EIS Component 1_ Processes_Rules and Protocols _ SCRIPT _ V1.docx
Document Details
Tags
Full Transcript
EIS Component 1: Processes, Rules and Protocols in an Enterprise Information System =================================================================================== Introduction: ------------- In this video, we're going to look at the FIRST component of any Enterprise Information System: Proces...
EIS Component 1: Processes, Rules and Protocols in an Enterprise Information System =================================================================================== Introduction: ------------- In this video, we're going to look at the FIRST component of any Enterprise Information System: Processes, Rules and Protocols. Every organization consists of dozens of processes that continually repeat themselves. A good is manufactured. A sales lead is generated. A new employed is onboarded in the company. In order to make sure that such processes are always carried out in the best-possible MANNER from an organization's point of view, they are either COMPLETELY or at least PARTIALLY standardized by setting Rules and Protocols for them. **Rules** are broad principles that regulate how an employee makes decisions in context of a process. You can think of rules as the \"WHAT\" of organizational behavior. Here are five typical rules you will find in nearly every EIS: 1. **Password Policies**: First are password policies. This rule might require complex passwords changed every 90 days. It might also require passwords to include a mix of uppercase and lowercase letters, numbers, and special characters. And users may not be allowed to reuse their last five passwords. 2. **Access Control:** Next are access controls. This rule limits system access based on job roles. For instance, employees are typically only allowed to access systems and data that are related to their specific job functions. 3. **Data Handling:** A data handling rule mandates encryption for sensitive data, both in transit and at rest. 4. **Acceptable Use:** An acceptable use rule restricts personal internet use during work hours and specifies that company email accounts are for business purposes only. It might also prohibit the installation of unauthorized software. 5. **Incident Reporting**: Incident reporting rules require immediate reporting of suspected data breaches or security incidents. For example, employees must report any suspected breach to the IT department within one hour of discovery. Now, let\'s move on to protocols. **Protocols** are precise sets of steps that detail HOW entities should communicate or interact within the system. They STANDARDIZE how parts of a process must be carried out, and how entities should communicate or interact within the system. Here are five typical protocols you might encounter in an EIS: 1. Data Backup and Recovery: A data backup and recovery protocol might specify nightly full backups of critical systems, with backups stored both on-site and off-site using encryption. It would also include procedures for quarterly recovery testing to make sure data can be restored within acceptable timeframes. 2. Software Development and Deployment: The software development and deployment protocol could outline a comprehensive process including mandatory CODE reviews (where all code changes must be reviewed and approved by at least one other developer before being merged), a series of TESTING phases (such as unit tests, integration tests, and user acceptance tests), and specific deployment steps. 3. Incident Response: An incident response protocol would detail steps for detecting, responding to, and minimizing security issues. It might include using automated tools to monitor and detect anomalies, for example. 4. Data Handling and Protection: A data handling and protection protocol could specify methods for transferring sensitive data outside the organization (such as using SFTP or HTTPS), and procedures for securely deleting data when it\'s no longer needed. 5. Communication: A communication protocol might designate specific tools and methods for internal and external communications. For example, it could mandate the use of encrypted email or secure messaging platforms for sensitive external communications and outline a crisis communication plan for emergencies. \>\> The Relationship Between Rules and Protocols ------------------------------------------------- Within an EIS, it's best to think of rules and protocols as having a complementary nature. Rules tell you what you can and can\'t do, while protocols show you the steps of HOW to do what you\'re allowed to do in what your organization feels is the most efficient and safe manner. \>\> Scope of Rules and Protocols --------------------------------- As you can imagine, an organization consists of countless Rules and Protocols. Are they ALL also part of the organization's EIS? It turns out that this is a subjective decision that each organization must make for itself. There are always \'Must Haves\'. ALL rules and protocols that apply DIRECTLY to digital operations within the company are part of the organization's EIS. This is basically the "MINIMUM" scope, and many organizations define their EIS Rules and Protocols based exactly on this narrow definition. The Rules and Protocols we have cited as examples in this video would ALL fall into this 'Minimum Scope'. However, there are also countless rules and protocols in most organizations that may not DIRECTLY regulate digital activities, but certainly have an INDIRECT effect on them. For example, a company policy on work hours might indirectly affect system access times- Or a protocol for in-person meetings might influence how video conferencing tools are used. Some organizations formally classify such INDIRECTLY related rules and protocols as part of their EIS, too.