KOMPUTER NASIONAL MALAYSIA
(MALAYSIAN NATIONAL COMPUTER CONFEDERATION)
CODE OF PROFESSIONAL CONDUCT AND PRACTICE
The following conventions apply to the reading of this code.
MNCC CODE OF PRODUCT
NOTES FOR GUIDANCE
Relationship to MNCC
NOTES ON DISCIPLINARY PROCEDURE 6
MNCC CODE OF CONDUCT
The MNCC code of Conduct embraces the following five principles.
A professional member of the MNCC:
(1) will act at all times with integrity and will not knowingly lay claims to a level of competence that he does not possess and at all times exercise competence at least to the level he claims,
(2) will act with complete discretion when entrusted with confidential information,
(3) will act with inpartiality when purporting to give independent advice and must disclose any relevant interest,
(4) will accept full responsibilty for any work which he undertakes and will construct and deliver that which he purports to deliver,
(5) will conduct himself in a proper manner and will not seek personal advantage to the detriment of the MNCC.
NOTES FOR GUIDANCE
The five principles set our above make up the MNCC Code of Conduct. Each professional member of the MNCC, shall undertake to adhere to these principles as a condition of membership. The priciples are clear but have an inevitable appearance of grnerality and in the following pages each principles is supported by a number of notes for guidance which will help in specific interpretation. Members of the MNCC will readily appreciate that continued evidence of the determination to abide by the Code will ensure the public trust and confidence in computer professionals which is so necessary to the continuing effective use and development of information technology in Malaysia.
The IT professional will behave at all times with integrity. He with not knowingly lay claims to a level of competence that he does not posses, and he will at all times exercise competence at least to the level he claims.
Integrity also implies wholeness, soundness, completeness. Where nessary the IT professionals should obtain additional guidance or expertise from qualified advisers.
While the need for professional integrity should not be regarded being helpful and co-operative; any guidance or advice that he can provide from experience and knowledge should be readily given.
The IT professional should act in a manner based on trust and good faith towards others with whom his work is connected.
He should express an option on a subject in his fied only when it is founded on adequate knowledge and honest conviction, and will properly qualify himself when expressing an opinion outside his professional competence.
He should not comply with the MNCC Code of Practice and any other codes that are applicate abd ensure that his clients are aware of the significance of their work.
He should do his best to keep himself up to date on relevant development in the field of IT.
[go to part A]
He will act with complete discretion when entrusted with confidential information.
He should not disclose, or permit to be disclosed, or use his own advantage, any confidential information relating to the affairs of his presentor previous employers without their prior permission. This principle covers the need to protects confidential data.
Training is required for all staff on measure to ensure confidentiality, to guard against the possibility of third party intentionally or inadvertently misusing data to be watchful for leaks of confidentiality arising from careless use of data or indiscretions.
[go to part A]
He will act with strict impartiality when purporting to give independent advice and in so doing will disclose any relevant interests.
This priciple is primarily direct to the case where the member or his relatives and friends may take a private profit if the client or employers follow his advice. Any such interest should be disclosed in advance.
A second interpretion is where there is no immediate personal profit but the future business or scope of influence of his department depends on a certain solution being accepted. Where as the salesman is assumed to have a bias towards his own company, an internal consultant should always consider the welfare of the organisation as a hole and not just the increased application of IT.
[go to Part A]
He will accept full responsibility for any work which he undertakes and will construct and deliver that which he purports to deliver.
Trust and responsibility are at the heart of professionalism. A member should seek out responsibility and discharge it with integrity. He should complete the work he accepts on time and within budget. If he cannot achieve what he promised then he must alert the client or employer at the earliest possible time so that corrective action can be taken.
He should have regard to the effect of IT based systems, insofar as these are known to him, on this basic human rights of individuals, whether within the organisation, its customer or suppliers, or among the general public.
Subject to the confidential relationship between himself and his customer, he is expected to transmit the benefit of information which he acquires during the practice of his profession, as a result of his technical knowledge, to illuminate any situation which may harm or seriously affect a third party.
He should combat ignorance about his technology wherever he finds it and in particular in those areas where application of his technology appears to have dubious social merit.
[go to Part A]
5. Relationship to the MNCC
He will not seek personal advantage to the detriment of the MNCC.
It is necessary to write this principle into Code of Conduct to prevent misuse of the consideration influence that a professional MNCC member can have. Nevertheless, its impact is largely and the points have been made be read in the light.
He should not bring the MNCC into dispute by personal behaviour or acts when acknowledged or known to be representative of the MNCC.
He should not misrepresent the views of the MNCC nor represent that the views of a segment or group of the MNCC constitutes the views of the MNCC as a whole.
When acting or speaking on behalf of the MNCC he should, if faced with conflict of interest, declare his position. He should not serve his own pecuniary interests or those of the company which normally employs him when purporting to act in an independent manner as representative of the MNCC, save as permitted by the MNCC following a full disclosure of all the facts.
He is expected to apply the same high standard of behaviour in his social life as is demanded of him in his professional activities insofar as there interact. Confidence is at the root of the validity of the qualifications of the MNCC and conduct which in any way undermines that confidence (e.g. a gross breach of a confidential relationship) is of deep concern to the MNCC.
He should conduct himself with courtesy and consideration towards all with whom he voluntary effort and should consider what personal contribution he can make both to the MNCC and to the public generally.
[go to part A]
NOTES ON DISCIPLINARY PROCEDURE
All members of the MNCC undertake to abide by the MNCC's Code of Conduct. It will sometimes happen, however, that someone (member or non-member) wishes to lay a complaint against a member for infringement of the Code, and this note explains the MNCC's procedures.
First the complaint is laid by letter with the MNCC's Hon. Secretary. In many cases, because of the knowledge and experience that is available to members of the MNCC in the several areas of IT practice, the grievance can be settled there and then avoiding the time and effort of formal enquiry. These discussions are conducted in strict confidence.
When a more difficult problem is presented, an Investigation Committee can be nominated to look into the grievance and make a case to the Disciplinary Committee. The Disciplinary Committee will set a date for hearing and invite the complainant and the respondent to be heard giving due notice to both parties. Legal assistance may be retained.
Sanctions which can be applied include Admonishment, Suspension and Expulsion from membership.
There is an appeal procedure.
The Code of Conduct is administered by a reperesentative group, and a members of the Investigation Committee retire and replaced each year. Member of the Disciplinary and Appeals Committee will be specially appointed by the Council for each case to ensure that no member of nay of the three committees serves on either of the other committees for that case. Further, the Chairman of the Disciplinary and Appeals Committees may be advised by lawyers retained by the MNCC.
The Constitution and By-Laws of the MNCC do not differentiate between professional and non-qualified members. A professional workers exercises not only the skills which he has learned in his normal education and training, but also mature personal judgement developed from Members who are consultants carry special professional obligations. Senior executive in charge of a major application or project is responsible for the accuracy of the information produced by the installation and for ensuring that those for whom it is prepared are fully aware of its limitation in relation to the purpose for which he is unaware or for which it was not intended. The responsibility of senior systems analysts and programmers is also heightened because their work is so little understood by others and failures can have serious consequences. It must, however, be borne in mind that the more responsibility a member carries, the higher will be the standard expected of him and the more rigorously may the MNCC's sanctions have to be applied. In the interest of the public, the highest standard will be expected of those in public practice who by nature of their work accept personal responsibility for what they undertake.
The MNCC has no legal standing as between and his employer, whether an individual or a company. Its remedy lies in giving, where appropriate, fullest support for the stand taken by a member who loses his job, or is in danger of doing so, and for ensuring the employer who seeks to place the member in a position which could cause him to violate the ethical code for his profession.
The MNCC cannot consider a complaint against a member where a member's conduct is the subject of legal proceedings - the MNCC has no power to take evidence on oath, nor compel the production of documents. In these circumstances as a view expressed by any member in his official capacity on behalf of the MNCC could improperly influence the course of justice. The complaint could only be considered when the legal action is completed, or it is established that no legal proceeding will take place. This does not prevent a member appearing in the courts as as 'expert witness'.
CODE OF PRACTICE
METHOD OF WORK
CHECK LIST FOR DOCUMENTATION
ACQUISITION OF A COMPUTER SYSTEM
- Introduction, Terminology, Layout
- Personal Requirements
- Organisation & Management
- Privacy, Security and Integrity
- Operation , Maintenance & Review
MNCC CODE OF PRACTICE
The MNCC recommends a code of practice for members. This would include method of work documentation, checklist for acquisition technology of an information technology solution and code of personal practice.
[go to part B]
METHOD OF WORK
Each organisation should setup procedures for effective development of information systems. This may vary from organisation to organisation. However, typical tasks are listed below.
According to the size and period of a project, there should be Checkpoints assigned at frequent intervals during a period, at which point management should review the progress work. Some key tasks are highlighted:
Feasibility Study (Checkpoint)
Terms of Reference (Checkpoint)
Problem Specification (Checkpoint)
Identify Process Innovation
System Design, and evaluation of altenate design approaches
System Specification (Checkpoint)
|Program Specification||User System Specification|
|Program Planning||Preparation of user manuals|
|Login Charting||Stationery design|
|Testing||User staff training|
|Program Suite Testing||Changeover procedures|
|Documentation Handover||Work Aids|
|Test Data Preparation and Checking|
System Testing (Checkpoint)
Acceptance Test (Checkpoint)
Changeover and parallel running
Post Installation Review
Periodic System Review
[go to part B]
CHECKLIST FOR DOCUMENTATION
This checklist is a guide to items important to the satisfactoy documentation of a system as a whole. It concentrates on the documents necessary to provide:
Some of the items are directly related to checkpoints indicated under Method of work. The checklist is no way intended as a substitute for good installation standards of documentation. A typical checklist may include the following.
* Title Page
* A general description of the system or sub-system, including the manual operations.
* The objectives and scope of the system.
* An overall view of:
* Special techniques used.
* Data input and output in specific terms
* System parameters available for control.
* Overall system organisation. This should:-
* Minimum configuration of equipment required for running the system.
* An indication of any possible restriction which might prevent the system from being run on alternative computers.
* A statement of run-time constraints and time allowed for the processing.
* A plan for the various stages of system testing required by the development.
* A system for recording the discovery of errors during system testing and for documenting their correction as programs are successfully amended.
* A glossary of any special or technical terms used in the system.
* A list of reference documents if this appropriate.
Identification of files used by the system to include input, output and intermediate files, whether held on the computer or manually.
* For each file:
* For each record.
* For each data item within a record
* A statement of the logical processes necessary to produce the required results.This includes controls and reconciliation procedures and will provide the derivation of each data item.
* Definition of the interface with any other system used within the organisation.
* Title page
* A record of all amendments made to the program and data of the first run of the amended version.
* Methods and techniques used with useful references.
* A functional definition starting the necessary logical steps from input to output and including provision for:
Note: Documentation of these items will be necessary only to the extent that they are not covered elsewhere.
* The language used where this particular program or part of program differs from the rest of the system.
* The files used (this may also cross-refer to avoid duplication)
* The amount of core store require by the program.
* Identify each module or sub-routine used by the program.
* Clear description of any overlay arragements used in the program.
* Any special character sets or codes used if not defined elsewhere in installation standards.
* Examples demonstrating the detailed operation of the program or module concerned when any unusual technique has been used.
* A plan for testing the program and ensuring that every instruction is executed at least once.
* A record of the progress of the program through its trials.
* Program listings and associated documents:
The contents of the operating manual will be conditioned by the nature of the work. This can range from batch processing on a small locally-based computer, or on a larger centrally-controlled machine, to terminal operation for an interactive on-line system.
* Title page
* A brief description of the system
* Security: a detailed statement, where necessary, of the scurity arragements for
* Timing and frequency of runs
* Description of input
* Pre-run procedures and checks
* Operating notes
* Data preparation ( wehn not done by user)
The user's manual will differ in format according to the size of the using organisation. In a small organisation each user group or section may have the whole of the manual. In a large one, the manual be split into parts appropriate to each of the functional units or duties within the organisation. A typical user's manual would contain the following materials:
* Title page
* A brief summary of the system
* A glossary of any special technical terms
* Timing consideraions: scheduling of despatch and receipt times for computer input and output material.
* Pre-computer run clerical processes
* Data preparation instructions, if necessary, for conventional keying or terminal operation.
* Post-computer run clerical processes
* Overall security instructions or checks. These would be included in user procedures but would probably be restricted to supervisory or managerial levels.
[go to part B]
ACQUISITION OF A COMPUTER SYSTEM
The acquisition of a mainframe computer system for the first time involves a number of tasks, some of which are listed below. For investment in small systems the number of tasks would be reduced or more simplified.
If the investment involved is substantial a senior computer professional should be assigned to work in this area.
[go to part B]
CODE OF PRACTICE
This code of Practice is directed to all members of The Malaysia National Computer Confederation. It consists, essentially, of a series of statements which prescibe minimum standard of pracice, to be observed by all members.
The Code seeks to help members to discharge their professional responsinility. All members have responsibilities; to clients, to users, to the State and MNCC at large. Those members who are employees also have responsibilities to their employers and employers customers and, often to a Trade Union. In the event of an apparent clash in responsibilities, obligations or prescribed practice the MNCC's Hon. Secretary should be consulted at the earliest opportunity.
The Code is intended to be observed in the spirit and not merely to the world. The MNCC membership covers all accupations relevant to the use of computers and it is not possible to define the Code in terms directly relevant to each individual member. For this reason the Code is set out in two levels to enable every member to reach appropriate interpretations.
A series of brief statements which define the elements of practice to be observed.
The rational for the Level One statements.
Level Two is not intended as guidance on how to carry out the Code of Practice, but only to provide an explanation of its meaning and the reason for including the statement at Level One. Where examples are given of how to apply the Code, these are simply to clarify the meaning. Many of the clauses may seem to state the obvious, but much that goes wrong in computer use does so because the obvious has been overlooked.
Level One appears on the left, Level Two on the right, rationale being opposite the appropriate statement
|LEVEL ONE||LEVEL TWO|
|In practice of his profession the member will, to the extent that he is responsible:|
|1. Personal requirements|
|1.1 Keep himself and also encourage subordinates, informed of such new technologies, practices, legal requirements and standards are relevant to his duties.||1.1 Other will expect you to provide special skills and advice, in order to do so, you must keep youself up-to date. This is true for members of all professions, but particularly so in computing which is developing and changing rapidly.You must also encourage your staff and colleagues to do the same, for it is impossible to retain your professional standing by relying only on the state of your knowledge and competence at the time you achieved professionals status.|
|1.2 Ensure subordinates are trained in order to be effective in their duties and to qualify for increased responsibilities.||1.2 If you are in supervisory capacity, take action to ensure that your hard-won knowledge and experience are passed on in such a way that those who receive them not only improve their own effectiveness in their present positions but also become keen to advance their careers and take on additional responsibilities.|
|1.3 Accpet only such work as he believe he is competent to perform and not hesitate to obtain additional expertise from appropriate qualify individuals where advisable.||1.3 You should be aware of your limitations and knowingly imply that you have competence you do not possess. This is of course distinct from accepting a task the successful completion of which requires expertise additional of your own. This pointis central to the MNCC Code of Conduct; you cannot possible be knowledgeable on all facts but you should be able to recognise when you need additional expertise and information, and where to find it.|
|1.4 Actively seek opportunities for increasing efficiency and effectiveness to the benefit of the user and of the ultimate recipient.||1.4 Whatever the precise terms of your brief, you should always be aware of the environment surrounding it and not work solely towards completion of the defined task and no more. You must regard it as part of your duty to make your client aware of other needs that emerge, unsatisfactory procedures that need modification and benefits that might be achieved. You, as an innovator, should take into account the relevant new methods and should always be looking for the possibility of additional benefits not foreseen when the project was planned. You must also look beyond the immediate requirements to needs of the ultimate user. For example: the invoice your system produces may be right for company accounting procedures but cinfusing for the person who is being ask to pay against.|
|2. Organisation and management||(This section of the Code is concerned with broad principles. Management of development is covered in detail in Section 5 and 6; management of operational projects in Section 7. Since computer management is still management, the normal principles applicable to any kind of management apply here also).|
|2.1 Plan, establish and review objectives, tasks and organisational structure for himself, and subordinates, to help meet overall objectives.||2.1 It is dangerously easy for you as a computer professional to become fully engrossed in the problem of the moment, and to lose sight of the overall objectives of the organisation. Computing, no less than any other discipline, is an organic component of the organisation, and you should continuosly ensure that the path you are following is in line with the objectives of that organisation. You must make use of the well established management pratices of monitoring and review to ensure the area of work for which you are responsible is making its maximum contribution.|
|2.2 Ensure that any specific tasks are assigned to identified individuals according to their known ability and competence.||2.2 When delegating work to your subordinates ensure that as far as possible the task will develop their competence and increase their motivation. However, you must also ensure that the principles implied in 1.3 are observed or you will be faced with a dissatisfied user who is not receiving the services to which he is entitled.|
|2.3 Establish and maintain channels of communication from and to seniors, equals and subordinates.||2.3 It is often assumed that communication will look after itself, but good communication is vital to business success. You must ensure that formal channels of communication exist upwards, downwards and sideways in the organisation for which you are responsible. It is difficult to over emphasise this point in connection with computer work which by nature requires constant interaction between the members of the computer organisation and, most importantly, with the user. Furthermore, you will find that communication skills can be improved considerably by formal training and this should be included in your training plans as a high priority item.|
|2.4 Be accontable for the quality, timeless and use resources in the work for which he is responsible.||2.4 High on
your list of professional duties will be the requirement
to provide a service of agreed quality, on time and
within budget. Beyond that, of course, is the requirement
for contingency planning and the need to make others
affected aware of difficulties and dangers if these are
forseeable. For this, you as a professional, are
responsible. You cannot turn your back on a problem once
organised, and hope someone else will save it or that it
will simply go away.
Action taken to minimise the impact of such problems will, in the end, ensure a smoother running organisation.
|3. Contracting||(This section is included in the Code because some formal agreement-even of not a specific contract-is needed before any definition of responsibilities are essential, in advance of action)|
|3.1 Seek expert advice in the preparation of any formal contract.||3.1 In the same way as you would expect to be consulted in your field as a computer professional be ready to consult oher specialist in drawing up contracts or in matters such as commerce,finance, tax, legal or risk evaluation. Much of your time can be saved in this way, to say nothing of avoiding he potential danger of a badly drawn up contact or wrong assement of a legal situation. Many of these areas have become defined as standard pratice and a number of profesional bodies provide standard contract forms as a guide to their own members which help considerably to reduce problem areas.|
|3.2 Ensure that all requirements and the precise responsibilities of all parties are adequately covered in any contract or tendering procedures.||3.2 In the same way as you would carefully review the completeness of the detail for a system specification, it is necessary ti review the totality of the detail to be covered by a contract. Take care to ensure such items as provision of accommodation, typing, data preparation, responsibility fior media security and standby arrangements are not forgotten. Apart from the problems which will arise if these things have been over-looked the profitability of your contract will be adversely affected. Again, communication enters into this as you need to ensure that everyone who is party to the contract is fully aware of his obligations under the contract.|
|4. Privacy, security and integrity||(A system is at risk from the moment that the project which develops it is first conceived. This risk remains at least until after the system is finally discontinued perhaps indefinitely. Threats to security range from incompetence, accident and carelessness to deliberate theft, fraud, espionage or malicious attack)|
|4.1 Ascertain and evaluate all potential risks in a particular project with regard to the cost, effectiveness and practicability of proposed levels of security.||4.1 One of
your more difficult responsibilities is that of
determining the value of a system in terms of what would
be lost if a system security was to be treated (eg.
damage to national security by leaks from medical records
or fraud by access to financial information). However, a
view is required to aid decision be spent on security in
a least these four areas:
|4.2 Recommend appropriate levels of security commensurate with the anticipated risks and appropriate to the need of the client.||4.2 You still need to remember that you must give attention to some areas of risk which are mandatory such as those covered by legislation for health and safety at work. However, risk exist in connection with the security if your hardware, software, data system and people, all of which should be identified and recommendation made.|
|4.3 Apply, monitor and report upon the effectiveness of the agreed levels of security.||4.3 Situations are always changing and people lax in observing routine pratices. You will therefore find an on-going security and audit extremely valuable in keeping people aware of security requirements and procedures, and in the identification of weakness and loopholes in the security system. Moreover, security arrangements should be reviewed periodically in the light of developing technology and the new methods of breaching security.|
|4.4 Ensure that all staff are trained to take effective action of protect life, data and requirement (In that order) in the event of disaster.||4.4 Naturally, the safety of people is your first priority. The data is the next priority, and proper backup facilities for recreation of data files should exist. Equipment should be replaceable and normally insured. Your staff should be trained to react with regard to these priorities.|
|4.5 take all reasonable measure to protect confidential information from and integrity of the data in the data file and each part of an organisation's database.||4.5 Your responsibility for confidential of information is at least as great as that of members of other professions. The job is even more complex by reason of the speed capacity amd facility for data exchange by computers. Frequently, personal information will be under your control, and you should always be aware of the spirit and letter of relevant legislation written to protect the individual.|
|4.6 Ensure that competent people are assigned to be responsible for the accuracy and responsible of the data in the data file and each part of an organisation's dtabase.||4.6 You must take direct action to give responsibility to specific individuals to ensure the accuracy and integrity of data within each system. Whilst this is important for any system, However simple, it becomes even more significant in more complex database and communication environments.|
|5. Developement||('Development' in this context means not only all the work involved in order to reach the stage where a viable computer system is ready to become operational, it also includes maintenance and enhancement work)|
|5.1 Exercise impartiality when evaluating each project with respect to its technical, moral and economic benefits.||5.1 Your responsibility in a project will give your opportunities to make decisions based on your personal views and preferences. The line between personal bias and professional opinoin becomes some what finely drawn. To avoid finding yourself on the wrong side of the line, always make sure you are aware of your client's objectives and the benefits he is looking for, and be careful not to lose objectively through enthusiasm created by the latest development of technology.|
|5.2 Effectively plan, monitor, adjust and report on all development, acquisition or replacement projects.||5.2 This principle is no differences from that applying to many other professionals in other fields, but your attention is drawn to it is essential to business control in any organisation.|
|5.3 Ensure that effective standard procedures and documentation are available and used.||5.3 A characteristic of professionals is that depend on the operation of a series of standards and procedures for efficiency and effectiveness. This is no less true for the computer professional. You should ensure that the standards you lay down do not cause inhibiting rigidity but provide a framework within which individuals know how the work is to be done when and by whom.|
|5.4 Specify the system objectives completion date, cost and security requirements with the client and the necessary critical for their achievement.||5.4 Always ensure you produce a clear statement with qualified objectives wherever possible which can be agreed with the client. It is also too easy to overlook this point in the general rush of business life: when commiting agreements to paper it is frequently a neglected activity. For large projects covering a significant span of time, objectives should in fact be relevant in the light of changing circumstances.|
|5.5 Ensure that the client can participate in all stages of problem analysis, system development and implementation.||5.5 The system you develop ultimately belong to the client,and therefore he needs to maintain overall control and be given opportunities to exercise it.Therefore you should seek his involvement in key project activities,e.g the specification,quality control and provision of test data.You should encourage and help the client to achieve the right level in involvement not least because in this way you ensure you produce the system that the client requires.|
|5.6 Ensure that each task is completed to a defined level before the next dependent task is started.||5.6 A task may be anything from specifying a system to determining the size of a piece of detailed code. While many tasks will be executed in parallel,dependent tasks should be completed sequentially with nondependent activities within them overlapped.But you should not,for example,start writing a program in advance of a complete specification if you wish to avoid duplication or waste of effort in reprogramming.|
|5.7 specify and conduct program test and system to ensure that all system objectives are met the satisfaction of the client.||5.7 It is clearly necessary for you to plan to test each program separately and then all programs together as a complete suite,followed by the computer elements together with the rest of the system.The objective is to prove the system functions as intendedand not merely to detect errors.Remember the client should be involved in testing to achieve the objectives of 5.5.|
|5.8 Ensure that systems are designed and sufficiently documented to facilitate subsequent audit, maintaince and enhancement, and accurate comprehension by users.||5.8 It is essential , at the original stage , that you consider and provide for the needs of future audit and of modification. Documentation should indicate clearly where the audit trail lies. Documentation should assist in troubleshooting and enable modification to be undertaken with minimal reprogramming and the smallest possible impact on operations. Also your user will require documentation in a convenient form to ensure the proper use and exploitation of the system.|
|5.9 Ensure that input and output are designed to obviate misunderstanding.||5.9 The input and output of a system are normally prepared or received by nontechnical users and consequently must be designed to simplify business life rather than add extra burdens.Input and output should be easily readable - avoid jargon,unfamiliar codes abbreviations - and provide clear headings and such things as page numbers|
|5.10 Ensure that there are adequate procedures available to delete erroneous, redundent and out of date data from files.||5.10 It is part of a sound approach consider not only the immediate use of system but also its effectiveness duringa life which will be as long as it continues to meet its objectives.During this life, redundant data is bound to accumulate and it will be essential to have procedures for clearing it out. Without proper procedures, undisciplined corrections or deletions may occur, thereby compounding the problem (see also below)|
|5.11 Ensure that adequate procedures are available which will, with the minimum of inconvenience, restore data files and program files to their required conditions in the event of data loss corruption or system failure.||5.11 This is
complementary to 4.1. The design stage is the time to
ensurethat the restorative procedures are incorporated.
When an operations disaster occurs, it will be too late to start thinking about such procedures.
The emphasis in 5.10 and 5.11 is on clear procedures to protect data and programs from corruption rather than relying on adhoc correction by individuals who may subsequently be the only ones who know what they have done.
|5.12 Ensure that projects are completed with technical soundness, using the most appropriate technology and within time and cost constraints.||5.12 Cost and services are criteria of an effective system rather than technical ingenuity.The technology to be exploited should be the best for the purpose in view,not necessarily the latest or most sophisticated.|
|6. Implementation||(The term is used here to describe the transition from development to full operation)|
|6.1 Ensure that adequate provision is made for user and operatios staff training in all functions of the system for which they are responsible.||6.1 You
should not consider the task complete until you have seen
the system through to implementation.Your professional
duty requires you to see that the system can be used
effectively by your client's staff.Each new system will
bring with it to some degree new approaches, new
techniques and ways of doing things.These have to be
explained to your users who may show resistance to change
because of their previous experience. You should
recognise that they will require time to become familiar
with the new system and to gain confidence both in the
new system and their own ability to meet the new
Training should be properly timed to ensure that all staff involved in the implementation stages know exactly what are required of them.
|6.2 Effectively plan, adjust and report upon all activities concerned with the changeover from development to operational running.||6.2 These
are vital parts of the design and development
process.Your plans and schedules must be accurate and
complete in details for all resources involved whether
users's or data processing. Further constant reviewing
will be necessary as implementation responsibilities will
be put to the test here ,as all who are affected will
need to be advised of changes and be given the
opportunity to comment. Again, the opportunity presents
itself to help generate the understanding , confidence
and sense of involvement so necessary to successful
implementation and subsequent operation.
If you fail to carry out these functions effectively, operation dates will be jeopardised and almost certainly , implementation cost will be higher than they need be.
|6.3 Ensure that expeditious and economic completion of implementation consistent with adequate testing and security.||6.3 Here you are involved in a professional judgement or trade off between reasonable cost and acceptable levels of proving or testing.If you cust corners by,say reducing system testing time, then likely effect on the operation elsewhere should be evaluated and made known to those who should know.|
|7. Operations, Maintainance and Review.||(This section is concerned with the ongoing operations of system handed over by design and development staff)|
|7.1 Plan and operate effecient and reliable processing within defined budgets.||7.1
'Processing services' covers all the activities between
reception of data and delivery of results.
You must ensure that these services are provided effeciently to users who are just as dependent on these as they are on the application for the well being of their business.
|7.2 Monitor performance and quality and arrange regular reviews of the efficiency, effectiveness and security of live systems.||7.2 The dynamic nature of most business environments mean that over a period ,a system may gradually provide the user with a service inferior to that originally planned.Your post-implementation reviews will be all the more effective if you check not only how well the system is meeting its original objectives in the light of current business requirements.|
|7.3 Plan, from the start of a prject, to provide adequate maintenance and enhancement support to live systems so that they continue to meet all requirements.||7.3 Much of the criticism computer applications receive to traceable to their failure to respond , by means of modifications which do not happen,or they are implementation haphazardly over too long a period.If you ensure that your project plans include provision of a formal system to control the enhancement of programs ,and identify the need for appropriate maintenance resources,you will avoid user dissatisfaction arising from this type of problem.|
|7.4 Establish good liaison with users and provide proper facilities for dealing with enquiries and day-to-day problem concerning the user of systems.||7.4 One of the most important areas where your professionalism will be tested will be in maintaining continuous formal and informal liason with your users. Everyone concerned with the services you are providing should now understand the need for formal channels of communication. In particular , do not forget to ensure that these exists to cover the special circumstances which arise in emergencies.|
[go to part B]
[go to top]