EIS Component 1: Processes, Rules & Protocols PDF

Summary

This document explains the processes, rules, and protocols of Enterprise Information Systems (EIS). It details five typical rules and five protocols, emphasizing data security and communication.

Full Transcript

EIS Component 1: Processes, Rules and Protocols in an Enterprise Information System
===================================================================================

Introduction:
-------------

In this video, we're going to look at the FIRST component of any
Enterprise Information System: Processes, Rules and Protocols.

Every organization consists of dozens of processes that continually
repeat themselves. A good is manufactured. A sales lead is generated. A
new employed is onboarded in the company.

In order to make sure that such processes are always carried out in the
best-possible MANNER from an organization's point of view, they are
either COMPLETELY or at least PARTIALLY standardized by setting Rules
and Protocols for them.

**Rules** are broad principles that regulate how an employee makes
decisions in context of a process. You can think of rules as the
\"WHAT\" of organizational behavior.

Here are five typical rules you will find in nearly every EIS:

1. **Password Policies**: First are password policies. This rule might
require complex passwords changed every 90 days. It might also
require passwords to include a mix of uppercase and lowercase
letters, numbers, and special characters. And users may not be
allowed to reuse their last five passwords.

2. **Access Control:** Next are access controls. This rule limits
system access based on job roles. For instance, employees are
typically only allowed to access systems and data that are related
to their specific job functions.

3. **Data Handling:** A data handling rule mandates encryption for
sensitive data, both in transit and at rest.

4. **Acceptable Use:** An acceptable use rule restricts personal
internet use during work hours and specifies that company email
accounts are for business purposes only. It might also prohibit the
installation of unauthorized software.

5. **Incident Reporting**: Incident reporting rules require immediate
reporting of suspected data breaches or security incidents. For
example, employees must report any suspected breach to the IT
department within one hour of discovery.

Now, let\'s move on to protocols. **Protocols** are precise sets of
steps that detail HOW entities should communicate or interact within the
system. They STANDARDIZE how parts of a process must be carried out, and
how entities should communicate or interact within the system.

Here are five typical protocols you might encounter in an EIS:

1. Data Backup and Recovery: A data backup and recovery protocol might
specify nightly full backups of critical systems, with backups
stored both on-site and off-site using encryption. It would also
include procedures for quarterly recovery testing to make sure data
can be restored within acceptable timeframes.

2. Software Development and Deployment: The software development and
deployment protocol could outline a comprehensive process including
mandatory CODE reviews (where all code changes must be reviewed and
approved by at least one other developer before being merged), a
series of TESTING phases (such as unit tests, integration tests, and
user acceptance tests), and specific deployment steps.

3. Incident Response: An incident response protocol would detail steps
for detecting, responding to, and minimizing security issues. It
might include using automated tools to monitor and detect anomalies,
for example.

4. Data Handling and Protection: A data handling and protection
protocol could specify methods for transferring sensitive data
outside the organization (such as using SFTP or HTTPS), and
procedures for securely deleting data when it\'s no longer needed.

5. Communication: A communication protocol might designate specific
tools and methods for internal and external communications. For
example, it could mandate the use of encrypted email or secure
messaging platforms for sensitive external communications and
outline a crisis communication plan for emergencies.

\>\> The Relationship Between Rules and Protocols
-------------------------------------------------

Within an EIS, it's best to think of rules and protocols as having a
complementary nature. Rules tell you what you can and can\'t do, while
protocols show you the steps of HOW to do what you\'re allowed to do in
what your organization feels is the most efficient and safe manner.

\>\> Scope of Rules and Protocols
---------------------------------

As you can imagine, an organization consists of countless Rules and
Protocols. Are they ALL also part of the organization's EIS? It turns
out that this is a subjective decision that each organization must make
for itself.

There are always \'Must Haves\'. ALL rules and protocols that apply
DIRECTLY to digital operations within the company are part of the
organization's EIS. This is basically the "MINIMUM" scope, and many
organizations define their EIS Rules and Protocols based exactly on this
narrow definition. The Rules and Protocols we have cited as examples in
this video would ALL fall into this 'Minimum Scope'.

However, there are also countless rules and protocols in most
organizations that may not DIRECTLY regulate digital activities, but
certainly have an INDIRECT effect on them.

For example, a company policy on work hours might indirectly affect
system access times- Or a protocol for in-person meetings might
influence how video conferencing tools are used.

Some organizations formally classify such INDIRECTLY related rules and
protocols as part of their EIS, too.