One Source Essay

The purpose of this paper is to argue for and against an organization adopting an ethical approach. This essay will look into the two sides of the argument in depth using relevant theories, examples and case studies. The first part of this essay will look into why an organization adopting an ethical approach to management could ultimately benefit the firm. On the other hand, the essay will look at the case against a firm adopting an ethical approach to management. The essay will then conclude by suggesting that it would be important for organizations to act ethically to a certain extent.One definition suggests that ‘ethics are the moral principles that should underpin decision-making. A decision made on ethics might reject the most profitable solution In favor of one of greater benefit to society as well as the firm' (Marabous, 2003). The key words used in definition are ‘moral principles', so this definition suggests that acting ethically means acting in a moral way. In essence, an ethical approach to management Is generally acting right to benefit the community and the environment not solely concentrating on maximizing profits.It Is also important to define what exactly acting morally is, one good definition suggested that morality is the notion of what is good and bad (McIntyre, 1998). Argument For In arguing for an organization adopting an ethical approach, the benefits that an organization would gain from this behavior Is that it could be used as a USPS (unique selling point). This is evident in a variety of organizations today, for instance, the Body Shop. Body shop sells products that are kind to the environment, and also boast the fact that they are 100% against animal testing.A key point is that, not only does the many strive to Improve the communities In less developed countries, but it publicizes these actions In order to get support from possible consumers. This strategy appeals to customers a great deal, which implies there are plenty o f consumers who choose not to buy products that have been tested on animals so choose to buy products only from the Body Shop. Similarly there are consumers that may not have such strong opinions against animal testing but buy products from the body shop because it seem like the right thing to ad.These ethical approaches to management has seen Body Shop's profits rise over the years, and are now one of the arrest cosmetic retailers in the country as a result. As well as advertising the fact that they are against animal testing. The Body Shop also promotes community trade. Active self esteem, defending of human rights, and the protection of our planet. Organizations will also gain significant public relations advantages from ethical behavior. There are examples of organizations that have not acted ethically, and as a result have received very negative publicity.One key example would be Nestle. A study in the British Medial Journal said that manufacturers of powdered milk, such as Nes tle were breaking international codes by selling their products to West African countries. The Studies were carried out in two West African countries Togo and Burning Fast. Findings from the study showed that Nestle had been Issuing free powdered milk to mothers in these West African countries, officials from Nestle had convinced mothers that powdered milk was actually better for their children than 1 OFF needed to find money in order to purchase this milk.Of course money was not always available so drastic measures were taken, such as over diluting the little dowered milk they had available, or diluting the powdered milk with water that was not very clean. As a result of this children's health in the region was poor due to lack of nutrition and consumption of contaminated water. The result of this study severely affected the reputation of Nestle. Pressure groups and other activists urged consumers to boycott products from the firm because of the way they had acted in Africa. As a r esult of this poor publicity Nestle had operating profits fall significantly.This case study is a prime example of how not acting ethically could seriously image the reputation of the firm, so another advantage of adopting an ethical approach to management is that this sort of situation could be avoided. Another major advantage of an ethical approach to management is that an organization could get more out of their workforce. Employees can expect to respond positively to working for an organization that they trust to be acting morally correct. Employees may feel proud to work for a firm that they know is abiding by ethical and moral guidelines.This would also help motivate the workforce and boost their confidence. As a result this could in turn lead to higher productivity from the workforce and ultimately lead to higher operating profits. A positive ethical approach to management could add to the competition for employment at such a firm. An ethical approach to management would also result in a lower labor turnover, because less employees would be leaving the organization if they felt they were being treated right, subsequently all of these reasons would lead to lower costs for an organization I. . Training and paying redundancies. A survey conducted in 2003 even showed that about 75% of The Body Shop's employees felt ‘proud' to be working for the organization. According to Banyan (1996) the success of the final solution depends on the capacity of managerial techniques to denude individuals of their dignity and deprive them of their humanity. Argument Against One of the main disadvantages that come with an ethical approach to management are the costs involved when managing ethically. A key example would be the exploitation of cheap labor.Sport manufacturing giant Nikkei has been accused of exploiting cheap labor in Asian markets. A report in Vietnam in 1997 showed that Nikkei had been mistreating women that worked in the factories producing shoes. The wo men were being paid about $1. 0 per day which was well below minimum wage in America. It was reported that the workforce was even punished for using verbal communication and were only allowed one toilet break during their period of work. From an ethical point of view this is the opposite of how a firm should act, and thus Nikkei received bad publicity for their actions.Although from Nine's point of view exploiting cheap labor in these Asian markets meant extremely high profits per unit produced, because shoes produced were being sold at around $150. Since the bad publicity and attempted boycotting from pressure groups, Nikkei vowed to act in a ore ethical manner, so paid worker significantly higher wages and also improved working conditions, although this did reduce the amount of bad publicity they were receiving it also meant that Nikkei so their costs soar.Although the company still makes a healthy profit, a more ethical approach to management has meant they are the argument that not all organizations will see a loss in profit for acting more ethically. It will largely depend on what type of organization is in question, for example Marks and Spencer sell organic chocolate and promote the fact that there is air trade between farmers. Although Marks and Spencer do have to pay farmers fairly, they can also charge a premium on their products to maintain profit levels.This way the firm can hit two birds with one stone, because they get positive publicity and a good consumer base, and are able to maintain profit levels. Another Disadvantage of a more ethical approach to management is that it could conflict with existing policies within the organization. A possible restructuring of the organization may need to be done; internal divisions may be created within the business. This of ours is a problem is the workforce is not used to change or does not want change in general. This could lead to lack of motivation of workers which in turn would lead to lower levels of p roductivity.A company could possibly also experience problems in sending a message in an organization which is decentralized. Even though the workforce may be in favor of a more ethical approach to management it would be extremely difficult to implement it, and additional training of the workforce may be required for maximum efficiency. Conclusion Having argued on both sides of the organization approach, it suffices to state that, it s important for firms or organizations to adopt an ethical approach to management as the advantages clearly outweigh the disadvantages.

Frankenstein Analysis

When a life is created, whoever has created such life would cherish it, care for it, teach it right from wrong, and nurture it for its life. A parent or guardian of a child would be held responsible for the acts their child commits, no matter if it be great or small. Victor Frankenstein took life into his own hands, moulded it, sculpted it, and formed a living creature from pieces of already deceased humans. Frankenstein, after successfully creating life, rejected his own creation, did not give any second thought as he abandoned his own Creature. From this rejection the Creature feels only rejection, he is not able to find acceptance where he goes and is filled with depression, turmoil, and great anger at his creator. From then on, the Creature goes down a destructive path, not knowing any better. As the creator, Victor Frankenstein should be responsible for the Creatures faults, rather than playing God and abandoning his creation within the first few moments of its life. From the Creatures first moments of life, it has suffered rejection of its own creator, and by every other person who comes into contact with it. Frankenstein deemed his creation and â€Å"his features as beautiful. Beautiful! †(43), yet when the creature first arouse, as life filled its once deceased body, Frankenstein wanted nothing more than to escape from the room that held his creation, and put everything he had done behind him, he had â€Å"rushed out of the room and continued a long time traversing [his] bed-chamber, unable to compose [his] mind to sleep†(44). Victor did nothing more than put it behind him, after months upon months of preparation and work. As the creator, Victor had some obligation to his creature; they were bound through this act of God. The Creature’s appearance threw off all whom he tried to get close to, all those who came into contact with him believed him to be a monster, nothing more. The Creature was believed to be evil, as if he were born evil, that the misery he suffers from was not what had caused him to become destructive, and vengeful. The rejection of all cause the Creature to become the evil Monster people believe him to be, he believes a small innocent hild can accept him for the way he looks and too is rejected, along with the rejection of the DeLacey’s from whom he learned how to live a human life. The constant rejection is what leads to the Creatures change from innocent new life, to a destructive monster, which could have been changed if Victor had taken responsibility for his own creation. If Victor had welcomes his creation with open arms, all events could have been avoided, there wo uld be no deaths and the Creature could have been a marvel to the world. Life is precious, to abandon a life is simple, Victor Frankenstein took the simple route out of his mistake, he did not take responsibility for anything his own creation did and only tried to put it behind him in his life, to ensure his own safety. The creature wandered aimlessly through his new life, becoming corrupt as his time passed. If Frankenstein had taken the time to realize what he had been doing while playing God he could’ve put an end to it all before any mistakes were made. A life, even as horrendous in appearance as the Creature, should be cherished.

Global Health Care and International Healthcare Systems vs. US Health Research Paper

Global Health Care and International Healthcare Systems vs. US Health Care Systems and the Impact on a Vulnrable Population - Research Paper Example The general structure of health system in a society comprises of private health service providers, occupational health and safety legislation, health insurance organizations, and presence of any unit working for the education and promotion of health. In spite of the presence of the World health Organization and other international health regulating body the overall standard of health of the majority of world population has not taken any drastic improvement. Development of goals for health in the world’s poorest countries still lacks planning and the spread of chronic diseases and epidemics has not been encountered properly. Inadequate health policies still persist in many nations of the world and the overall health standard is falling drastically. On this context it is quite important to know the international health care system. The older citizens are quite susceptible to various ailments, and dementia being one of them. The discrimination faced by the older people relating t o their health associated problem needs to be studied carefully. The paper focuses on the study of the article† Sustaining citizenship: people with dementia and the phenomenon of social death†. The paper deals with the nature of relief provided to the patients of dementia and the concept of social death. Problem: What role does the society play in providing relief to the sufferers of dementia and sustaining their citizenship? Purpose of Study The global health care and the international health care system require close study owing to the importance of the matter of its concern. Health related issues have gained much importance in the modern society though there is still lacking of appropriate measures to be incorporated. Certain target groups has been vulnerable to the lack of proper healthcare facilities. It is important to study the relevance of the international healthcare system and their efforts aimed to provide suitable solutions. The problem of dementia has been e ncountered by people all around and often they are considered to be socially dead individuals. The social disregard faced by the older citizens is studied. The benefits and the nature of help they receive have been closely investigated. The discrimination faced by the diseased people owing to their inactive participation as citizen has been closely highlighted. Literature Summary: The numbers of people suffering from dementia is also considerably on a rise and the three tier health system is working for the prevention and treatment of such diseases. It has also been noted that the cost of healthcare for dementia patients increases significantly with the change in functional impairment. There is a growing awareness among the people to prevent the occurrence of such catastrophic disease which is hampering the health of so many elderly people worldwide. People affected with fatal illness for a long period of time and those found to have a tendency of losing their personality are often declared to be socially dead. The viewpoint of the careers of people with dementia is detrimental in providing a social status to the patients. Four sets of beliefs were considered. A portion of the people in charge of the patients held the life of the sufferer’s as of no value and they wait for the patients to die. A second set of people held the proposition that the life of the patient is less of worth and they also eagerly wait for the patient’s death. A third group of carrier viewed the life of the p

Competing Values Framework tes Research Paper Example | Topics and Well Written Essays - 1250 words

Competing Values Framework tes - Research Paper Example One of the dimensions related to organizational focus ranging from internal emphasis on staffs within an organization to the external focus that covers the outward relations of the organization. Their second dimension was concerned with differences between control and stability versus flexibility and change (Hamm 1993). The framework has other important aspects in addition to its original role as a leadership tool. It is a relevant tool for use across all levels within an organization. Scholars developed its name because initially, the four models that form as its pillars seemed to carry conflicting messages. Stakeholders desired to have adaptable, flexible, stable, and controlled organizations at the same time. Core Assumptions The Competing Values Framework consists of four quadrants. The first segment is the internal process model. This model bases on hierarchy, documentation, emphasises measurement, and management of information. The four processes are responsible for enhancing c ontrol and stability. It is essential to note that hierarchies function well when time is not an important factor and when an employee has sufficient knowledge about the requirements of the job. The second quadrant is the open systems model (O’Neill 1993). This model operates on organic system, readiness, resource acquisition and support, emphasises on adaptability, and growth. The processes do not control employees but inspires them. This efforts lead to staffs being innovative and creative. Rational goal model is the third core assumption of the Competing Values Model. The model centres on profit and emphasises on rational actions. The model has various assumptions that include a notion that proper planning and setting of goals leads to productivity and efficiency. The plan of action in this case, entails clarification of tasks, setting of objectives, and taking action. The final assumption is the human relations model (Hooijberg 996). This model puts a lot of emphasis on c ohesion and morale among employees. Motivation of employees according to the model comes from efficient training programs for employees. It considers employees as constituents of the organization existing in a common social system. The Competing Values Framework considers the four models that appear different and disjointed as a unit. They are related and interconnected. They fall under one large domain of organizational and managerial effectiveness. They are the invisible values that propel people, policies, and programs. Organizations live and die because of them. Application The Competing Values Framework applies in many areas within institutions and business organizations. It applies to individual styles, assess communication within organizations, and serves as a tool to analyse the degree of leadership. It helps in developing and building organizational culture for adoption by employees. This creates core competences necessary for success of a particular company. The human reso urces department within the organization uses its efficiency design motivational schemes, employee selection criteria, and the quality of employees (Quinn and Rohrbaugh 1983). The management of organizations can use the same to develop the best human resource practices, organizational capabilities, and develop change patterns. These developments are important when setting financial performance. The values of the framework apply across all ranks within organizati

Answer sheet Assignment Example | Topics and Well Written Essays - 1000 words

Answer sheet - Assignment Example 27). There is a large pool of unemployment in the market. A contributing factor is the low wages. Reich believes that with correct remuneration, better economy and society are not a farfetched idea. Labor is readily available in the market, but the poor wages discourage workers to apply for the job. People are even trading their jobs for a lesser paying job that matches their remuneration (Reich, pg.35). Stop bankers from creating risky huge bets with the money of other people. If they have to, then they should second the bet with a good proportion of their own capital. They should also be hindered from creating cash off their balances through trade derivatives. In addition, put a requirement they receive their remuneration in warrants, or stock that cannot be can be cashed in no less than 3 years. Place precautionary measures in place preventing a bank from being too big for a fail; Combining the casino with the basic utility made bankers richer and subjected us to risks we had not asked for. If separating investment from commercial banking is not adequate in keeping all banks in check. Anti-trust laws are used to break them up. Pluck out the three major interest conflicts: credit-rating agencies, institutional investors, and regional feds. The same companies having their issues rated should not pay the agencies. Those who use their ratings should be the ones paying them. Institutional investors, for example, a mutual and pension funds should not receive investment advice from the banks that gain from their investment. Presidents elected by regional bankers should head the regional feds. The major say should come from non-bankers, and the senate should have to confirm regional presidents (Reich, pg. 38). One lie states that the rich tax cuts tickle down all the way to everyone else, but taxing the rich highly leads to slow job growth and hurts the

Implications of Globalization and Technology on Negotiation Essay

Implications of Globalization and Technology on Negotiation - Essay Example Our world is dynamic in nature and it has become more advanced with the boom in technology and rapid globalization. The basic aim behind globalization is to promote and increase the trading exercises among different countries. This leads to the equal distribution of material wealth, goods and services which enhances the remarkable growth in overall structure of the economy in any country. Furthermore, it also helps in building sound international relations as well as competition at different levels among different countries. Globalization has left its deep effects on regional economies, trading activities, policies, societies and cultures. It has given a new definition to terms such as communication, trade and transportation. It has been commonly thought that factors like technology, economy, politics and other socio-cultural have played an important role in coining the term known to the world now as â€Å"globalization†. We cannot underestimate the importance of technology in today’s world of extreme modernization and advancement. Technology has played a vital role on the horizons of business and more specifically it has left its deeper impacts on international business. But how globalization and technology have their impact on negotiations and what changes are brought about by both of them? It is worth mentioning that globalization has given rise to tough international competition and in today’s world of advancement it has become a game of the survival for many growing economies and more specifically economies of the third-world countries are already considered as under-threat by such tough competition with technology as a second most important element collaborating directly in this game of survival . (Stroper, 1992). The implication of globalization and technology on negotiations can be explained by a very

Integrated Marketing Communication Essay Example | Topics and Well Written Essays - 2000 words

Integrated Marketing Communication - Essay Example The promotional strategies used by the companies are essential to communicate with the target customers regarding the products that are launched by the company. The study aims at evaluating the importance of salesperson in an organization and also to understand the effectiveness of advertising a product. The research offers a scope to develop a policy in order to remain ethical in the advertising practices of a company. A good salesmanship is necessary for a company to promote its goods and services that have been newly launched and to create awareness among the buyers regarding the invention (Holm, 2006). A good salesmanship involves maintaining a good relationship with the customers so that the customers develop a brand loyalty for the product. The personality of the salesman should be such that they are successful in convincing the customers to purchase the products and also to visit the outlets regularly. The process of advertising facilitates the personal selling and the responsibility of the sales person becomes easier in case the customers have the knowledge regarding the product (Reid, 2005). The personality of the salesman helps in attracting new customers and enhancing the goodwill of the company. A more knowledgeable sale person is an ultimate requirement of the company and it also increases the possibility of bringing success to the company. The type of sales promotion varies based on the products that are launched in the international market. For example, Maruti Suzuki has launched a new model of car that is highly fuel efficient and it would be beneficial for the customers. However, for carrying out the promotional activities, the company has to train the salesperson regarding the features of the new model.

Applying Cyber Policy to Law . Vulnerability Disclosure Analysis Essay

Applying Cyber Policy to Law . Vulnerability Disclosure Analysis - Essay Example They protect the organization or business against cyber crimes which jeopardizes the operation of the business. With regard to this, every business organization should analyze its Cyber Law risks as well as needs on a regular basis. Applying cyber policy to law significantly helps in preventing cyber attacks. These are deliberate actions that aim at altering, disrupting, deceiving, degrading or destroying computer systems as well as networks. Federal and State Cyber-security Law For over a decade, several experts in the United States and abroad are expressing increasing concerns with regard to cyber-security (Kerr, 2009). This is the light of the growing impact, sophistication and frequency of attacks on information systems, not only in the US but also different parts of the world. Current research indicates that the framework for cyber-security needs revision. The complex federal responsibility in cyber-security takes into consideration securing federal systems as well as helping in protection of nonfederal systems (Kerr, 2009). With regard to the current law, all federal agencies have roles in cyber-security relating to their own systems. The state government is attempting to revise its laws for the purpose of improving cyber-security. It is doing so through increasing public visibility of firms having weak security. California passed the Notice of Security Breach Act in 2003, which requires that any organization which maintains personal information of citizens of California and has a security breach have to disclose all the details of the event. Other states in the US also followed the same (Bosworth & Whyne, 2009). The security breach regulations usually punish organizations due to their failure. They do so while giving them freedom of choosing how to secure their systems. Ina addition, this regulation helps in creating an incentive for organizations to voluntarily invest heavily in cyber-security (Bosworth & Whyne, 2009). This is for the purpose of avoidin g the potential destruction of reputation as well as resulting economic loss that can arise from a cyber-attack. Both the state and federal laws aim at improving the security of information systems of organization. They both dictate that organization maintain a considerable level of security (Bosworth & Whyne, 2009). They also advocate on improvement of the laws for the purpose of maintaining acceptable standards of cyber-security. Nevertheless, both the state and state law on cyber-security requires a reasonable level of cyber-security which leaves a room for interpretation until the establishment of the case laws. Taking the United States into consideration it is a fact that it puts a lot of concern with respect to cyber-security (Bosworth & Whyne, 2009). This makes the country less susceptible to cyber-attacks as compared to other countries in different parts of the world. Existing laws with regard to cyber-security in many countries do not put a lot of emphasis to deal with cybe r-security. Due to this, criminals usually conduct a lot of crimes on the internet for the purpose of taking advantages of the less severe punishments in these countries. However, governments and industries are now realizing the severe threats of cyber-attacks on economic as well as political security, without forgetting the interest of the public (Bosworth & Whyne, 2009). Nevertheless cybercrimes are becoming difficult to fight back. This is therefore calling for

Health Campaign Paper Essay Example for Free

Health Campaign Paper Essay The concept of the Philadelphia Department of Public Health was developed in 1732 when the Philadelphia Almshouse began to provide free hospital care to the poor. According to the City of Philadelphia (2010), the Department of Public Health protects health and promotes healthy lifestyles for all Philadelphians. The Department of Public Health â€Å"provides services, set policies, and enforce laws that support the dignity of every man, woman, and child in Philadelphia† (City of Philadelphia, 2010). There are thirteen divisions of the department that are responsible for providing patient services related to those divisions. Each of the division has a primary focus to use to remain on task to achieve the goals of the division. Core Functions According to the Centers for Disease Control and Prevention (CDC) (2011), there are three core functions relating to public health. The three core functions are assessment, policy development, and assurance. Each core function has related essential services that are necessary for each function to be completed. One of the divisions of the Philadelphia Department of Public Health is Disease Control. There are seven services of Disease Control which include acute communicable disease control, bioterrorism and public health preparedness, epidemiology, immunization, sexually transmitted disease control, tuberculosis control, and data and reports. Each of these services work together to assess the spread of disease (including the amount and types of diseases spread), researches ways to control disease processes, develops and implements public health plans to control the spread of disease, and provides information based on the recorded observations to both the health care and public populat ions. Reassurance is provided to the population by relaying information via media, health bulletin, and public service announcements regarding disease processes, control, and prevention. There are eight health centers operated by the Philadelphia Department of Public Health that provide care to neighborhood patient populations. These centers accept insurance, Medicare, Medicaid, and uninsured patient population. Basic outpatient and acute care services, medical management, checkups, women’s health, counseling, lab work, and social work support are all provided by the centers. This additional care allows the burden of care to be shared in the community and not just at the local hospital. When patients register for appointments they have the option to see the same physicians to provide continuity of care for each visit. There are also many federally funded clinics in operation according to the City of Philadelphia (2010). The clinics also work with the local health centers and hospital to provide care to the area residents. Influencing Hospital Setting Public health has directly affected the many things in the hospital setting since its development. The control of infectious diseases is a direct response to the development of public health initiatives. According to the Association of Schools of Public Health (2012), education for both health care workers and general population to increase sanitation has significantly increased reduction of the spread of infectious diseases. Today assessing and monitoring hand washing technique is frequently done hospital wide to prevent spread of infection. Education is provided continually for patients and health care providers as well as reporting of hand washing monitoring statistics related to facility hand washing reports. Continual reassurances of the benefits of hand washing are shared in staff meetings, facility conferences, and performance reviews by administration and management. Risk factor modification for blood pressure control has proven beneficial in decreasing coronary artery disease and stroke mortality rates reports the Association of Schools of Public Health (2012). Public awareness of genetic factors has been promoted via public service announcements, blood pressure/diabetes screenings, and hospital awareness newsletters. Hospitals have incorporated coronary artery disease and stroke awareness into programs to reduce stroke and myocardial infarction mortality rates. Many facilities have added to the awareness by adding public health fairs to promote risk factor awareness, disease prevention, and health promotion. Role of Public Health Workers â€Å"Public health professionals try to prevent problems from happening or re-occurring through implementing educational programs, developing policies, administering services, regulating health systems and some health professions, and conducting research, in contrast to clinical professionals, such as doctors and nurses, who focus primarily on treating individuals after they become sick or injured† (Association of Schools of Public Health ,2012). Public health workers can be anyone from a physician to the sanitation worker. Public health workers are responsible for the duties they were trained for professionally as well as collecting data, discovering resources, provides, emotional support, plans for preparedness for disasters, provides education, and provides organization to work toward positive outcomes using the information gathered and plans developed. Researchers, for example, gather the information and collect surveys to assess the public’s health care needs. The information is used to determine the changes that need to be made as well as the public education that has to be provided. Social needs are also addressed by social workers and counselors to provide support and reassurance. Providig reassurance allows many to feel that their questions and concerns will be addressed. Follow up surveys may also be used to assess the education process and obtain long term feedback from the population addressed. Conclusion Public health is a demanding but fulfilling job for many individuals who work together for the good of society. Continually assessing the needs of the communities allows disease processes to be defined and investigated appropriately to gauge its danger to the surrounding population. Researching and developing plans for controlling the disease process allows educational pieces to be developed to relay to the population to provide reassurance of a possible solution or changes that must be made to avoid the disease process all together. The Philadelphia Department of Public Health has a large population to provide services to. The Divisions assist by breaking down services into manageable parts to be assessed and developed individually. Working together with local hospitals and clinics provides continuity of care between services while receiving education to better the city for future residents. References Association of Schools of Public Health. (2012). The 20th century’s ten great public health achievements in the United States. Retrieved from http://www.whatispublichealth.org/impact/achievements.html Centers for Disease control and Prevention. (2011, May 25). Core functions of public health and how they relate to the ten essential services. Retrieved from http://www.cdc.gov/nceh/ehs/ephli/core_ess.htm City of Philadelphia. (2010). Public health city of Philadelphia life liberty and you. Retrieved from http://www.phila.gov/health/AboutDPH.html

Commercial banks Essay Example for Free

Commercial banks Essay ABSTRACT This report is based on corporate social responsibility. This project report contains the meaning of CSR which includes the advantage of CSR towards bank, society, responsibility of corporate houses, objective of CSR, motive of CSR, responsibility towards customer. This document is all about multidimensional growth of customers for which the bank liable for their service selling. This process leads to upliftment of people life. The banks are not bind to do so but the do these kind of activities for creating a goodwill sense among their customer which leads to growth in lifestyle of the overall society. This gives better environment to the society in which the bank is working. Hence, the present study titled â€Å"A STUDY ON EFFECTIVENESS OF CORPORATE SOCIAL RESPONSIBILITY TOWARDS CUSTOMERS OF COMMERCIAL BANKS IN MADURAI†, has assumed greater significance. INTRODUCTION Corporate social responsibility ( CSR, also called corporate conscience, corporate citizenship, social performance, or sustainable responsible business/Responsible Business) is a form of corporate self-regulation integrated into a business model. CSR policy functions as a built-in, self-regulation mechanism whereby a business monitors and ensures its active compliance with the spirit of the law, ethical standards, and international norms. CSR is a process with aim to embrace responsibility for the banks actions and encourage a positive impact through its activities on the environment, consumers, employees, communities, stakeholders and all other members of the public sphere who may also be considered as stakeholders. STATEMENT OF THE PROBLEM Banks play an active role for the economic development of any country. In a present competitive environment bank needs to retain its customer for effective development in any sector. Hence there arises need for corporate social responsibility then only it will leads to development of society as well as growth in bank sector. The present study aims to know the effectiveness of CSR in commercial banks with special reference to Madurai. In this context following questions arises. To measure the level of social obligation To measure the level of effectiveness of corporate social responsibility towards customers of commercial banks. OBJECTIVES OF THE STUDY: To study the effectiveness of corporate social responsibility towards customers of commercial banks. METHODOLOGY The present study is an empirical one based on the survey method. First hand data was collected from the field through interview schedule. Data relating to various customers of commercial banks in Madurai was gathered through interview schedule. The schedule structured was extensively pretested. The survey envisaged the application of convenience sampling. Thus a sample of 300 respondents was decided upon nature of the commercial banks in Madurai. The survey was conducted during 2012-2013 in commercial banks from state Bank of India, Indian bank, Canara Bank, Karurvysya bank, HDFC bank, Axis bank, ICICI bank in Madurai. ANALYSIS INTERPRETATION GARRET RANKING Garret Ranking is used to find out the ranking for respondents opinion towards the enhancing customer value for public sector, private sector, and New generation banks. Step I:  Ranking given by respondents opinion on enhancing customer value TABLE 1 RANKING OF RESPONDENTS opinion towards enhancing customer value. S.No.AttributesRankTotal 12345 1.Sharing bank details1866231129300 2.Comfortable0120524880300 3.Time management00018282300 4.Man management1515765270300 5.Filling forms22120539213300 Source: Primary Data Step II : The assigned ranks by the respondents were converted into percent position value by the formula given below. For each percent position, Using Garrett’s table, corresponding Garrett’s table value is obtained. Formula Per cent Position = 100 (Rij – 0.5) / Nj Rij = Rank given for the ith variable by the jth respondent Nj = Number of variables ranked by the jth respondent. GARRETT’S TABLE VALUE RanksCalculationPercentageGarrett’s Table Value I Rank=100*(1-0.5)/5= 10= 75 II Rank=100*(2-0.5)/5= 30= 60 III Rank=100*(3-0.5)/5= 50= 50 IV Rank=100*(4-0.5)/5= 70= 40 V Rank=100*(5-0.5)/5= 90= 25 Source: Computed data. Step III: Scores are obtained with reference to Garrett’s Table value, and each percentage position value is converted into scores. Here each aggregated ranks are multiplied with corresponding the Garrett’s value obtained in the table. AGGREGATED RANKS Sl. No.AttributesRank 12345 1.Sharing bank details1395037201550840225 2.Comfortable07200260033602000 3.Time management00012607050 4.Man management113253420325018900 5.Filling forms1650720026506440325 Source: Computed data. Step IV: Summation of the scores is worked out for each rank column and means scores calculated by dividing the total score by the number of respondents. Finally, overall ranking is obtained by assigning ranks 1, 2, 3 †¦ in the descending order of mean score. OVERALL RANKING for respondents opinion on enhancing customer value S. No.ReasonTotal ScoreAverageRank 1.Sharing bank details2028567.6I 2.Comfortable1526050.53IV 3.Time management831027.7V 4.Man management1988566.28II 5.Filling forms1826560.89III INFERENCE It is observed from the table Sharing bank details† has been ranked as the first for the Man management has been ranked second, Filling forms third position, followed by Comfortable in fourth rank with Time management ranked as the fifth that influences the respondents opinion on enhancing customer value the in bank’s CONCLUSION Although creating customer satisfaction is not a prime motivation for instituting corporate social Responsibility programs , research linking CSR strategies with positive customer outcomes, such as loyalty, has led to the expectation that these strategies generally have positive flow-on effects for customers. Banking industry surveys have led to the identification of a mismatch between consumer satisfaction levels and massive spending on CSR programs. Further research is warranted. In view of research suggesting that retail banking customers prefer initiatives that create direct customer benefits compared to those that have broader social impacts. To conclude the CSR activities in all the three study banks are not effective. It is proper time on their to promote CSR related activities.

The Indian real estate sector

The Indian real estate sector The Indian real estate sector plays a significant role in the countrys economy. The real estate sector is second only to agriculture in terms of employment generation and contributes heavily towards the gross domestic product (GDP). Almost 5 per cent of the countrys GDP is contributed to by the housing sector. In the next five years, this contribution to the GDP is expected to rise to 6 per cent. According to Jones Lang LaSalle, faster economic growth in Brazil, Russia, India and China (BRIC) could result in the property markets of those nations recovering at a faster rate than the UK and US real estate markets. It has also been suggested that Indias property sector could begin to improve from late 2009 and may attract up to US$ 12.11 billion in real estate investment over a five-year period. Almost 80 per cent of real estate developed in India is residential space. According to the Tenth Five Year Plan, there is a shortage of 22.4 million dwelling units. Thus, over the next 10 to 15 years, 80 to 90 million housing dwelling units will have to be constructed with a majority of them catering to middle- and lower-income groups. It is for this reason that residential properties in India, particularly in Mumbai and Delhi, are viewed as very good investments as per a study by PricewaterhouseCoopers (PwC) and Urban Land Institute, a global non-profit education and research institute. In the 2009-10 budget, developers of affordable housing projects (units of 1,000-1,500 sq ft) have been granted a tax holiday on profits from projects initiated in the financial year 2007-08. Such projects would have to be completed before March 1, 2012. At the same time, the finance minister allocated US$ 207 million to grant a 1 per cent interest subsidy on home loans up to US$ 20,691, provided the cost of the home is not more than US$ 41,382. This subsidy is expected to give a further boost to the housing sector. An apartment is a self-contained residential unit or section that occupies a part of a building. It can be either owned or rented. Some apartment-dwellers own their apartments as cooperatives, in which the dwellers or residents own shares of a corporation that owns the building or development. In condominiums, residents own their apartments and share ownership of the public spaces. Living in apartments is gaining popularity in India. The Sahara Group has already decided to build 217 townships across India. Their allure lies in the convenience that they offer in terms of safety and security and maintenance of utilities like electricity and water. A central maintenance system obviates the need for hiring outside help for minor problems like leaking taps or electric short circuits. Stand-alone homes also require incurring additional costs like buying/leasing land, licensing, duties, etc. Apartments enable maximization of space utilization and reduce demand on public resources. People are also able to avail of additional amenities like gymnasiums, swimming pools, etc. at affordable prices. There is a gap in the literature, however, with regard to the value drivers that dictate purchase decisions of residential property in the country. Similar studies exist for other countries but were found wanting in the Indian context, especially when it comes to apartments. Through this paper, we aim to do the very same, i.e. establish which factors dictate purchase decision and to what extent. We will also correlate these preferences with the demographic profiles and characteristics of our respondents and hence arrive at a greater and much deeper understanding of these issues. We see immense utility for our paper, especially for builders and property dealers who can use our findings in structuring their own business activities. RESEARCH BACKGROUND AND HYPOTHESIS: Even though consumer behaviour is generally assumed to be an important part of real estate valuation, buyer preferences are generally not considered during the valuation process. It is basically reduced to the confirmation of a bid price which may or may not be met by the buyer. Efforts are being made to address this fault and many papers have been written on the analysis of motivations of residential property purchasers, attempting to explain them using models such as bounded rationality and hedonic pricing. Hedonic Pricing, or Hedonic Demand Theory as it is also known, decomposes the item of interest into constituents and evaluates the importance of each of them and their contribution to the overall valuation. These factors can be both internal characteristics of the good or service and external factors. In the case of real estate valuation, internal characteristics include layout, structure, etc of the property while status of neighbourhood, proximity to schools, etc are the exter nal factors. Factor Analysis enables us to do just that. It is a statistical method that reduces the number of variables by grouping two or more of them into unknown or hidden variables known as factors. Further analysis is then conducted by looking at the variation among these factors and evaluating their relative performance. These factors are taken to be linear combinations of the original variables plus error terms (Richard L. Gorsuch, 1983). Factor analysis seeks to do precisely what humans have been engaged in doing throughout history that is to make order of the apparent chaos of the environment (Child, 1990). It has great use in evaluating consumer behaviour. Charles Spearman is credited with its invention. He used it in the formulation of the g Theory as part of his research on human intelligence (Williams, Zimmerman, Zumbo Ross, 2003). Over the years it has found uses in fields as diverse as psychometrics, marketing, physical sciences and economics. It can be used to segment consumers on the basis of what benefits they want from the product/service (Minhas Jacobs, 1996). It has evolved as a technique over the years, with many researchers working on fine-tuning and improving the analytical process. Bai Ng (2002) developed an econometric theory for factor models of large dimensions. It focused on the determination of the number of factors that should be included in the model. The basic premise of the authors was t hat a large number of variables can be modeled by a small number of reference variables. Marketing strategies based on customer preferences and behaviour often make use of this technique during the market research phase (Ali, Kapoor Moorthy, 2010)[14] and while devising and changing the marketing mix (Ivy, 2008). Factor Analysis has also been used in ground water management to relate the spatial distribution of different chemical parameters to various sources (Love, Hallbauer, Amos Hranova, 2004). The facility of segmentation that factor analysis offers has been extended to the real estate sector and all studies thereof. Regression analyses are subject to aggregation biases and segmented market models yield better results. This segmentation is done using factor analysis Watkins, 1999). Property researchers have also dedicated a lot of attention to researching the preferences of property buyers and identifying the drivers of property value. A study in Melbourne, Australia (Reid Mills, 2004) analyzed the purchase decisions of first time buyers and tried to determine the most influential attributes that affect the purchase decision using factor analysis. The research findings of the paper indicated that financial issues accounted for approximately 30 percent of the variance in the decision of first time owners to buy housing. This related to timing, the choice of housing, and the decision to buy new housing. Apart from that the choice of housing is dependant on Site Specific fac tors (Location) and the decision to buy new housing is dependent on Lifecycle factors, such as family formation, marital status or the size of the existing house. Another study determined that brand, beauty and utility play a defining role in property value (Roulac, 2007). The findings of the paper explain why certain properties command premium prices, relative to other properties. It came to the conclusion that for value determination of high priced properties the overall perception of the brand is the most important factor followed by utility and beauty. Brand names are also very important especially in metropolitan markets as they add to the appeal, distinctiveness of the property. Another way to attract buyers attention is through the mix of neighborhood amenities offered (Benefield, 2009). Neighborhood amenities like tennis courts, clubhouses, golf courses, swimming pool, play park and boating facilities significantly impact property values. Hedonic pricing models in which buye rs are assumed to evaluate property specifics and location attributes separately when they purchase a home have also been used to study housing markets like that of Shenzhen, China (Xu, 2008). The findings suggest that the marginal prices of key housing attributes are not constant. Instead, they vary with the household profile and location. Cluster analysis involves the grouping of similar objects into distinct, mutually exclusive subsets known as clusters. The objective is to group either the data units or the variables into clusters such that the elements within a cluster have a high degree of natural association among themselves while the clusters remain relatively distinct from one another. Mulvey and Crowder (1979)[22] presented and tested an effective optimization algorithm for clustering homogenous data. Punj and Stewart (1983)[23] reviewed the applications of cluster analysis to marketing problems. They presented alternative methods of cluster analysis to evaluate their performance characteristics. They also discussed the issues and problems related to use and validation of cluster analysis methods. The application of cluster analysis in strategic management research was studied by Ketchen and Shook (1996). Their paper chronicles the application of cluster analysis in strategic management research. They analyzed 45 published strategy studies and offered suggestions for improving the application of cluster analysis in future inquiries. They believed that cluster analysis is a useful tool but the technique must be applied prudently in order to ensure the validity of the insights it provides. Since Marketing researchers were introduced to discriminant analysis half a century ago, it has become a widely used analytical tool since they are frequently concerned with the nature and strength of the relationship between group memberships. It is especially useful in profiling characteristics of groups that are the most dominant in terms of discrimination. Morrison (1969) explained how discriminant analysis should be conducted using canned applications and how the effect of independent variables should be determined. However, care must be taken when applying discriminant analysis. The potential for bias in discriminant analysis has long been realized in marketing literature. Frank, Massy and Morrison (1965) showed that sample estimates of predictive power in n-way discriminant analysis are likely to be subject to an upward bias. This bias happens because the discriminant analysis technique tends to fit the sample data in ways that are systematically better than would be expected by chance. Crask and Perreault (1977) looked at the validation problems in small-sample discriminant analysis. http://www.ibef.org/artdispview.aspx?in=60art_id=25260cat_id=381page=1. http://planningcommission.nic.in/plans/planrel/fiveyr/welcome.html. http://www.pwc.com/en_US/us/asset-management/real-estate/assets/emergingtrend s2009.pdf. http://indiabudget.nic.in/ub2009-10(I)/ubmain.htm. http://www.sahara.in/press03.html. Australia Richard Reed and Anthony Mills, Identifying the drivers behind housing preferences of first-time owners, February 2004, Journal of Property Management, Vol 25 Issue 3 , Published by Emerald Group Publishing Limited. China Ting Xu, Heterogeneity in housing attribute prices: A study of the interaction behaviour between property specifics, location coordinates and buyers characteristics, International Journal of Housing Markets and Analysis, 2008, Vol 1, Issue 2, Published by Emerald Group Publishing Limited. Consumer behaviour in the valuation of residential property: A comparative study in the UK, Ireland and Australia, Jacqui Daly, Stuart Gronow, Dave Jenkins and Frances Plimmer, Journal of Property Management, 2003, Volume 21 Issue 5, Page 295 314. A Bounded Rationality framework for property investment behaviour, Anne de Bruin and Susan Flint-Hartle, Massey University, New Zealand. An application of the hedonic price model with uncertain attribute The case of the Peoples Republic of China, Zan Yang, Journal of Property Management, 2001, Volume 19 Issue 1, Page 50 63. Factor Analysis, Richard L. Gorsuch, 1983, Lawrence Erlbaum Associates. Charles Spearman: British Behavioral Scientist, Williams, R. H., Zimmerman, D. W., Zumbo, B. D. Ross, D. (2003), Human Nature Review. 3: 114-118. Benefit segmentation by factor analysis: an improved method of targeting customers for financial services, Raj Singh Minhas and Everett M. Jacobs, International Journal of Bank Marketing, 1996, Volume 14 Issue 3, Pages 3-13. Buying behaviour of consumers for food products in an emerging economy, Jabir Ali, Sanjeev Kapoor and Janakiraman Moorthy, British Food Journal, 2010, Volume 112 Issue 2, Page 109 124. A new higher education marketing mix: the 7Ps for MBA marketing, Jonathan Ivy, International Journal of Educational Management, 2008, Volume 22Issue 4, Pages 288 299. Love, D., Hallbauer, D.K., Amos, A. and Hranova, R.K. 2004. Factor analysis as a tool in groundwater quality management: two southern African case studies. Physics and Chemistry of the Earth, 29, 1135-1143. Property valuation and the structure of urban housing markets, Craig Watkins, Journal of Property Investment Finance, 1999, Volume 17 Issue 2, Page 157 175. Identifying the drivers behind housing preferences of first-time owners, Richard Reed and Anthony Mills, February 2004, Journal of Property Management, Vol 25 Issue 3. Brand+Beauty+Utility=Property Value, Stephen E. Roulac, Journal of Property Management, Vol 5 Issue 5, Emerald Group Publishing Limited. Justin D. Benefield, Neighborhood amenity packages, property price, and marketing time, 2009, Journal of Property Management, Vol 27, Issue 5, Emerald Group Publishing Limited. Ting Xu, Heterogeneity in housing attribute prices: A study of the interaction behaviour between property specifics, location coordinates and buyers characteristics, International Journal of Housing Markets and Analysis, 2008, Vol 1, Issue 2, Emerald Group Publishing Limited. John M. Mulvey and Harlan P. Crowder, Cluster Analysis: An Application of Lagrangian Relaxation, 1979, Management Science, Vol. 25, No. 4, INFORMS. GirishPunj and David W. Stewart, Cluster Analysis in Marketing Research: Review and Suggestions for Application, 1983, Journal of Marketing Research, Vol. 20, No. 2, American Marketing Association.

Physics Prac - Mesuring Wavelengths Of Light :: essays research papers

Aim: To determine the approximate value of l for red light using a diffraction kit. Theory: Diffraction of light is one explanation of the wave theory of light. Francesco Grimaldi first observed this type of behvaiour from light. However, Thomas Young was the scientist that was able to derive a mathematical formula where l can be calculated. The original experiment involved sending white light into a screen with two small holes to serve as point sources. The light from these sources was then projected onto a screen and light and dark bands were observed. The mathematical formula could then be used after taking certain measurements. Equipment: Light source (Ray box), Red cellophane, Double-slit slide, and Measuring rod (can be already attached to Ray box. Method: 1.  Ã‚  Ã‚  Ã‚  Ã‚  Set up the ray box and place red cellophane in clip so that it is over the bulb. 2.  Ã‚  Ã‚  Ã‚  Ã‚  Switch on ray box and stand approximately two meters away from the ray box, hold the slide up to your eye and look through one of the double slit patterns into the light. Observe disturbance pattern. 3.  Ã‚  Ã‚  Ã‚  Ã‚  While looking through the slide, have someone move the white marker along the slide rule until its edge is approximately halfway inside a dark or light band. 4.  Ã‚  Ã‚  Ã‚  Ã‚  Take measurement down and then repeat step 3 and gain measurement for other dark or light bands. Results: The results gained from the experiment were conclusive and accurate when compared to the original value for l for red light. Below is a table of the measurements recorded and calculations to gain l. Calculation (con't): The value d was calculated by placing the slide in a projector and then on the whiteboard (acting as a screen), marks were made. The slide had a measurement of 1cm and from this the ratio 35:1 was established. Measurements were then made and the slides actual measurements were determined. For this particular experiment, the slide marking D was used. L was measured also using simple trigonometry. The person viewing through the slide sat at a table and then looked down at the ray box on an angle.

Stress In The Workplace Essay examples -- Effects of Stress in the Wor

An increasing number of employers are becoming aware of the adverse affects that stress can have on an employee's performance and are offering different programs to help employees manage stress in their lives. This approach is proving to increase workplace performance, as well as improve employee loyalty and retention in the long run. What Causes Stress? Causes and Concerns Stress has been defined as a physiologic reaction to uncomfortable or unaccustomed physical or psychological stimuli. The biological variations that can result from stress of the sympathetic nervous system include a heightened state of alertness, anxiety, rapid heart rate and sweating. Not surprisingly, everyone has different triggers that cause stress in their lives and according to a number of surveys, work related stress tops the list for most people. In fact, forty percent of employees in the United States reported that they regularly experience work-related stress and a rising number of them are reporting that work is the largest stress in their lives. This is creating health and economic problems, not just for the American workforce but globally as well. Effects of Stress on Employees Physical and Emotional Individuals under stress at work have been known to experience fatigue and/or low motivation which can directly influence an organization’s morale and decrease overall productivity. Any professional with an M.A. in Industrial Organizational Psychology will tell you that str...

Ict Policy and Server Room Proposal for a Small Firm

INFORMATION COMMUNICATION TECHNOLOGY POLICY DOCUMENT INTRODUCTION Information and Communications Technology Policy addresses security issues and how to effectively apply and maintain information systems, thereby facilitating protection of critical, valuable and confidential information together with its associated systems. Most people are likely to recognise the impact and severity of the loss or theft of confidential designs for a new product. However they do not always recognise the potential risk, and consequential result, of seemingly ‘innocent' activities, such as copying software or copying the corporate database onto their laptop computer or not documenting changes made to their systems. The purchase and installation of hardware and software requires those involved to consider carefully the Information Security issues involved in this process. Careful consideration of the company's business needs is paramount, as it is usually expensive to make subsequent changes. Analysis of user requirements versus the various benchmarks test results will establish the best choice of server/software to be purchased. Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the IT & T Policy issues are adequately covered. The issue of IT consumables is looked into. These are expensive and should be properly controlled both from an expense perspective as well as an Information Security perspective. Valuable items should always be kept in a secure environment to avoid damage or loss. OBJECTIVES To develop an Information Communication Technology policy for KPLC Retirement Benefits Scheme that introduces efficient and effective use of IT systems and in turn facilitate the smooth running of the secretariat. MISSION STATEMENT To strive to provide nothing but the best means of data and telecommunications services to the secretariat as a whole. DEFINITION OF ICT POLICY A set of rules, regulations, procedures and plans of action for administration of equipment, resources, and services in the ICT section. TERMS OF REFERENCE The aim of this document is to; ) Analyse procedures and practices that are in use currently and identify those that can be reinforced or changed. ii) Work out a time plan for the smooth transition from the use of KPLC systems and resources. iii) Review implemented policies elsewhere to facilitate broad knowledge and adapt ideas suitable to our environment. TABLE OF CONTENTS INFORMATION COMMUNICATION TECHNOLOGY POLICY DOCUMENT1 INTRODUCTION1 TABLE OF CONTENTS2 PREAMBLE4 IT & T SYSTEM DESCRIPTIONS4 1. 0 PROCUREMENT OF HARDWARE, PERIPHERALS & OTHER EQUIPMENT8 1. 1 Purchasing and Installing Hardware8 1. 2Cabling, UPS, Printers and Modems15 1. 3Consumables16 . 4Working off premises or using out-sourced processing18 1. 5Using Secure Storage20 1. 6Documenting Hardware23 1. 7 Telecommunications equipment25 1. 8Other Hardware Issues28 1. 9 Disaster Recovery Plans30 2. 0 CONTROLLING ACCESS TO INFORMATION & SYSTEMS IN THE SECRETARAIT32 2. 1Controlling Access to Information and Systems32 2. 1. 5 Controlling Access to Operating System Software38 Managing Passwords39 3. 0 PROCESSING INFORMATION AND DOCUMENTS46 3. 1Networks46 3. 2System Operations and Administration49 3. 3E-mail and the World Wide Web57 3. 4Telephones & Fax69 3. 5Data Management73 3. 6Backup, Recovery and Archiving75 . 7Document Handling78 3. 7. 3 Countersigning Documents79 3. 7. 5 Approving Documents before dispatch80 3. 7. 6 Signature Verification80 3. 8Securing Data83 3. 8 . 4 Maintaining Customer Information Confidentiality86 4. 0 PURCHASING AND MAINTAINING COMMERCIAL SOFTWARE90 4. 1Purchasing and Installing Software90 4. 2Software Maintenance & Upgrade92 4. 3Other Software Issues94 5 COMBATING CYBER CRIME95 5. 1Combating Cyber Crime95 5. 1. 1 Defending Against Premeditated Third Party Cyber Crime Attacks95 5. 1. 2 Minimising the Impact of Cyber Attacks97 5. 1. 3 Collecting Evidence for Cyber Crime Prosecution98 5. 1. Defending Against Premeditated Internal Attacks99 5. 1. 5 Defending Against Opportunistic Cyber Crime Attacks100 6. 0 COMPLYING WITH LEGAL AND POLICY REQUIREMENT101 6. 1Complying with Legal Obligations101 6. 1. 2 Complying with General Copyright Legislation101 6. 1. 3 Complying with Copyright and Software Licensing Legislation102 6. 1. 4 Legal Safeguards against Computer Misuse103 6. 2Complying with Policies103 6. 3Avoiding Litigation106 6. 3. 3 Sending Copyrighted Information Electronically107 7. 1 E- Commerce Issues108 7. 2 Structurin g E-Commerce Systems Including Web Sites108 7. 3 Securing E-Commerce Networks109 . 4 Configuring E-Commerce Web Sites110 7. 5 Using External Service Providers for E-Commerce Delivery Channel111 8. 7Cost Considerations116 9. 0 DEALING WITH PREMISES RELATED CONSIDERATIONS118 9. 1 Physical Security of Equipment and Assets118 10. 0 NETWORK SECURITY MEASURES122 10. 1 Data Network devices122 10. 2 System administration123 10. 3 System Auditing129 10. 4 Email Policies130 10. 5 The Internet131 10. 6Computer desktop equipment133 10. 7Human Resource Aspects Policies141 10. 8Security Policy Auditing142 10. 9Incidence Management and Responses146 Reporting an Incident146 What is Cybercrime? 151 10. 0Movement of Telecommunications Equipment155 11. 1Setting Classification Standards157 12. 0 RETIREMENT OF OBSOLESCENCE OR OBSOLETE EQUIPMENT158 12. 1 Setting New Hardware Standards158 12. 2Methods of assessing old and inapt Software/hardware158 12. 3Hardware and software obsolescence160 12. 4RBS Depre ciation Factors for Defining Old Or Inapt Equipment161 13. 0 APPENDIX 1162 13. 1 LIST OF SPARES & ACCESSORIES162 14. 1 GLOSSARY & REFERENCES163 PREAMBLE It is necessary for one to be familiar with the various Information Technology and Telecommunications Systems that the company has acquired and installed over the years. This document provides the description of the systems as well as the policies formulated in regard to these IT & Telecommunications systems. IT & T SYSTEM DESCRIPTIONS 1. Telephony The telephone network for RBS consists of the public interconnected network using automatic branch exchanges (PABX) which connects us to the public network using telecommunication service providers and private branch network (PBX) which is housed in our commercial office premises which help us communicate in the premises through extension numbers. 2. Computer Data systems These are composed of data network hubs and switches which make the Local Area Networks (LAN) and the routers which interconnect the LANs. Each LAN is composed of passive data networks, servers and PCs that use the network thus realised to exchange information and data throughout the enterprise. 3. System Software and Data System software is the general term used to describe the many software programs, drivers and utilities that together enable a computer system to operate. One of the main components of system software is the operating system of the computer e. g. Microsoft Windows ® XP Professional. 4. Data Data in the language of information technology means the individual elements that comprise the information and can be processed, formatted and re-presented, so that it gains meaning and thereby becomes information. Here we are concerned with the protection and safeguard of that data/information which, in its various forms can be identified as Business Assets or Information Assets. The term data and information can be used somewhat interchangeably; but, as a general rule, information always comprises data, but data is not always information. ICT SYSTEMS DESCRIPTIONS DESCRIPTIONS THE OF SYSTEM RBS – Open Retirement Benefits Scheme System The system is used for the administration of employee and employer contributions into the RBS Fund. It has a database for member details together with their dependants. This is used when benefits are to be calculated for deceased persons and withdrawing members. The system also has a pensioners payroll used to pay all pensioners whether retirees or widows and orphans. Group Life for all employees and the issue of Last Expense is also maintained and administered in the system. Database Management Systems The secretariat database is managed using ORACLE database management systems(DBMS). Oracle databases are relational, thus data is stored in them in row-column (table) format. All the company data is stored and managed using ORACLE. WINDOWS NT ENVIRONMENT The Window NT environment operates in domains. A domain is a collection of computers and users defined by the administrator of a Windows NT Server network that share a common directory database. A domain provides access to the centralised user accounts and group accounts maintained by the domain administrator. Each domain has a unique name. Window NT Environment In the current WAN model of KPLC there is a single master domain called KPLCSTIMA. The KPLCSTIMA is also the main account domain and KPLCNET as Internet resource domain. A child domain known as RBS. KPLCSTIMA will be created from the master domain and will have trust relationship with it. This is will give us more control of our systems and semi-autonomy from the KPLC systems. It will be installed with Windows Server 2003 standard edition operating system which will provide the following services at RBS: 1. File and Print sharing. 2. Microsoft Exchange Services – host the resident Staff member’s mailboxes and enable efficient sending and receiving of internal/Internet mail and if need be provide also storage of the mailboxes. 3. Anti-virus Software. 4. Systems Management Server for Network management. 5. Internet Browsing. 6. To allow for faster downloads of the application updates. 7. To enable the efficient installation and periodic updates of the PC anti-virus in the local area network. 8. For faster and seamless primary logon of client PC’s to the network. Our application i. e. RBS system is already running in a stand alone server and will continue that way to ensure system stability and integrity. The new system will also run on its own stand alone server for the same reason. †¢The primary domain controller (PDC) tracks changes made to domain accounts. Whenever an administrator makes a change to a domain account, the change is recorded in the directory database on the PDC. The PDC is the only domain server that receives these changes directly. A domain has one PDC. A backup domain controller (BDC) maintains a copy of the directory database. This copy is synchronised periodically and automatically with the PDC. BDC’s also authenticate user logons, and a BDC can be promoted to function as the PDC. Multiple BDC’s can exist in a domain. Client PCs Currently there are four PCs and two laptops in the secretariat all running Windows XP as the desktop operating system and networked using Windows NT operating system of the K PLC master domain. All PCs have MS Office 2003 – 2007 as an office desktop application. The PCs have between 256 and 512 MB RAM. All the PCs are running on Microsoft TCP/IP protocol and use USER LEVEL access on the network. Microsoft Exchange Server Microsoft Exchange Server is used for electronic messaging in and out of the organisation. Exchange is organised into entities called sites each consisting of one or more servers containing mailboxes and public folders. Mailboxes are where a user’s messages are kept, each user having a single mailbox whereas public folders are like notice – boards, containing information that is shared between multiple users. Intra-site communication has to occur at high speed and with high reliability. Inter-site communication can occur at lower speeds. In addition to local messaging, there is Internet messaging, implemented via the Proxy Server. Anti-Virus Software McAfee’s Total Virus Defence Software is the current company guard against viruses. The software is loaded on all the Exchange server protects against viruses distributed. A group of computers and the server that manages them is called an Anti-virus Domain. The anti – virus server downloads new version automatically from McAfee Website on the Internet. Once the new software version is downloaded, the system administrator configures it for distribution. It also alerts the system administrator to ‘pull’ the latest versions to the Anti-virus Server. Internet Microsoft Proxy Server provides an easy, secure way to bring Internet access to every desktop in an organisation. The proxy server is a gateway between the company’s network and the Internet. A gateway is special software, or a computer running special software, that enables two different networks to communicate. The gateway acts as a barrier that allows you to make requests to the Internet and receive information, but does not allow access to your network by unauthorised users. [pic] 1. 0 PROCUREMENT OF HARDWARE, PERIPHERALS & OTHER EQUIPMENT 1. 1 Purchasing and Installing Hardware This Chapter deals with the Information Technology and Security issues relating to the purchase, use or maintenance of equipment through which information is processed and stored. 1. 1. 0 Procurement of Hardware, Peripherals and Other Equipment Policy Statement All purchases of new systems hardware or new components for existing systems must be made in accordance with Information Security and other organisation Policies, as well as technical standards. Such requests to purchase must be based upon a User Requirements Specification document and take account of longer-term organisational business needs. The purchase and installation of hardware requires those involved to consider carefully the Information Security issues involved in this process. This section covers the key areas to be considered. . 1. 1 Specifying Information Security Requirements for New Hardware The purchase of new computers and peripherals requires careful consideration of the business needs because it is usually expensive to make subsequent changes. |ICT Issues to consider |Action Required | |The system must have adequate capacity or else it may not be |Estimate the current and potential load on the system. | |able to process your data. For critical applications ensure t hat the system is reliable and of | | |high quality. | | |Select a supplier with a proven ‘track record', who is likely to be | | |in business for the life of the hardware. | |Data must be adequately protected; otherwise there is a risk |Determine the type of safeguards necessary for the information | |of loss or accidental / malicious damage. concerned and ensure that the hardware is capable of supporting the | | |required features, e. g. the type of operating system and attached | | |devices. See classifying information and data | |Where hardware maintenance is poor or unreliable, you greatly|Choose a supplier with a proven ‘track record', who is likely to be | |increase the risk to the organisation, because, in the event |in business for the life of the hardware. |of failure, processing could simply STOP. |Enter into a maintenance contract at the time of purchase with a | | |suitable response time in the event of a failure. See service level | | |agreement | |T he system must be sufficiently ‘resilient' to avoid |Determine your organisation’s tolerance to system non-availability | |unplanned down-time, which can have an immediate negative |(seconds, minutes, hours or days? , and approach the design of your | |impact on your organisation |hardware configuration accordingly. | | |Consider the use of mirrored disks to guard against disk failures; | | |duplicate processors in case of processor failure; duplicate | | |configurations; and the use of an Uninterrupted Power Supply (UPS) | | |and standby generators. 1. 1. 2 Installing New Hardware Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the ICT Policy issues are adequately covered. (See Premises for further detail. ) Policy Statement All new hardware installations are to be planned formally and notified to all interested parties ahead of the proposed installation date. Information Technology and Securi ty requirements for new installations are to be circulated for comment to all interested parties, well in advance of installation. ICT Issues to consider |Action Required | |The equipment must be located in a suitable environment otherwise|Adhere to the specifications and recommendations of the | |it may fail. |manufacturer or supplier, e. g. for operational temperature, | | |humidity etc. | |Adequate safeguards against fire, water and electrical failure | | |should be in place. See Premises | |Any disclosure of your network diagrams, security features, |Ensure that all persons on site, whether from your own | |locations and configurations etc. exposes potential |organisation or not, have completed a Non-Disclosure Agreement | |vulnerabilities, which could be exploited. Although a Non Disclosure Agreement paves the way for legal | | |redress, it cannot protect you against actual commercial damage. | |Leaving tools, utilities and developer's kits on your new system |All new syste ms should be configured for maximum practical | |endangers the confidentiality and integrity of your data |security by the removal of unnecessary utilities, developers' | | |programs, etc. a technique known as hardening. | |Without an installation plan for the new equipment, disruption to|Ensure that all special pre-installation requirements (e. g. air | |operational systems is more likely. |conditioning) have been met. | | |Identify the precise location for the equipment and ensure that | | |the power and network cables are ready. | | |Agree a detailed installation plan with the vendor. | |Anticipate what might go wrong and consider how to minimise the | | |risks. | |Where the installation plan does not include safeguards against |Agree a detailed installation plan and document it. See Project | |the (inevitable) increased security threat resulting from |Plan | |(relatively) ‘open access' to the systems area, accidental or |Monitor progress against the plan. |malicious damage can result. |Only allow authorised persons access to the systems area. | | |To protect all parties never allow engineers to work unattended. | | | | |Breaches of Health and Safety regulations endanger the well being|Ensure Health and Safety regulations are followed when locating | |of your staff and your organisation’s commercial activities. the equipment, peripherals and cables. | | |A periodic visual inspection is beneficial also. | 1. 1. 3 Testing Newly Installed Systems and Equipment Hardware should be tested when new to verify it is working correctly, and then further tests applied periodically to ensure continued effective functioning. Policy Statement All equipment must be fully and comprehensively tested and formally accepted by users before being transferred to the live environment or user sites. |ICT Issues to consider |Action Required | |Where new equipment is not tested for critical functions before |Ensure that all new installations are thoroughly tested after | |being used, it can lead to failure and hence damage to both data |initial set-up and prior to live use. |and other linked systems. |All such tests should be in accordance with a documented test | | |plan. | |Inadequate testing can threaten the integrity and availability of|Check the test outputs to confirm the results. Ensure that | |your data. |all-key components, e. g. hard disk subsystems are included in the| | |tests. | |Devices that are known to degrade with time, e. g. printers, | | |should be tested periodically | |Where testing is performed in a manner that does not simulate |Ensure that the test plan simulates realistic work patterns | |live conditions, the results of such testing cannot be relied | | |upon. | |Poor security procedures during equipment testing can compromise |Ensure that Non Disclosure Agreement have been obtained from all | |the confidentiality of your data. |third party staff involved in testing the equipment. | |Verify that the required security configuration and safeguards | | |have been implemented for the new hardware. | | |If live data is used in the testing process for the new hardware,| | |ensure that it is closely controlled. See Use of Live Data for | | |Testing | Explanatory notes NT servers The analysis of user requirements (client base and mail sizes expected) versus the various benchmarks test results will establish the best choice of server to be purchased. For file and print server only disk space is a key requirement. IT & T Issues |Key Actions | |CPU Board |Dual CPU, redundant system components in many aspects | |Disk & Disk space |Enough storage to cater for expected growth of mail database for the next| | |fiscal year | | | | | |Redundant and RAID-5 capable | |SPEC INT2000 |Compares CPU speeds for various servers. | | | |SPEC CPU2000 |To establish best processors and server performances. | | | | |(http://www. specbench. org/) |To establish best server as per RBS requirements. | | | | | |Do sample analysis based on databases expected or consult database | | |product vendor on system demands. |TPC-C benchmark |The TPC-C benchmark measures the ability of a server to process | | |transactions in a simulated business environment, calculating both the | |See guidelines at http://www. tpc. org/ for |performance of the System Under Test and real world scenario. | |transactions per server | | | |Mail servers should handle 1500 mail user traffic simultaneously in a | | |normal business environment. | | | | |Mail servers should be capable of storing all mails processed in a normal| | |working day. | Routers |ICT Issues |Key Actions | |Router basics |Dual CPU, all redundant system components installed at time of purchase | | |in many aspects | |IOS, RAM and ROM |Latest Cisco IOS e. g. ver 12. X. , 128 MB RAM and suitable flash memory to | | |store all features of IOS. | | | | |VPN and 3-DES features enabled | |IOS compatibility |New routers should Cisco compatible to integrate seamlessly with existing| | |IOS and equipment. | |Number of WAN ports |Decide by local needs e. g. | | | | | |Hub-routers should be preferred for small LANs | |User Management |Manageable by local o r by remote interface, RMON, SNMP or network user | | |interfaces. | Hubs and Switches Item |Action | |Hardware basics |Dual CPU, all redundant system components installed at time of purchase in many | | |aspects | |IOS, RAM and ROM |Latest Cisco IOS e. g. ver 12. X, VLAN and work grouping, bridging possible. | |IOS compatibility |Cisco compatible to integrate seamlessly with existing IOS and equipment. |Protocols |Ethernet enabled | |L | | |Number of LAN ports |Decide by local needs e. g. | | |Hub-routers should be preferred for small LANs | |User Management |Manageable by local or by remote interface, RMON, SNMP or html enabled network | | |user interface. | Modems Item |Action required | |Software Compatible |Supports HyperTerminal for Windows | | | | | |Should be configurable using AT commands | |V90 |Modems should be V90 standard and downward compatible with existing V54 & V42 | | |types, etc. |2 & 4 wire |Supports two wire dialup and 4 wire leased analogue line use. | Data cabinets Equipment cabinets should be properly chosen. The current 6U cabinet is too small for any future expansion or even good workmanship to be carried out. Vendors should provide cabinet of size equal or larger than 12U cabinet. |Item |Action | |Sufficient space for equipment |The cabinet should house all the equipment and accessories at the installation| |See http://www. datacabinets. om/ |time, leave room for future expansion and provide free space for proper | | |ventilation | |Aesthetically chosen for office environment |The cabinet aesthetically coloured to match with general looks in the vicinity| | |free standing or wall mounted and should be equipped with sufficient power | | |blocks. | |Proper ventilation and humidity |The cabinet must have sufficient cooling fans. The fans in these cabinets | | |shall be designed to give minimum noise level expected in a normal office | | |environment and must be designed to keep the humidity level low. | |Designed for equipment therein |The cabinets will be used to house all the active equipment and connection | | |accessories such patch panels, Light Unit Interfaces (LIU). | | | | | |Be lockable and be equipped with some trays. LIUs, cord organisers, cable | | |straps etc. |Grounding and ESD |All cabinet shall be electrically grounded to ensure electric noise and | | |electrostatic discharge is minimised. | Server Room The following items are useful in a server room construction. |Item |Action | |Backup supply |Installation of a central UPS to back up for at least 30 minutes after an | | |outage. | |Conditioned power supply |Installation of spike protectors is necessary to ensure well regulated supply | | |free of surges and dips. |Neat and extensive cable trays |Construction of a technical (false) floor and technical roof (false ceiling) | | |to house all types of cabling and utilities such as fire hydrants, smoke | | |detectors, etc | |No electrostatic discharge (ESD) in computer centre and |Proper grounding and use of anti-static PVC tiles on floor. Each tile must be| |equipment |grounded well. | |Maintain ambient temperature |Installation of a two way redundant air conditioning system. | | |Maintain 16 ? C via room wall. | |Guard against fires and similar hazards |Installation of an automatic fire-fighting system |Use effective extinguishers that are less hazardous to |Use most inert system e. g. Inergen | |human health. |See www. inergen. com/ | |Classify room usage |Partitioning of the computer room | |Proper lighting |Supply and installation of False Ceiling | |Protection against harmful effects of fire hydrants |Supply of Gas Masks | 1. 2Cabling, UPS, Printers and Modems Cabling For best of cabling the following international standards should be incorporated when carrying voice/data-cabling works. |Item |Action | |Scope |Systems Administrator to access scope of requirements. | |Design of cabling plant and premises consideration |According to ANSI/EIA/TIA 568B & 569 standards | | |See www. ansi. org, www. eia. org & http://www. tiaonline. rg | |Implementation and workmanship of cabling works and testing |According to ANSI/EIA/TIA 606 & 607 standards of installing and | | |maintaining data/voice cabling plant. | |Network Active devices |Different vendors have preferred methods of rolling out active | | |devices try this method: | | | | | |Develop | |high-level process flow diagram for deploying new solutions | | |solution hardware requirements | | |solution management platforms | | |solution validation by pilot project | | |full solution deployment | | |document all related information for management, maintenance and | | |future extensions | UPS The following formulas are useful in determining choice of UPS. The UPS are rated in terms of steady power out put and backup time. Steady power rate is given in watts= W Backup time is given in Hours or Ampere-hour of the batteries. = Ah Backup capacity in terms of Ampere-Hour is Ah = (Watt x time) and or is computed to be Ah =3. 6 Mega joules. Power x Time = Energy (joules) Translates to Time =Ah/power E. g. StimaEIS is 7. 2-kVA load. To backup for half an hour it requires (7200 x 30 x 60 x 60)/3. 6 x106 = 216 Ah Given that each small battery is 12V with 9 Ah each then the UPS will have 24 small batteries. Similarly for rest of the computers same formula can be used. 1. 3Consumables Introduction ICT consumables are expensive and should be properly controlled both from an expense perspective as well as an Information Security perspective. This section deals with the Information Security aspects of IT consumables. 1. 3. 1 Controlling IT Consumables Policy Statement IT Consumables must be purchased in accordance with the organisation’s approved purchasing procedures with usage monitored to discourage theft and improper use. They must be kept in a well-designated store away from working area. Explanatory Notes Examples of consumables are printer forms, stationery, printer paper, toner & ink, ribbons, disks, diskettes, bar-code labels and other accessories. Item |Key Actions | |Pilfering of your consumables results in increased organisational|Safeguard Consumables against petty theft by locking cupboards, | |expense. |maintaining a register, written authorisation prior to removal of| | |items etc. Keys to be kept by the supervisor’s office. | |Consumables may be s tolen with the intent to defraud your |Take special measures to protect potentially valuable pre-printed| |organisation or customers. |forms and account for their usage. Store area should be a | | |restricted area, use gate-passes and authorisation. |Confidential data may be revealed to unauthorised persons from |Ensure that confidential information cannot be identified from | |discarded Consumables e. g. discarded draft printer output and |discarded Consumables, such as printer ribbons and floppy disks, | |test data printer output. |by destroying them. | | |Destroy or shred surplus printout / fiche containing data, | | |whether or not the data appears to be confidential – it may be! | | |See also Classifying Information and Data. | 1. 3. Using removable storage media including Diskettes and CDs Policy Statement Only personnel who are authorised to install or modify software, and staff who are authorised to transfer and update data shall use removable media to transfer dat a to / from the organisation’s network. Any other persons shall require specific authorisation. Explanatory Notes When using removable storage media, there are additional ICT Security risks associated with the portability of the media. Personnel authorised to install & modify software is the system administrator. Personnel authorised to transfer and update data shall be determined by the general manager and systems administrator. ICT Issues |Key Actions | |Loss or ‘disappearance' of disks, tapes, etc. can |Ensure that all media are stored safely and securely. | |compromise the confidentiality of the organisation’s |Make sure that all media are labelled clearly, whether physically and/or | |data. |electronically, and that they can be located easily when needed. | | |Designate key individuals to monitor the storage and use of removable | | |media. | |Damage to media compromises the integrity of your |Follow the manufacturers' recommendations when handling the m edia. | |corporate records. Take protective measures against environmental extremes of temperature, | | |humidity, dust, etc. , appropriate to the importance and sensitivity of the| | |data. | | |Consider carefully the safeguards required for any media being moved or | | |stored off-site; especially backup tapes / disks. | | |In the case of irreplaceable data, you should consider taking security | | |copies, each of which must be properly safeguarded. | |Consider using fire-resistant storage cabinets for such media. | 1. 4Working off premises or using out-sourced processing Working Off-Premises involves a broad range of Information Security risks. In addition to the obvious threat of theft of the equipment there are also significant risks to the information contained on portable equipment. It is necessary to use business centres with great care as confidential information or data can be input onto equipment that is not under your control. 1. 4. 1 Contracting or using Out-sour ced Processing The following issues should be considered if the organisation decides to utsource some or all of its computer processing. Policy Statement Persons responsible for commissioning out-sourced computer processing must ensure that the services used are from reputable companies that operate with accredited information security and quality standards which should include an appropriate Service Level Agreement. |ICT Issues to consider |Action Required | |Inadequate performance can threaten your organisation's |Determine the critical success factors for your organisation in terms of| |information processing and business operations. speed, reliability, response and ability to scale rapidly (if | | |necessary). | | |Document these factors in a Service Level Agreement with penalty clauses| | |for breaches. | |Poor reliability threatens the performance of your |Consider your organisation's tolerance to system non-availability in | |business. |seconds, minutes, hours or days? | | |Ensure that the service provider can meet these needs. | |Document these factors in a Service Level Agreement with penalty clauses| | |for breaches. | |Lack of direct control when outsourcing can compromise |Due diligence should be exercised to ensure that the outsourcing company| |data confidentiality. |is reputable and operates with adequate standards. | | |Obtain a Non Disclosure Agreement from the outsourcing company. | | |Insist on secure transmission methods between your organisation and | | |theirs, e. g. authenticated transmission with encrypted data. | 1. 4. 2 Issuing Laptop / Portable Computers to Personnel Laptops, Portables, Palmtops -or even electronic ‘organisers', which connect to and store your organisation’s data – are included within this topic. Throughout this topic we refer to them collectively as ‘laptops' Policy Statement Line management must authorise the issue of portable computers. Usage is restricted to business purposes, and users must be aware of, and accept the terms and conditions of use, especially responsibility for the security of information held on such devices |ICT Issues |Action Required | |Confidential data disclosed to unauthorised persons can |Be certain that the member of staff has a valid business reason for | |damage the organisation. |using a laptop. Maintain and update the Hardware Inventory with the | | |primary user's name and contact details | | |Ensure that you are always able to trace the physical location of the | | |laptop and that the type and sensitivity of any stored data is known and| | |properly secure. | | |Always use any ‘power-on' password feature as a simple deterrent to | | |opportunistic usage. | | |Ensure the confidentiality and security of backup files. |The use of unlicensed software can subject your |All software used on the laptop must be licensed and comply with both | |organisation to legal action |legal and organisational standards. | |Viruses, Worms, Trojans and other Malicious Code can |Scan the laptop for malicious code and viruses regularly. | |corrupt both data and the system files. |Always scan files before accepting them onto the laptop | |Theft of the laptop exposes the organisation to the threat|Ensure that the holder implements adequate safety procedures against | |of disclosure o f sensitive corporate data to competitors. |theft. | |Consider the use of securing wires or other security devices in open | | |offices. | | |Ensure that the Hardware Inventory contains relevant allocation details | | |of all computers. Insure the laptop against loss, theft and damage. | | |Be aware of any exclusion in cover. Prepare guidelines for issuing | | |portable computing equipment. |Inadequate backup and recovery routines can lead to the |Ensure that laptop computers can have their data safeguarded through | |loss of data. |regular backups. | | |Ensure that the primary user of the equipment recognises their | | |responsibilities in this regard. | Guidelines for Issuing Portable Computing Equipment Those responsible for issuing portable computer equipment must ensure that the following is complied with before issuing such equipment to employees. †¢ Ensure that adequate insurance cover is provided for the portable equipment for use in the home country and abroad. Ensure that suitable virus scanning software is present on the equipment. †¢ Supply suitable network connections and ensure that access procedures are applied if the equipment is to be connected to a network. †¢ Ensure that adequate capacity (hard disk and memory size) is available on the equipment to support business processing. †¢ Ensure that adequate backup and restore facilities and procedures are in place. †¢ Ensure that compatible versions of application software are in place. †¢ Ensure that software encryption and/or physical locking devices are in place. †¢ Ensure that adequate records of the equipment are maintained, and that the issue is authorised and receipted. Ensure that authorisation for use of portable computing equipment is received †¢ Ensure that the Terms of Use are issued and signed. 1. 5Using Secure Storage Introduction It is essential that valuable confidential or critical information or equipment is stored in a secure locati on. This section covers secure storage. Policy Statement Sensitive or valuable material and equipment must be stored securely and according to the classification status of the information being stored. Documents are to be stored in a secure manner in accordance with their classification status. 1. 5. 1 Using lockable storage cupboards & filing cabinets A lockable storage cupboard should be considered for storing sensitive or valuable equipment. A lockable filing cabinet should be considered for secure storage of paper-based files and records, or small but movable items. |ICT Issues |Key Actions | |Unsecured organisation sensitive material may be |Ensure that all sensitive material is secured in a lockable storage | |stolen from the department. |cupboard, cabinet or safe when not required. The more sensitive the | | |material, the more care must be taken in selecting the appropriate storage| | |method. | |Ensure you are aware of who is an authorised key holder to any such | | |storage cupboard, cabinet or safe. | | |Ensure that a second key is available with a trusted key holder via a dual| | |control issues process in case the key holder is unavailable or the item | | |is required in an emergency. | |Securely locked organisation sensitive material may be|Ensure that highly sensitive material including computer discs and tapes | |stolen or damaged whilst in store. |are stored in a fire rated storage cupboard, cabinet, or sa fe. Beware that| | |the cabinet itself may survive the fire but the items inside may be | | |damaged irreparably. | | |Ensure that all sensitive material is secured in a lockable storage | | |cupboard, cabinet, or safe when not required. | | |Use a storage unit, which matches the sensitivity of the material. The | | |more sensitive the material, the more care must be taken in selecting the | | |appropriate storage method. | |Ensure you are aware of who is an authorised key holder to any such | | |storage cupboard, cabinet or safe. | | |Ensure that a second key is available with a trusted key holder via a dual| | |control issues process in case the key holder is unavailable or the item | | |is required in an emergency. | 1. 5. 2 Using Fire-Protected Storage Cabinets & Safes A fire protected storage cabinet is a good way to protect sensitive material against the risk of being destroyed by fire and possible water damage from fire fighting activities. The use of safes for storage is to be en couraged. The security of the safe itself is just as critical. Policy Statement Items such as backup-tapes, microfiche, microfilm, archives, recovery diskettes, passwords, CDs for software installation shall be considered sensitive and valuable to the organisation and must be stored in fire-protected storage cabinets & safes. |IT & T Issues |Key Actions | |Sensitive data stored in fire-protected cabinets can |Ensure that all sensitive material is secured in a Fire protected | |nevertheless be damaged beyond use. Due to their possible |cabinets & safe when not required. Yearly & Monthly system & database | |additional weight, siting is a key consideration |backups should be kept away from the building | | |Ensure you are aware of who is an authorised key holder to any such | | |storage cupboard, cabinet or safe. | | |Ensure that a second key is available with a trusted key holder via a | | |data control issues process in case the key holder is unavailable or the | | |item is required in an emergency. | |Sensitive data may be lost if stolen or during transit. |Copies of archives should be kept separate from actual database backups. | |A physical log file to control backup data movement to various safe | | |locations to be kept up-to-date both with signature of security personnel| | |and person moving the backups. | | |Data Library to be up-to-date with details of backup date, type, | | |location, type & expiry date | 1. 6Documenting Hardware Introduction This section deals with hardware documentation and manuals, and also hardware inventory. It is es sential that hardware documentation is kept up to date and made available to all users as appropriate. 1. . 1Managing and Using Hardware Documentation ‘Documentation' refers to both the operator manuals and the technical documentation that should be provided by the supplier / vendor. Policy Statement Hardware documentation must be kept up-to-date and readily available to the all staff that may need it. |ICT Issues |Key Actions | |If equipment is operated incorrectly mistakes and |Ensure you receive all operational and technical manuals for each piece | |damage may result. |of equipment. | | |Store the documentation accessibly but safely. | |Systems users must be trained according to the supplier's manuals | |A failure to follow the recommended schedule of |Ensure all regular maintenance is carried out and monitored. | |maintenance runs the risk of system malfunction, which |Adopt procedures which ensure that your operators complete all | |could possibly jeopardise your busines s operation. |maintenance for which they are responsible according to the | | |manufacturer's recommendation | |Failure to operate equipment in accordance with the |Ensure you receive all operational and technical manuals for each piece | |instructions can invalidate the warranty. |of equipment. | |Ensure that such manuals are readily available and form the basis of all | | |training. | |Failure to complete and return the manufacturer's |Complete the warranty card in time and record the details in your | |warranty card may invalidate the warranty and hence |Hardware Inventory Register. | |limit the manufacturer's liability | | ] 1. 6. 2 Maintaining a Hardware Inventory or Register Introduction A register / database of all computer equipment used within your organisation is to be established and maintained. Policy Statement A formal inventory of all equipment should be maintained and kept up to date at all times. ICT Issues |Key Actions | |Theft of equipment is most likely to result in additional |Establish inventory and implement procedures for updating it. | |cost to the organisation and could compromise data security. |Ensure that you have a procedure to advise the acquisition of new | | |hardware, the disposal of old items and any changes of location. | | |Periodically verify the correctness of the inventory by checking that | | |a sample of hardware is physically present. |Inadequate insurance could render your organisation liable |Establish inventory and implement procedures for keeping it | |to loss in the event of a claimable event. |up-to-date. | | |Ensure that you periodically review the adequacy of your insurance | | |cover. | |Shortcomings in the planning of equipment replacement can |Establish an inventory and, in conformance with your IT Plan, ‘ear | |make it difficult to plan ahead for new technology. |mark' equipment for replacement and plan accordingly. | 1. 7 Telecommunications equipment (Procurement, maintenance, practices and design t elecommunications) Procurement of telecommunications system †¢ Manufacturer maintenance (internal & external) †¢ Design criteria of systems †¢ Commissioning & Decommissioning of systems †¢ Fibre optic systems Introduction This chapter deals with the Information Communication Technology issues relating to the purchase, use, maintenance and the design of equipment through which information is processed and transmitted. The systems covered include, Telephony (PAX and PABX) Data Networks Fibre Network 1. 7. 1 System Design ( Engineering) Policy statement ICT system engineering will be based on tested and proven state of the art technology for a given ICT system. Explanatory notes The systems administrator shall from time to time update her/himself with new international standards for ICT systems. She/he shall be required to come up with flexible systems that will meet the company needs at the best. |ICT Issues |Actions | |Technology |System engineering shall be based on the latest technology in the | | |required field such as Telephony. | |Company's needs (Application) |The design shall address the company needs and applications for at least| | |the next ten years. |Flexibility |The system design shall address the equipment flexibility and upgrade. | |Redundancy |The design will state the expected loading and redundancy of the | | |equipment | 1. 7. 2 Procurement Policy Statement In addition to the public and company procurement procedures, the ICT departments will specify in details the functional and capacity requirements of system before any purchase is done. Explanatory notes Before any system acquisition is done, the system administrator will be requir ed to have evaluated the company's needs. This will include system performance; reliability ultimate capacity and staff abilities included proposed training requirements. This will be in the form of Request for Proposal (RFP) documents. |IC T Issues |Actions | |Tender document |Shall have detailed system/equipment description of the performance, | | |reliability and capacity of hardware. The system life expectancy shall be| | |required | |Spares and Support |The system spares will be stated. The system support and staff training | | |clearly be addressed | |Authorised dealership/partnership |The vendor shall be required to state and prove the partnerships with the | | |manufacturer | |Tendering |The type of bidders to be invited shall be stated | 1. 7. 3 Commissioning/ Decommissioning Policy Statement System commissioning will be carried out as stipulated in the manufacture's testing/commissioning sheets for any new ICT equipment. Tests should nclude all the RFP system requirements. System commissioning is necessary to ascertain system performance all the designed parameters will be tested. After the commissioning the system passwords should be immediately changed as a security measure, to protect any data manipulation or corruption from the vendor. |ICT Issues |Actions | |Performance |All tests as per system design and manufacturer's | | |specification/performance shall be carried out. |Drawings |All system drawings shall be submitted ( at least three copies)and kept | | |in safe custody | |Equipment Cabinet keys |The equipment cabinet keys shall be handed over to the functional head | |Decommissioning |System decommissioning shall be carried out once the equipment is no | | |longer in use. | | |Commissioning sheets and drawings shall be used to determine the current | | |connection (Circuit termination) of the system. | | |The decommissioned equipment shall be removed from the Telecom room and | | |all wires/cables not used shall be removed. | |The drawings for decommissioned systems/equipment shall be retired. | 1. 7. 4 Maintenance Practices Policy Statement All ICT systems shall be maintained regularly as per manufacture's recommendations. Where system are placed in harsh environments, system maintenance will be carried out as deemed by the systems administrator. Explanatory notes All system maintenance should be done in house as much as possible. Outsourcing of maintenance (Annual Maintenance Contracts, AMC’s) contrac