With the prominence of the theory of e-business and the improved use of business information systems within organizations, the necessity for all working professionals to have a high-quality knowledge of IT and IS has also increased. With the huge, fast changing choice of IS available, important business skills are thoughtful and assessing the variety of options existing.
Moreover, Information Systems form an integral part of modern organizations and businesses. Computer based IS are now used to support all aspects of an organization's normal functions and activities.
Innovative technology creates new opportunities for forward-thinking companies. Higher levels of automation, high-speed communications and improved access to information can all provide important benefits to a up to date business organization. Nevertheless, the benefits of new and emerging technologies can only be realized once they have been harnessed and directed towards an organization's goals.
The aims of this assignment are:
* Understand the importance of information to organizations and how it supports business strategy.
* Appreciate the range of facilities which information systems may provide and to experience methods and tools for development of appropriate systems to professional standards.
The assignment is organized into six chapters.
* Chapter 1 begins with a brief introduction, followed by the purpose and the organization of this assignment.
* Chapter 2 gives a short justification of the strategic analysis technique selected, followed by the actual analysis of TPI, its market, competition and environment using SWOT analysis.
* Chapter 3 presents a proposal for a strategic five year business plan.
* Chapter 4 presents the Use Case and Activity Diagrams.
* Chapter 5 depicts the Database with the Tables, Fields and the Entity Relationship Diagram.
* Chapter 6 presents the architecture of the new system, the appropriate software, hardware and security system.
* Chapter 7 gives a critical evaluation of the assignment and a review of the entire exercise.
2. Strategic Analysis Technique
The actual analysis of TPI will be based on SWOT Analysis which is a strategic planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a business venture by identifying the internal and external factors that are favorable and unfavorable to achieving the main objective. The following Table 1 address the actual analysis of TPI, its market, competition and environment and it will be used to draw some conclusions as a basis of the proposal in the next chapter.
- Good reputation as it was one of the first GR contract manufacturers
- One of the largest surface-mount manufacturers in GR
- Offers fast-track prototyping and box built services
- It operates from two central cities
- It has a satisfactory turnover
- It is close to the customer
- It gives emphasis on quality
- It gives emphasis on customer service
- It has two managing directors-better control
- Production is divided into five areas- better control
- It has a policy of minimum stock
- It monitors market trends and competitors' behavior.
- The head office is near to other industries and to Athens
- It uses IT to be monitored
- has a lot of customers from different sectors of electronic industry
- R&D is not big enough
- Runs only, a local area network
- As a sub-contractor, the cooperation with other companies is more complex
- It uses components from other suppliers. As a result it is exposed to rises of components' price
- The lack of a Marketing and PR department
- The lack of CNC “Pick and Place” machine at Patras branch
- The lack of market alliances, especially with companies that have similar interests.
- The Company has been established in Greece
- The lack of a sub-contractor in “big” markets.
- lacks CORE VALUES
- LACKS BELOW THE LINE STRATEGIES
- Globalization and Free Trade Market
- It can use Internet / E-Commerce in order to promote its products
- It can expands itself into the international market
- The recent global economic crisis - Lack of trust
- China and India are becoming more and more competitive
- It has 30 Greek competitors
- The Company has been established in Greece
Table 1: SWOT Analysis of TPI Company
3. A Proposal for a Strategic Business Plan for Thomson Page Interconnections (ΤPI)
This chapter comprises the proposal for a strategic five year business plan for Thomson Page Interconnections (TPI) Company. It's directly linked with the findings shown in Table 1. It reviews the strengths, weaknesses, threats and opportunities for TPI; presents a series of fundamental statements relating to TPI's vision, mission, values and objectives; and sets out Thomson Page Interconnections' proposed strategies, goals and course of actions that should to be made.
v Market Analysis
The global financial crisis exploded in the fourth quarter of 2008 brought serious negative influences to PCB industries in all over the world. Nevertheless, competitors from Europe, U.S, China and India still continue to be an obstacle in the development of TPI Company. China industry achieved to increase the sales revenue of PCB products to 2.2 percent in 2008. However, it still lags far behind Europe and U.S. in the development of PCB industry: a) the core technologies to produce complicated multilayer PCB are held in foreign giants; b) the supply of high-end production equipment mainly relies on importation; c) it is lack of matured industry standards; d) the coordination role played by industry associations does not work effectively. The Asia-Pacific region is expected to continue to expand in PCB production as PCB revenues for the region will increase by over 60% from 2007 to 2012.
“In 5 year's time only a small percent (roughly 35%) of the company will be continuing in Greece constituted by Executive management, Sales, Marketing, R&D and Supplies Dpts. The remaining percent (roughly 65%) will be outsourcing or implemented by sub-contractors of TPI in Greece, China and/or India, especially the majority of Production Dpt. (exception to this will be the Supplies Dpt in Patras that will continue to operate as a back-up office). As a result, any Course of Action (COA) should be based to a necessary - almost immediately- adaption of an effective exit strategy from Greece, due to the upcoming, not reversible national economic crisis”.
v Mission Statement
“TPI's mission statement is to improve its position in the sub-contract manufacturing market by producing a quality product at a competitive price”.
v Business Objectives
1. Corporate Responsibility (CR) strategy
The company aims to act responsibly in every aspect of its business activities. CR strategy will be aligned with its core business goals. Responsibility is business as usual. Its products will be used throughout the world, and its brand will be among the world's best-known.
2. Managing CR
The steering group will be responsible for supporting environmental and Corporate Social Responsibility (CSR) initiatives across the business and encouraging open communication and cooperation, both internally and externally. It will be made up of managers from across the company and will support its corporate structures to help integrate responsibility into its core business.
3. Code of Conduct
Its aspiration to be the world's most loved and admired brand can only be achieved by considering not just what it must do but how to do it. It requires to strictly adhere to laws and regulations and to go beyond this, by setting its goals much higher. Company's goal is to be the leader in ethical business conduct.
4. Risk management
Company's approach to risk management is based on identifying key risks which might prevent it from reaching its business objectives. This covers all risk areas: strategic, operational, financial, hazard and fraud risks. It includes political, social, human rights, and environmental risks, which are considered along with other aspects of risk rather than being seen as a separate strand.
The company must approach risk management in a systematic and pro-active way to analyze, review, and manage opportunities as well as threats, rather than solely eliminating risks.
v Key Strategies
The main strategy that should be launched by Thomson Page Interconnections is:
1. Exit strategy from Greece (Production Dpt)
The following are others important strategies that should be also launched:
1. Strengthen R&D department
2. Establish a wide area network
3. Create a Marketing and PR department
4. Create a web page and promote e-commerce
5. Forge alliances with companies that have similar interests
6. Have a sub-contractor in big markets
7. Expand and promote itself into the international market
8. Acquire the minor Greek competitors
v Major Goals
The following key targets should be achieved by Thomson Page Interconnections over the next 5 years:
* Gradually shrink the company's size in Greece
* On the final stage, operated only by the Head Management in Greece with a representative branch, as a back-up (PCB assembly) office, in Patras.
* Be a sub-contractor above others sub-contractors
* Create a powerful image
* Adapt the chances offered by globalization
* Supervise and manage the current competitors
* Outsource or implement a quality product at a competitive price
* Increase the profit margin
v Strategic Action Programs - Milestones
The following strategic action programs will be implemented:
1. First year:
v Create Marketing & PR department
v Strengthen R&D department
v Search for European subsidies in order to develop the IT (total outsourcing)
v Create a web page and promote e-commerce in order to support deployment of business applications via Internet
v Visit international exhibitions in order to clarify who are the international competitors and what their real capabilities are.
2. Second year:
* Continue the advertising campaign
* R&D department expands its interest
* Make continuously update and prioritize the tasks
* Start to acquire minor competitors
* Search for antagonistic competitors
3. Third year:
* Forge strategic alliances with big competitors
* Tender contracts with China and/or India
* Create subcontractors
* Start planning for converting Patras department into back office
4. Fourth year:
* Continue this exit strategy from Greece
* Taking attention to the new competitors that will be appeared
5. End of fifth year:
v Executive Management, Sales, Marketing, R&D and Supplies Dpt (PCBs assembly) will be executed from Greece
v The majority of the production will be outsourcing or implemented by sub-contractors in Greece, China and/or India
v Web-Plan Summary
The company aims to develop IT in order to promote e-commerce and enhance its image not only in Greece but also worldwide.
4.Use case and activity diagrams
4.1. The Use case
“A use case is a methodology used in system analysis to identify, clarify, and organize system requirements. The use case is made up of a set of possible sequences of interactions between systems and users in a particular environment and related to a particular goal.” Thus, the following use case has these characteristics:
* Models the goals of system/actor (user) interactions
* Describes one main flow of events (also called a basic course of action), and possibly other ones, called exceptional flows of events (also called alternate courses of action)
* There are three actors
v The customer who will send the order
v The employee who will receive and register the order
v The employee of the shop floor who will work on the work order
Furthermore, Activity Diagrams will be used in order to depict the workflow and describe the sequencing of activities.The Textual Description of uses cases are described as follow:
Textual Description of Use Case 1
® Name: Registration of a new order
® Description: Register a new order in order to create the work order.
® Preconditions: none
® Post conditions: None
® Basic Course of Action:
® 1. The customer sends the order to the company electronically or by hand
® 2. The employee logs into the system.
® 3. The employee inputs his name and ID number into the system.
® 4. The system verifies if the employee is eligible to work on this computer. [Alt Course A]
® 5.The employee takes the order.
® 6.The employee sets the product name and customer's name up to the system.
® 7.The system validates the customer's name. [ Alt Course B]
® 8. The system validates product name. [Alt Course C]
® 9.The employee selects the number of different components required to assemble the product.
® 10. The employee selects the serial number and description of components required and defines its manufacturing route.
® 11. The employee inputs the number of the units and the date of order into the system.
® 12. The system checks if the components required are available. [ Alt Course D]
® 13.The employee sends the Work Order to the shop floor.
® 14.The use case ends when the employee logs out from the system.
® Alternate Course A: The employee is Not Eligible to work on this computer.
® A.1. The registrar determines the employee is not eligible to have access in this computer.
® A.2. The registrar informs the employee he is not eligible to have an access.
® A.3. The use case ends.
® Alternate Course B: The customer is new.
® B.1. The system determines that the customer is not registered.
® B.2. The system informs the employee to enter the Customer ID, Name and Address.
® B.3. The use case continues at Step 8 in the basic course.
® Alternate Course C: The Product is new.
® C.1. The registrar determines the product is new.
® C.2. The registrar informs the employee to define the Product Code, Product name and send the order to the Design Dpt to create specifications.
® C.3. The use case continues at Step 9 in the basic course.
® Alternate Course D: The components are not available.
® D.1. The registrar determines that the exact components are not available in the warehouse.
® D.2. The registrar informs the employee that the exact components are not available, indicating at the same time the remaining availability.
® D.3. The registrar asks the employee if he wants to continue with the current availability or not.
® D.4. If the employee is willing to continue with the current availability the use Case continues at Step 13.
® D.5. If the employee is not willing to continue with the current availability, the registrar informs the employee to communicate with the Supplies Department to order the required components.
® D.6.The use case continues at Step 13 in the basic course.
Textual Description of Use Case 2
® Name: Product Assembly
® Description: Carry out a Product Assembly
® Preconditions: Registration of order into the system.
® Post conditions: None
® Basic Course of Action:
® 1. The employee logs into the system.
® 2. The employee inputs his name and ID number into the system.
® 3. The system verifies if the employee is eligible to work on this computer. [Alt Course A]
® 4.The employee makes a review of Work Orders on request.
® 5.The employee selects a Work Order that he will be working on.
® 6. The system records the start of the assembly.
® 7. The employee inputs the Operation ID that he will be working on.
® 8. The employee collects the necessary components for the product's assembly.
® 9.The employee inputs the components on CNC machine.
® 10. The employee switches on the CNC “Pick and Place” machine in order to start the surface mount assembly.
® 11. The employee takes samples as essential part of quality control.
® 12. The employee switches off the CNC “Pick and Place” machine when all the units in the order are completed.
® 13. The system records the time spent on CNC.
® 14.The employee groups the units into manageable sized batches.
® 15.The employee inspects the batches. [Alt Course B]
® 16. The employee gathers the results from quality assurance and sends them to the Design Department.
® 17. The employee allocates a unique batch code and the number of units in each batch.
® 18. The system records the batch ID and the number of units.
® 19.The employee sends each batch to the next assembly operation.
® 20. The employee sends each batch to the final assembly operation. .
® 21. The employee gathers all batches and put a bar code to the product.
® 22. The system records the bar code of the product.
® 23. The employee sends off the completed order to Dispatch and Distribution Dpt.
® 24. The employee logs out of the system.
® 25. The system records the end of assembly.
® 26. The system records the time that the employee logs out.
® Alternate Course A: The employee is Not Eligible to work on this computer.
® A.2. The registrar determines the employee is not eligible to have access in this computer.
® A.3. The registrar informs the employee he is not eligible to have an access.
® A.4. The use case ends.
® Alternate Course B: The unit is problematic.
® B.4. The employee determines that the unit is problematic.
® B.6. The employee isolates the unit from the system.
® B.7. The use case continues at Step 16 in the basic course.
5. The design of Database
6. Architecture of the new system.
TPI Company operates from two different sites: Inofyta and Patras. In the shop floor of Patras, there will be two PCs connected with a hub via star topology. With the similar way, in the shop floor of Inofyta the four PCs will be connected with a hub via star topology. This kind of topology was chosen as it provides protection from cable brakes. Thus, in case of an accident there will not be a loss of information from all the PCs but only from them which are connected via the cable.
Moreover, the two sites will be connected with the central server at Inofyta via bus topology. The hub of Patras will be connected with a co-axial Ethernet cable and a Modem via telephone line, with the server at Inofyta. With the same way, the connection between hub and server at Inofyta will be established. 4: The architecture of the new system
In order to design such a network system, an appropriate hardware must be used. More specifically:
* A server at Inofyta. It would be more efficient if there were several servers to share the load. Thus, there should be a separate file server, print server, password server and database server.
* Two hubs, one in each site in order to be connected the two PCs at Patras and four PCs at Inofyta.
* A modem at Patras and a co-axial Ethernet cable, in order to send and receive data from server at Inofyta.
* A repeater, as the transmission distance between Inofyta and Patras is long and signal distortion may occur.
* Three PCs for managing directors and the company secretary, three PCs for the directors of Sales, Production and R&D Departments, four PCs at the shop floor of Inofyta, two PCs at the shop floor of Patras and the number of PCs , AP's required in each sub-department.
* Two barcodes readers and scanners, one in each site as the company will use the barcode in the production line.
* Printers, scanners, faxes in each site.
As far as the software is concerned, the company should use the following:
* Operating software, like Windows Vista, in order to interact with the hardware and manage -direct the computer's resources.
* Document production software, like Microsoft Office word processing, in order to enter, edit, store and print text and layout different elements of a document.
* Graphics software like drawing-diagramming programs.
* Spreadsheet-office software for processing numerical information in order to store and manipulate all the values, numbers and text of company's applications.
* Database-software for storage and retrieval of information like Oracle, Access, SQL.
* Presentation software, like Microsoft's PowerPoint for Windows.
* Multimedia software, useful especially for the promotion of the company via Internet.
* Software for using Internet and sending e-mail.
* A web browser, like Internet Explorer, in order to have access in Internet.
* Virus detecting / healing software.
* An Enterprise resource planning applications software that provides functions for managing business areas such as production, distribution, sales, finance and human resources management.
Controls upon information system are based upon two fundamental principles:
Ø The need to guarantee the accurancy of the data held by the company.
Ø The need to protect against loss or damage.
The most common threats faced by an information system can be placed into the following categories:
Ø Natural disaster
Ø Unauthorized use
Ø Computer viruses and malware
In order to cope with all these threats, there are four major approaches that can be taken.
The strategy of containment attempts to control access to the information system. One approach involves making potential targets as unattractive as possible. A second technique involves creating effective series of defenses against potential threats. If the expense, time and effort required to gain access to the information system is greater than any benefits derived from gaining access, then intrusion becomes less likely. A third approach involves removing the target information system from potential threats. Typical ways in which this might be achieved include distribution assets across a large geographical area, distributing important data across the entire organization or isolating important systems.
This strategy uses the threat of punishment to discourage potential intruders. A widespread method involves continuously advertising and reinforcing the penalties for unauthorized access like the dismissing of employee for gaining access to confidential data. A second approach involves attempting to identify potential threats as early as possible, for example by monitoring patterns of information system usage and investigating all anomalies.
Obfuscation concerns itself with hiding or distributing assets so that any damage can be limited. One means by which such a strategy can be implemented is by monitoring all of the company's activities, not just those related to the use of its information system. This approach also provides a measure of protection against theft and other threats.
A strategy based upon recovery recognizes that, no matter how well defended; a breach in the security of an information system will finally take place. Such a strategy is basically concerned with ensuring that the typical operation of the information system is restored.
Types of control
There are five major categories of controls that can be applied to the company's system:
Ø Physical protection
It involves the use of physical barriers intended to protect against theft and unauthorized access. Locks, barriers and security chains are examples of this type of control.
Ø Biometric control
These controls make use of the unique characteristics of individuals in order to control access to sensitive information or equipment. Scanners that check fingerprints, voice prints or even retinal patterns are examples of biometric control.
Ø Telecommunications controls
These controls help to verify the identity of an exacting user. Frequent types of communications controls include passwords and user validation routines. As an example, when a new network account is created for a given user, they may be asked to supply several pieces of personal information, such as the name of their spouse or their date of birth.
Auditing involves taking stock of procedures, hardware, software and data at regular intervals. With regard to software and data, audits can be carried out automatically with an appropriate program.
The password represents an easy, reasonably priced means of restricting access to equipment and sensitive data. With the password, access to the system can be divided into levels by issuing different passwords to employees based on their positions and the work they carry out. Additionally, the actions of the employees can be regulated and supervised by monitoring the use of their password.
A supplementary layer of protection for sensitive data can be provided by making use of encryption technique. Modern encryption methods rely upon the use of one or more keys. Without the correct key, any encrypted data are meaningless to a potential thief.
Ø Back up procedures
The effects of an unexpected loss of data can have an effect on the company's activities in a variety of ways. The disruption caused to the company's typical activities can result in important financial losses due to factors such as lost opportunities, additional trading expenses and customer dissatisfaction.
One of the most common methods of protecting valuable data is to use the “grandfather, father, son” technique. Here, a rotating set of back up disks or tapes are used so that three different versions of the same data are held at any one time.
Ø Detecting viruses
The risk of virus infection can be reduced to a minimum by implementing a relatively simple set of security measures:
§ Machines and software should be checked on a regular basis with a virus detection program.
§ All new disks and any software originating from an outside source should be checked with a virus detection program before use.
Ø Managing threats to Internet services
As the company may use the Internet Protocol to support deployment of business applications via Internet, a variety of specialized software applications must be used in order to manage threats to system originated from the Internet. Examples include:
§ Firewall, a specialized software application mounted on a server at the point the company is connected to the Internet to stop unauthorized access into the company from outsiders.
§ Intrusion detection software that monitors activity on a network in order to identify intruders.
§ AI software that uses artificial intelligence to detect intrusion attempts or unusual activity that might be a sign of a breach in security.
 Available at http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci334062,00.html, accessed in 10 Dec 09
 Paul Bocil, Andrew Greasley, Simon Hickie,2008, “Business Information Systems”, 4th edition, Pearson Education, P.223
 Ibid, p.65-104
 Ibid, p.121-176
 Ibid, p. 572-600