School of Information Systems

Global, Ethics, and Security Management

Global, Ethics, and Security management, is the topic of this article. You may be wandering what Global, Ethics, and Security Management means? Well the global In Global, Ethics, and Security Management is mostly about outsourcing and the ethics is about ethical and legal issues related to ERP systems, while security managements is talking about how to protect the company assets. To know about those topics better we’re going to explain it in more detail.

Outsourcing

Outsourcing is the activity of a company employing a third party to handle services and create goods that were formerly performed there by the company’s own employees and personnel it was first recognized as a business strategy in 1989. Outsourcing is a cost-cutting strategy usually used by businesses to reduce costs. As a result, it has the potential to effect a wide range of tasks, from customer service to manufacturing to the back office. The outside company, is known as the service provider or a third-party provider and to achieve outsourcing The company needs enters into an outsourcing arrangement with the service provider. Outsourcing also provides a lot of benefits to the company such as lowering costs, increased efficiency, increased focus on strategy/core competencies of the company, access to skills or resources that’s not available before, provides advanced expertise, Provides an external perspective during implementation and maintenance, increased flexibility, Allows companies to scale their service agreements with minimal disruption, and many more.

But even with all those benefits, outsourcing is not without it’s drawbacks. Outsourcing can produce drawbacks such as Misunderstandings that can often occur between organizations, Culture clash, reducing security and control, time zone differences (if using offshore outsourcing which I will discuss later), and many more, so there’s still risk involved in doing outsourcing but the benefits are usually much more significant than the drawbacks. Now we’re going to talk about the 2 types of outsourcing according to the service provider’s locations. Regular outsourcing is when a company use a local outsourcing partner, when a company selects an outsourcing partner from another country it is called offshore outsourcing. Companies usually selects an outsourcing partner from developing countries to lower the labor costs but like mentioned before this could cause problems like language barriers, culture differences and values making the ERP implementation more challenging.

Company thinking of doing outsourcing needs to also take in consideration financial status, technical certifications, licenses, qualifications, and related work experience of the service provider. Companies also need to be prepared if the outsourcing caused a disaster.

Saas

SaaS is effectively the same as outsourcing. Saas or Software as a Service is a model of software that can be rented or leased from a software vendor who provides maintenance, daily technical operation, and support for the software. The software application could be anything from office software to unified communications among a wide range of other business apps that are available. Saas offers a variety of advantages and disadvantages. Some of the benefits of saas such as Lower learning curve for users, cost reduction through the reduced cost for hardware, data Saving and storage, Allow customization, Lesser burden of end-user configurations or VPNs, and many more. Saas also have limitations such as Minimal user privacy, Limited flexibility allowed to the individual user, etc. so not only the benefits but also the drawback needs to be considered in deciding whether to use saas or not.

There are 2 types of SaaS providers each giving different methods. One of them is Application Service Provider (ASP) where A customer purchases and brings to a hosting company a copy of software, or the hosting company offers widely available software for use by customers. The other is Software On-Demand (SOD) where one copy of the software is installed for use by many companies who access the software from the Internet.

Ethics

Business ethics is the study of appropriate business policies and practices regarding potentially controversial subjects and is often described as the science of morality. According to philosophy, ethical behavior is that which is good or right in a certain value system. Business ethics ensure that a certain basic level of trust exists between consumers and various forms of market participants with businesses. In this day and age where information can be easily spread there are two forces that endanger privacy, that is growth of information technology and Increased value of information in decision making. The Ethical Framework is a set of principles and values that provide a solid foundation for safe and ethical practice within the counselling professions. It is split into 4 parts Privacy, Access, Property Rights, and Accuracy.

Firstly, privacy is The right to control what information needs to be safeguarded and what can be made available to the public. Any organization that collects personal information must follow a process on how this information is collected, used, and shared to reduce the risk of data leak. Other problems are hacking, snooping, Data mining and virus attacks on the system, which also violate the privacy rights of individuals. Secondly, accuracy or data accuracy which Requires organizations that collect and store data on consumers to have a responsibility in ensuring the accuracy of this data, this Protect an individual or consumer from negligent errors and prevent intentional manipulation of data by organizations. Thirdly, Property this make organizations realize that they are not the ultimate owners of the information collected on individuals. Consumers give organizations their information on a condition that they will be guardians of this property and will use it according to the permission granted to them. ERP systems facilitate the process of sharing information easily by integrating information within the organization, If implemented without proper controls, ERP can make it hard to safeguard information. Last but not least is Accessibility ERP implementation teams must ensure that information stored in the databases about employees, customers, and other partners is accessible only to those who have the right to see and use this information, security and controls must be in place within the ERP system to prevent unauthorized access.

There are three normative theories of ethical behavior that can be used by organizations to influence the ERP implementation. First is the Stockholder Theory which Protects the interest of the investors or owners of the company at all costs. Second is the Stakeholder Theory which Protects the interests of everyone having a stake in the company success. Third is the Social Contract Theory which Includes the right of society and social well-being before the interest of the stakeholders or company owners. There’s also several global privacy principles that can improve the global privacy climate like Giving notice to consumers before collecting data, Collect only relevant consumer data and retain it only until needed, Providing access for consumers to correct data for accuracy and many more.

Green Computing

There is also Green computing which is the term used to “signify productive utilization of assets in computing”. It is otherwise called Green IT, Green Computing is “Where organizations adopt a policy of ensuring that the setup and operations of Information Technology produces the minimal carbon footprint”.  It is “the study and practice of designing, manufacturing, using, and disposing of computers, servers, and associated subsystems” in an environmentally friendly and responsible way.

SOX

The United States Congress passed the Sarbanes-Oxley Act in 2002 and established rules to protect the public from fraud and bad practices by corporations and other business entities. The goal of the legislation is to increase transparency in the financial reporting by corporations and to require a formalized system of checks and balances in each company. This had a huge impact on increasing the privacy and security of a company.

Security

Security is needed in an ERP system because Supply chain or E-Commerce environments within the ERP are exposed to the intricacies of the Internet world. Because as an ERP system are implemented, they become exposed to the good and bad side of the Internet. This is why we need to ensure our security so that bad people won’t be able to do bad things. An attack on ERP systems can have a devastating impact on the business’s operations, resulting in financial and reputational losses. Organizations must protect these systems against internal and external cyber threats to maintain confidentiality, availability, and integrity. But Securing an ERP system is complex and requires both good technical skills and communication and awareness here’s some security measures to help protect your ERP.

  • User ID and Passwords

Current trend is to provide access to systems through an ID Management system.

  • Physical Hardware Security

Physical access includes network closets or switch rooms and access to PCs. All must be secure.

  • Network Security

Most companies implement some form of firewall(s), virus controls, and network or server, or both, intrusion detection to safeguard the networked environment.

  • Intrusion Detection

Real-time monitoring of anomalies in and misuse of network and server activities will assist in spotting intrusions and safeguarding systems from inappropriate access.

  • Awareness

Make sure to ensure that users are aware of security risks and Enforce policies and procedures related to access.

  • Security Monitoring and Assessment

A good security plan will also detail how to provide for constant assessments of security. Alongside a periodic review of who has the access, what they have access to, and how often they are accessing the system.

  • Encryption

Encryption involves using a key, usually a very long prime number that is difficult to guess or program, to scramble at one end and unscramble at the other end. In today’s Web-based Internet applications, data encryption is highly desirable. Sensitive data should be encrypted for security purposes.

But even by applying all those security measures there’s still the risk of a security breach and issues, so it is critical to have a plan in place that will provide for the recovery of a number of disasters that can occur to a business. When the systems go down all departments that use an ERP system must play a part in providing business continuity while a system is unavailable. A company must also address the level of risk versus the amount of money to ensure that systems are available as quickly as possible.

Refrence:

Yakob Utama Chandra, Kevin Goutama