imat1906 systems development lecture week 17: system concepts (3) user perspectives

IMAT1906 Systems Development

Lecture week 17: system concepts (3) user perspectives

Today’s Agenda

IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-112

User perspectives and system requirements User guide contents Ethical issues

Data protection act Computer misuse act

Summary

Purpose


There are many ways to understand and help users

Some ethical issues are important to understand

User perspectives


There are several kinds of user for most computer systems Clerical users from business area Managers from business area Developers Technical support team

Each type has a different perspective on the system Clerical: tool to do the day-to-day job Manager: tool to see trends and manage the business area Developer: system to be developed and implemented Technical support: system and users to be supported

User perspectives - business users


Thinking first about the different kinds of business users…

Typical company or business area split into levels dealing with different kinds of decisions in different timescales Senior management Middle management Supervisors, team leaders Operational staff

Look briefly at each in turn….

User perspectives - senior management


Senior managers Make strategic decisions Set company or department policy Operate in medium to long term ie months or

years Need system to provide trends and summaries

that cover months, quarters, years Need to compare summary results and trends

over months, years, products, regions

User perspectives - middle management


Middle managers Make decisions and set directions to carry out

company strategy Report progress against company goals Operate in medium term ie weeks or months Need system to provide trends and summaries that

cover weeks, months as well as exceptions or problem areas

Also includes professionals with specific expertise Human resource management - recruitment, employment Accountants - financial performance Trainers - company-specific, job-specific, health and

safety Sometimes need systems to support specialisms

User perspectives - supervisors


Supervisors and team leaders Tactical planning of tasks and activities Report progress against plans and schedules Operate in short term ie days or weeks Need system to provide summaries that cover

weeks as well as details of exceptions or problem areas

Ensure their staff have the resources and skills they need to carry out their tasks

Need systems to track plans and progress

User perspectives - operators


Operational staff Carry out tasks and activities to get the job done Report own progress against plans and schedules Operate in short term ie days or sometimes weeks Need system to provide data and other

information to carry out tasks including dealing with exceptions or problem areas

May deal with company’s customers or general public

Business users - levels diagram


Senior management Strategy - medium to long term

Middle management Direction, progress - medium term

Supervisors, team leaders Tactical plans - short term

Operational staff Tasks - short term

User perspectives - clerical users


What does the clerical user do in a system? Some examples:

Cashier in bookshop system Recruitment analyst processing job applications Ticket office agent at railway station

Choose one of these clerical users Think about what they need from the system Share your thoughts with person next to

you

User perspectives - management users


What does the managerial user do in a system? Some examples:

Fleet manager in Eden Bay vehicle department Recruitment manager looking at success of

recruitment Station manager at railway station

Choose one of these managerial users Think about what they need from the system Share your thoughts with person next to

you

User needs and system requirements


User needs influence the system requirements Functional requirements - functions available

Clerical tasks eg maintaining records, processing transactions or applications

Managerial tasks eg viewing summary reports, exception reports, trends

Non-functional requirements - how functions work Clerical functions: speed of response, accuracy of

data Managerial functions: completeness of reports,

consistency of data presentation

Developer perspective


Developers create the system What do they do?

Build screens, specify reports, build database, write code, test programs, input test data, sometimes maintain system

What do they need? Ways to add system components like screens,

reports, code Ways to add database components like tables, data Ways to test user functions and find errors when

tests fail Ways to add new functions in the future

Impact on requirements


To allow testing Self-documented code ie comments for chunks of code Set of test data or separate test database

To help find errors in code (debug the code) Progress display messages

At key points in a routine or chunk of code, display a short message with a reference eg a program line number

Commented out for normal running Give each screen, report, routine a reference number

and display in user error messages Note these things are not usually included in

requirements specification

Technical support perspective


Technical support team supports operational system

What do they do? Answer user queries, administer user access, solve

problems, install equipment, sometimes maintain and enhance system

What do they need? Ways to identify and replicate problems with

components like screens, reports, code Ways to set up new users and manage access Ways to check on database components like tables, data Ways to test user functions and find errors when tests

fail

Impact on requirements


To support users Report of users and user details Access to user database

To support system Database query scripts to report on database statistics Reference numbers on all screens and reports Reference numbers quoted on all user error messages Same version of system and database that users have Test version of database

Note these things are not usually included in requirements specification

Enabling system enhancements


Some functions may not be ready in time for implementation date Would be added short time later as enhancements Outline of database and/or process logic may be

available System can include things to enable

enhancements Database tables or skeleton tables that aren’t yet used Commented-out program code or process logic Commented-out section describing logic and database

extensions Note these things are not usually included in

requirements specification

Where are we on agenda




Summary

User guide


Operational staff will need user guide or manual Training support material Reminder of how to use system for day-to-day job

tasks Reminder of how to use system for seldom-used

functions Typically a booklet or manual

Step-by-step guide to each system function Can include frequently asked questions Pages might also be available on department

intranet site

User guide contents


Divided into sections Table of contents Frequently asked questions eg How do I… Common day-to-day functions Infrequent functions Index if large manual

Sometimes different orderings Section of tasks in alphabetic order Section of system functions in alphabetic order Section of tasks in chronological order Section of system functions in some data-related

order

Function description


Screenshot or series of screenshots Showing typical data Sometimes annotated with text or arrows Sometimes before-and-after some user action

Step-by-step explanation of function Data fields to be filled in and what with

Format for text input How to select from drop-down lists How to generate system-generated fields

Required fields and optional fields Command buttons to press Menu options to navigate

User guide for online users


Online users might need user guide To help novice users of website Particularly if website or screen is not very intuitive To remind users who have forgotten how to use site

Can be provided in help pages Step-by-step guide to each system function Can include frequently asked questions Example: MS Office help pages





Summary

Ethical issues


Some computer databases hold a lot of personal details Personal data needs to be protected Unethical to misuse personal data

Some computer systems hold sensitive information Security arrangements allow authorised access only Unethical to misuse or break into secure systems

Legislation in place to make unethical use of computers also unlawful

Data Protection Act


Legal protection for personal data

How many organisations hold information about you? Think about a few Share some examples

Data held about us


These organisations hold information about us: University Loan company Bank Mobile phone provider Library Local council

Typical adult may be listed in 200 computer systems

Holding inaccurate data may result in problems

Data Protection - key definitions (1)


Personal data: Any data or information about an individual stored in

computers by companies or organisations Living individuals Includes expressions of opinion about the individual

Data subject: Legal term referring to the individual whose data is

held

Data Protection - key definitions (2)


Data controller: Person with defined responsibility for data protection

within a company Could be a single person or a group of people Ensures that recorded data complies with the Act Holds detailed register of data to be held in the company

Information Commissioner: Official who supervises enforcement of Data Protection

Act Issues guidance Publishes views for example on retention of DNA profiles Takes action in breaches of Data Protection Act

Data Protection - eight principles


Data protection framed within 8 principles1. Obtained and processed fairly and lawfully2. Processed for specific purposes3. Adequate, relevant and not excessive to processing

purpose4. Accurate and up to date5. Not kept for longer than necessary6. Processed in accordance with data subject rights7. Secure8. Not transferred outside EEA without assurance of

protection Look at each in turn…

Principle 1


Data must be obtained and processed fairly and lawfully Obtained fairly from data subject Subject must be aware of what data is being

collected and how it will be used Example of breach:

Company employs a private detective to find out about a prospective senior employee and puts the information on the recruitment system

Principle 2


Data must be processed for specific purposes Cannot be used for another purpose unknown to

subject Cannot be collected for provision of a service and

then also used for another purpose without subject’s consent

Example of breach: Someone wishing to start a new club borrows a list of

his company’s customers as prospective members and also looks at other personal details to decide if they would be suitable club members

Principle 3


Data must be adequate, relevant and not excessive to processing purpose Cannot request more data than is needed for the

task at hand Very tempting to collect data for a future purpose -

but not legal Example of breach:

Marketing department sends questionnaires to customers, asking for age, gender, ethnic background, quantity and brands of foods they buy, hobbies, date and place of birth

Demographics and shopping habits fine for the purpose but hobbies and birth details are excessive

Principle 4


Data must be accurate and up to date Data controller under obligation to ensure accuracy If subject provides inaccurate data despite controller’s

attempts at accuracy then principle not breached Data controller responsible for verifying accuracy Good way is to periodically request confirmation or update

Example of breach: Customer unemployed when first taking out life insurance Subsequently found job and told the insurance company Insurance company failed to update records Customer later denied mortgage when insurance company

told credit reference agency customer unemployed

Principle 5


Data must not be kept for longer than necessary Destroy data when it is finished with Can be done automatically by software Can be prompted by computer system

Example of breach: Magazine publisher sends magazines to subscribers When subscription cancelled or not renewed,

company keeps data about previous subscriber and keeps sending magazines

Principle 6


Data must be processed in accordance with data subject rights Data subjects have access rights that must be

upheld Failure to comply with requests from Information

Commissioner also breach this principle Example of breach:

An employee asks to see the data held on her by the company but she is told that it is confidential and she is not allowed to see it

Principle 7


Data must be kept secure at all times Data controllers must apply appropriate security

measures Prevent internal and external access by unauthorised

users Hardware: card access to rooms, firewalls, CCTV etc Software: passwords, virus scanners, etc Organisational: internal audit, division of duties, dual

control of cash Example of breach:

When travelling to a meeting in another town, an employee accidentally leaves a file of insurance claims on the train

Principle 8


Data must not be transferred outside EEA without assurance of adequate protection No restriction of movement within European

Economic Area Restricted data movement to countries without

equivalent data protection Agreed on a country-by-country basis Within UK, European Commission decides what data

can be transferred where Example of breach:

A company sets up a new customer contact centre in a country that has no data protection legislation and sends all its customer files to that country

Applying data protection


There are steps to take to ensure compliance: Audit the information held in the organisation Apply each of the 8 principles to all collection,

storage and use of personal data Collect, record, store and process current and future

data in accordance with the rights of data subjects

Computer Misuse Act


Legal protection for secure computer systems Intended to reduce online criminal activity

Hacking into systems Changing information in computer files or databases Trying to access or change material

Three types of offence Unauthorised access Unauthorised access with intent to continue Unauthorised modification

Look at each in turn….

Unauthorised access


Unauthorised access to computer material Files Webpages Program code Operational schedules Email accounts Databases Financial accounts Personal details Company-confidential material

Unauthorised access with intent


Unauthorised access to computer material with intent to commit or facilitate further offences Covers intention to make changes to computer

material Covers intention to make changes to settings

To gain easier access next time To enable edits next time

Unauthorised modification


Unauthorised modification of computer material Files Operational schedules Planning schedules Database entries Passwords Program code And so on

Example prosecutions (Skidmore p 255)


Person used former employer’s account to defraud a computer-administered telephone system Pleaded guilty when found out R v Pearlstone

Program in system to encrypt and decrypt data, set to turn off after employee left, data then readable Pleaded guilty when found out R v Hardy

European Commission system broken into, expense accounts browsed, files in other systems damaged Found guilty R v Strickland and Woods





Summary

Summary


There are several different perspectives of systems Business users Business managers Developers Technical support team

Different perspectives drive some requirements User guide is important support document Ethical issues need to be taken into account

Data Protection Act Computer Misuse Act

Further information


Further information can be found in many textbooks on systems development or systems analysis, for example:

Skidmore & Eva (2004) Chapter 12 Data Protection and Computer Misuse

Acts Shelly & Rosenblatt (2010) pp 15-16, 27, 523 Bocji P, A Greasley and S Hickie (2008) chapter ?

Next week’s lecture


There will be no lecture in week 18 Lecture 18 material (system implementation)

will be given in week 19 lecture session

Use the lecture 18 time to work on assignment 3 – it will be an opportunity to meet up in your groups

imat1906 systems development lecture week 17: system concepts (3) user perspectives

Documents

user perspectives imat

montfort university

kinds of user

progress slide

system clerical

system concepts

purpose imat

business area managers