Prezentace předmětu: INFORMATION MANAGEMENT Vyučující: Ing. Radim Dolák, Ph.D. Název prezentace Název projektu Rozvoj vzdělávání na Slezské univerzitě v Opavě Registrační číslo projektu CZ.02.2.69/0.0./0.0/16_015/0002400 Logolink_OP_VVV_hor_barva_cz INFORMATION MANAGEMENT 10. IS AND PROCESS-ORIENTED STRATEGIC CONCEPTS IN ORGANIZATIONS,INFORMATION AUDIT, INTEGRATED MANAGEMENT SYSTEM USING ISO STANDARDS Ing. Radim Dolák, Ph.D. •ICT management is a key factor in an organization's information strategy, which is one of the organization's partial strategies. Business management from an ICT point of view generally takes place at three basic levels - strategic, tactical and operational. In practice, two basic IT control models, ITIL and COBIT, are the most used. •Every business or organization should have a good insight into its information management processes to make it more efficient to use the information. •For this purpose, a company's information audit is normally performed. The most well-known system quality management tools include ISO 9000 standards, which can also be used to find the current universal definition of quality. • Introduction csvukrs üDefine the concept of an information audit üIdentify key areas and areas that are monitored in an information audit üProcess-Oriented Strategic Concepts in Organizations üSpecify the most commonly used ISO standards Goals of the chapter csvukrs •According to Sodomka and Klčová (2010), process-oriented strategic concepts can be characterized as partial business strategies that enable the organization's strategic goals to be effectively implemented on the basis of IS / CTS and business processes. • •The following three sub-concepts can be defined: qERP concept, qCRM concept, qSCM concept. IS and Process-Oriented Strategic Concepts in Organizations csvukrs •ERP Concept - based on the close interdependence of the information system, the management of internal processes, the full owner of which is the organization, and the management of external processes, the co-owners of which are the customers and suppliers of the company. The ERP conception is practically implemented through the ERP system or the ERP system. enterprise applications that, as an integrated whole, primarily serve to manage internal processes • •CRM Concept - based on the close interdependence of the IS, the management of external processes, the co-owner of which is the company's customers. Practically it is implemented through the CRM system, enterprise applications that, as an integrated whole, primarily serve to manage contacts, marketing, business and service processes. • IS and Process-Oriented Strategic Concepts in Organizations csvukrs •SCM concept - is based on the close interconnection of the information system and the management of external processes, the co-owner of which is the suppliers, customers. This concept is realized in practice through the SCM system or the SCM system. enterprise applications that, as an integrated whole, primarily serve to manage supply chain processes or processes that enable the organization to be effectively integrated into the supply chain as part of it. • IS and Process-Oriented Strategic Concepts in Organizations csvukrs •Every business or organization should have a good insight into its management processes in order to use the information more efficiently. For that purpose, an audit of the company is standardly carried out. • •According to P.W. SECURITY, the following definitions of information audit can be stated: •The information audit is an interdisciplinary information discipline, mainly in the field of information science, information and knowledge management. It is used as the application of the theoretical foundations of information management in practice. • •In particular, it is important for the company to process, sort and hold information, especially the Information audit of the system. Information audit csvukrs •According to P.W. SECURITY, the following definitions of information system audit can be mentioned: •1. An analysis of the information system to assess whether the system is in line with established requirements (user, legislative, qualitative, safety, standardization, etc.). An audit is performed by an independent Authorized Person or an Institution that does not have direct responsibility for the functions of the audited system. •2. Recording of events and activities carried out by the user or on his behalf, important for the security of the information system (so-called security audit). Together with identification and authentication, it is used to determine the responsibility for investigating security incidents. • Information audit csvukrs •The audit of the information system is an opportunity to examine the technical state of the sub-areas of the information system and the quality of system integration in the enterprise. •According to Bezoušek (2003), the key areas monitored in the audit include: qinformation services used by individual business units, internal SLAs and metrics for these services, qorganizational issues related to the information system (business management approach to the IS, representation of the IT department in the company's management bodies, payment for the management of IS requirements, etc.), qbusiness strategy, business and development plans and their impact on information system requirements, Information audit csvukrs qenterprise crisis management, backup, and disaster planning / recovery, qexisting outsourcing relationships, relationships with current suppliers, qerror checking system, error costs, loss insurance, third party penalization, qmechanisms for evaluating the conditions of the IS and compliance with the requirements of the law, evaluation of the IS within the framework of the audit, internal control and audits of the information system, qchange management in key processes supported by the information system. Information audit csvukrs •In the framework of the final audit report, the individual technological units, as well as the information from the managerial level, are compiled back to create an overall picture of the information system from the point of view of its operational and development needs and possibilities. •According to Alexander (2016), audit outputs in the form of an audit report should be processed in a form that is comprehensible to the intended recipient. In many cases, the audit report is prepared in several versions - a brief summary report for the top management of the organization, and a detailed, technically specialized report for responsible IT staff. Information audit csvukrs •The usual structure of IS security audit outputs includes: qdescription of the detected condition, qbasic safety assessment of the system, qdescription of identified deficiencies in the documentation, qa description of the identified vulnerabilities and safety deficiencies of the IS, qidentification of critical locations, qdraft countermeasures, including recommendations for the implementation process. Information audit csvukrs •As Alexander (2016) states, he should also identify the vulnerability of the IS and the threats that arise from the lack of security measures. The task of the audit is to highlight the vulnerabilities that have been identified in order to eliminate or mitigate these threats and vulnerabilities by means of subsequent security measures to a measure acceptable to the organization. • •These measures are classified as: qPreventive qReduction qDetection qRepressive qCorrective actions Information audit csvukrs qPreventive - to prevent the occurrence of security incidents. An example is a system of assigning and managing access rights to a group of authorized persons, authorization systems, identification, and authentication. qReduction - measures that can be taken in advance so as to minimize any damage that may occur. An example is the system of back-up or organizational continuity management. qDetection - if a security incident occurs, it is important to detect this as soon as possible - detect it. An example is a security incident monitoring system or an antivirus program. • Information audit csvukrs qRepressive - measures against the continuation or repetition of a safety incident. An example is the temporary blocking of an account or network address after unsuccessful login procedures or a card hold after login attempts with an incorrect PIN code. qCorrective actions - measures to quickly remedy the damage. An example is to retrieve data from a backup or return the system to the last stable version. • Information audit csvukrs •According to Doucek (2010), it is one of the world's most well-known ISO 9000 quality management system tools, in which the current universal definition of quality can be found. • •According to the Office for Standards, Metrology, and Testing, ISO standards are international, internationally valid standards issued by the International Organization for Standardization. • •Quality management systems form a specific set of standards. The requirements of ISO standards are universal, can be used by organizations regardless of their type, size, and scope. Most standards are designed to allow integration with other management systems. • Integrated management system using ISO standards csvukrs •Technical standards are documented agreements that provide for general and reusable use rules, guidelines, guidelines or characteristics of activities or their results that ensure that materials, products, processes, and services meet the intended purpose. • •International Standards ISO 9000 has been developed by ISO / TC 176 Quality Management and Quality Assurance Technical Committee. The above standards have been approved by the European Committee for Standardization (CEN) as EN ISO standards without any modifications. • Integrated management system using ISO standards csvukrs •ČSN •The Czech Technical Standard is marked with a six-digit number (sorting mark) and the name, eg: ČSN 80 0001 Textile Sorting and basic names. •In addition to standards declared as harmonized, Czech technical standards are non-binding, binding only when their use is contractually agreed between the organizations concerned. • •ČSN ISO •The Czech Technical Standard, which introduces the ISO international standard into the Czech standards, is referred to as the ISO standard number, the classification of the Czech technical standard and its name, eg: ISO 1144 (80 0050) Textiles. The introduction of international standards into the national standards of the Member States is voluntary. Integrated management system using ISO standards csvukrs •ČSN EN •The Czech Technical Standard, which introduces a European standard into the Czech standards system. It is marked with the European standard number, the classification of the Czech technical standard and the name, eg ČSN EN 12751 (80 0070) Textiles - sampling of fibers, yarns and fabrics for testing. •European standards are transcribed into CSNs in most cases by translation, so these CSNs do not differ from the original Europe-an standard in any provisions. The introduction of European standards into national standards is mandatory for CEN members. • Integrated management system using ISO standards csvukrs •ČSN EN ISO •The Czech Technical Standard, which introduces into the Czech standards system a European standard identical to the international ISO standard. It is marked with a European standard number (identical with the ISO standard number), the classification of the Czech technical standard and the name, eg ČSN EN ISO 105-A01 (80 0120) Textiles - Tests for colorfastness - Part A01: General principles of testing. • •The most important representative in the area of quality management is the ISO 9001 standard, which specifies the requirements for QMS of the organization. The current version of ISO 9001 was published in September 2015, the Czech version of ISO 9001 is valid from March 2016. • Integrated management system using ISO standards csvukrs •According to the Institute for Testing and Certification, the main benefits of ISO 9001 certification are: qstabilization of the achieved qualitative level in the range of products and services, qincrease revenue through efficiently set processes, qincreasing the credibility of the company in the eyes of customers and other business partners, qgetting new customers through delivering high-quality production, qintroducing order and rules into all activities within the company, qthe possibility of retrospective control of compliance with the set rules in the quality system, qapplying preventive measures to prevent potential disagreements and defects. Integrated management system using ISO standards csvukrs •Who is ISO 9000? qOrganizations that try to get benefits by implementing a quality management system qOrganizations that try to gain the confidence that their suppliers will meet the product requirements, qProduct users, qAnyone interested in understanding the terminology used in quality management (eg suppliers, customers, competent authorities), qall persons, both internal and external to the organization, who assess the quality management system or perform its audit in terms of compliance with ISO 9001 requirements (eg auditors, competent authorities, certification/registration authorities) qall individuals, both internal and external to the organization. Integrated management system using ISO standards csvukrs •In today's society, technical standards are qualified recommendations, not mandatory regulations. Their use is voluntary but universally beneficial. •What is the technical standard for? qare a prerequisite for free circulation of goods and services, especially in the EU, qserves as the reference level for measuring/evaluating the quality of a product or service, qestablish safety criteria, qpromote a balanced relationship between quality and cost, qare often binding in business contracts between the supplier and the buyer, qmay be required for public procurement, • Integrated management system using ISO standards csvukrs qbecome an effective tool for competitive competition in competition, qprotect the environment and take care to protect health, qenable mutual support / mutual compliance of the environment and competitiveness, qprotects both consumers and manufacturers, qensure efficient production, qensure consistency between products and services. • Integrated management system using ISO standards csvukrs THANK YOU FOR YOUR ATTENTION