is to much.

You obviously have a high standard of computer skills, but is there any sort of Interface you would prefer, such as a menu-based Interface, or perhaps one that requires the use of tick boxes? The most time-saving interface would be most appropriate. Tick boxes sound easy enough, perhaps something that requires very little typing for me, so doing the returns can be a quick job. Will the new system be used on a network? (What type of network) Yes, the new system will be used on a network. The type of network I commonly use is a peer-to-peer network.

If so, how would you feel about a security system that allows only one person at a time to use the system on the network? That would be great. I need a network, since I can’t trust my computer to not crash on me and lose all my data. Are there any other comments you would like to add about the new computerised system? (Requirements? ) Just efficient to use, timesaving. Summary of the 2nd Interview The interview was a confirmation between myself and the user on the definition of the problem- to make sure the user fully understood what the task involved and what he should expect to use.

I have understood what the task involves, and interaction between the user and myself has enabled me to understand the current process of how the returns are dealt with in a confident accurate style. This is shown I when the previous summary was shown to the user, and he felt the need to correct some misinterpretations from the interview. I now understand that: * If an item is returned out of warranty period, an exchange is left to the mercy of the manufacturer’s policies. * The user obviously has computer skills, but it was necessary to ask what type of interfaces would be preferable.

My aim is to develop a time-saving system requiring little typing that provides for the organisation of the returns and the details of the manufacturers. The system will be used on a network, so I need to create a security system that allows only one user at a time on the system. Pre-plan of the 3rd Interview The first interview asked about the current system, while the second inquired about preferences of the new system and was a vague confirmation of the ideas between the user and the analyst. This Interview will be used for the collection of information for the new computerised solution.

The main area that will be focused upon in this (short) interview are simply the manufacturers details. Also, the interview will be used as a full agreement between the user and the analyst, to discuss any problems that the user may want to discuss, or for the analyst, any areas (I) need to inquire about to ask how the user would feel about certain things, e. g. taking sample RMA forms to see what details need to be kept about each manufacturer. The 3rd Interview Ask user to read through the summary for the previous Interview and clarify all the information that is interpreted from the discussion.

Any comments? Can you please list the names of the manufacturers that you keep in direct contact in sales on a regular basis? (List) Can you give the warranty periods for each of these manufacturers? How would you feel about providing me with sample RMA forms so that the information on the manufacturers can be suited to the information required? (List) Should the program be built in such a way that it would allow to be built upon an extended, or perhaps joint with another program with deliberately the same data structure, for e. g. stock? Would you be willing to allow this extension of the new system?

Do you feel the situation with the organisation of the returns will improve once this system has been installed? Do you have any other comments or requests to make about the new system? (List) The 3rd Interview Could I ask you to read through the summary for the previous Interview please, and clarify all the information that is interpreted from the discussion. Yes, of course. Yes, the misinterpretation that occurred in the first Interview has now been adjusted and changed. It is now the correct procedure. Can you please list the names of the manufacturers that you keep in direct contact in sales on a regular basis?

Yes, they are as follows: Spirex Northumberlain Ashimas Gigabyte Can you give the warranty periods for each of these manufacturers? The warranty period is the same for all, 12 months. How would you feel about providing me with sample RMA forms so that the information on the manufacturers can be suited to the information required? There would be a problem with that, since RMA forms can be requested from the manufacturer only when returns need to be sent off. I can however check if there are any spares that I have kept. Thank you.

Should the program be built in such a way that it would allow to be built upon an extended, or perhaps joint with another program with deliberately the same data structure, for e. g. stock? Would you be willing to allow this extension of the new system? Yes, it would be great to have stock and returns as part of the same program. I wouldn’t mind at all if extensions were built on the system later on, it would actually suit me better. Do you feel the situation with the organisation of the returns will improve once this system has been installed? Yes, definitely. Do you have any other comments or requests to make about the new system?

No, none at all. Thank you very much, Mr Sambi. Possible Solution Methods There are various possible solutions I can consider as the language I would use to write my system in: * Spreadsheet * Database * High-level language (Programming) * Word-processor I will discuss the advantages and disadvantages of each one, and with interaction and a short talk with the user, decide which language is best to use. First of all, let us discuss Spreadsheets. If I were to use this, I would use the program Microsoft Excel. Excel uses the same Database engine as Access, so can perform similar tasks.

However, guidance is needed to ensure that the designer configures the software correctly. Advantages Disadvantages Analyse data and outputs results in various sophisticated forms, for e. g. charts. Can be confusing and limiting if the user is unfamiliar with it. Data can be retrieved from other databases Does not have all the features that Access has. Workbooks can be shared, spreadsheets can be linked. Here is a screenshot of a spreadsheet: If the user and myself would both choose to write the program in a Database, Microsoft Access would be used. Access allows the user to create, remove and modify tables.

This is considerably less work than creating the system in a high-level language, since it means that there is already a database engine present ready to be altered to your specification. Advantages Disadvantages Database is pre-written, only needs to be altered to user’s needs- saves time and effort Databases can only be operated in Access. Tables can be related, Key fields can be chosen, tools are assigned for the user which are useful in creating a database While Access has been simplified as much as possible, there is still an element of programming which may cause difficulty for those who are unfamiliar with it.

Access is a simple interface, ideal for an average scenario of stock, returns, etc. Here is a screenshot of a table in Access: Here is a screenshot of what the actual program would look like (what the user would be faced with): High-level language, (Programming) is also another option to consider. It can be used to complete any task for e. g. creating a Database. This is an extremely complex language, and very few people in the industry are actually familiar with it. The more basic languages such as Visual Basic, Pascal can be used.

Microsoft Access does contain some Visual Basic elements in the coding. Advantages Disadvantages Can be used to create anything User need to understand decipher the code Lots of languages of varying ability to choose from User also needs to learn how to write in the language Code can be input into other solutions Here is a screenshot of the Visual Basic code that is used in Microsoft Access: Word-Processing is also another option to consider. Advantages Disadvantages Possible to share documents with related software packages Limited by the lack of functions and operations it can carry out.

Possible to mail-merge documents to groups if used in conjunction with a database. Security of data by passwords Hardware Requirements: Now that both the user and I have decided that we will use a database in Microsoft Access to create the solution, we now need to know whether the requirements that are needed to run Microsoft Access are available on the system(s) it will be used on in the business. Since it is a computer firm, upgrading is not a problem at all, and very rarely do the requirements specified by a piece of software exceed the hardware already installed in the shop.

Here is Microsoft Office’s requirements ( for which Access is part of): Component Required Recommended CPU 133 MHz 500 MHz RAM 24 MB 18 MB After a mutual agreement with the analyst and myself, I confirm that the requirements specified by Microsoft Office will be able to be installed on my system to which I have no objection to. Signed ______________ Dated ___/___/___ The Current System Flow Chart The goods are delivered to the shop (no record is kept of the arrival of the goods) The delivery note, (if it has been given), is kept so company can check for later reference for returning goods.

The delivery note is sometimes not checked against the items upon arrival, allows any possible mistake by manufacturers to slip through unnoticed. The new items are acknowledged to be either faulty, damaged, wrong order, or wrong quantity order. Time may pass as items accumulate in number. The returns become harder and harder to sort out as the quantity increases. The warranty time periods may edge closer and closer to the end, making it more impossible to receive a refund for the goods that need to be returned. If the returns are sent before the warranty period If returns are not sent within

the warranty period An RMA form needs to be filled in, An exchange may be negotiated after requesting a copy off the manufacturers. depending on which supplier the item is returned to. A refund is out of the question. The RMA form is sent off to the manufacturers. The manufacturers now need to acknowledge the delivery by the company of the returns and the RMA form. The company may need to contact the manufacturers and inform them of the delivery, and ask for refund. The company then waits for the refund, though no record is kept of the fact that a refund is due.