Organizational Processes and Standards Quiz

Questions and Answers

What is the primary purpose of Rules in an organization?

• To provide specific steps for completing tasks.
• To establish communication protocols within the organization.
• To regulate how employees make decisions. (correct)
• To dictate consequences for employee actions.

Which of the following best describes protocols in an EIS?

• They are broad principles that guide ethical decisions.
• They outline the consequences for data breaches.
• They are detailed steps on how to handle specific processes. (correct)
• They are rules that pertain only to data access.

Which of the following is an example of a Protocol of an Enterprise Information System

• A rule that requires all data entries to be reviewed weekly.
• A rule that limits access to sensitive data to management levels only.
• A list of the specific steps to be taken in case of a data breach. (correct)
• A rule that requires system audits to be conducted at the end of each fiscal quarter.

Which of the following is an example of a Rule of an Enterprise Information System?

All employees must change their passwords every 90 days. (C)

What protocols are used to securely transfer sensitive data outside of an organization?

HTTPS and SFTP (B)

How do rules and protocols relate to each other within an EIS?

Protocols provide the procedures to follow the rules (C)

Flashcards

Rules in EIS

Broad principles that regulate how employees make decisions within a process. They act as the 'what' in organizational behavior.

Protocols in EIS

Specific, detailed steps outlining how entities communicate and interact within a system. They standardize the 'how' of processes.

Data Handling Rule

A rule that specifies how sensitive data is protected, both when it's being moved and when it's stored.

Acceptable Use Rule

A rule that restricts personal internet use and clearly defines the purpose of company email accounts for business purposes.

Data Backup and Recovery Protocol

A protocol that outlines the procedures for backing up critical systems and restoring data in case of a loss.

Code Review Protocol

A structured approach to ensure software changes are reviewed and approved by other developers before they are incorporated into the main codebase.

Software Testing Phases

A series of tests conducted at different stages of software development to ensure quality, functionality, and performance.

Incident Response Protocol

A detailed plan outlining steps for identifying, responding to, and mitigating security incidents.

Data Handling & Protection Protocol

A set of rules and procedures for handling and protecting sensitive data, including secure data transfer and deletion methods.

Communication Protocol

A defined system for internal and external communication, including tools, methods, and crisis communication plans for emergencies.

Study Notes

Organizational Processes and Standards

• Organizations use processes that repeat, like manufacturing goods, generating sales leads, or onboarding employees.
• Standards (rules and protocols) ensure these processes are done efficiently.

Rules

• Rules are broad guidelines for decision-making during a process.
• They dictate the "what" of organizational behaviour.
• Examples of typical rules in an enterprise information system (EIS):
  • Password Policies: Complex passwords, changed regularly, mix of characters, no reuse of previous passwords.
  • Access Control: Access restrictions based on job roles—employees only access relevant systems/data.
  • Data Handling: Sensitive data encryption in transit and at rest.
  • Acceptable Use: Restrictions on personal internet use during work hours, company email for business only, no unauthorized software.
  • Incident Reporting: Immediate reporting of suspected data breaches or security incidents to the designated IT department.

Protocols

• Protocols are precise step-by-step instructions on "how" to do things within a process.
• They standardize the execution of processes.
• They dictate how entities interact within the systems.
• Examples of typical protocols in an EIS:
  • Data Backup and Recovery: Nightly full backups of critical systems, backups stored on-site and off-site with encryption, quarterly recovery testing.
  • Software Development and Deployment: Code reviews, various testing phases (unit tests, integration tests, user acceptance tests), specific deployment steps.
  • Incident Response: Steps for detecting, responding to, and minimizing security issues, including automated tools for monitoring.
  • Data Handling and Protection: Methods for transferring sensitive data outside the organization (e.g., SFTP or HTTPS), procedures for securely deleting data.
  • Communication: Designated tools and methods for internal and external communications, including encrypted email, secure messaging, and crisis communication plan.

Rules and Protocols Relationship

• Rules and protocols work together—rules define the "what", while protocols define the "how".

Description

Test your knowledge on organizational processes and the standards that govern them. This quiz covers key concepts such as rules for decision-making, password policies, access control, and data handling. Gain insights into how organizations can operate efficiently and securely.