Riordan Manufacturing, Inc. Service Request SR-Rm-022
Riordan Manufacturing has submitted an SR-rm-022 service request for the analysis of the current HR system with the goal of the integration of the current tools into an integrated application for corporate wide use. The new HR system for Riordan Manufacturing Systems will implement the development life cycle process (SDLC). The project has a completion date for approximately six months from initiation with system utilization beginning in the second quarter for the following year. The detailed project plan will list resources, schedule, tasks, and budget required to complete the project. The following document provides a proposal to fulfill Riordan's request covering information gathering techniques, successful information gathering techniques, project scope, feasibility, application architecture and process design, software architecture, security controls, and a conclusion.
Software Architecture Though the design phase of the SLCD typically involves the design of the human-interface and database. The new HRIS should consolidate sensitive information accessible only by HR staff at the Riordan Headquarters. Sensitive information should include applicant information, complaints, employee files, FMLA absences, grievances, harassment complaints, job analysis, pay rate, personal information, personal exemptions for tax purposes, and requests for accommodation, resumes, salary surveys, and status of applicants. Non-sensitive HR information should be within the DMZ, accessible via password by low-level management and employees. Non-sensitive HR information should include development records, employee hire dates, organizational information, seniority dates, training, and vacation hours. Workers compensation should continue to be managed by the third-party.
The current policy regarding employee information changes can be maintained but Riordan should look at submitting employee information changes via corporate e-mail to reduce paper usage. Because Excel is commonly used already, it is recommended that the new system incorporate Excel's database capabilities into the new design. This would increase compatibility and eliminate the need to train the staff on the database functions of the new system.
The new system should consist of two applications one will be the primary HRIS and the other a slim version. The slim version needs to be housed within the DMZ and used by the employees. Both the primary and slim application should be linked so non-sensitive employee information in the slim application can be updated by the primary application. Extensive care should be taken in coding both applications so the slim version cannot be used to compromise the primary HRIS. Both should make use of usernames and passwords for access to the system. Once the username and verification has occurred, the user should be transferred to the correct system. As with any program, ease of use is important so consideration should be taken regarding the type of user interface used for this new system. A user-friendly, graphical interface is recommended for the user to access the different sub-menus on their respective server. This recommendation is made simply because GUIs are already a well-known interface among most computer users.
During the implementation of the new HRIS, it is recommended that certain security controls and policies are implemented because of the sensitive information, which will be stored on the new HRIS server. Implementation of a demilitarized zone (DMZ) for security is highly recommended. A DMZ is a host or network which prevents outside users from directly accessing company servers that contain sensitive data it is inserted between a company's private network and the outside public network, and would provide a high level of security for the new HRIS. To create a DMZ, the company must purchase and install two firewalls. One will be placed between the outside network and the DMZ, and the other will be placed between the DMZ and the company network. Any server important for vendors, customers, or employees should be placed within the DMZ, it is important to note that no sensitive company data or programs should be placed on any machine within the DMZ. Servers containing sensitive company data should remain behind the second firewall, well within the company's internal network. Additionally, it is recommended that a network-based antivirus be placed on the company-side firewall to protect against malicious software. Network-based antivirus works at the firewall, or server level to stop viruses and worms at the perimeter of the network, so they never get into the network (Shinder, 2006). The final physical security precaution recommended is an intrusion detection system (IDS). An IDS works at the router scanning network packets, or auditing packet information at the host-level, and logs suspicious packets. The IDS scans known network attack signatures in its own database and each packet is assigned severity levels, and if the severity levels are high, the IDS will issue a pager call or warning e-mail to the network administrator. In addition to the physical security controls recommended, it is also recommended that Riordan institute new policies regarding who inputs employee information, how employee information is updated or altered, and to what degree of access specific people have to HR and employee-related files. This should be determined by Riordan management. Finally, Riordan should invest in a backup server or online data backup solutions to ensure that a copy of HR data is always protected.
Application Architecture and Process Design Application architecture consists of application software programs that will carry out the functions of the system and provides the processing functions for the business requirements. Technologies that information systems used in terms of its data, interface, network components, and processes, serve as the systems building blocks. The inputs for the development of the design models, and documents are the data flow diagram (DFD). To model the physical design of the system DFD may be used, before developing a physical design, processes, and entities should be first identified. Data architecture provides a solid foundation for strategic initiatives and is a layered set of models. Data architecture is the key artifact in developing and implementing control supporting a data strategy it handles data used by business and usually connects to either a local-area network (LAN) or wide-area network (WAN). A group of computers in proximity is supplied networking capability by the LAN, a large geographic area such as state, province, or country is covered by WAN. To implement distributed relational databases, relational database management software (RDBMS) is required in the process. RDBMS maintains and control access to stored data it is a software program, and backup, recovery, and security are other features RDMBS provides.
Process architecture is the software languages and tools used to develop the business and application programs. It consists of the software development environment (SDE) a language, and tool kit for constructing information system applications or software development and system management. Programming languages used to build or develop applications are COBOL, C, C++, Pascal or Java. Management and process development tools such as transaction processing (TP), configuration managers, monitors, and version control, are usually required by System Management, the client/server computing application. TP monitors is a sub-system that groups together sets of related database updates and submits them together to a relational database and make sure that groups of updates takes place or not. Software that tracks ongoing changes to the software is version control and configuration managers. The new HRIS system is built around an SQL, system operators, HR Manager, System Administrators with built in modules for reporting will be able to create and print reports automatically.
Interface architecture can be categorized as system and user interface it is how the system interacts with people and other technical and organization systems. System interface are electronic transmissions or paper outputs to external agents, including reports, statements, and bills while user interface defines how the user interacts with the system. Interface to users is a graphical user interface or GUI with dialog boxes, mouse or pointer interaction, and windows. More sound and video command are included. As users interact differently with systems, needs, and…