Information Technology for management Project

Information Technology for management Project: Hotel Business

  1. Business Introduction
    1. Concept/idea

The idea is to start a hotel business unit in London, with a long term plan of extending it to several foreign countries such as in Middle East, Australia, Africa and United States. The hotel is intended to have 7 top level departments, with each department having a department manager, with relevant qualifications and experience who will report to the managing director. This means 8 strategic managers. Other employees will include waiters, cashiers, professional chefs, IT personnel, data entry clerks, hotel drivers, marketers, secretaries, logistic team (for supply chain management), customer representatives, cleaners, security personnel, tour guides, and spa and massage specialists. These will form the bulk of junior staff approximated to be 30 employees. With the need for casuals such as cleaners the total expected employee turnover is approximated to 45 employees.

  • Services/Products you sell and buy

The hotel will provide food (local and exotic), confectionary and pastries, beverages (fresh natural juices, sodas, and animal beverages like milk, alcoholic and other non alcoholic drinks), comfort services such as spa treatment and massage, lodging and accommodation services, tours and travel services,  conference facilities and services and event organization services.

  • Target market

For general services such as basic foods and beverages, the first target market is drawn from all demographics (children, teens, young adults and adults, elderly, families, couples, both males and females) with a target of both locals and international market. The second target group will be wealthy businesses people on business trips, tourists visiting London, and prominent people on business/academic/political matters wishing to hold meetings and conferences in a serene environment. The last target group is high end event revelers such as entertainment events, sporting events, public campaign awareness events and so on. 

  • Business functions/departments

At the start, the hotel is expected to have 7 main departments namely; the administration, production, customer care, marketing, finance, IT, research and development. In case of expansion, each unit will be required to have the following core sections universally: the parking space, cash counter, reception, kitchen, dining hall, side station, family section, dish washing section, pantry section and a toilet. These sections will add up to the already six departments.

How could IT improve your business?

IT will play a very crucial role in helping the Hotel business in the following main areas: process improvements, decision making, operations streamlining, regulatory compliance and obtaining a competitive advantage over the competitors.  In the business process improvement, through automation, IT will help in improving core hotel’s processes such as stock taking, payment processing, online retailing, administrative automation, customer service among other processes. IT will be used as a strategic weapon or tool to assist in decision making. This will be done by examining various products of the information systems such as summary, evaluation and comparisons reports. Such decisions provide the financial and competitive health for the business that will be critical for the management to make choices regarding areas of improvements, market and customer characteristics and so forth. Operations streamlining is mainly a product of automation, where processes can be standardized, accuracy and timely delivery of processes outputs can be evaluated among others. As a regulatory enhancer, IT will provide a crucial role in documenting and evaluating regulatory requirements such as health and safety activities of the hotel as expected by regulatory bodies and laws. Finally, by analyzing market trends, customer behavior, process and operations improvements, IT will play a crucial role in discovering strategies of reduced costs of operations, product/service differentiation according to the market demands, expanding sales and target market among other competitive advantages.

  • Information Management:
    • What kind of data/information you need to run your business

The hotel will require the following categories of data as inputs to its information system: transactional data based on daily transactions such as sales volumes, customer service experience, sales income, daily supply requirements among others. Secondly, it will require management information for different managers such as semi-refined summaries of daily transaction data. Examples include; daily sales volume of a particular service/product or a menu item, particular performance of a newly introduced product, administrative work such as daily personnel turnover (absentees), daily summaries of supplier information and so on. This information will be essential for strategic management. Tactical information that will be important for the top management and the director of the hotel will also be required. This might include refined summaries on the performance of a given product or service such as event organization, market trends of close competitors and so forth. Data for tactical information requirements will be obtained from transactional and strategic management systems, together with decision support systems. Decision support systems will be necessary to predict the future such as in terms of brand attractiveness, supplier characteristics, and consumer behaviors and so on.

  • How will you manage the data?

Data management will be done through the help of an enterprise resource planning (ERP) system. The ERP system will be able to collect, analyze, store, and produce the desired reporting for use by different users and uses.  The database will also act as repository infrastructure from where data can be stored and retrieved on need basis.

More specifically, the following principles will be used: Data planning, data control and organization, access control, long-term data resiliency, and data sharing. This will leverage the business’s core asset – the data.

  • What is the role/importance of a Database to your business?

A database system is composed of the data repository and a database management system that can allow modifications, updating, retrieval and other activities that wishes to be done on the data. The database system will provide a secure, reliable, adequate storage capacity and timely and remote retrieval of the intended information for the authorized users. It will support all the core functional areas of the business with required data and information. Besides, the database system will prevent duplication of data and efforts, allow advantages of pooled information such as shared information resources, data consistency and data searches among others.

  • Networks, Collaboration, and Sustainability

                The information system will rely on a variety of data networks for communication, collaboration and sustainability reasons. The institution’s network infrastructure, will involve a LAN that will serve the internal information needs and an internet connection to allow WAN access.

                Near Field Communication (NFC) and Radio-frequency identification (RFID) will play a major role in facilitating hotel’s operations within the premises of the business. NFC provides for a low-speed connection which is very simple to set up between devices separated by a short range distance. This technology will be used to support contactless payment services that will allow mobile payments. It will offer an ideal, easy and rapid communications for most of consumer devices used within cross-range. With NFC enabled devices within the premise, users can easily store and exchange personal data files such as pictures, messages and MP3 files among others. However, this technology cannot be relied upon in transferring large files or for over larger separation distances. 

                RFID will provide a vital business muscle in identifying and tracking tags automatically that are attached to objects. This technology uses electromagnetic fields for the purposes of data transmission. In the hotel business, RFID tags will be attached to all business assets, from furniture to kitchen equipments, to stock and all items within the premise of the hotel. The technology will allow easy identification and tracking of these items for the purposes of inventory taking and asset profiling. Besides, they will be used by the logistic team to track stock and supplies by facilitating identification of products’ characteristics such as destination, origin, supplier, customer and so forth. Apart from inventory and tracking of other assets, this technology will also prove very beneficial in applications involving access control. For example, these tags can be mounted on staff badges and can also be used to capture car details and authorize vehicles at the entrance. Strategically, RFID technology can be used to track the performance of certain brands provided by the hotel. En example is tracking the performance of a discounted product items (like a menu item) through a supply chain involving other retailers. This can prevent the retailers from diverting the discounted prices.

                Within the Hotel’s premises, information networks will include WiFi and Wireless LAN. WiFi provides a relatively easy and convenient way to send and receive light files. With the increase usage of smart phones, users can easily access the internet, which will be one of the communication and entertainment services provided at the hotel. In addition to having a connection to the internet, users can easily exchange data files such as music and short video clips. The inclusion of a wireless LAN will enhance more sharing of larger data files within the hotel’s staff, within customers as they enjoy the internet services within the hotels, and between the staff and the customers. This can include confirmation of orders especially those in the lodgings and want to communicate with the staff. The staff can also use the mobile devices especially notebooks to do some more research for example on the possibility of introducing a new menu item, exploration of an international market and so forth at the comfort of the hotel’s premises. However, for wireless LAN and WiFi, security and network strength will occupy the central notion in their implementation. Despite there being passwords to regulate their use, sensitive information such as strategic and tactical information will not be allowed to be relayed through wireless LAN and WiFi. The essence behind this is that wireless networks are more prone to attacks such as man-in-the-middle attack, network injection and denial of service attacks. These attacks are more prone to wireless access points. The common or popular standards for a wirelss LAN are the Wired Equivalent Privacy (WEP) and that of WiFi is the WiFi-Protected Access (WPA) which are considered as weak standards. WPA is the most current and more secure but requires firm upgrade which means added investments.

                Besides, wireless networks are easily affected by physical obstructions, and interruptions of other wireless networks, bearing in mind that the hotel will be located in the London busy City with thousands of other wireless networks.  So there will be an essence of dedicated and more stable wired network, connecting critical business units that will be involved in the storage, transmission and retrieval of business critical information (strategic, tactical and decision making). This will also be critical for the support of network-intensive bandwidth applications that require high quality of service such as online conferencing.

                Virtual private network (VPN) will offer an important technology solution to provide mobile and remote users with secured network coverage. VPN technology will make it possible for remote/mobile users to receive and send files via a public or shared network such as internet as if they are connected directly (within a private network), and at the same time, allowing the use of hotel’s specified network management and security policies. This will be very essential in the event of the expansion of the hotel, with several geographically separated branches. The branches can be connected through a unified network and allow access to hotel’s data resources and applications stored on the premise’s internal servers. However for a safe connection, the VPN system must use secure VPN protocols such as Internet Protocol Security (IPsec).

5. CyberSecurity, Compliance, and Business Continuity

  1. Explain your IT infrastructure (i.e. Software, Hardware, and Database)?

                As discussed above, the hotel will seek an ERP solution as the main information system from vendors. Besides this, there are other prerequisites in terms of hardware, software and database systems. For the case of hardware infrastructure, the hotel will require various hardware devices for the work stations, server environment and network infrastructure.

                For the work stations, which represents different stations from which the personnel will work from, the following requirements must be met:

High performing PCs- each for every personnel, that should have RAM of 4GB, speed of i3 processors, external storage capacity of at least 80GB, high speed Ethernet slot and wireless adaptor. PCs will be preferred for fixed working stations while notebooks of similar storage and processing power will be acquired to fulfill mobile working stations. For the server, there will be a local server, installed within the premise’s data center and a backup server hosted service that will conduct information mirroring in a remote location. The essence of having two server environments is to enhance continuity in case of an accident or calamity affecting one of the servers.

                Networking hardware will include network switches, routers, a firewall, cabling, access points, wireless server environment such as RADIUS server to cater for both cable and wireless LAN security requirements , gateways, bridge to connect several network segments, and repeaters to amplify and regenerating received digital signals and resending them from one network segment to another.

                Software requirements include appropriate operating software for both the servers and workstation computers, notebooks and other portable devices such as smart-phones. Application software for different workstation needs. For example, the cahier might need a point of sales software to support his/her daily transitional requirements. Security software such as antivirus programs will also be needed.

                For the database system, it will be imperative to acquire the database program from renowned vendors or rely on customization of open source database software. Based on cost-benefit analysis, possible vendors include Oracle, Microsoft SQL Server, Microsoft Access (available in the MS Office package), IBM Lotus Approach and SAP Sybase IQ. For open source database solutions, customizations can be done to MySQL, PostgreSQL, Firebird or SQLite.

  • How will you secure your IT infrastructure? Explain all measures needed.

               With the advent of ubiquitous computing, a technique for computing everywhere, anytime and using any device, in addition to modern communication technologies such as the internet, business have been exposed to a wide array of cyber-security threats (Yannakogeorgos & Lowther, 2013). Cybercriminals have also devised complex tools and techniques to break into computing systems; therefore, every security conscious business must adopt resilient counter measures covering both the physical and logical infrastructure to deal with potential security threats.

                Securing the IT infrastructure will take physical, administrative, and logical security controls strategies. Physical security control strategies will include physical preventive mechanisms that ensure safety of the IT infrastructure. These includes: doors and locks to sensitive IT infrastructure such as the data center, CCTV cameras to monitor and report any authorized access, fencing and inclusion of security guards. This will also entail prevention of fire, dust, humidity and other environmental factors that might affect the IT infrastructure. Strategies to achieve this will include fire and smoke alarms, and heating and air conditioning systems.

                Logical controls will involve the use of technical parameters through software and applications to prevent unauthorized access or modification of data and information systems. To achieve logical controls, each user of any computing device will be required to use a secure and strong password; there will be access control lists to govern the access privileges into computing systems. For example, the cashier can only be able to input sales volume but cannot edit them after completion of a customer order. Such functions will be designated to the authorized data technician who will be answerable, responsible and accountable of any changes. In addition, there will be both host-based and network based firewalls to prevent against external information threats especially from the internet. Programs to guard against viruses, Trojans and spyware will also be required.

                Lastly, administrative controls will entails laws and regulations that will govern activities and procedures involving the use of computing facilities.  To facilitate this, a computer security policy will be drafted, entailing all the Do’s and Don’ts while dealing with any computing device or resource. Governing policies such as consequences of not adhering to the specified laws and regulations will be put into place (discipline measures).  The administrative department will be tasked with the role of ensuring only capable and qualified personnel are given various computing tasks. For example, the data clerk or an IT support staff cannot assume the roles of the database or network administrators. In the event of inability to hire some of the qualified staff such as a database administrator especially at the start, the hotel management can plan to outsource some of these roles to specialist companies. Separation of duties to ensure responsibility and accountability will form the nucleus of the administrative controls. 


According to Yannakogeorgos & Lowther (2013), every company whether privately or publicly held must comply with one or more regulatory agencies in the course of operation. Therefore, the hotel must adhere to set and implied laws and regulations to ensure smooth running, satisfy all customer needs and consequently achieve a competitive edge against rivals. Computing systems, both hardware and software used by the hotel must be robust enough in order to provide the appropriate functionalities without slowing the business down. What the hotel need from the systems vendors is a guarantee for compliance. However, to a larger extent compliance depends on the location of operation, business procedures, workflows, interactivity with customers, handling of customer, partner, and supplier data such as private and confidential data, funds transfer, and overall security. Yannakogeorgos & Lowther (2013) argues that business engaged in computing systems, especially from sources external to the business are at a greater risk of violating one or more law or regulation. This can be attributed to the rising cases of complaints from the customer community with respect to violation of such elements as privacy infringement.

Yannakogeorgos & Lowther (2013) identifies the key elements with respect to compliance to be:

  • Security and privacy: Solid security functionality is paramount. It should be easy to maintain to adapt to changing environments. The information residing on these systems must also be free from access or use by unauthorized people. In addition, systems must comply with set data protection and disposal requirements.
  • Change log: Systems are used by different people with different roles and privileges; therefore, business systems must have a robust audit trail to uphold accountability and non-repudiation.
  • Data sharing: This is an important tool that can help a business to effectively, securely and efficiently share data over communication networks including the internet across the globe.
  • Documents and records capture, approval and storage: Electronic documents and records approval can enable a business accelerate its processes, workflow and information sharing. With proper indexing, system users can easily retrieve documents such as invoices, correspondence, drawings and other documentations.
  • Lot and serial number tracking: This functionality is vital for tracing the production elements to meet particular compliance, for example state contracts and other applications where stakeholders would want to know specifically what was used in actual production. Variants of this tool seek track serial numbers as products leave the business.
  • Quality assurance: The system functionalities must support business-wide decision making through robust analysis and reporting capabilities.
  • Globally supported principles: Systems used in businesses must conform to global principles such as tax and accounting, excise and customs, and VAT automation.
  • Disaster recovery: Systems must have recovery capability to ensure business continuity in case of a disaster.

Business continuity

For the purpose of this business, business continuity will entail creation of a robust ICT infrastructure and techniques that is secure, compliant with laws, regulations and standards, and highly functional to meet all business and user requirements. This way, its operations will be kept on course even when unforeseen threats strike. The major component of business continuity will take the form of a disaster recovery plan to enable the hotel continue operating at acceptable specific levels in case of a disruptive event. Erbschloe (2003) suggests that business continuity should be embedded into a business to enable quick and effective recovery from disasters. Swanson, Bowen, Phillips, Gallup & Lynes (2010) notes that business continuity elements may include: Resilience, using spare capacity and redundancy to protect critical business operations; recovery, aimed at recovering and restoring crucial business functions; and contingency,  an elements that seeks to augment resilience and recovery such that some risks not catered for or unforeseen incidents are effectively resolved.

Business continuity specifications for this business include: Assessment of disaster recoverability during hardware and software acquisition based on documentation on pre-built recovery functionality in the systems; concrete SLAs with vendors to guarantee instantaneous support; solid backup and replication; using cloud computing’s Disaster-Recovery-as-a-Service (DRaaS); authentication and authorization tools and techniques to block unwanted access to business resources; regular systems security patching; and a secured network perimeter and servers with prebuilt low failover capability.

  • E-Business & E-Commerce Models and Strategies
    • Explain the reason(s) beyond your decision to run your business online

                First, through the power of internet, a new economy has been developed. All hotels with just a regional tag have been able to establish their presence on the online space. The creation of the new economy is something that is beyond business management to decide either to adopt an online strategy or not. It is a mandatory requirement if at all any business wishes to keep in touch with the current market conditions. Established companies like Ebay and Amazon have been able to create their dominance already, and hotel businesses are speedily catching up.

                In addition to the creation of new online economies, taking business online has bridged the distance between businesses and customers. It creates an opportunity that has made the world a small digital global village. With this in mind, customers dictate the need for the hotel to take its operations online. Business enterprises have no otherwise as online business transactions continue to dominate business operations of the 21st century. Customers can order, and pay over online means. Businesses can advertise, provide customer service, and increase value of their goods and services through online. By elimination of geographical limitations through virtual technologies, it has become possible to attract a wider market segment, increase brand’s attractiveness and increased presence.

                Like any other enterprises, the aim of any business is to reduce costs of production for a sustainable profit margin. The hotel business is no exception. Through internet and online operations, businesses can cut down on their production costs significantly. Through online technologies, the hotel business can be able to streamline its business operations and allow benefits of virtual trading. Examples of such business processes include billing, procurement, supply chain management, shipping and so forth. An E-business platform allows reduction of operational costs associated with physical contact and can lead to huge savings.

                Days when business operations were done only during the day or for limited number of night times are gone. By adopting an E-business strategy, customers can order at any time, conduct payments, and enquire about prices, menu items, delivery systems at any time of the day. This translates to an opportunity of making sales and business growth as major world economies migrate to 24 hour economy system.

                Lastly, taking business online creates added avenues of information. Customers can use the online platform to compare among different prices, from different competitors. Competitors on the other hand can be able to learn on the activities of their close competitors, to modify their selling, production or value proposition strategies. Therefore, online presence will play a significant role in obtaining business intelligence regarding customers, competitors, and other stakeholders affecting the business such as suppliers, government involvement among others. This has been made possible through online data gathering and analyzing tools such as online customer relationship management systems (CRMs). These factors shift the decision of going online from owners or managements’ perspective to a global and universal strategy that cannot be avoided.

  • Will you run pure or partial e-commerce business? Why?

                At the start, the Hotel will employ a partial a partial-ecommerce approach with an aim of pure e-commerce system as a long-term plan in the future. This will involve an initial system that involve an information dispersing platform that will only allow customers to view goods and services, request customer service duties and other enquiries in general. Fully automation of ordering and payment will be achieved after the business has taken off, approximated after 1 year. This is influenced by a number of factors. First, the initial startup capital of a fully operational e-commerce business is relatively high. At the moment, high priority on capital investment is on the business critical processes such as stock and inventory, personnel, licensing and regulatory compliance, furniture, fixtures and fittings, equipment and other key resources that the business cannot kick without. With time, more capital can be acquired and implement a full or pure e-commerce system. Secondly, before engaging on a full e-commerce system, it becomes imperative to have some experience from the physical transactions. Due to the large amount of online customers expected, it can be a risk to experiment with them before fully understanding the market demands, expected customer preferences and so forth. Abrupt adoption of a full e-commerce system can lead to a massive damage of the brand or hotel’s image to a significant proportion of the target customers. Rectifying such images can be costly and time consuming or lead to a total failure of the whole e-commerce strategy. Gradual implementation of the E-commerce system can be made based on current customer experiences which can take a considerable amount of time. Other factors such as taking time to learn from competitor E-commerce strategies, supplier behavior and other factors that are directly affecting the business will need time.


                At the initial startup, the partial E-commerce system will support the following transactions:

Customers to make requests on available services, menu items, costs, place a complaint, recommend, and express their all other views regarding the operations of the hotel and their experiences.

                Whereas the hotel will not have an automated online ordering and payment system at the start, the system will play a great role in supporting existing manual processes. For example, a customer can place an order via a phone call or an email, make the upfront payments using the mobile phone and track the order delivery using the E-commerce messaging system and customer service already in place.

Suppliers can enquire on the available opportunities to supply such as inventory, raw materials like fresh fruits and animal products, enquire and negotiate with the procurement department on the pricing, delivery modes and all forms of supplier information.

                The hotel business can promote sales, advertise, market, rectify various types of information relating to products and services, attend to other stakeholders’ queries such as customers, government and regulatory bodies and suppliers.

  • Which e-commerce model will you adopt and why?

                     The business model to adopt is business to consumer (B2C). Major reason behind it is to have a direct connection to the consumer. The customer will be required to place the order via the E-commerce website, then through the E-commerce technologies and user support at the hotel, the order will be processed and sent back to the client. With a direct connection with the customers, middlemen are reduced. This does not only reduce possible costs involved with them but also creates convenience in attending to their orders and other queries.  Besides, B2C model offers flexibility in changing the catalogue details. For example, the management can decide to change price and offerings instantaneously. Call centers and email communications can be integrated within the site, reducing unnecessary phone calls that might lengthen a purchase/sale lifecycle.

                     B2C models also offers unlimited market potential as long as business devise appropriate product/service promotion strategies such as advertising and sales promotion. Through the power of internet, customers can browse, place orders and make purchases at the comfort of their homes, roads, offices, 24 hours, 7days a week. B2C business models also experiences reduced costs of doing businesses such as reduced processing costs associated with intensive data entry or faxing, reduced employees, inventory and purchasing costs. There is also ease in business administration, where with the right software and infrastructure, business administration activities can be automatically classified, stored, real time updated and accessed wherever needed by the customers.

  • Which electronic payment method(s) will you adopt?

                On full automation, the E-commerce system will adopt the following payment methods: the most used method is the use of credit /debit card numbers. For the case of credit cards, after a user makes a purchase, the bank makes the payment on his/her behalf. The customer can then pay the purchase amount a credit card bill. Other payment options involve a third party online banking institution that facilitates the payments. Examples of such include PayPal, Payoneer and Skrill. PayPal which is a global electronic payment system will offer support for customers with PayPal accounts. There is also the Google Wallet, which is a bit similar to PayPal to assist in the transfer of money online. Others include MaterPass, clearXchange, Skrill, Bitcoin, and Dwolla.

  • Mobile Technologies and Commerce
    • Explain any pressure that is pushing your business to go mobile?

Like for the case of going online, the current business environment has also made going mobile a fundamental necessity. Mobile phones and devices have taken the current economy by thrust. Computing strategies are also moving from desktop based applications to mobile computing. Currently, statistics indicates that in most households, the popularity of the use of mobile phone is in such a way that even teens own mobile phones. The convenience brought by mobile phones, especially with the technological developments that have seen the utilization of smart phones into businesses cannot be under-estimated. With the advent of smart apps, most of the e-commerce that has been conducted via the internet can now be possible through mobile phones. This capability, when combined with their convenience provides huge business potential for the future. Mobile business will be of huge value to the hotel business in supporting mobile information services, marketing activities, shopping, logistics and other operations of the hotel.

  • What are the benefits of running your business as an m-commerce business?

Mobile commerce (m-commerce) has seen a growing shift from old e-commerce systems mainly developed for desktop to Smartphone Apps and mobile websites.  By taking the business mobile, the following benefits will be accrued:

  • The size of mobile users is growing day by day. This translates into a growing target and potential market segments.
  • Like E-commerce, M-commerce eliminates most of the limitations involved with geographical distances. This makes it easy to reach most of customers irrespective of their geographical locations.
  • M-commerce will bring significant savings, to all parties that are directly connected to the business operations such as customers, business itself and suppliers. By eliminating the need of physical contacts, uses can save both on their money and time.
  • Mobile phones are relatively easy to use when compared to other technologies such as desktop applications.  The call for skilled consumers or other users is not a necessity. Mobile apps have also made shopping easy. For example, a consumer can be able to browse thousands of the hotel’s services and products without the requirements of undergoing the online checkout process.
  • Mobile apps can function both online and offline, which adds value to their use as opposed to desktop-based E-commerce systems
  • With their availability at apps stores such as Google Play and so on, their visibility is increased. Websites are not visible in apps stores and thus will require additional marketing, either online or offline to improve their visibility.

However, there are various limitations that comes with m-commerce, which the hotel business must take account into. These include: reduced screen size as compared to desktop screens. This makes it difficult to navigate within thousands of items.

  • Will you have an application for your business? Talk about it.

The hotel will create a Smartphone application for the business that will be aimed at supporting both the business and customers in the following ways:

For the hotel business:

  • Building and maintaining customer relationships
  • Reinforcing hotel’s brands (menu items and services)
  • Creating brand’s loyalty
  • Increasing visibility of the hotel’s services and products to target and potential customers
  • Create a repeat business
  • Improve accessibility of the business products and services

For the customers:

  • Easy access to the business goods and services
  • Location directions of the premises
  • Business notifications on discounts, offering, special events and more
  • Appointment scheduling for special customers with unique demands such as customizations or bulk buying
  • Budget calculators to show how much they can save by choosing the hotel’s products and services as opposed to compotators
  • One-touch of the hotel’s contact information
  • Automatic reminders for activities such as the appointment days
  • They can also have QR code scanners embedded in them as a reading device.

Description of the app

Branding: The name of the app should acquire a key letter from the hotel’s name. For example, considering the name to be Fort’s Hotel, the app name can be something like, F-Hotel. This will be part of branding, where each of the hotel’s marketing strategies can be uniquely and clearly identified.

Accessibility-The app to be developed should be accessible in most of Smart-phones’ operating systems. At least the app should be supported by Android, Windows and iOS. This is to increase the app’s presence among the target and potential customers.

What the app should do: the app should have the following capabilities to support earlier stated objectives:

  • Mobile food/drinks/services ordering system- the app will have to support the ordering process by allowing customers to request order as well as make the payment from any Android, Windows, iPhone or iPad device. Options for this feature include customized product menus with food images, pricing information and delivery options. The app will be developed with options of delivery, dine-in or carryout. This should also be supported by necessary notifications for order status such as confirmation of receipt and so on.
  • Support videos and pictures of the hotel’s specials- in addition to basic pictures of the menu items, this feature will be used as a selling point to attract more and more customers. Example of such specials include the past customer experiences, a look on the hygiene, facilities, and so forth.
  • Push messages and notifications- this is the ability of the hotel business to use the app to send messages as well as associated push notifications. This is a great way to keep close interactions and customer engagements between the business and its customers.
  • Incorporate an easy customer loyalty program- the word here is ‘easy’. The loyalty program should be easy, both on the side of customer and the business. For example, there can be redeemable coupons for customers who have visited the hotel or ordered certain mails a specified number of times. The customers should also refer their friends easily to the hotel through supported social or messaging networking system.
  • Event creator- the app will assist customers to create new events as notified through notifications. This can be done by adding new events on their calendars and having a reminder system to remind them.
  • Web 2.0 and Social Media

a. Explain why you will make use of social media for your business

Social media provides on of the excellent social interaction points that modern businesses are using to link up with customers. Social media mainly entails social networks such as Facebook, Google+, twitter, Instagram and Whatsapp. It offers proven ways of reaching to thousands of customers, through a cheaper option to most of the traditional advertisement methods.  Social media can be used as a new customer attraction platform, establishing customer preferences, promoting the business activities and its brands, strengthen relationships with already existing customers to create brand loyalty, informing customers on the products/services details, and all other information that is crucial for the business. By engaging in social media, the hotel business will be able to benefit from the following aspects:

Possibility of targeting specific groups of interests- with social media tools such as Facebook and Foursquare, it becomes possible to target specific groups of customers based on demographics, social and geographical locations. With the ability of targeting a specific group, the hotel’s management and marketing teams can be able to develop relevant content that will catch-up the attention of potential customers, thereby increasing the brand’s visibility.

Broad reach-like E-commerce strategies, the use of social media closes the geographical distance and overcomes limitations associated with physical

b. What social media will you use? For what purpose?

———————————————-talk of fb grps, ads,  en so on———————————————

9. Functional areas

  1. What functional areas will you have in your business?
  2. What functional system will you run?


10. Enterprise systems and applications

a. Which Enterprise system will be of use to your business, and why?

———————————————————–talk of ERP solutions—————————-

11. Performance management using data visualization

a. Explain why you will make use of business dashboards?

12. IT strategy

a. Define your business strategy and IT strategy as per the table below.


Erbschloe, M. (2003). Guide to Disaster Recovery. Thomson/Course Technology.

Swanson, M., Bowen, P., Phillips, A.W., Gallup, D., & Lynes, D. (2010). Contingency Planning Guide for Federal Information Systems. National Institute of Standards and Technology. Retrieved from

Yannakogeorgos, A., & Lowther, A.D. (2013). Conflict and Cooperation in Cyberspace: The Challenge to National Security. CRC Press.

West Coast University

West Coast University

  1. Introduction

West Coast University (or the Institution or the University) is an institution of higher learning offering undergraduate and graduate degree programmes in “nursing and other in-demand healthcare” disciplines. The Institution uses a collection of technologically advanced tools to help students gain the “knowledge, experience, and confidence” they need to execute critical responsibilities in today’s healthcare environment (West Coast University, 2016). The Institution has decided to bolster the security of its information assets to prevent and mitigate security risks in the current era of increasingly growing security threats. Therefore, the Institution needs to implement an information security policy which forms the foundation for a concrete information security program reflecting an organisation’s security goals and objectives along with an agreed management strategy to secure information assets according to Whitman and Mattord (2011). An information security policy is a collection of management directives and requirements regarding information security to provide guidelines for security personnel (National Institute of Standards and Technology, 2009; Wood & Lineman, 2009).

  • Information security policy

2.1 Purpose

Fundamentally, information systems are critical to effective and efficient administrative, teaching, and research functions (Wood & Lineman, 2009). The purpose of this information security policy is to provide a framework and associated guidelines for information security management in the Institution to protect the following three major information constraints:

  • Confidentiality: information is accessed by authorized persons only.
  • Integrity: information is accurate, up-to-date, and reliable.
  • Availability: information is ever available to authorized users.
  • University reputation.
  • External compliance issues, including the Western Australian State legislation, Federal legislation, and telecommunications legislation to eliminate financial loss and cause unwanted legal liabilities.

2.2 Scope and applicability

This information security policy addresses all technological facilities, systems, programs, networks, information and data processed by the Institution, internal and external communications, and all technology users in the Institution, without exception. The policy applies to all IT users (employees, students, contractors and visitors) with access to the Institution’s IT systems.

2.3 Roles and responsibilities

2.3.1 University Council

  • Oversee information security management to ensure that the Institution complies with all internal and external requirements.
  • Provide required resources.

2.3.2 ICT sub-committee on information security policy

  • Promote awareness regarding this policy.
  • Seek sufficient implementation and maintenance resources (personnel, technologies and processes).
  • Monitor continuous compliance.
  • Schedule reviews to incorporate relevant changes – legislation, contractual obligations and organizational.
  • Solicit continuous top management support and commitment.

2.3.3 Departmental heads

  • Oversee information security in their functional units in line with this overall information security policy.
  • Validate relevance of different elements of this policy in relation to specific departmental needs.

2.3.4 Other IT Users

  • Responsibly use information assets while complying with this policy.
  • Observe contractual agreements in the course of handling the Institution’s information assets.

2.4 Policies

2.4.1 Risk assessment

  • Identity information assets, define their ownership, and quantify their criticality and/or sensitivity.
  • Security controls should be applied based on the criticality and/or sensitivity of information.
  • Information security assessments should be performed periodically.

2.4.2 Confidential and personal data

  • Should be handled according to existing legal and provisions (e.g. the Western Australian State legislation, Federal legislation, and telecommunications legislation) and the Institutions personal data policy.
  • Relevant organizational, procedural and technical measures should be taken to prevent unauthorized and/or illegal access to or processing of, or destruction or loss of personal data.
  • Sensitive personal data (e.g. religion, health and ethnic origin) should be properly encrypted.
  • Confidential data, which may lead to financial loss, damage to reputation, or adverse impact on public safety should be:
  • Accessed, used and modified by adequately authenticated and authorized persons only.
  • Stored in dedicated and secure storage locations such as file servers as opposed to local or external hard drives.
  • Kept for about 6 months to support investigations.
  • Stored with proper file and disk encryption to implement an additional “layer of defence”.
  • Distributed to only a limited number of and necessary portable media and hard copies.
  • Locked in safe cabinets and locked rooms.
  • Always kept within the University.
  • Disposed in a proper manner that protects confidentiality.

2.4.3 Remote access

  • Remote access should be conducted within proper levels of authentication and encryption.
  • Remote access should be restricted to minimal access.

2.4.4 Strong password policy

Criminals can get your passwords and get into personal accounts, leading to identity and data breaches. Criminals can even go ahead to blackmail compromised account holders (Wood & Lineman, 2009). This policy seeks to help IT users uphold strong password practices. Applicable policies include:

  • Create strong passwords (made up of at least 8 characters, a mixture of alphanumeric characters and symbols as well as upper case and lower case characters, and no dictionary words) for online, PC, and software system accounts to make it reasonably impossible to guess or crack.
  • Never share your account passwords with anyone.
  • Use different passwords for each account, and regularly change them.
  • Suspected instances of password breaches (access or theft) should be changed and reported immediately.
  • Use memorable, but adequately strong passwords to ensure that you do not have to write them down to remember them.

2.4.5 Acceptable internet use policy

Today, criminals are increasingly using email scams (spear phishing) to compromise millions of users’ critical information such as passwords and credit/debit card details. These emails are usually crafted in a way that makes them considerably difficult to differentiate from legitimate ones, thus it constitutes an easy approach to execution of fraudulent activities (Whitman & Mattord, 2011). Applicable policies include:

  • Emails asking for confidential and sensitive information such as passwords and PINs should be immediately reported to the IT department – these are suspicious emails. Moreover, these emails have warning statements such as “Your account will be de-activated after 48 hours”, technical jargons, unknown senders, news about well-known upcoming events, grammatical errors, and generic greetings.
  • Never click on links embedded on suspicious emails.
  • Never open or download attachments that come with suspicious emails.
  • Never use emails bearing the Institution’s domain for personal communications.
  • Verify the URLs of embedded links and website addresses have the right domain name and top-level domain to ensure that they are legitimate.
  • Contact service providers such as banks in case of request for personal information via email or phone.
  • Keep internet usage at minimum.
  • Uphold the legal rights to licensed, patented and copyrighted works such as software and computer games.
  • Never access or download pornographic, ethnic, sexist, and extreme political and such materials which may lead to unwanted legal liability.

2.4.6 PCs and personal devices policy

The Web poses real threats to information held in desktop PCs, laptops, tablets and smart phones (National Institute of Standards and Technology, 2009). The threats range from malware propagation to data theft. Applicable policies include:

  • Use legitimate operating systems and application software such as web browsers to ensure you benefit from regularly released security updates and patches.
  • Install and regularly patch or update anti-virus software, and perform regular malware whole-device scanning.
  • Never install software systems from unknown or untrustworthy sources.
  • Schedule periodic file backups to avoid complete data loss.
  • Scan removable devices (e.g. USB sticks and hard drives) to detect and remove malware.
  • Use secure and legitimate online cloud storage, for example, Google Drive and Dropbox.
  • Encrypt your backup and PCs and test them regularly.
  • Disconnect malware-infected devices from the enterprise network.
  • Use strong passwords for PCs and other personal devices.
  • Only registered mobile devices should be used to connect to the Institution’s network and the internet.

2.4.7 Physical and network security policy

  • Prevent IT infrastructure from physical (vandalism and theft) and environment damage or interference.
  • Protect and manage network equipment, software and information.
  • All information assets should be properly managed.
  • Have SLAs in place to guarantee third-party support in case of a security disaster.

2.4.8 Incident-response policy 

  • There should be a multi-disciplinary incident-response team – senior IT management, legal, PR, business management, and vendor representatives.
  • Prevent potential unauthorized access and/or loss of confidential information.
  • Prevent potential propagation of an information security breach.
  • Restore and test functionality to affected network elements.
  • Perform business continuity planning.

2.5 Enforcement and compliance

  • All IT users should be aware of their roles and responsibilities regarding information security.
  • Any unauthorized disclosure or loss of confidential and personal information should be reported to the IT department and owners of information.
  • Major relevant legislation include: the Western Australian State legislation, Federal legislation, and telecommunications legislation.
  • Any information security breach is treated with the seriousness it deserves, including disciplinary action. 
  • Failure to comply with this policy will result in disciplinary action.
  • References

National Institute of Standards and Technology. (2009). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved from

Whitman, M., & Mattord, H. (2011). Principles of information security. Cengage Learning.

West Coast University. (2016). A Simple Philosophy of Staying Ahead of the Curve. Retrieved from

Wood, C. C., & Lineman, D. (2009). Information Security Policies Made Easy Version 11. Information Shield, Inc.

Information assurance

Information assurance


Information assurance can be defined as the hardware, software, policies, procedures, standards, and personnel that are used to secure data residing in information systems. Information assurance has disparate definitions, but the term has evolved over time to imply information security and beyond. It seeks to emphasize on ensuring that information is sufficiently available on demand, information integrity is sound, authenticity is verifiable, information privacy, and confidentiality is upheld, and provision of origin of data and proof of data integrity. Information assurance is an increasingly growing field in computer technology (Bishop, 2003).

Nearly all aspects of today’s society rely on computer systems – hardware and software. The world has seen increased usage of computing devices and systems than never before. The proliferation of mobile and handheld devices some having computing capabilities exceeding that of most PCs has led to an increase in data creation and circulation across individuals and organizations over the world (Birchall, Ezingeard, McFadzean, Howlin & Yoxall, 2004). Today, computer systems are in wide use in all industries: Transportation, mining, banking, manufacturing, agriculture, shipping, communication among others. However, computer systems infrastructure is increasingly faced with threats of attack from malware, spyware, adware, hacking, information theft, unauthorized access, denial of service, man-in-the-middle attack, and other security breaches (Mowbray, 2013). Therefore, every organization wants an assurance that its information is secure from such threats.

Companies and state agencies need to effectively protect their computer systems. A malware attack can cause unwanted delays and costs, but attacks such as information theft or distributed denial of service can be extremely disastrous. Organizational information stolen from computing systems can be used for extortion, reveal sensitive information related to intellectual property, blackmail individuals and businesses, or steal money from unsuspecting people. Information assurance with respect to computer systems has been practised for over 30 years, but with improvements in computer technology and the ever-growing use of computers for capturing, storage, and transfer of information has significantly changed the field towards increased necessity to improve the security of private and sensitive information.

This paper seeks to discuss the importance of information assurance in businesses. In addition, it explores aspects of building secure and trusted systems, security policies and security/system testing.

Information assurance

Blyth & Kovacich (2006) defines information assurance as the approach to assuring information and risk management with respect to access, use, processing, transmission, and storage of data and information and the information systems, processes and procedures used for such purposes. Information misuse may arise from corporate spies, hackers, disgruntled staff, or former employees who may want to damage or sabotage business operations. It is the work of an information assurance specialist to create robust systems that can effectively and efficiently prevent computer systems security breaches or recover quickly in case of an attack. Information security is the umbrella domain with many components where information assurance constitutes one of the components (Birchall et al., 2004). Therefore, it is difficult to separate the two component and information assurance specialists works closely with security professionals. Failure to build strong working relationships implies that information security and assurance leaves potential points of vulnerabilities. When the entire set of information security elements are functional and roles among responsible personnel understood, then the risk to organizational information is greatly reduced. Information assurance specialist works within the confines of information security to ensure information conformance with complete mitigation of security risks.

The information assurance team also helps remedy security weaknesses in systems by creating a checklist framework to allow an organization trace security transgressors. The computer technology is a constantly changing area, and with continued usage of computer systems in day-to-day business transactions, there are potential risks of security breaches. Therefore, the work of information assurance specialist is never ending. The specialist is involved in all arrangements and implementations targeted at protecting information’s confidentiality, integrity, availability, privacy, and accountability. Information assurance team is tasked with protecting, monitoring, analyzing, detecting, and responding to any form of unauthorized activity in computer networks and organizational information systems. Information assurance specialists employ principles related to action plans associated with information threat. The specialists’ mission is geared towards detecting, reporting, and responding to all kinds of cyber threats and attacks, while allowing for concrete encryption to enable secure information sharing between individuals and computer systems. Therefore, information assurance professionals seek to provide solutions that can effectively and efficiently keep organizational systems and information safe (Mowbray, 2013).

The Importance of Information Assurance in Business

Although information assurance does not mean information security, Bishop (2003) recognizes the crucial role played by information assurance in systems security by protecting an organization’s key computer systems and information assets as well as other critical computing infrastructures. First, information systems are truly unhelpful without correct and verifiable data, because compromised data residing in these systems would be detrimental: No worth turnaround decisions can be drawn from such data. In the corporate world, organizations continue to enhance their reliance on computer technology, and potential threats targeted to organization’s IT infrastructure increases, thus calling for optimal information assurance to counter the wide array of potential threats. The consumer community is likely to feel comfortable when transacting with businesses that have a better information assurance infrastructure in place.

Generally, information assurance enables risk management with regard to the capture, processing, storage, access, and transfer of information. It bolsters devices and systems capability to uphold privacy, confidentiality, governance, disaster recovery, regulatory compliance, business continuity, integrity, and other aspects of information and data quality. According to Blyth & Kovacich (2006), information assurance offers a concrete risk management platform that effectively and efficiently defines how security threats and risks should be mitigated, accepted, or transferred.

Information assurance also plays another role in analysis, control, and management of all systems that runs on computer networks within an organization. Information assurance provide the required risk assessment of a specific software, and depending on the actual or perceived degree of need and benefit that it provides, responsible personnel will approve or reject the software for use. Assessing all systems prior to being installed or hosted on an enterprise host or network, the information assurance personnel has a better knowledge base and understanding of risks when faced by potential threats, for example, a new malware affecting a specific browser version (Blyth & Kovacich, 2006).

IT applications and data have been faced with a wide range of security threats from human errors, environmental disruptions, intentional attacks, and hardware and software failures. In addition, there is a growing trend in complexity and frequency of cyber attacks; therefore, organizations commitment to information assurance plays a critical role in providing sufficient information security. Additionally, information assurance ensures that security risks associated with computer systems are adequately managed to guarantee a smooth operational environment. For example, when alerts are displayed, indicating unapproved or unpatched software running on the network, the information assurance team follows the established plan to handle that incident (Birchall et al., 2004). Therefore, threats and risks are accurately and sufficiently assessed and mitigated.

Information assurance ensures that a business is continually transforming towards a platform that can always withstand the ever-changing operation environment. Information assurance guarantees adaptability by ensuring that business operations and customer experience are supported optimally at all times. Blyth & Kovacich (2006) argues that information assurance builds and maintains the most needed consumer trust and confidence in a particular business since customers undertaking their day-to-day shopping activities are assured of information security and privacy.

According to Schou & Shoemaker (2006), information assurance seeks to resolve issues related to protection of the integrity, availability, and confidentiality of an organization’s computer systems, databases, documents, records, and reports. However, only authorized users should be allowed to access, modify or save information into organizational data repository. Thus, information assurance is unsurprisingly an integral part of almost all disciplines in an organization. Areas of accounting, auditing, business analysis, and reporting can only be successful with a robust information assurance framework in place. Otherwise, important facets of data such as correctness and confidentiality may be lost leading to flawed decision-making (Blyth & Kovacich, 2006). For example, the integrity and accuracy of information is important in achieving reliable financial analysis and reporting and creation of relevant and timely accounting results for purposes of decision-making.

Information assurance plays a critical role in implementing crucial functionalities in information systems and data. It demands a number of requirements that are of great importance to an organization. According to Blyth & Kovacich (2006), the key requirements include:

  • Automation: Businesses can easily implement certification and accreditation suites for management of information systems. This way, staffs are relieved of manual monitoring of systems since certified and accredited software possess industry best practices and standards with respect to information security. These systems carry out normal workflow operations while notifying users of current security status with information assurance and security team receiving alerts in real time. Consequently, corrective measures are applied in a timely manner.
  • Accountability: Data running in approved business systems is tracked for access and modification through audit trails, thus the business can track each transaction. This is implemented through role-based access control systems that enhance information security.
  • Extensibility: Well-managed and secured information systems across an organization provide a better framework for scaling and integration. Data and information resources can be shared across an organization’s environment without risks of unauthorized exposure regardless of their complexity or size.
  • Flexibility: Multiple information assurance requirements, such as integrity, confidentiality, availability and others are supported in all organization’s information systems.

Information assurance offers the much needed end-to-end visibility in information creation, process, sharing, and storage. Information residing in an organization’s enterprise network can be easily monitored for suspected malicious activity. Through robust information assurance mechanisms, the end-to-end visibility is gained regardless of the computing devices used, including handhelds, laptops, PDAs, PCs and other computer technologies. It also ensures that systems have proper data management, sharing and control policies based on laws and regulations. Appropriate access plans and procedures are created for all pieces of information produced by approved computer systems, and the established privileges and roles are consistent across the business (Birchall et al., 2004).

Bishop (2003) argues that information assurance adds business benefits through use of information and data risk management, which enhances the value information and data to authorized users. On the other hand, unauthorized users are denied the opportunity to access or use the utility contained in those data and information. This increases the perceived value of information to mend users. Schou & Shoemaker (2006) claims that information assurance is inclined towards business-level risk management strategies in systems and information security, as opposed to creation and implementation of IT security controls. As a result, information assurance defends against hackers and malware in addition to corporate governance aspects regarding compliance to regulations and standards.

Building secure and trusted systems

Security in all facets of computer technology has been a hot topic ever since introduction of computer systems in businesses. Computer network design is one the major areas that forms the security foundation for a business. A secure network perimeter is a big step towards protecting business resources, including hardware, applications and data, because cybercriminals typically exploit a network node before launching the attack to the wider business infrastructure. A solid network perimeter meeting all business needs and objectives with respect to computer systems security can play a big role in safeguarding information (Blyth & Kovacich, 2006). This way, the network infrastructure is designed in a manner that meets all the organization operation goals with safeguarding the core business information.

As part of security design, cryptography is also key security element. Cryptography mechanisms may be used for controlling access to information, shared drives, and ensures that communication and file sharing is secure. Issues such as sniffing and subsequent exposure to sensitive data are resolved by cryptography. Business databases may also be encrypted to ensure all information is free from unwanted exposure (Suhasini, Marc, Hickey & McBride, 2012). Intrusion detection, control, and prevention systems help business discover inappropriate activities that may be targeted at the computer network and systems. Intrusion detection systems inspects all incoming and outgoing network traffic and activity in order to identify suspicious trends that may imply attempts to compromise or break into a network or computer system (Blyth & Kovacich, 2006; Mowbray, 2013).

User authentication and authorization is another aspect of building secure and trusted systems. With a solid authentication and authentication framework, computer systems are able to effectively grant or deny access to a computing resource in addition to specifying user access levels to different resources depending on the identity of the user. If authentication and authorization system is compromised, the victim’s data may be significantly compromised resulting into damages to data integrity (Mowbray, 2013). In extreme cases, massive data breaches may be cased making recovery difficult or almost impossible. Concrete authentication and authorization schemes enable businesses to control access to sensitive and private information to ensure that only legitimate individuals and applications are granted the opportunity to enjoy such privileges.

Disaster recovery plan is a key element in upholding business continuity. Business continuity is the major mission in most of the worlds corporate strategies, especially in matters related to information security. This can be attributed to the wide usage of computer technology in bolstering business operations and employee productivity. The business world can never function optimally without application of computer systems. Schou & Shoemaker (2006) argues that organizations must ensure that their customers feel comfortable when sharing any piece of information with organisations. Disaster recovery is a key enabler of consumer confidence; thus, businesses must understand the importance of upholding information security to bolster business continuity. Organizational data may be compromised through system crashes, human error, software bugs, denial of service, malware attack, or natural disasters. However, despite continued business operations, it is worth treating organizational data as the most valuable element of customer satisfaction. Information must be recoverable whenever possible to ensure that customers enjoy normal business operations at all times, and a disaster recovery plan plays a big role in ensuring that excessive downtime is not experienced. Backup systems and specialized software suites designed to withstand failures can accomplish securing valuable information. Suhasini et al. (2012) argues that backup systems can handle unforeseen incidents by providing a recovery or restore point in case of a security attack. Specialized failure-resistant software may help recover data and damaged drives and tapes, thus facilitating business continuity.

Securing critical computer systems and data require a comprehensive effort towards building an environment that implements information assurance through enhanced computer systems security. According to Suhasini et al. (2012), robust computer systems security is achieved through a solid IT security infrastructure, implementing a security plan and policy scheme, assessing systems’ threats and vulnerabilities, evaluating existing security architecture to identify weaknesses, bolstering personnel security, provision of security training and awareness, implementing disaster recovery plans and procedures, and promoting physical data center security.

How can organizations ensure their all-important IT infrastructure is behaving in the right manner? How can IT personnel determine whether specific computer systems and mobile devices are trusted hosts on their enterprise networks? How can devices attempting to remotely access information be authenticated? This is the general dilemma experienced by IT administrators in a typical organization setting. Secure and trusted systems attempts to resolve these challenges. These systems allows ensure that that systems running on networks are exclusively the legitimate ones, are up-to-date and exchange strictly authorized information (Suhasini et al., 2012). This way, networks are free from unwanted traffic and activity, while minimizing damages from malware and other internal and external threats.

Secure and trusted infrastructures are made of platforms, services, and networks with in-built security mechanisms and capabilities that provide administrators and end users with assurances that they can be relied upon to support operations. Next-generation high-tech data centers are expected to have built-in capability to support confidentiality, integrity, auditing, non-repudiation, and availability in a manner that is trustworthy and reliable by parties involved in a shared infrastructure (Suhasini et al., 2012). Rather than trying to close all potential security loopholes, organizations should focus on creating technically sound mechanisms to provide acceptable assurance that IT infrastructures are secure and trustworthy. Trusted systems behave in a way IT personnel expect and offer verifiable and accurate information about its state. This kind of acceptable assurance is important in helping IT teams retain maximum control over IT resources and instil a sense of confidence in them. The underlying objective of building secure and trusted systems is to provide a simpler and safer to use IT infrastructure (Proctor, 2009).

In the domain of secure and trusted computing, organizations are exploring ways through which hardware and software systems can be made to allow end users validate the underlying integrity. More precisely, secure and trusted systems are all about developing standards and mechanisms for hardware and software enabled security implementation and trusted computing. Various aspects including virus-safe computing and secure code development initiatives are being employed by organizations to create trusted systems. For example, virus-safe computing may be used to eliminate or limit virus damages while some other kinds of security breaches such as online fraud may be made more difficult (HP, 2009).

The following components may be used as the strategy to incorporate security and trust in systems as described by Proctor (2009):

  • Trusted processes to help mitigate against risks by strengthening security in communication networks.
  • Trusted systems including storage, computing, and networking platforms using security mechanisms such as cryptography.
  • Trusted services including end user services running in networks, cloud or on discrete devices.

Security policies

Security policies are aimed at providing guidance to organizations’ management, system users, personnel involved in security implementation, and third-party service providers. Security policies are geared towards offering best practices and standards for safe usage of organizational IT resources in collection, processing, sharing, storage, data management, and communication. Additionally, a security policy defines appropriate standards for provide secure communications remotely and support for cloud and tele-workers. Areas covered by security policies include the web, file, documents, storage, email, remote access, databases, PCs, and communication devices (Peltier, 2004).

Governments, directorates, and organizations involved in developing global industry standards have recognized the importance of information protection in safeguarding business and national security. Security policies coupled with associated IT security plans form the foundation of a business’s security program. Security policies are developed in accordance with government or industry directives, for example, the NIST Special Publications 800-53. Agency-level instructions may also be followed to ensure that organizations conform to security best practices and standards. Access to sensitive and private business data can create great security and privacy concerns (Peltier, 2004). Organizations across the world have implemented security policies to safeguard organizational network resources by guiding internal and external stakeholders in practising solid security measures to protect computer systems and information.

However, for security policies to be effective, businesses must ensure that everyone using computer systems adhere to all elements embodied in those polices. Businesses use security policies in maintaining systems and data confidentiality, integrity, availability and accountability. Obtaining personnel trustworthiness in operating and maintaining critical computer systems is a big step towards strengthening the security capability of a business. Therefore, organizations should develop security policies that address security-based screening procedures, personnel identification, industrial systems security programs, and more importantly security awareness and training programs. Organizations wishing to derive the best from security policies must develop solid security awareness and training course, covering general awareness and training, systems specific training, best cause-action procedures to counter security incidents, and core technical training for systems developers and technicians (Peltier, 2001).  

Physical security of computer systems should also be implemented to protect hardware devices such as PCs, servers, and networking and communication devices (routers, switches, APs, and others). Physical security tools and techniques may include manual and automated entry control equipment, premise monitoring systems, intrusion detection systems, access control systems and procedures, strong doors, and CCTVs. Other components may include smoke detectors, fire suppressors, and elevated floors especially for the data center to avoid flooding, proper cable management to separate data and electric power cables, and other tools and strategies that can protect organization’s physical infrastructures (Blyth & Kovacich, 2006). The data center and network operation center are two key areas that require a robust physical security policy because they host the most critical business computer systems, including servers, core switch and routers, databases, and core communication systems. Bishop (2003) claims that the data center should be protected with latest security systems and be under 24/7 monitoring to eliminate possibility of an attack because it is the pillar of any organization.

Disaster recovery plan is a key element of security policy. It implements business continuity by ensuring that enterprise’s critical systems, functions, applications, and data are always available (Peltier, 2001). Therefore, organizations should prepare contingency strategies and procedures, disaster recovery plans, incident response procedures, Business Impact Assessment (BIA) for key computer systems, telecommunication networks and data centers, and personnel awareness and training program. These strategies and procedures are focused on ensuring business continuity in terms of uninterrupted operations or acceptable operations at minimum and secure systems and data backup and recovery. Disaster recovery plans should go beyond continuity of business operations after a breach to cover issues related to applications and data recovery. Schou & Shoemaker (2006) argues that restoring operations back to normal after a disaster has hit a business does not imply that some aspects of applications and data integrity, privacy, or confidentiality have not been affected. Therefore, disaster recovery plans must ensure that both business continuity and elements of systems and data integrity, privacy or confidentiality are upheld.

Security/System testing

There are a number of security vulnerabilities in almost all computer systems out there today. With this in mind, it is better if personnel tasked with implementing and maintaining security discovers a weakness rather than a disgruntled present or past employee or a hacker (Suhasini et al., 2012). Security personnel would devise measures to remedy identified vulnerability, but a criminal would exploit the vulnerability to launch an attack. Security or system testing is important to identify and eliminate existing and potential security weaknesses. It helps a business devise defence mechanisms to fight against potential weaknesses to prevent incidents of security breaches. Security weaknesses may arise from factors such as human errors, potential system crashes, programming bugs or malware. An effective security assessment plays a key role in identification and remediation of threats to computer systems in addition to vulnerabilities of those systems to such threats. Peltier (2001) argues that systems testing can be used to detect mitigation procedures, plans, and policies, including required systems modification to eliminate known weaknesses. Consequently, businesses run information systems at acceptable levels of risk.

To determine the strength of an organization’s computer systems and data, it is important to perform security testing in accordance with globally recognized guidelines and procedures such as the National Security Agency (NSA) and NIST SP 800-53 (Peltier, 2001). Personnel involved in systems testing typically specify areas that require emphasis which includes: Router security, firewall security, cyber security, protocol implementations, open ports, authentication and authorization techniques, network intrusion, software bugs, and security patching history (for all antivirus software , operating systems and third party systems) and capability. Security testing may involve determination of the number of devices compromised over a specific time, and identifying potential targets and critical computer systems exposed to risk. According to Bishop (2003), such behind-the-scenes-work is vital for keeping enterprise networks, hosts, applications, and data adequately secure.

Most importantly, security testing is used to determine whether all aspects of IT are running reliably and correctly. Then, it is easier to identify the kind of enforceable and effective policies that can be used to detect, prevent, and sufficiently address problems.


It is evident that the growing introduction and usage of more and more hand held devices with computational capabilities similar to normal PCs together with increasingly powerful cybercriminal tools and techniques have placed business information at high risks of security breaches. Therefore, it is important to protect business data from exposure to unauthorized internal and external people. Information assurance is a component of information security and the components must work together to derive the desired benefits to a business. Information assurance entails protection of authenticity, integrity, availability, non-repudiation, confidentiality, and authenticity of business data and information using physical, administrative, and technical controls to achieve these tasks.  This protection applies to both hardcopy and electronic data at storage or in transit. It is worth noting that information assurance is a field that has grown from information security practices.

The importance of IT security has dramatically increased over the past few years. Organizations are increasingly focusing on developing secured systems to boost trustworthiness and ease of management. In today’s technology world, virus protection and patching are not enough measures to provide desirable levels of security, thus the need to incorporate trust, visibility, and resiliency. Security policies have been in wide usage across the corporate world for provision of secure guidelines in the course of application of IT resources for day-to-day business operations. Security or system testing is also a powerful tool for identifying existing and potential security weaknesses in systems in order to devise remediation strategies.


Birchall, D., Ezingeard, N., McFadzean, E., Howlin, N., & Yoxall, D. (2004). Information

assurance: Strategic alignment and competitive advantage. Grist Ltd.

Bishop, M. (2003). Computer Security: Art and Science. Addison-Wesley Professional.

Blyth, A., & Kovacich, G.L. (2006). Information Assurance: Security in the Information

Environment. Springer Science & Business Media

HP. (2009). Platform & infrastructure security. HP. Retrieved from

Mowbray, T.J. (2013). Cybersecurity: Managing Systems, Conducting Testing, and

Investigating Intrusions. John Wiley & Sons.

Peltier, T.R. (2001). Information Security Policies, Procedures, and Standards: Guidelines

for Effective Information Security Management. CRC Press.

Peltier, T.R. (2004). Information Security Policies and Procedures: A Practitioner’s

Reference. CRC Press.

Proctor, D. (2009, November 29). How to build trust into your network. FCW. Retrieved


Schou, C., & Shoemaker, D. (2006). Information Assurance for the Enterprise: A Roadmap

to Information Security. McGraw-Hill Education.

Suhasini, S., Marc, V., Hickey, J., & McBride, A.J. (2012). Intrinsically Secure Next-Generation Networks. Bell Labs Technical Journal. 173): 17-34.




Kuwait is one of the world’s largest producers of petroleum and related liquids, taking up position ten among the Organization of the Petroleum Exporting Countries (OPEC) members in 2015. In the same year, the country was the 5th largest crude oil producer among OPEC members. Kuwait only trails Iran, Iraq, UAE, and the Kingdom of Saudi Arabia in petroleum production despite its smaller geographical size compared to other OPEC members. Petroleum exports account for approximately 70% of Kuwait’s total revenues, thus playing an integral role in the nation’s economy. Therefore, as a member of OPEC, Kuwait faces a considerable decline in its export revenues due to falling global prices of crude oil. For example, the country’s exports’ value declined by almost 50% between 2014 and 2015. Kuwait is working towards remaining one of the major oil producers globally, targeting production of crude oil as well as condensates in the excess of 4 million b/d by 2020. Nevertheless, the country continues to struggle in its efforts to improve production of oil and natural gas for close to a decade due to delayed upstream projects and lack of adequate foreign investment in the industry.

Founded in 1934, the Kuwait Oil Company (KOC) is a public company that operates in the Kuwait’s oil and gas industry. The Kuwait Petroleum Corporation (KPC), a state-owned holding company is the KOC’s parent company. Its headquarters are located in Ahmadi, Kuwait. The KOC acts as the KPC’s upstream subsidiary. It was until 1936 when the initiated drilling operations. The company’s products range from petroleum to crude oil, natural gas, and other hydrocarbons. KOC undertakes a number of operations in Kuwait, including oil and gas exploration, onshore and offshore surveys, development of production fields, drilling, and production. In addition, the company undertakes crude oil, exploration, production, storage, and distribution to tankers for exportation. A series of oil discoveries were made in Kuwait at different timeframes – Burgan (1938), Maqwa (1951), Ahmadi (1952), Raudhatain (1955), Sabriya (1957), and Minagish (1959). Burgan remains the largest oil reservoir in Kuwait and it is recognized as the second largest reserve and production field globally. For example, in 2010, the field contributed to close to 50% of the country’s oil production. KOC is working on boosting the capacity of Burgan through implementation of enhanced oil recovery techniques such as seawater and carbon dioxide (CO2) injection. Amidst efforts to boost Kuwait’s production of oil and natural gas, KOC projects are expected to support most of the production capacity increments.

In the late 1950s, KOC was able to increase its production capacity necessitating construction of projects such as export terminals to support more tankers in addition to crude oil gathering and distribution control and monitoring systems. This period marked a noteworthy defining moment in the country’s history of oil production and exportation operations mainly undertaken by KOC. The Kuwaiti topography gives KOC an edge with respect to the ease of distributing crude oil from wells to target stations thanks to gravitational pull which eliminates the need for highly specialized pumps. At the same time, KOC has been able to increase its production capacity towards increased oil and natural gas export revenues. In addition, the company employs more than 10,000 persons to fill up various positions. Moreover, KOC supports young engineers and technicians in their quest for technical and leadership competencies in the oil and gas industry. Therefore, KOC continues to play an integral role on Kuwait’s social and economic development and growth.

I successfully underwent a 12-week industrial working program at KOC where I had the opportunity of gaining valuable skills, knowledge, and experiences. During the program, I worked in a number of host institution divisions, including oil and gas field development, exploration, export and marine operations, project management (PM), technical support and maintenance, Health, Safety, Security, and Environment (HSSE) protection, and the central workshop.



I started the industrial working/training program with immense enthusiasm owing to my passion for learning new skills and knowledge as part of my long-term goal of becoming a distinguished engineer. My first day at KOC started with a health and safety orientation – a presentation that covered occupational risks and potential protection and prevention measures. This orientation was crucial to ensuring that my health and safety as well as that of other colleagues are guaranteed throughout my attachment with the institution. I was also provided with some personal protective equipment (PPE) aimed at protecting myself from potential infection or injury in case of a hazard. As part of PPE, I was given a helmet, safety shoes, and uniform. Potential hazards in oil and gas operations may include exposure to excessive heat, particulate matter, or dust. In addition, there are risks related to working in confined spaces, handling hazardous chemicals, or coming into contact with open electrical cables (electrocution). I was also assigned a person to take me around the plants and equipment as well as areas useful to this industrial working program in that the approach was consistent with knowledge transfer activities targeting a person of average technical capabilities – student. More precisely, I was given the status of a student. I was also introduced to a number of people who I would later come to work with. I also completed all the required forms and signed them having read and understood the company’s rules and policies.

2.2 The field development

The first session was a two-week work at the company’s field development unit. Under the leadership of a senior petroleum engineer, the unit dealt with assessment and development of oil wells. Generally, this unit was responsible for planning and executing the entire lifecycle oil and gas field process – from discovery, assessment, development, operations, optimization, and abandonment. I was exposed to a number of knowledge areas, including reserve estimation, recovery evaluation, oil/gas production scheduling, existing wells and their placement, production planning, well construction, and reservoir depletion among others. I had the opportunity of learning about the operations of one of the largest oil reservoirs globally (the Greater Burgan), including aspects of the flow from this reservoir to target wells and assessment of opportunities for oil discovery and production optimization.

I was privileged to assume a major role in the acquisition and interpretation of log data concerned with oil rigs. The experienced drillers helped me understand a handful of well log measurements captured at different depths that guide the process of identifying sub-surface formations for optimization purposes. I came to understand how the following measurements are logged in a real-world oil rig setting: porosity, permeability, water saturation, resonance, and resistivity. Of much importance are the skills I gained regarding open-hole (OH) logging (measurements carried out on an oil well prior to wellbore casing and cementing procedures but after drilling) and cased-hole (CH) logging (measurements retrieved through the casing/piping).  These are valuable techniques as they help drilling and operations personnel to provide critical insights specific to a well, for example, potential flow inhibitors and well formation. I also experienced wireline surveillance in practice, a technology crucial to drilling operations as it facilitated the process of lowering measurement equipment into wells to log and transmit real-time data for proactive decisions.

2.3 Exploration

Another area where I gained valuable skills is the exploration unit over a two-week period. Here, I was able to achieve some understanding in relation to safe and cost-effective exploration of hydrocarbons as governed by the government of Kuwait to optimize oil and natural gas reserves. KOC places a lot of emphasis on hydrocarbon exploration through competent personnel and technological solutions for delivery of best-quality products. The company also recognizes quality and value maximization as key enablers of improved customer satisfaction. I worked together with a teams drawn from different areas, including exploration operations, exploration studies, prospect evaluation, and discoveries promotion groups. I was exposed to strategies related to planning and executing geophysical tasks necessary for exploration of onshore and offshore hydrocarbons; assessment of potential oil and gas prospects; risk analysis and optimization of well locations; and production analysis and promotion of discoveries to personnel involved in field development for reduced exploration-to-production cycles. I was privileged to be involved in some documentation activity related to the above-mentioned gas and oil exploration activities, for example, geophysical assessment results.  

2.4 Export and marine operations

I undertook a one-week assignment at the exportation and marine operations unit, where I experienced first-hand experience in the fundamental crude oil receiving, mixing, storage, and exportation procedures in addition to marine operations. I was involved in activities related to distribution of crude oil from the production and control centre to exportation tankers. During this process, a number of key decisions are usually to be made by the division management. These include issues to do with availability of KOC fleet vessels, oil combating tools, navigational safety buoys; adherence to health, safety, and environmental sustainability rules and regulations across the work sites and beyond; and delivery of necessary training for personal development. While export operations were mainly focused on transportation of crude oil from the production facilities to the target domestic and international customers, marine operations performed tasks essential to shipping of crude oil export from different Kuwait ports. Therefore, a considerable disruption of the export and marine operations may adversely impact on KOC’s supply chains as it is an undeniable bottleneck.

I came to understand the process of receiving crude oil from KOC gathering centres (GCs) as scheduled to a centralized mixing manifold. Then, it is temporarily stored in KOC tank farms from where it is supplied to export ships through loading terminals, Kuwait National Petroleum Company (KNPC) refineries, and MEW power infrastructures. The following are other activities involved in the crude oil export operations: storage and gravity loading, export loading, metering, lab analysis, emergency response planning, facility (tanks, electrical installations, turbines, pipelines, fire fighting equipment and other items) maintenance and repair, and movement and documentation.  Documentation plays an important role in the effectiveness and efficiency of the export operations unit. I learnt that the crude oil exportation process has to be documented in order to gain a clear end-to-end visibility into the product (oil) movements, daily stock, sale lifecycle, off-take reports, cargo quantities, delivery duration, compliance with third-party inspections, and others for effective communication and decision-making purposes. At the same time, potential environmental impacts arising from activities such as emissions, land use, and waste disposal along with potential protection measures are identified and documented.

2.5 Project management (PM)

KOC undertakes small- to large-scale projects. While smaller projects may be handled by divisions where they fall under, larger ones (costing more than $50 million) are managed by a specialized group – Ahmadi Projects. In my industrial working program, I had a two-week assignment with Ahmadi Projects. Nevertheless, the complex and sensitive nature of such projects made it difficult for me to assume any practical roles and responsibilities. But, I grasped a number of basic skills through work-shadowing including aspects of planning in relation to time, budget, equipment, and workforce requirements; project control and monitoring; risk management; stakeholder involvement; and change management. Other than work-shadowing, I was able to win the attention of one project lead who emphasized the need for proper planning,  clear definition of project goals and scope, availability of skills and competencies, and efficient communications as key enablers of successful delivery of complex projects.

2.6 Technical support and maintenance

I had the privilege of working with the technical support and maintenance services team. Here, I appreciate the need for preventive maintenance services for KOC facilities and equipment to ensure the company’s everyday processes and operations are free from potential disruption arising from plant/equipment failure. KOC requires technical services undertaken by electrical, mechanical, and instrument engineers. I interacted with some of these engineers as they carried out their day-to-day technical plant and equipment maintenance and support to prevent potentially severe problems that may disrupt KOC business processes and operations. I learnt about the need for scheduled tank (for water and crude oils) cleaning and repair in addition to maintenance of pipelines, fire suppression equipment, water section equipment, rotating equipment, air conditioning and ventilation installations, metering tools, fire-outbreak and gas-leakage detection systems, and power turbines. These systems are crucial to improved and sustained operability and reliability of KOC projects. In addition, the team was involved in the process of identifying potential health and safety hazards along with creation of risk prevention measures.

I came to understand how engineers perform regular inspections of tanks, pipelines, and other critical equipment and installations to detect potential corrosion impacts. This activity plays an important role in upholding optimal asset or facility integrity. I came to recognize the fact that corrosion is one of the most severe challenge facing KOC and similar companies because they deal with large quantities of liquid and gaseous products. Therefore, the problem calls for huge prevention and corrective investments. In addition, the company has invested in regular corrosion education and awareness training to keep its engineers well-informed about the problem and potential remediation strategies. Corrosion inspection results help the technical support and maintenance personnel make timely and effective decisions in relation to continued use or replacement of an asset.  

2.7 Health, Safety, Security, and Environment (HSSE) protection

KOC is committed to complying with health, safety, security, and environment rules and regulations. The Kuwait Environmental Protection Authority (KEPA) is the main HSSE regulatory agency and KOC strictly adheres to its provisions. As such, all its divisions carry out their processes and operations while at the same time applying and adhering to industry standards and best practices as well as corporate policy requirements. For example, the company complies with the ISO 14001:2004 Environmental Management System (EMS). The company commits itself to aggressive optimization and promotion of a product portfolio that guarantees sustained growth across its onshore and offshore oil and gas exploration and reservoir management operations. The HSSE personnel perform relevant audits, site visits, and emergency drills. KOC places HSSE signage across its office premises and work sites to keep its workforce, visitors, and the general public adequately informed about relevant health, safety, security, and environment practices. Other HSSE considerations are presented on the corporate website from where everyone can access them. While health, safety, and security considerations were aimed at protecting employees, contractors and sub-contractors, and the public against injury, infection, or fatality, environmental sustainability measures seek to ensure that the company respects the interests of the society at large.

As trainee, I worked with the HSSE team and tasked with the responsibility of communicating relevant information to staff, contractors, and sub-contractors. I ensured that every HSSE signage was legible and strategically located so that the target user groups are guaranteed of locating, reading, and understanding them. I was also involved in the regular HSSE site inspections during my time at the export and marine unit. These efforts were aimed at reducing the impacts of this unit’s operations and processes on the elements of HSSE in addition to the integrity of KOC assets. I participated in the process of developing HSSE risk register that included aspects of enumerating potential risks along with their likelihood of occurrence, impact severity, and countermeasures. The company implements the HSSE strategies while at simultaneously training its employees with optimal commitment.  I had the opportunity of understanding a wide array of health, safety, security, and environment issues, including exposure to hazardous substances and air and noise pollution. Associated experiences helped me understand what the world expects from engineers in relation to ethical and environmental responsibilities.

2.8 Workshops

My two-week stay at the company’s central workshop exposed me to different technologies and techniques. The electrical and welding section is one of the workshops that I visited during my assignment at this unit. Health and safety considerations are especially important in the electrical workshop because of potential exposure to electrocution when working with high voltage power supplies.  The high health and safety risks involved in the electrical and welding workshop prohibited us from carrying out practical activities since they were a preserve of professional engineers and technicians. Nevertheless, I still managed to understand the technical issues regarding the workshop’s mechanical and electrical devices. Welding was an important element of the company’s operations because it could be used to fix broken piping infrastructure and other components.

There was a fitting workshop involved in the planning and integration of different systems critical to KOC operations. The director of this workshop made us (as group of trainees) understand that the section is involved in the development and repair of devices used in the normal operations of the company. I had the opportunity of practicing with equipment marked as damaged as it would be impractical to experiment with systems in production. Nevertheless, I still managed to understand different elements and procedures employed in the fitting process, including tapping, piping, and documentation. Documentation forms a crucial element of fitting operations as it is the major point of reference from where future works borrow ideas and/or concepts necessary for maintenance and repair activities. Proper and sufficient documentation of fitting works also supports the company’s knowledge transfer mission in that new comers can quickly adapt to the organization since they have the information they need at their disposal.

The valves section imparted me with skills and knowledge related to the management of piping installations. Engineers actively monitor and control how the fluids flow in the installations to eliminate potential problems. I witnessed engineers test the fluid pressures, rates of flow, and velocities among other metrics to optimize the overall performance.

In the final days, I also interacted with staff working at the mechanisms section because it was impractical to experiment with machines because the complexities involved were beyond my skills. In addition, there were obvious sensitivity issues in relation to potential impact to the company’s operations in the event the machines were tampered with. Nevertheless, this section proved to be very important for my engineering career because it involved activities such as product design, fabrication, assembly, and considerations for continued maintenance.


The twelve-week industrial working program at KOC was a true eye-opener and a major element of my engineering career. This can be attributed to the fact that the industrial experience exposed me to the real-world of engineering in the context of an oil and gas company. I had the opportunity to gain valuable hands-on and soft skills crucial to my short-term and long-term career goals. The following are some of the invaluable skills I gained from the program:

  • Reservoir assessment and development of oil wells;
  • OH and CH logging of an oil rig’s porosity, permeability, water saturation, resonance, and resistivity measurements;
  • Safe and cost-effective exploration of hydrocarbons; exploration-to-production cycle reduction strategies;
  • Crude oil receiving, mixing, storage, and exportation procedures and marine operations;
  • Documentation of oil and gas operations and processes;
  • Project management – planning, control and monitoring, risk management, and change management; corrosion inspection and countermeasures;
  • HSSE considerations; and
  • Electrical, welding, fitting, valves, and mechanisms workshops.

HSSE considerations (environmental sustainability issues) helped me appreciate what the world expects from me as am engineer in relation to ethical and environmental responsibilities. As a professional engineer, I learnt to never downplay the interests of the society. I learnt to always uphold integrity, honesty, and accountability in my engineering activities for the benefit of all stakeholders. I also improved my problem solving skills, teamwork, and communication, which are critical to a successful career.


It is evident that KOC provided a myriad of learning opportunities. Despite the fact that my activities at the company were limited due to the nature of complex systems and processes in the company’s production environment, I gained immense skills and knowledge that will be crucial to my engineering career. I gained skills in oil and gas field development, exploration, export and marine operations, project management, technical support and maintenance requirements, health, safety, security, and environment protection, and valves and fluid flow monitoring and control. I look forward to securing a job placement at KOC or a similar company with vast engineering implementations to further improve my hands-on skills towards my long-term of goal of becoming a distinguished engineer.

Big data

Big data

Big data basically refers to large-scale, increasingly growing, widely distributed, and diverse collection of data assets necessitating use of data analytics solutions to derive valuable insights that can be leveraged to gain sustainable development and growth (Girard, 2015).  Big data can help an organization gain useful information and/or knowledge regarding a wide array of issues, ranging from customer expectations and preferences to creation of innovative and quality business products (Turner, Schroeck, & Shockley, 2013). However, how can big data analytics support strategic project management?

To start with, big data analytics helps trace valuable patterns in diverse datasets that drive efficiency and effectiveness in project portfolio management. The world of project management has large datasets on projects that remains largely unused and/or idle, and they may be holding the edge to an efficient management of project portfolios. Not surprisingly, it would be challenging or impossible for any project manager to manually extract or filter knowledge, patterns, relationships, trends, or facts from large data resources. This necessitates big data analytics to derive insightful patterns and drive better accuracy, because there are minimal chances for miscalculations or unwanted human error (Hu & Kaabouch, 2014). According to Girard (2015), patterns extracted from big data analytics provides the bigger picture about a project to bridge existing and potential gaps and voids in project portfolio management. As a result, there are better chances of mitigating potential project challenges and risks, thus helping avoid project management pitfalls (Leal, 2015).

Secondly, making sufficient sense of the unused datasets can help derive key project elements for better decision-making with respect to managing resources (human resources, equipment, timeline, and budget), overcoming risk factors and quality issues, change management, and scope management. Big data bolsters the sense-making process involving disparate datasets, which could otherwise be based on guesswork, expert advice, or mere previous experiences. Combining big data analytics with subject-matter expertise and past experiences is an integral element of successful project management (Leal, 2015). Girard (2015) argues that big data analytics forms an key pillar of project management at a time marred by depressing statistics about failed projects due to poor understanding of cost projections, milestones, scheduling, task prioritization, team management, and resource management.

Thirdly, there are projects whose requirements are not clearly understood upfront or are extremely complex to manage using conventional approaches, translating to inherent risks that can lead to depressing delays, excessive cost overruns, quality issues, or even total failure. Processing large and fragmented structured and unstructured datasets to extract useful facts, ideas, correlations, and patterns may facilitate innovation, predictive risk management, while seizing new opportunities. In addition, big data analytics may facilitate the selection of the best implementation strategies as well as the break down of large and complex projects into manageable packages, deliverables, and milestones towards successful delivery. Visualization of poorly-defined requirements and project complexities supported by big data is critical to strategic management of projects that are not clearly understood upfront (Girard, 2015; Hu & Kaabouch, 2014; Leal, 2015).

Lastly, big data may be used in stakeholder management – which encompasses a major element of project management. More precisely, big data analytics may help understand the requirements and expectations of the large number of stakeholders involved, including employees, business managers, executives, customers, the community, suppliers and vendors, and regulators. In addition, big data analytics may be used to understand crucial insights associated with conflicting requirements among stakeholders, and political issues and controversies triggered by perceived exclusion. These are issues that could otherwise jeopardize coordination, collaboration, project progress, and acceptance if not handled properly – on time and adequately. Big data analytics could drive valuable stakeholder management insights for better decision-making, and continuous communications and reporting (Girard, 2015; Hu & Kaabouch, 2014; Leal, 2015).

It is evident that big data constitutes a valuable tool for government agencies in their strategic project management processes because it supports informed and smart use of diverse data resources. This is critical to meeting accountability requirements expected of government agencies.


There is no universal definition of big data. Basically, organizations must implement a sound strategic big data plan, information foundation, and analytics solutions that support the increasingly growing and dynamic volume, variety, veracity, and velocity of datasets (IBM, n.d.; Turner et al., 2013). The convergence of volume, variety, veracity, and velocity of data constitute the four dimensions definition of big data (Tai, 2015).

Volume refers to the quantity or scale of structured (from systems such as ERP and CRM solutions that are directly related to an organization) and unstructured (from external systems such as social media) data. Most organizations in the U.S. handle data resources in the excess of 100 Terabytes. Data created daily accounts for approximately 2.5 trillion Gigabytes, and it is expected there will be close to 43 trillion Gigabytes of data by 2020. The growth of data can be attributed to proliferation of PCs, smartphones, expanding internet of things (IoT), wearable technologies, increased adoption of enterprise information systems, and growing social media trends. Growing data stored, processed, and shared across these technologies constitute to the volume big data dimension (Hu & Kaabouch, 2014; IBM, n.d.; Tai, 2015).

The variety dimension refers to the diverse forms and sources of structured and unstructured datasets that need to be managed and analyzed. The form diversity is triggered by the wide range of technologies, for example, wearable devices (holding health-related data), CCTVs (video surveillance records), databases, and social media tweets, posts, and comments. In addition, there are diverse emails, images, and videos from a wide range of systems, which triggers data warehousing and data mining challenges (Hu & Kaabouch, 2014; IBM, n.d.; Tai, 2015).

Veracity encompasses the uncertainty, volatility, and validity problems surrounding rapidly growing data assets. The data resources handled by modern semi-automated and automated systems cannot be trusted for decision-making processes, because of potential inaccuracies, ambiguities, biasness, anomalies, biasness, and quality issues. These are issues that are brought about by increased data generation and diversity, and they need to be adequately managed. The business value of such data resources is derived through big data analytics, and constitutes the veracity big data dimension. In today’s dynamic information and competitive world, the value of data resources may depreciate within a day. Therefore, big data initiatives require a proactive management approach to uphold the sight of authenticity, accuracy, quality, and validity of data and associated insights (Hu & Kaabouch, 2014; IBM, n.d.; Tai, 2015).

The velocity dimension entails actively streaming data. For example, the New York Stock Exchange (NYSE) captures approximately 1 terabyte of trading data during every business session. There are close to 2.5 network connections per person globally. Incorporation of sensors and GPS tracking into consumer appliances (such as TVs and refrigerators) and modern cars as well as the growing IP-based networks have led to increasingly growing streaming internet traffic. More precisely, IP-based networks facilitate accumulation of data from many equipments and information systems such as CCTV systems, HVAC implementations, building management solutions, and ERP and CRM applications (Hu & Kaabouch, 2014; IBM, n.d.; Tai, 2015).


Girard, J. (2015). Strategic Data-Based Wisdom in the Big Data Era. IGI Global.

Hu, W. C., & Kaabouch, N. (2014). Big Data Management, Technologies, and Applications. Information Science Reference.

IBM. (n.d.). Infographics: The Four V’s of Big Data. Retrieved from

Leal, J. G. (2015). Handbook of Research on Effective Project Management through the Integration of Knowledge and Innovation. IGI Global.

Tai, N. (2015). Dimensions of Big Data. Retrieved from

Turner, D., Schroeck, M., & Shockley, R. (2013). Analytics: The real-world use of Big Data in financial services. IBM Global Business Services.

Levels of health and safety at workplaces

Levels of health and safety at workplaces


Upholding acceptable levels of health and safety at workplaces is critical to the productivity and well-being of all people occupying a premise, and to the overall performance and integrity of an organization and the growth of national economy (Hopkins 2002). According to Fleming & Lardner (2002), occupational health and safety is commonly protected through legislation, programmes, best practices, services and standards devised to prevent occupational injuries and accidents. For example, labour programmes proactively work with employers toward reducing job-related illness and injuries through provision of information aimed at bolstering health and safety within organizations.

Every organization is expected by law to have a management system in place to help: observe workplace, machinery, materials and premises safety; inform people on how to protect themselves or react in case of an accident; provide employees’ compensation in the event of challenges related to occupational injuries, illnesses or accidents; and, comply with health and safety policies (Taylor 2012). Compliance with these responsibilities and requirements prevents an organization from experiencing occupational health and safety issues, thus eliminating prosecution and/or penalty problems. However, “effectively managing for health and safety is not just about having a management or safety management system. The success of whatever process or system is in place still hinges on the attitudes and behaviours of people in the organisation”, and this is the core this research.  Therefore, this paper seeks to critically evaluate how attitudes and behaviours at work impacts on the effectiveness of implemented health and safety management system – processes, guidelines and policies.

What is SMS?

A Safety Management System (SMS) refers to a documented formal organizational approach to health and safety management, which entails systematic, top-down business structures, policies, procedures and accountabilities to guide parties (employer and employees) in adhering to safe occupational habits in the course of their day to day work (Glendon, Clarke, McKenna 2006). An SMS includes industry and global best practices and standards in addition to relevant legislation elements to help implement effective health and safety control measures in a structured scheme (HSE 2013). All parties are obligated to comply with provisions of implemented SMS to ensure they are assured of proper prevention from risks associated with occupational health and safety, and are at disposal of remediation or recovery capabilities in the event that a disaster strikes.

As a best practice, organizations should seek approval from an independent audit authority or regulators to ensure that their SMS solutions are effective in proactively mitigating against health and safety risks. An SMS solution provides a business with the capability to (Broadbent 2004):

  • Effectively identify risks and mitigation procedures.
  • Gain a baseline audit consideration elements for regular assessment of health and safety policies, programmes and procedures.
  • Make sound decisions with respect to health and safety risk control.
  • Guarantee health and safety to all parties hence improving workforce productivity and confidence and the overall business performance.
  • Achieve an interface for effective knowledge and information sharing between the business and safety regulators.
  • Bolster customer confidence and trust, because people would like to be associated with an organization that upholds occupational safety.
  • Meet legal obligations with respect to occupational health and safety laws and regulations.
  • Promote a solid health and safety culture.

Attitude and behaviour

Attitudes consist of a relatively persistent set of feelings, beliefs, perceptions, and behavioural inclinations toward personally-tied social groups or symbols. An attitude makes an individual to psychologically tend to evaluate a certain entity with some degree of effectiveness or cognition.  Attitudes play a key role in shaping an individual’s behaviours by influencing how one acts or behaves depending on particular beliefs and conditions. Behaviour is a collection of actions done by an individual or a group. It is the consequent of conscious and/or subconscious thoughts. Organizational management are presented with all kinds of employees with disparate personalities, attitudes and behaviours, and they must work towards adjusting them to leverage their positive aspects (Kreitner 2008).

How SMS relates to the attitude and behaviour (critique of the statement)

HSE (2013) observed that “effectively managing for health and safety is not just about having a management or safety management system. The success of whatever process or system is in place still hinges on the attitudes and behaviours of people in the organisation”. How true is this statement? Is having a sound SMS enough to militate against health and safety risks or there are some human elements such as attitudes and behaviours that promote the effectiveness of such a safety management solution? Guldenmund (2000) stresses that a vibrant, sound SMS solution stems from workers’ dedication towards upholding the “right” thing as stipulated in the SMS policies and procedures at all times, even when safety agents are not around. This way, all the safety aspects are complied with leaving no room for overlooking any SMS provision. Therefore, the effectiveness of an SMS solution lies in employees’ adherence to positive attitudes and behaviours toward particular implement SMS’s health and safety provisions.

Although compliance with implemented SMSs is always mandatory, the decision to always follow stated procedures, policies or codes or not to rests with individual workers (Cooper 2000). Individual actions constitute a considerable element of effectiveness of an SMS rather than the sheer volume and depth of the safety framework. Therefore, it is important to sufficiently focus on addressing human aspects of SMS implementation rather than investing too much effort towards the formal, systematic documentation of health and safety controls. OSHA (2014) claims that the focus should be on human elements of instilling a positive attitude to workers as well as creating awareness on safe habits to help incline behaviours of the workforce towards adopting the implemented SMS. This way, both formal and human elements of health and safety will be considered in the SMS implementation, leveraging its capacity to truly control risks.

HSE (2013) notes that effective management of health and safety is beyond merely implementing an SMS, but success remains in creating a safety culture, which rests on the organizational workforce’s attitudes and behaviours. This translates to: are people doing what they are required to do? The policies and procedures may be provided, but do people have positive attitudes and behaviour with regard to health and safety practices. What are the implications of undertaking health or safety procedures badly or ignoring them? To a large extent, attitudes and behaviours constitute cultural issues and musts be considered in the implementation of an SMS to bolster its effectiveness (Cooper 2000; Hopkins 2002). Therefore, organizations should plan for proper change management scheme through training and promotional campaigns to enhance SMS acceptance and create a positive culture characterized by positive attitudes and behaviours regarding health and safety. This way, people will comply with provisions of an SMS as a formality or culture regardless of whether enforcement personnel are present or not. Consequently, the effectiveness of SMS solution is inclined towards better success.

Lack of dedication of the workforce in complying with an SMS is one of the major reasons behind poor health and safety practices, despite presence of safety guidelines, standards, policies and procedures (Roughton & Mercurio 2002). Legally, organizations are supposed to provide information, train, and involve and consult the workforce in full participation in the health and safety management. Effective workforce involvement and consultation creates a positive culture, whereby employer-employee relationships are based on trust, joint brainstorming and problem solving, communication, and collaboration (Blewett & Shaw 2001). Involving employees in identifying, assessing and devising mitigation measures eliminate challenges that may arise from a feeling that implemented health and safety policies and procedures are imposed on them, an issue that may cause negative attitudes and behaviours (Taylor 2012).  Consequently, the effectiveness of the SMS is hindered due to issues such as workforce rejection or reluctance to adopt specified safe practices. Therefore, the importance of influencing the workforce towards SMS improved acceptability and compliance with health and safety requirements cannot be ignored.

Safety arrangements that deny employees a chance to be heard are more likely to face rejection issues (HSE 2013). Consequently, the workforce may have negative attitudes toward implemented health and safety measures. In addition, the workforce may practice unsafe work habits either intentionally as a protest or unknowingly due to lack of training and/or instruction. For example, the workforce may be short of information about safe use of equipment leading into health hazards such as injuries. As a result, the sheer SMS implementation is rendered ineffective.

Research on occupational health and safety has confirmed that creating a sound safety culture has the greatest single impact on reduction of accidents and injuries (OSHA 2014). Therefore, organizational management must treat creation of this culture a top priority. A safety culture constitutes shared practices, beliefs, attitudes and perceptions regarding occupational health and safety issues that exist in an organization. According to Fleming & Lardner (2002), a safety culture is what creates attitudes that shape human behaviour; therefore, such a culture makes everyone to feel more responsible for health and safety and pursue it at all times.

With proper attitudes and behaviours toward safety, employees tend to go beyond implemented safety management controls to identify and assess unsafe conditions, and try to remedy them. A company whose workforce have positive attitudes and behaviours regarding work safety typically experiences limited at-risk incidents, consequently reducing accident rates, staff turnover, penalties, and absenteeism, while bolstering productivity (Broadbent 2004). Of great relevance to occupational health and safety is a model of workforce attitude and behaviour transformation (Glendon, Clarke, McKenna 2006). This is a key driver of a safety culture that collectively entail values, attitudes, beliefs, and practices. Consequently, employees and the public are enabled to act in a manner that makes them truly healthy and safe within particular premises.

For example, in a sound safety culture environment all workers would feel confident and comfortable reminding colleagues and the management to wear personal protective equipment such as sun glasses or gloves. Such attitudes and behaviours would not be perceived as over-zealous by anybody, but would be greatly valued by the company and possibly rewarded. When everyone acts responsibly by routinely looking out for the welfare of co-workers and pointing out unsafe practices and behaviours it becomes easier to follow set health and safety policies and procedures, thus boosting the effectiveness of the implemented SMS solution. Therefore, the effectiveness of an SMS solution greatly relies on the intention (attitudes governing the understanding and implementation of safe principles) and the ability (behavioural practices involving personal desire to comply with safe principles) of people towards observing an organization-wide health and safety culture rather than the sheer documentation of safe work practices.


Health and safety management is a fundamental organizational process that must be considered with seriousness evident in other business management aspects. An SMS provides solutions geared towards mitigating against organization-wide risks in business operations through a set of procedures, policies and processes that all parties must comply with in order to enhance workplace safety. Creating a significantly safe working environment is crucial to business success as it helps maximize staff productivity and retain employees. Organizations have a legal responsibility to ensure that their businesses do not cause health or safety problems to staff and the public.

It is evident that occupational health and safety co-exists with many factors, and human elements of attitudes and behaviours play an integral role in achieving considerable SMS solution’s effectiveness. A sound health and safety culture in an organization is a fundamentally valuable thing, an implementation that every company must develop internally. For effective running of an SMS solution, organizations must sufficiently and timely involve and consult employees in the entire course of identification and planning from remediation procedures to ensure acceptability and eventually instil a positive attitude and behaviour in the workforce. Through an effective change management plan, organizations are able to instruct and train the workforce on healthy and safe practices. This plays an integral role in shaping the workforce’s attitudes and behaviours toward understanding, embracing and practising health and safety requirements when doing their job. Therefore, organizational leadership must devise ways to build and enhance desired levels of safety culture in order to achieve effective SMS solutions.


Cooper, MD 2000, ‘Towards a model of safety culture’, Safety Science, vol. 36, no. 2, pp. 112- 136.

Broadbent, D (eds) 2004, Proceedings of the 28th International  Congress of Psychology, August 8 – 14, 2004: Maximising Safety Performance via Leadership Behaviours. Beijing, CHINA, 2004

Blewett, V,  & Shaw A 2001, Small – Healthy and Safe? Implications of changing work organisation and reward systems for the OHS of women workers in small to medium enterprises, National Occupational Health and Safety Commission.

Glendon, AI, Clarke, SG, & McKenna, EF 2006, Human Safety and Risk Management, CRC Press.

Guldenmund, FW 2000, ‘The nature of safety culture: a review of theory and research’, Safety Science, vol. 34, no. 2, pp. 216-256.

Hopkins, A 2002, Safety Culture, Mindfulness and Safe Behaviour: Converging ideas?, National Research Centre for OHS Regulation.

HSE 2013, Health and safety management systems, HSE, viewed 9 January 2015, <>

Fleming, M, & Lardner, R 2002, Strategies to promote safe behaviour as part of a health and safety management system, HSE, viewed 9 January 2015, <>

Kreitner, R 2008, Principles of Management, Cengage Learning.

OSHA 2015, Creating a Safety Culture, OSHA, viewed 9 January 2015, <>

Roughton, J, & Mercurio, J 2002, Developing an Effective Safety Culture: A Leadership Approach, Butterworth-Heinemann.

Taylor, JB 2012, Safety Culture: Assessing and Changing the Behaviour of Organisations, Gower Publishing, Ltd.

Global corporate world

Global corporate world

Table of Contents

1.0 Introduction. 2

2.0 Case studies. 3

2.1 DHL.. 3

2.2 Avnet Inc. 5

2.3 Penske. 7

2.4 Nestle. 8

3.0 Enablers for GIS. 9

4.0 Barriers to GIS. 10

5.0 References. 11

6.0 Appendices. 14

Appendix A: Implementation of GIS at DHL.. 14

Appendix B: Barriers to GIS. 14

Appendix C: Developing countries have lower accessibility to the U.S. and Eurpoe. 15


1.0 Introduction

Global corporate world has experienced fast advancements in Information Technology (IT) which have driven the creation and adoption of global Information Systems (ISs) and have helped many businesses grow into multinational companies (Bidgoli 2011). When a company expand its operations beyond its national borders, it also globalizes its information systems leading to a whole set of new problems that need to be effectively solved. Xu & Quaddus (2013) argues that problems arise due to different languages, cultures, laws and regulations, and currencies, time zones, political systems, competition from local brands and huge costs incurred on global ISs and supporting technologies. In addition, different countries posses different levels of IS and IT competency thus companies wishing to venture beyond their borders must either seek offshore IS services or send their IS personnel to execute some tasks (Information Resources Management Association 2011).

IS managers must rethink their IT global strategies in order to sufficiently solve these issues by becoming more informed of every local setting and adhering to more perfect solutions. Senior management of multinational corporations must be well versed with the  demanding task placed on IS managers who try to solve these issues while simultaneously coping with the dynamic nature of IT, thus the management must offer needed support to build a global IS that is capable of keeping the business competitive and sustainable.

This report involves case studies of four multinational companies – DHL, Nestle, Avnet and Penske that are using global ISs as a strategy to succeed beyond national borders. It will show how multinational firms are using global ISs to orchestrate their operations and take maximum advantage of their current position.  In addition, it will discuss enablers for GIS and barriers to GIS.

2.0 Case studies

2.1 DHL

DHL is a multinational company dealing in express deliveries, warehousing solutions, freight forwarding, mail deliveries and other tailored logistic services. It has a global network spanning over 220 countries servicing approximately 140, 000 destinations with instant and express deliveries (K. Laudon & P. Laudon 2013). This is a significant yet unique problem facing DHL: how is it possible to work in exceptionally unique local settings, with different cultures, local knowledge, and languages, while delivering parcel delivery and logistics on a time-intense and global platform?

Today, DHL is owned by the Deustsche Post World Net, and operates a global network of 4,400 regional offices and 238 gateways. In addition, it has over 450 hubs, terminals and warehouses. DHL employs more than 170,000 people and serves over 4.2 million worldwide customers using about 400 aircrafts (K. Laudon & P. Laudon 2013).  DHL faced the challenges of keeping track of many operations and client packages. In case information is significantly delayed or inaccurate, scanners cannot operate, packages wait in warehouses and aircrafts fly empty.

Traditionally, DHL handled this issue by creating about 40 data centres in every major country of operation and then coordinating these data centres with a single set of central database applications installed in every country (K. Laudon & P. Laudon 2013).  The global applications allowed locals to see local data only, thus setup was a considerable limitation because failure of one data centre means that e-mails, transit data and customer shipment, or billing details may be negatively affected leading to tracking problems globally.  This system was adequate to effectively support DHL operations until global trade extended beyond the local limits and data volume rapidly expanded.

After painful encounters, DHL discovered that running 50 different information system centres to a centralized global standard was hard in many countries (Research and Markets 2011). In addition, DHL learnt that information is more vital than packages: customers might understand when natural disasters such as hurricanes lead to loss of packages, but they will be intolerant if DHL systems failed and packages cannot be traced– even if they have been swept away by ocean waters.  The decentralized IS infrastructure slowed down changes and raised costs: it would take over 15 months to undertake software upgrades in 50 countries and computers and IT personnel were maintained in every country. In the third quarter of 1990, Stephen McGuckin became the Managing Director of the Asian & Middle Eastern operation which had its IT organization very strained and costly, and coordination centres were located in expensive areas: London, Bahrain, Hong Kong and Singapore, while the system was being developed in the U.S (K. Laudon & P. Laudon 2013).

These necessitated new collection of management processes and McGuckin started implementing an increasingly centralized systems arrangement to decrease costs, risks, accelerate applications deployment, and enhance reliability. By 2000, DHL had concentrated its global IT structure into three inexpensive, regional centres: Prague, Cyberjaya, and Arizona, with each centre handling operations for a set of countries within the region. In the process, software production management was also changed. Initially, DHL outsourced all software creation from the Indian-based software firm InfoSys, but with consolidation, design work was transferred to Arizona while InfoSys remained with implementation and maintenance leading to reduced costs, accelerated deployment, and enhanced quality. Centralization was complete by 2006, and IT infrastructure’s maintenance costs have reduced by 40%; deployment of new applications takes less than a month; performance has been greatly enhanced (K. Laudon & P. Laudon 2013).

This case study illustrates the challenges faced in becoming locally responsive and achieving seamless information flow across national borders in a real global system.  Though it will be resource-intensive, DHL needs to integrate all its systems and get rid of the three regional centers to enjoy full benefits of GIS. 

2.2 Avnet Inc.

Avnet is a New York-based firm founded in 1921 by Charles Avnet, and is among the Fortune 500 companies and one of the biggest suppliers of electronic components, connectors, embedded technology and computer products globally. Avnet has adopted various business strategies focused on future growth and use of global ISs to sustain corporate growth. Since 1991, Avnet has undergone a growth streak, buying 43 firms including Access Group, a British semi-conductor distributor (K. Laudon & P. Laudon 2013).  According to Lalit & Kent (2012), approximately 60% of Avnet’s business involves distribution of components and the rest computer distribution thus it acts as a middleman between producers and end users including computer industries.

By 2001, the company had successfully expanded into Europe, China and Asia by purchasing the Chinese Sunrise Technology, and in 2005, Avnet bought Memec Group Holdings thus establishing itself better in the Asian market. However, the company has divided its global presence into three regions (Asia, USA and Europe) instead of forcing its purchased companies to adopt its American systems. Each region has its own ERP and associated systems to enable quick integration of new acquisitions and give regional managers freedom to chose how to organize their business in their region. In its acquisitions, Avnet weighs between retaining the systems of each firm and using its own in order to avoid training costs if entirely new systems are introduced to its employees (K. Laudon & P. Laudon 2013).

Today, Avnet maintains two ERP systems: Genesis – a custom-built system in the U.S., and SAP in its Asian and Europe regions. However, Avnet maintains 10 SAP versions, nearly one for European country of operation (K. Laudon & P. Laudon 2013). A centralized SAP system is therefore necessary to consolidate the 10 SAP systems into one.

Due to its high acquisition rate, Avnet has developed “Cookbook” to help it integrate its new companies into its business model and global ISs (Gina 2013). Avnet’s Cookbook covers finances, human resources, logistics, materials, IT/IS, and sales and marketing (Lalit & Kent 2012). Gina (2013) claims that Cookbook has proved to be very instrumental in ensuring common business processes globally despite presence of different regional ERP systems by harmonizing regional and global financial transactions, orders, supply chains and other transactions. However, Avnet is working towards a global system that will replace the current ERP systems and achieve more conformity. Avnet’s executive management has stated that it understands the unique nature of each market but they believe, without an integrated global system, it is hard to achieve business growth and achieve a truly global recognition.

Avnet’s global strategy is at risk: acquisitions costs may outweigh derived profits and three regional ERP systems is a barrier to global strategy due to reduced commonality among regional offices.

2.3 Penske

Penske Inc. is a company dealing in a broad variety of transportation services in diversified industry segments such as retail automotive, transportation logistics, truck leasing, professional motorsports, and transportation components production (K. Laudon & P. Laudon 2013).  

When Penske leases out a new truck to commercial trucking firms, Genpact its Indian vendor works remotely from Hyderabad to electronically arrange for registrations, state titles, and permits. Upon returning, the fuel, toll and driver’s taxes and log documents are dispatched to Genpact and the paperwork sent to Juarez, Mexico where Genpact also has an office for information to be posted into Penske’s information system. At Hyderabad, workers enter data for purposes of accounting and tax filings. Therefore, Penske is componentizing almost every business process, including routine administration and data entry in what is currently called offshore outsourcing. It has outsourced people to execute routine information systems work from as far as India. These people are tasked with routine programming to support Penske ISs, clerical and management jobs in engineering, procurement, human resources and logistics Andel (2011).

According to Andel (2011), offshore outsourcing has lead to severe loss of jobs especially in developed countries such the U.S and Europe whereby computer services jobs are shifted to inexpensive countries such as India where similar results can be derived.

From a business perspective, offshore outsourcing is a rewarding global corporate strategy as it lowers costs, improved performance and expands business coverage. However, it tends to shift job opportunities from high-wage nations to low-wage ones leading to unemployment or forcing people to take pay cuts to retain their jobs therefore globalization has set stage for grounding competent workers. Research by Information Resources Management Association (2011) has indicated that without outsourcing from India, the U.S would have experienced a severe IS labor shortage, increased ISs costs, and reduced spending on ISs.

2.4 Nestle

Founded in 1986, Nestle S.A. is the global leader in food and beverage production. Nestle has its headquarters in Vevey, Switzerland and operates in 200 countries with approximately 250,000 workers stationed at its 500 facilities (K. Laudon & P. Laudon 2013).

Traditionally, Nestle allowed every local company to do business according to local conditions and cultures as the local management saw fit. This decentralized strategy was supported by 80 independent IT units, but the management learnt that these different local units created significant inefficiencies and costs, and hindered effective e-commerce (Blackshaw 2014). Nestle lacked standard business processes thus it was unable to leverage its global buying power so as to get its raw materials at lower prices since each factory negotiated its prices independently.

Weiss & Drewry (2013) notes that Nestle adopted a program to coordinate and standardize its business processes and ISs by initially installing SAP R/3 ERP to integrate its applications in the U.S., Canada and Europe with the hope of achieving effective promotions, and reduced spoilage and overstocking. Nestle facilities run SAP ERP differently using different data formatting schemes leading to system disparities and increased maintenance costs. It was difficult to compile company-wide financial reports as well as viewing performance. It has been tough for Nestle to achieve global standards of business processes, with Nescafe becoming the only brand to get global attention.

In 2000, Peter Brabeck, the CEO of Nestle launched GLOBE (Global Business Excellence), a US $2.4 billion initiative focused on adopting an integrated IS and business processes for procurement, and sales and distribution management. GLOBE was to harmonize business processes, and standardize data and systems globally for Nestle business units to share processes for undertaking sales commitments, creating production schedules, customer billing, and management and financial reporting. This was vital in making Nestle operate like it was in a single country. By 2005, GLOBE had resulted to faster and better demand forecasts and financial reports. However, GLOBE failed to control IT/IS costs calling for a review so as to protect Nestlé’s profits and by 2006 costs were considerably reduced and the company started operating efficiently as one unit globally (K. Laudon & P. Laudon 2013).   

From these case studies, it is evident that if a company develops a perfect global information system, then it is better placed to serve its customers regardless of uniqueness of their locations.

3.0 Enablers for GIS

Senior management support including funding is vital GIS success (Phillips & Gully 2011). Weiss & Drewry (2013) asserts that at Nestle, Peter Brabeck, the CEO initiated GLOBE which saw Nestle effectively operate globally under an integrated IS.  In addition, Brabeck spent $ 2.4 billion on GLOBE while it costs approximately $ 40 million to construct a coffee factory. Well understood and capable business processes extending to an effective global strategy is another enabler (Galliers & Currie 2011). According to Wuttke, Blome, Foerstl & Henke 2013) effective business processes eases the design and implementation process, and clear GIS project goals. Avnet developed “Cookbook” which entailed all elements of its business processes leading to smooth acquisitions and global performance. Cross-functional teams represent the whole business knowledge thus Nestlé’s GLOBE initiative shows greater representation of different business areas in their GIS leading to success.

Growth of internet, and presence of global data standards, for example UNICODE and EDIFACT that facilitate global computing has enabled DHL, Nestle, and Avnet to truly achieve their GISs, as Steinfield, Marcus & Wigand (2011) notes: increased ability to share data across different platforms is supported by global communication technology – internet and data standards.

Moller & Chaudhry (2012) argues that effective change management allows a business to effectively handle any unforeseen challenges and risks.  

According to Stair & Reynolds (2011), appropriate training of users is a fundamental success factor for GIS, for example, Avnet has adopted a knowledge-based use of IS in that the effort needed in user learning is greatly considered before implemented an IS. 

4.0 Barriers to GIS

A company that wishes to implement a GIS faces a number of barriers including:

  • Presence of different political systems, cultures – norms, attitudes, values, and behaviours, laws and regulations. For example, the U.S intends to ban offshore outsourcing which may greatly impact on Penske global operations (Stair & Reynolds 2011).
  • Xu & Quaddus (2013) claims that physical differences between different locations, for example differences in currency, time zone, and language is a significant barrier to GIS. Further, they cite Incurred costs from IT/IS investments are a big challenge. For example, Nestlé’s GLOBE initiative incurred costs exceeding those of setting up a new coffee factory.
  • Ola & Bendik (2013) claims that rapidly changing IT/ISs results to some regions lacking critical technical infrastructure and competency to handle GIS. Eventually, this leads to offshore outsourcing or moving professionals to and from different regional sites which may be costly.

5.0 References

Andel, T. 2011, ‘Car Makers Gaining Traction’, Material Handling & Logistics, vol. 12, no. 3, pp. 46-61.

Bidgoli, H 2011, MIS2, 2nd edn, Cengage Learning.

Blackshaw, P. 2014, ‘Keynote comments Digital transformation at Nestlé: Playing to win’, Journal of Brand Strategy, vol. 3, no. 1, pp. 7-10.

Galliers, R.D. & Currie, W 2011, The Oxford Handbook of Management Information Systems: Critical Perspectives and New Directions, Oxford University Press.

Gina, R. 2013, ‘Avnet Unifies Global IT Services Business’, Channel Insider, 6 May, pp. 1-2.

Information Resources Management Association 2011, Enterprise Information Systems: Concepts, Methodologies, Tools and Applications, Idea Group Inc (IGI).

Lalit, W. & Kent, D 2012, ‘Supply Chain Visibility and Cost to Serve Analysis: An Avnet Case Study’, SUPPLY CHAIN MANAGEMENT REVIEW, 12 September, viewed 3 September 2014, <>

Laudon, K. & Laudon P 2013, Management Information Systems, 12th edn, Prentice Hall.

Moller, C. & Chaudhry, S 2012, Advances in Enterprise Information Systems II, CRC Press.

Ola, H., & Bendik, B. 2013, ‘THE GENERATIVE MECHANISMS OF DIGITAL INFRASTRUCTURE EVOLUTION’, MIS Quarterly, vol. 37, no. 3, pp. 907-1005.

Phillips, J. & Gully, S 2011, Organizational Behavior: Tools for Success, Cengage Learning, Natorp Boulevard.

Research and Markets 2011, ‘DHL Sustainability Case Study – Various Sustainability Efforts and Initiatives’, Business Wire, 25 January, pp. 3-24.

Stair, R. & Reynolds, G 2011, Principles of Information Systems, 10th edn, Cengage Learning, Stamford.

Steinfield, C., Marcus, M.L., & Wigand, R.T. 2011, ‘Through a Glass Clearly: Standards, Architecture, and Process Transparency in Global Supply Chains’, Journal of Management Information Systems, vol. 28, no. 2, pp. 78-105.

Weiss, M. & Drewry, J 2013, ‘Finding the Global/Local Balance’, CIO, vol. 12, no. 1, pp. 20-21.

Wuttke, D.A., Blome, C., Foerstl, K. & Henke, M. 2013, ‘Managing the Innovation Adoption of Supply Chain Finance-Empirical Evidence From Six European Case Studies’, Journal of Business Logistics, vol. 34, no. 2, pp. 149-164.

Xu, J. &  Quaddus, M 2013, Managing Information Systems: Ten Essential Topics, Springer Science & Business Media.

6.0 Appendices

Appendix A: Implementation of GIS at DHL



Appendix B: Barriers to GIS

Appendix C: Developing countries have lower accessibility to the U.S. and Europe

Computer forensics

Computer forensics


Computer forensics is the field of gathering, analyzing and producing reports of digital information in a manner that satisfies legal admissibility requirements. It can be applied in cases of crime detection and prevention and in other disputes where available evidence is digitally stored (Francia & Clinton, 2005).

Computer forensics as a discipline is undertaken in forensic crime labs to find, analyze and report on evidence based on digital data and subsequent safe storage.

This paper seeks to analyze the basic operations of a computer forensics laboratory and considers a number of factors including: National standards that certify forensic testing labs, lab components, working conditions, standard lab equipment, and selected tools for computer memory analysis.

National standards that certify forensic testing labs

Senft & Gallegos (2010) argued that there is a question as to what best practices or standards are put in place in computer forensics field to address complexities in evidence collection, storage and presentation while adhering to controls that protect the evidence from accidental or malicious loss or change.  There exist documented, appropriate and validated standards that govern accreditation of computer forensics crime laboratories. The American Society of Crime Laboratory Directors/Laboratory Accrediting Board (ASCLD/LAB) has been the forensics crime laboratories accrediting board since 1982. Such bodies have established standards that must be met in order to be accredited. Specifically, a stand-alone forensics testing unit have to extensively document and show its compliance with approximately stated set of standards.

According to Senft & Gallegos (2010), these standards are:

  • A training program extended to all employees to develop essential technical skills in all applicable functional units.
  • Technical procedures and toolkits must be validated in order to demonstrate their efficiency and effectiveness in examining forensic evidence before being applied on casework.
  • Equipments and instruments must be adequate for investigation procedures used and be maintained in good working condition. In addition, control samples should be used and be well documented in the record to maintain validity of the forensic testing parameters, and consequently the conclusion.
  • Documented procedures and policies for identification, collection, and protection of digital evidence from potential loss, alteration or contamination.
  • Equipments and instruments should be appropriately calibrated and records of calibration maintained for future reference. Sampling equipment must be checked to ensure that they meet the laboratory requirements relevant to investigations.
  • Forensic examiners stationed at a lab must undergo a competency test successfully covering a diverse set of forensics disciplines and maintain proficiency through constant training.
  • Acceptable conformance to marking and sealing of forensic evidence.
  • Ensure that forensic testing can be adequately supported by legally sound and forensically sufficient digital evidence.
  • The lab must demonstrate practical personnel health and safety measures.

These standards according to Nelson, Amelia & Steuart (2009) ensures that lab operations, management, staff, equipment, personnel, procedures, security, plant, safety and health measures meet laid down national requirements.

Lab components

Forensic laboratory components are the tools and procedures that aid in detection, collection, and analysis of evidence samples for further determination and reporting. The components include but not limited to (Francia & Clinton, 2005):

  • Architectural design covering special concern to environmental and personnel health and safety.
  • In addition, labs should have a physical facility that can preserve the correctness of the digital evidence and operations done there.
  • Elements for safeguarding exposure to hazardous substances or devices.
  • Computing and communication components.
  • Elements that provide operational efficiency and adaptability.
  • Procedures and devices for securing digital evidence to ensure preservation in an untainted condition. An example is an evidence container – heavy-duty safe or file cabinet.
  • Workbenches and conference rooms as well as shelves for internal reading library.
  • Special purpose units with integrated forensic crime processing tools capable of effectively handling of challenging computer crime cases.

Working conditions

Francia & Clinton (2005) asserted that computer forensics lab environment depends on the nature of cases under investigation, for instance the level of confidentiality of the forensic investigation.

 Occupational health and safety procedures must be put in place to protect personnel and lab facility from risks (Giannelli, 2007). Furniture and equipment must be appropriate for work done with relation to occupational safety. Ergonomic considerations are a must at labs and workplaces must be adjustable and have adequate lighting (Nelson et al., 2009).

Special air conditioning is necessary in lab environments to ensure that personnel feel comfortable while working in the lab. In addition, personnel must be provided with preventive equipment to safeguard against personal injury. This includes: Latex gloves, ear protection, coats, and protective eyewear at minimum (Francia & Clinton, 2005).

Proper signage is necessary to provide quick directions to eye or face wash, first aid toolkit, emergency telephone contacts, safety showers, fire extinguishers, fire evacuation directions and warning to forensic investigators.  As a safety precaution, Senft & Gallegos (2010) noted that corridors, exit ways and hallways should always be kept clear for easy movement in case of an incident.

Standard lab equipment

Digital forensics involves a number of equipments capable of assisting in deriving evidence that can be used in a court of law. Standard lab equipment includes (Francia & Clinton, 2005; Senft & Gallegos, 2010):

  • Computer hardware and software and digital peripherals. Forensics investigations and analysis software such as EnCase Forensic.
  • Write blockers that provide forensically sound view of almost all storage devices without possibility of accidental damage to drive contents.
  • Digital audio and video devices, for example, iPods, MP3 players, video surveillance devices, digital cameras, scanners, and facial and audio recognition devices.
  • A combination of audio and video devices, for example, CDs, DVDs, USB drives and hard drives.
  • Computer and drive interface connectors and adapters, such as IDE, SATA, MicroSATA, ZIF and SCSI interface adapters.
  • Microprobe equipment to investigate damaged tiny elements.
  • Digital communication devices, for example, iPhones and cell phones.
  • Anti-static toolkit.

Selected tools for computer memory analysis

With increased popularity and accomplishments in computer forensics, memory forensics tools have greatly proliferated and their capability have improved (Giannelli, 2007). Recent tools have made memory analysis feasible to forensic crime examiners as a result of better interfaces, detection heuristics and documentation. Memory analysis is important because it allows examiners to provide a clearer image of memory by including the systems page file (Sanderson, 2006).

Sanderson (2006) highlighted the following memory analysis tools include:

  • Mandiant Memoryze: A free software that perform live memory analysis and among the first tools in the field.
  • PTFinder: Searches the memory dump of systems running on Windows for bits of threads and processes and places results into a text editor such as Notepad.
  • Volatility Framework: An open set of tools under free software for extraction of forensic artefacts from RAM samples. In addition, it supports third party plug-in.
  • MemGator: A memory file audit tool that automatically extract memory file data and compile a report.
  • Redline: Designed to ease memory forensics and attract larger audience. It audits system memory to provide live analysis.


It is evident that computing technology may amount to a crime scene, for example, denial of service attacks and hacking among others or it may hold tangible evidence in form of digital files, emails or internet history which are relevant to criminal activities such as fraud, drug trafficking, or even murder. Digital evidence is mainly galvanized in computer forensics labs where examination is well supported to ensure that the data achieved is legally admissible.

This paper has discussed basic operations of a computer forensics lab by focusing on national standards that govern implementation of labs, lab components, working conditions such as occupational health and safety, typical lab equipment and memory analysis tools.


Francia, G.A., & Clinton, K. (2005). Computer forensics laboratory and tools. Journal of Computing Sciences in Colleges. 20(6): 142-149.

Giannelli, P.C. (2007). Forensic Science. Journal of Law, Medicine & Ethics. 33(3): 535-545.

Nelson, B., Amelia, P., & Steuart, C. (2009). Guide to Computer Forensics and Investigations. Cengage Learning.

Sanderson, P. (2006). Mass image classification. Digital Investigations. 3(4): 191–196.

Senft, S., & Gallegos, F. (2010). Information Technology Control and Audit (3rd ed.). CRC Press.

Report for the Department for Communities and Local Government

Report for the Department for Communities and Local Government

Executive summary

This is a report for the Department for Communities and Local Government to recommend remediation measures for mistakes made on the FiReControl project. It focuses on leadership and planning with respect to project management, and provides recommendations for future projects. Project leadership and management are recommended for the Department to ensure there are adequate resourcing, motivated team, and project ownership, along with provision of a pathway to guide in the FiReControl project implementation. This way, the chances of project failure are significantly reduced.

1.0 Introduction. 3

1.1 Brief background of the project. 4

2.0 Discussion on two areas of project management. 5

2.1 Project leadership. 5

2.2 Project planning. 7

3.0 Conclusions. 8

4.0 Recommendations. 8

5.0 References. 11

1.0 Introduction

Project management entails planning and organizing resources, protocols and procedures to accomplish particular objectives in a problem of interest (Vidal & Marle 2008). Ajmal, Helo & Kekale (2010) argues that a project is typically a temporary pursuit aimed at delivering a certain product or service to deliver beneficial change, for example, added value. By default, a project has a defined starting point and end, and is normally constrained in terms of time, deliverables or milestones, or funding. These constraints require to be addressed appropriately to increase the chances of successful project implementation. Project management is primarily challenged by addressing pre-conceived constraints to achieve the project goals and objectives (Gido & Clements 2014).

The FiRe control project was uninitiated in 2004 to streamline the fire response infrastructure technologically, and was scheduled to be completed by October 2009. The Department for Communities and Local Government contracted European Air and Defence Systems (EADS) was contracted to design, develop and deploy the IT system. However, the project was marred by a number of cost escalation and delays over its lifecycle (National Audit Office 2012). This report seeks to communicate two areas of project management – project leadership and project planning, and ultimately provide recommendations for future projects.  

1.1 Brief background of the project        

Initiated in 2004, the FiReControl project was aimed at establishing 9 purpose-built local control centres to replace the control rooms of 46 Fire and Rescue Services across England. The backbone of the project rested on using an IT system to technologically link the previous 46 control rooms as a means of bolstering efficiency and resiliency in the area of handling calls, mobilizing equipment and managing incidents. The project failed miserably and the Department for Communities and Local Government opted to terminate it after 7 years (December 2010) to cut increasing losses. Unfortunately, approximately £465 million had already been wasted at the time of termination with no delivery of the IT system. Additionally, 8 out of 9 new control centres remained costly to run and empty (National Audit Office 2012).

According to the National Audit Office (2011), the FiRe Control project failed from the start due to flaws that could be attributed to lack of support from essential personnel, mainly drawn from the local Fire and Rescue Services. In addition, the project was rushed, thus failing to adhere to proper procedures or plans. There were also ineffective balances and checks in the early phases, meaning the Department based its commitment on inaccurate estimates of the project’s costs and benefits as well as unrealistic delivery time schedule. The Department also agreed on an insufficient contract with the IT vendor, alongside under appreciating the underlying complexity, thus mismanaging the performance as well as the delivery timetable of the IT contractor. Necessary leadership was also not available to ensure the project was successful. Instead, the project team over-relied on poorly managed consultancy personnel and failed to address early issues with delivery.

2.0 Discussion on two areas of project management

2.1 Project leadership

In project management, leadership is more than mere project managers. Project leaders possess highly desirable collection leadership skills and technical capacity to drive projects towards optimal performance, and ultimately success (Schwalbe 2009). Turner (2014) argues that leadership skills optimize project performance. As such, it is important to have a collection of specific leadership skills and qualities as a platform for successful implementation of a project. What are the desirable qualities for effective project leadership? This is a question that has gained increased momentum in the project management arena. Based on a study by Soderholm (2008), the following are the intrinsic characteristics of effective project leadership:

  • Capacity to instigate a collective vision: effective project leadership often possesses an overall vision of the intended goal and the capacity to communicate it in an articulate way. This implies that leadership requires a visionary approach. Visionaries succeed in change management and drawing new boundaries to ensure that set project goals and objectives are adequately addressed. A leader must have the capability to lift teams and members up by giving the vision and driving the spirit of change. A collective vision driven by strong leadership promotes the feeling of truly owning a stake in a given project by empowering people to be part of the cause throughout the project lifecycle.

Competent leadership inspires, encourages and models the stakeholder community to work as a team. Consequently, there is strong collaboration across team members, which drives a project towards success.

  • Good communication capability: leadership must be able to communicate with people spread across all hierarchical levels. Clear communication is necessary to ensure that project teams understand the project goals and objectives as well as their responsibilities towards achieving them. In addition, stakeholders must be given feedback about progress to know what is expected of them, for example, senior management may be required to provide more funding. Effective communication forms the platform for successful negotiation and persuasion which helps establish a strong link between all stakeholders.

In project management, strong leadership promotes strategic and tactical awareness, thus bolstering the strategic significance of a specific project across stakeholders (Meredith & Mantel 2011). This facilitates creation of a project that considers all internal and external impacts, thus building a solid platform for undertaking all activities while avoiding potential risks.

Leadership is critical to successful project implementation because team members listen and rely on the person(s) at the top-most level of the project’s organizational structure (Heagney 2012).  Basically, leadership is analogous to change sponsorship as it forms the body that makes people believe and work towards change. Senior leaders provide credibility and authority required for change, whether it involves new systems, processes, organization structures or job roles. Blichfeldt & Eskerod (2008) argues that senior management presence demonstrates its commitment as well as that of their organizations. As a result, the degree of resistance is reduced, and the progress of the project is bolstered.

Visible, committed and active top leadership sponsorship is one of the most critical contributing factors to project success (Reiss 2013). Sponsorship plays an integral role in ensuring that there are required personnel, funds and equipment to support a project throughout its project lifecycle. Senior management support is the most critical success factor for project implementation (Hwang & Tan 2012).

2.2 Project planning

Project planning entails creation of an approved schedule to guide in execution and control with regard to cost and time scheduling, risk mitigation and quality control. It also defines the communication plan to convey all ideas and progress – true organizational nature, issues that need to be resolved, and accomplishments at different stages. Planning provides a way of organizing actions to fulfill the project goal (Turner 2014).

Project planning primarily documents a summary of planning decisions and assumptions and approved scope (Heagney 2012). It plays a key role in defining the approach and control measures that may be used to ensure that the intended project goal is delivered (Phillips 2009). Typically, project planning answers the following four basic questions with respect to the project at hand: why – the value proposition to be addressed or why the project should be sponsored; what – the work or activities to be performed and the major milestones and/or deliverables; who – the people to be involved in the project and their responsibilities; and when – the project time schedule to reach particular meaning points (Vidal & Marle 2008).

Phillips (2009) argues that a project plan basically derives from industry standards, for example, PRINCE2 and PMBOK, and must describe the overall steps in execution and control. As a best practice, formal agreement across relevant stakeholders should be pursued prior to approval of a project plan. In addition, approval should be sought in the early phases of a project and appropriate control measures applied to correct any deviations from the plan (Whitty & Maylor 2009).   

Compromising project planning attracts disasters. The initiation stage is critical to project success since it establishes the core foundation of a project, and planning should be the first consideration in the phase (Whitty & Maylor 2009). Failure to plan can damage stakeholder engagement, benefits and scheduling (Schwalbe 2009). After all, planning provides the path to be followed towards meeting defined goals and objectives. Gido & Clements (2014) argues that the main factors behind project failure include: poor stakeholder engagement, lack of proper communication, and poor definition of roles and responsibilities. Therefore, these factors should be considered in the initiation and planning phases of any project.

3.0 Conclusions

It is evident that, fundamentally, projects are constrained by scope, resourcing – funding and human resources, time and quality, which need to be properly managed to achieve the defined goal.

Strong leadership plays a key role in overcoming the project constraints as well as in supporting change management through direct communication and commitment to the specific cause. Basically, leadership entails provision of necessary resources and actual direction towards achieving project goals and objectives.

On the other hand, project planning identifies prevailing constraints to provide proper remediation. With project planning, the clarity of project goals and objectives, and roles and responsibilities is greatly improved, and stakeholders are more likely to perform their tasks effectively and efficiently.

4.0 Recommendations

For example, the Department for Communities and Local Government failed to offer the appropriate leadership and make the FiReControl project successful. Over relying on insufficiently managed consultants led to failure in addressing early problems. 

The following things are needed to ensure that top leadership help drive successful project implementation:

  • The top leadership needs to clearly understand its role in implementing the project. Senior management forms a key body in project implementation by forming the backbone for engaging all stakeholders in the development process. This entails concrete readiness, capacity and willingness to implement a project.
  • Leadership must sell a project to the stakeholders and the wider organization. This helps create a sense of ownership across the organization, thus overcoming resistance issues. Effective feedback platform is important for channeling concerns stakeholders may have as well as taking relevant steps to overcome issues that may arise.
  • Leadership should provide necessary resources (funding and human resources) to sustain the project. The FiReControl was affecting all the 26 fire control centres, thus it required large-scale investment in terms of time and funds to boost long-term success.
  • Plan realistically to avoid inefficiencies and disruptions to the actual project plan. This calls for seeking agreement across all stakeholders to identify potential project risks.
  • Communicate effectively with stakeholders and motivate project team members to undertake the project. The FiReControl project experienced flaws because essential stakeholders could not be reached and involved, for example, the local Fire and Rescue Services.
  • Support measures to deal with existing and potential difficulties – organizational change, disorientation of people, low employee morale, and time and cost overruns.
  • Consider strategic consequences of implementing a project considering the size of modules that need to be installed to meet the needs of the overall organization.

It is apparent that the FiReControl project was not properly planned right from the initial stages. Without proper planning, the project had minimal chances of success as there were unrealistic cost estimates and its scope was not well defined. In fact, the project was terminated to avoid additional money wastages. The future of the project was not ascertained, thus complexities in the underlying IT solutions could not be identified upfront. Proper planning could play a significant role in driving the FiReControl project towards successful implementation. As the single unifying factor in complex projects such as the FiReControl, project planning draws the attention of all stakeholders. In the FiReControl project, planning could have enabled all stakeholders to work towards achieving the same goal. Project planning helps make decisions to influence the future, that is, the tasks that need to be performed, how they will be executed – the sequence and approaches, and the roles and responsibilities assigned to each stakeholder.

Project leadership and management are recommended to ensure that required resources are available, team members remain motivated, and project ownership is upheld and that there is a pathway guiding the FiReControl project implementation. In addition, planning provides a platform for ongoing communication on project progress alongside issues that need to be addressed. This way, the chances of project failure will be significantly reduced.

5.0 References

Ajmal, M, Helo, P, & Kekale, T 2010, ‘Critical factors for knowledge management in project business’, Journal of knowledge management, vol. 14, no. 1, pp. 156-168.

Blichfeldt, BS, & Eskerod, P 2008, ‘Project portfolio management–There’s more to it than what management enacts’, International Journal of Project Management, vol. 26, no. 4, pp. 357-365.

Gido, J, & Clements, J 2014, Successful project management, Cengage Learning.

Heagney, J 2012, Fundamentals of project management, AMACOM Div American Mgmt Assn.

Hwang, BG, & Tan, JS 2012, ‘Green building project management: obstacles and solutions for sustainable development’, Sustainable Development, vol. 20, no. 5, pp. 335-349.

Meredith, JR, & Mantel SJ, 2011, Project management: a managerial approach, John Wiley & Sons.

National Audit Office 2012, The failure of the FiReControl project, National Audit Office, viewed 29 June 2015, <>

Phillips, J 2009, PMP® Project Management Professional Study Guide, McGraw-Hill Ltd.

Reiss, G 2013, Project management demystified: Today’s tools and techniques, Routledge.

Schwalbe, K, 2009, Information technology project management, Cengage Learning.

Soderholm, A 2008, ‘Project management of unexpected events’, International Journal of Project Management, vol. 26, no. 1, pp. 80-86.

Turner, JR, 2014, The handbook of project-based management, McGraw-hill.

Vidal, LA, & Marle, F 2008, ‘Understanding project complexity: implications on project management’, Kybernetes, vol. 37, no. 8, pp. 1094-1110.

Whitty, SJ, & Maylor, H 2009, ‘And then came complex project management’, International Journal of Project Management, vol. 27, no. 3, pp. 304-310.

Expansion of an IT

Expansion of an IT start-up in providing a software solution for Care homes in UK


Generally, strategic management is concerned with how an organisation’s top management formulates and executes key goals, policies, and plans to meet specific objectives in an environment constrained by resources and a collection of other dynamic internal and external factors (Wit & Meyer 2010). The major competitive advantage strategies that will be considered in this review include product/service differentiation, cost leadership, and operational excellence. The literature highlights the problem areas within care homes and then shows the opportunities that are there for an IT start-up with care home support solutions for the problems. The literature also connects the problems areas with strategic management paradoxes such as market-driven or resource-driven and the paradox of profitability and responsibility. This approach will help relate the strategic perspective of the care home industry for the development of a well-researched IT solution to support care home organizations deliver their services to the needs and expectations of their customers. As one of the major enablers of competitiveness, transforming customer demands and expectations into valuable care services in a market context faced by dynamic internal and external factors require a strategic approach to achieve the desired growth as well as competitiveness.


Increasingly growing demand for personalized care services

There has been growing demand for personalized care services over the past ten years – a trend that can be attributed to the increasing number of persons with intricate care and support needs. For example, more than 20% of the elderly people above 65 years in the UK are care home residents and the number of persons with over 65 years old is expected to rise by close to 40% by 2033 (Age UK Organisation 2016; Ruddick 2015). Furthermore, the demand for beds in UK care homes is set to increase by 15% by 2040, further challenging the quality of care services provided to the elderly (Age UK Organisation 2016).

Coordination of specialists from different fields

Maintaining active communications between care professionals poses challenges across many care home settings. The issue is even more complicated when several care practitioners are offering services to one or more persons with intricate care needs, principally because the persons involved (usually care professionals and regulators) are required to share their individual piece of information for a comprehensive understanding of the specific conditions of a patient or client and timely and accurate tracking of changes. In addition, there is a wide array of regulations and agency policies that need to be navigated and complied with by the care providers to assure high-quality services. Unfortunately, some information does not always get to the right persons due to communication and coordination challenges that inhibit efforts to streamline the underlying processes (Paquet 2016). These are problems that can greatly inhibit the quality of care and support services in a care home organization.

Keeping care recipients and their family members adequately informed

While active communications between care givers and associated professionals to enable them stay updated with what is going on, even care recipients and their family members must be kept informed. Care home organizations need to come up with methods of making sure that the right members within a patient’s circle understand appropriate information about symptoms and medications or treatment. Keeping care recipients and their family members adequately informed is especially important when dealing with clients with intricate care needs because there are high chances of undergoing extended treatments, visiting more practitioners, and taking more medications compared to clients with basic chronic conditions. In such intricate care need scenarios, a patient may end up forgetting to take a certain medication or fail to meet a care-related appointment. In practice, maintaining an informed population of clients and authorised family members is a challenging exercise (Ott 2015; Paquet 2016).

Security and safety of staff and clients

The security and safety of clients in care homes is paramount as it helps prevent a number of dangers. For example, a dementia patient may exit the care home without the attention of care providers and be hit by a speeding motorist. Even within the care facilities, a patient may gain entry into a sloppy area and slide, leading to unwanted fractures. Staff may also be attacked by outsiders while in the line of duty (Victor 2010).

Growing financial pressures

The general care industry continue to face financial pressures as governments come up with reforms to cut the costs of care home and nursing home support (Lopez  & Dupuis 2014). In the UK, the gap between the costs of care homes and the funding for the vulnerable aged population by the local authorities is widening, implying that approximately 50% of the UK’s care home opportunities could disappear since providers may go under. The Southern Cross (one of the biggest care home organizations) collapse in 2010 still hangs over the UK care home sector, causing immense worry and uncertainty for close to 31,000 of its clients and their family members. It was until the competitors of Southern Cross agreed to step forward and rescue a good number of the residents (Ruddick 2015). Simply put, the decline in government-based reimbursements to care organizations necessitates tightened cost controls in order to maintain sustained operations without withdrawing a number of services. In fact, closures in the care home industry may exceed new openings if managers in these organizations do not develop measures to combat rising costs. As one of the controls, care agencies have turned to low salaries and benefits. Consequently, care homes have one of the highest staff turnovers in the service sector and continue to face problems in recruitment. The dilemma is felt across local and national boundaries, thus it is challenging for care homes to meet the service demands for their clients without sufficient staffing levels.  Moreover, necessary funding is constrained by the need for specialised medical facilities to cater for intensive treatments in care homes (Cousins et al. 2016).

Even worse, high property rents and costs related to debts, capital expenditure, and maintenance are making care homes in the UK feel the squeeze. Four Seasons with 470 homes and approximately 22,000 beds is close to experiencing a new crisis since it is losing pounds in excess of millions per year and struggling with £500 million in debts (Ruddick 2015). Medication management issues

The major challenge facing care homes is the capacity to provide adequate and appropriate medical care to clients suffering from frail health conditions. While in poor health, clients are likely to rapidly deteriorate in their condition id subjected to insufficient and improper treatment or medication (Quadagno & Stahl 2003). Efforts pursued in recent years are mainly focused on establishing quality standards that can be measured in a scheduled manner to serve the purpose of care quality certification, service improvement and effectiveness, proper leadership or management, and regulation. In addition, quality standards are aimed at forming the basis for consumers to make their decisions about seeking the services of a care home in terms of the degree of responsiveness to their needs (Care Quality Commission 2012).

Leisure and wellness management issues

Care Quality Commission (CQC) regulations prioritise nutrition and hydration assessments in care homes. This can be attributed to the fact that poor nutrition and hydration is a recipe for severe health and wellness problems to resident satisfaction. Moreover, relatives and friends tend to be dissatisfied with care homes that provide poor levels of nutrition and hydration (Care Quality Commission 2012; Letts et al. 2011).


Basically, how can care agencies continue delivering high-quality and more-efficient services in a sustainable way in the wake of growing demand? Is IT a viable solution, or is it just a hyped solution? Lopez and Dupuis (2014) argues that the care home sector is in the process of a massive technological revolution aimed at transforming  the industry’s businesses as shown by statistics released by companies such as Lucintel. Legacy technological systems continue to be replaced with modern faster and increasingly powerful technologies. Care technology advancements are taking place at an ever increasing rate for applications such as autonomous health monitoring, pharmaceutical administrations, and others (Halvorson 2013).

Agencies such as the National Information Board (NIB) are working towards putting technology and data to social work for citizens, service users, and care professionals to assure improved and sustainable care and health. There are proposals intended to bring change for people to be in a position to access their care records in digitized formats and make the UK a leader in digital health and care economy through best use of technology and data. Technology-enabled care services may help commissioners, carers, and patients enjoy maximized value of technology in the healthcare economy. The CQC is involved in the inspection of UK’s care homes twice a year or once in two years depending on quality performance trends, and technology-enabled care services can help a care home maintain or even improve its rating. This is because technology directly supports the care delivery process by enabling the following major areas:

  • Safety: clients are protected from avoidable harm and abuse. As a solution to security and safety risks, the care home perimeter should be secured by CCTV camera systems. Moreover, dangerous zones and doors should be alarmed and actively monitored.
  • Effectiveness: clients are assured of the life they choose to live, quality of life, and best health.
  • Responsiveness: services are well organized.
  • Proper leadership: the management inspires personalised and high-quality care while at the same time promoting a fair and transparent culture (Maczka, Parry & Curry 2016,).

The findings from a review conducted by South East Health Technologies Alliance (SEHTA), a network of social care and health providers, research and academic institutions, government agencies, and policymakers to investigate the extent to which technology has been deployed in the care sector shows that IT deployments in this industry has been insignificant – only about 40% of care homes use technologically-enabled solutions in their service delivery. Apparently, adoption is skewed towards providing staff with care service-related information such as personnel visits to residents, updating care records, and raising alerts in case of missed staff visits and fall incidents, electronic care records and document handling, telehealth, and video-enabled rehabilitation consoles. In addition, the study showed that close to 80% of care homes still rely on paper-based record management approaches (Maczka, Parry & Curry 2016). Common technologies used in any organisation such as staff-rostering software, finance and accounting systems, corporate websites, and social media and text-messaging have immense potential for care homes (Wood 2015).

With service improvement being a must to attract more clients and to avoid legal and regulatory compliance risks that may lead to loss of registration, care homes need to adopt technology as they stand to gain immense benefits. Technology-enabled care services stand to eliminate possibilities of one or more key inspection criteria being rated as ‘ Inadequate’ or ‘Requires Improvement’ by demonstrating evidence of compliance with good care standards such as absence of medication errors (Lane 2013). Therefore, technology can help remedy the problem areas in the care home sector; it can reduce inconsistencies in care delivery and meet regulatory standards and industry best practices.


A market-driven strategy basically allows s a business better understand the market and its customers towards achieving a competitive advantage and developing long-term relationships with the customers. Therefore, when formulating the strategy, the primary logic rests on understanding the market and customers in the market. This way it is possible to gain competitor intelligence, determine unique capabilities and offer outstanding customer value – actions critical to achieving superior business performance (Sciarelli 2008). Rothaermel (2012) adds cross-functional coordination as another key market-driven requirement. On the other hand, a resource-driven strategy perceives resources as critical to superior business performance and sustainable competitive advantage. The argument behind this strategic approach is that a company should leverage its internal sources of competitiveness as opposed to the external competitive environment (Adamides 2015; De Wit & Meyer 2010). In the context of care home industry, the market may be considered to be both market-driven and resource-driven because of its underlying characteristics.

Care homes appear to be market-oriented – a business culture that is mainly focused on meeting the customer (resident or c are recipient) needs, providing outstanding customer value, and satisfying customers. In the course of running business, care homes adopt IT systems as a major step towards improving their service delivery efficiencies, effectiveness, and quality as part of competing successfully. For example, in a study conducted to investigate the major technology trends across the aged-care market, Wood (2015) discovered the following key findings:

  • The cost of aged care will continue to rise with increasing population of the aged persons in comparison to the younger population.
  • Not every senior will be in a position to afford private care and medical insurance.
  • People yearn for retaining their independence and enhanced social life by receiving specialised care within their residential homes.
  • Governments are working on ways through which they can limit the reliance of the ageing population on care home and hospital facilities.

The abovementioned findings are trends that care homes can consider to gain sound understanding of the market’s demands, regulations, and customer s for better market-orientation and customer value creation. Adamides (2015) describes customer focus as a market-driven requirement that seeks to understand the needs and responses of customers in relation to the delivered product (in this case care services).  Medication management is largely a market-driven strategy in that technological systems designed to facilitate medicine prescription, order fulfilment, checking, reconciliation, dispensation, and record management contribute to improved patient (client) health. This is achieved through a number of ways: minimised medication errors, reduced adverse incidents, and improved visibility and accuracy in relation to medication information (Maczka, Parry & Curry 2016). The technological approach to addressing leisure and wellness management issuesis largely customer-focused as it seeks to support healthy and safe client independence, social integration and community engagement, and remote monitoring of patients’ sleep, and nutrition, and hydration statuses. These are resident (customer) needs that should be met in the delivery of leisure and wellness services in care homes. As such, introduction of technological solutions to resolve potential issues in leisure and wellness management is a market-driven strategy. Giving the right information to clients and authorized family members through timely and clear explanations and instructions would be critical to improving the efficiencies of medication and tracking appropriate developments in the health of residents (Paquet 2016); another market-driven strategy since it is mainly intended to deliver outstanding resident value. Coming up with cost controls to overcome the financial pressures caused by the decline in government-based reimbursements to care organizations is an obvious market-orientation strategy. These issues evidently show that care homes are largely oriented to the social care market and residents (its customers) to gain distinctive organizational capabilities that may see improved customer value-creation, superior business performance, and competitiveness.

With the perspective of the strategy being a resource-driven one, the enabler of sustainable competitiveness could be the capability of a care home to take advantage of valuable, unique, and rare IT systems and skills at its disposal to meet the value requirements of customers by delivering superior care services. Therefore, in the context of this research, care home organizations ought to seek ways through which they can coordinate and completely exploit the potential of their technological resources at their disposal to bolster their overall performance and competitiveness. How can technology help achieve competitive advantage in a care home?  To start with, systems such as automatic meeting scheduling tools may help management and staffs hold timely discussion meetings in response to emerging incidents and complaints for continuous service quality improvements.  Secondly, GPS alarms and fall detectors may create opportunities for providing autonomous care. Thirdly, staff may be considered excellent by care management empowering them using Electronic health records and document management systems (EHRDMS), lone-worker security tools, and communication, collaboration, and knowledge transfer technologies (Maczka, Parry & Curry 2016). Collaboration and knowledge transfer systems are especially useful in the care homes because they can help improve information and knowledge management efforts in a sector plagued by challenged staff retention and turnover problems. EHRDMS is an extremely important solution to helping care specialists drawn from multiple disciplines communicate and collaborate with each other in real-time in complex care settings (Paquet, M 2016). Fourthly, there are systems to provide guidance on the management of medicine across order placement and supply, storage, preparation, and dispensation, administration, recording, and disposal (Parahoo 2014). In addition, there is an opportunity for systems to improve the protection of staff, clients, and visitors. Leisure and wellness requirements in care homes may be achieved through technological solutions that support healthy and safe client independence, social integration and community engagement, and remote monitoring of patients’ sleep, and nutrition, and hydration statuses (Lopez & Dupuis 2014). A good quality management system would help senior management gain a complete view of service quality across a care home’s operations and processes (Lane 2013). Nevertheless, it is only a unique set of technological competence and knowledge, alongside relevant implementations that care homes can overcome the current and future challenges and pressures in areas such as operational efficiency, internal and external relationships, change execution, quality assurance, and cost and/or service differentiation  (Jasper & Crossan, 2012).

Nevertheless, there are paradoxes between markets and organizational resources that may challenge companies strategically as argued by Swayne, Duncan and Ginter (2012). Does purchasing the required resources guarantee a company of diversifying into every market it chooses to venture into?  For example, when the privately owned care homes can purchase almost any IT resource while public-funded and community homes cannot, there arises the question of whether resource-related constraints can truly hinder business success. De Wit and Meyer (2010) opines that tangible resources (such as machinery and equipment) and newly sourced talent do not necessarily form valuable competencies since other companies may in the long run procure similar resources. On the other hand, the resource-driven strategy mainly focuses on leveraging distinct competencies to achieve competitive advantages, but the competences must be continuously improved for sustainable advantage (Jacobson, 2012).  Therefore, business success cannot be achieved through market-driven or resource driven strategies. Instead, what drives success is competence adaptability.


CQC is piling pressure on care homes to pursue improvement approaches – those with adequate resources can improve their rating from ‘Good’ to ‘Outstanding’, granting them the opportunity to attract more clients at a higher price for services due to their perceived quality assurance. An ‘Outstanding’ rating gained through innovative and creative facilities, equipment, IT systems, and services that meet best practices – that go beyond expectations stand to drive enhanced brand reputation and competitive advantage (Lane 2013). Therefore, privately-owned care homes are highly likely to adopt technology as a means of gaining a competitive edge over its commercial and public rivals through provision of value-added care and support services in terms of meeting attractive quality and safety standards in addition to better responsiveness, pricing and profitability, and convenience. In addition, automation of various care industry functions is also expected to deliver cost reduction benefits, which may further drive better competitiveness and profit margins (Victor 2010). The aforementioned connections between care home technologies and the competitive advantage model are largely concerned with creating customer value through care service differentiation – the outcomes of processes that seek to meet a collection of deeply understood customer needs. There are competitive advantages that come with product/service differentiation or lower pricing strategies, or a strategy that combines the two components (Swayne, Duncan & Ginter 2012). However, attempts to gain a competitive edge on the two fronts may lead to challenged overall advantage. For example, if a care home delivers considerably high quality health and care services, then it would be highly challenging to become a low-cost leader without compromising on quality. The following are some of the common paradoxes: how to pursue profit maximization efforts without driving customers off; are the exchange rates for products justified; and which products should be hiked (Rothaermel 2012). A company focusing on profits face the paradox of damaging the profits totally if the customers are not inspired by the moves taken by the management (De Wit & Meyer 2010). Chasing profits at the expense of competitive advantage can be truly undoing. This is the ultimate profit-driven paradox: businesses that make profits without an organizational purpose of creating value for customers and the society (the impetus to strategic management) at large will eventually fail miserably (De Wit & Meyer 2010; Steffens,  Davidsson & Fitzsimmons 2009).

On the other hand, public-funded and community homes are largely responsibility-oriented as they provide social care and health services to vulnerable people who are not in a position to afford private care and medical insurance (Wood 2015).  These types of care homes play an integral role in the UK’s social care delivery for the elderly since without them it would be almost impossible for the government to provide sufficient care for this aged population. The elderly deserves care homes that assure a sense of dignity, independence, wellbeing and community, which is extremely crucial to them (Laney & Edgehill 2015). Nevertheless, the inclusivity and consideration of long-term concerns that come with responsibility-driven approach requires active learning to survive the dynamic internal and external changes (Moura-Leite, Padgett & Galan 2012; Rendtorff 2009). The care home market should give clients the right choice, diverse and quality care options. Care providers are struggling to commission the appropriate and adequate care and support help people stay out of hospitals, and live healthier and happily with their family members, friends, and their communities at large.  Otherwise, the needs may outweigh the sector’s capabilities. On one hand, there are considerable problems related to the government financing cuts to care homes. On the other, care homes face demographic changes that will continue to see unprecedented rise in the number of people with care and support needs. As such, care providers ought to adopt a strategic thinking approach to their existing business models to cater for market changes, especially in financing and growing demand for personalised care and support driven by demographic changes (Ruddick 2015). This will help them be prepared for the looming bursts in care and support needs and dwindling resources. Adequate resources need to be in place and be properly managed to assure care and support for the vulnerable population and protect their dignity.

As care homes start to implement strategies founded on strong IT considerations, they ought to focus on understanding the differentiators as a key element of strategy; how can we become the winners in the market. The care home management should assess the potential implications of gaining cost leadership or achieving sustained product differentiation through conscious choices regarding the technological weapons that need to be assembled and implemented to win customers and profits against their rivals. If the goal is sustainably profitable, competitive, and achievable, then it is worth pursuing (De Wit & Meyer 2010). For example, if a care home ascertains that it is cannot be a low-cost leader currently and in the future, then it ought to be a high-satisfaction and high-quality organisation. Therefore, it is important to choose one clear niche or area to focus on. However, there are opportunities for pursuing the two fronts – cost and product differentiation. For example, a telehealth solution would deliver early detection of health conditions and enhanced recovery, while alleviating costly inpatient services through reduced overall hospital admissions (Docobo 2014).  Yet, sustainable competitive advantage requires deploying a distinctive system to defeat competition while retaining a company’s fundamental strengths and continually adapting to the system to market demands and emerging opportunities in the market (De Wit & Meyer 2010).


There has been rapidly rising demand for personalized home care services such as care for persons with mental, dementia, learning, and other challenges, especially over the past ten years (Ruddick 2015). Financial pressures across the care home sector represent a challenge facing care providers. In fact, care homes risk being put into administration for failure to satisfy their creditors. This may be only the start of even more severe problems in the care home sector if some drastic action is not taken. The impending crisis could dwarf the challenges that have been troubling the steel industry (Ruddick 2015).  What would happen if care homes fail to deliver the expected service levels, yet mainstream hospitals cannot be able provide elective care since they may get full with the elderly and persons with learning challenges. Ruddick (2015) indicates that an additional £1 billion costs could be introduced into care homes by 2020 – a huge problem for a sector that is partly funded by the government.

Strategic measures need to be taken by care home management personnel to ensure that vulnerable persons are assured of quality care in the wave of rising care and support demand. As one of the potential strategic measures, NHS England (2014) notes that a case study of successful implementation of a video-based two-way consultation platform in close to 200 care homes and residential homes run by Airedale NHS Foundation Trust achieved a reduction of 40% in the rate of vulnerable persons seeking hospital admissions. Therefore, it is possible to alleviate the demand pressures by decreasing the rate of hospital-bed days. In addition, the telemedicine approach to care delivery was able to decrease unnecessary accident and emergency (A&E) admissions related to adult populations (NHS England 2014). Nevertheless, NHS England (2014) documented the following factors that inhibit telemedicine efforts:

  • Information governance risk brought about by public social media communication platforms such as Skype;
  • Overdependence on widespread adoption scale to deliver tangible reduction in hospital admissions; and
  • Prescription problems: telemedicine consultations are usually carried out remotely by a nurse who requests a general practitioner (who has not seen the patient) to issue prescription.

In a different study carried out between November 2013 and June 2014, Sussex Community Trust (SCT) investigated the use of a low-intensity telehealth solution involving 92 resident patients from local care homes. Diagnosis covered chronic obstructive pulmonary disease (COPD), diabetic, UTI, and congestive heart failure (CHF) conditions. Care home matrons were tasked with monitoring, managing, and responding to care recipients’ questions using telehealth software installed on Android tablets. There were tangible positive outcomes in terms of:

  • Reduction in overall hospital admissions – 75%;
  • Improved service delivery standards;
  • Nurse time savings – 40%;
  • Positive feedback from care residents as well as from family members and friends;
  • Early detection of health conditions; and
  • Enhanced recovery (Docobo 2014).

Therefore, an IT start up can develop telemedicine and telehealth software applications targeting the demand-constrained care home market. Such systems will deliver greater value proposition and new business models to consumers (care homes) through a number of ways. For example, telemedicine and telehealth systems may be used to support care home staff and residents in prevention of unnecessary hospital admissions and face-to-face nurse-patient contacts. Remote rehabilitation and autonomous care may help drive improved client autonomy and/or independence.  However, care providers are expected to come up with the best strategies to prevent or mitigate security and safety risks facing staff and clients (Victor 2010). Nevertheless, NHS England (2014) documented the following factors that inhibit telemedicine efforts:

  • Information governance risk brought about by public social media communication platforms such as Skype;
  • Overdependence on widespread adoption scale to deliver tangible reduction in hospital admissions; and
  • Prescription problems: telemedicine consultations are usually carried out remotely by a nurse who requests a general practitioner (who has not seen the patient) to issue prescription.

Prevention of avoidable hospital admissions would translate to cost-savings, nurse time-savings, and improved care quality.  Nevertheless, what are the cost-benefit implications of IT adoption in care homes? The question is guided by the fact that financial costs represent the major factor that inhibits adoption of technology in care homes (Netten, William & Darton 2014). Cost factors include the costs of acquisition, implementation, staff training, and support and maintenance (Harrington et al. 2012). The SCT study described above showed that telehealth drives cost effectiveness up to approximately £0.9 per patient on daily basis due to avoidance of unnecessary admissions (Docobo 2014). On the other hand, the economic case for the Airedale NHS Foundation Trust telemedicine study showed that a patient in his/her home or in a care home is likely to be admitted to a hospital once per annum compared to approximately 15 times without telemedicine. Moreover, telemedicine tends to reduce the overall hospital-bed stay in the event that admission is inevitable. The telemedicine study also showed that the approach attracts approximately £2400 per patient for a whole year compared to an urgent admission that costs approximately £2500 (NHS England 2014). As such, residential homes and nursing homes stand to enjoy considerably high ROI benefits with successful adoption of technology.

A major challenge concerns the effectiveness of recruitment, training, and retention of certified nursing personnel since high staff turnover in care homes has critical quality consequences for the care and support of clients. Therefore, there is need for human resources management systems to help care providers manage the workforce and organizational knowledge – two of the most critical resources in any organization. These information systems help the track skills, knowledge, experiences, and duties relevant to employees for better human resource planning, knowledge/expertise creation, management, and transfer, and stimulation of innovation (K.Laudon & J.Laudon 2010). Knowledge sharing also promotes cost savings and organizational change (Despres, 2011).

There is need for care providers and local authorities to enter into concrete partnerships that may help them understand the current and future community needs and plan on best ways of delivering social care services (Lane 2013). She argues that real partnerships between the two major players with enormous amounts of valuable information would increase the likelihood of gaining new and more useful insights that may possibly result in better problem-solving and decision-making and enhanced planning. Therefore, an IT start up should come up with an innovative software solution to facilitate improved communications and deepened stakeholder relationships.

While privately-owned care homes are largely profit-oriented, their public-funded and community equivalents can be considered to be responsibility-oriented. This can be attributed to the fact that that the former are operated by business-minded persons and companies, while the latter are run by local authorities and government agencies. The cost of aged care expected to rise continually and many seniors being unable to afford private care and medical insurance (Wood 2015). Therefore, the biggest challenge rests on developing software for resource-constrained public-funded and community care homes. Moreover, even with privately-owned care homes that have numerous resources at their disposal to purchase a technological care solution, an IT start up would face intense competition from established software vendors. Therefore, an IT start up must come up with a competitive pricing that both privately-owned and public-funded and community care homes can afford and derive tangible value addition from consequent software adoption.


This literature review has identified the following major strategic issues within the care home sector: increasingly growing demand for personalized care services, coordination of specialists from different fields, security and safety of staff and clients, financial pressures and high staff turnover, medication management problems, and leisure and wellness challenges. At the same time, the need for quality assurance across the care home sector cannot be ignored since it is a critical enabler of effective and efficient care for the vulnerable persons in our society. IT is a viable tool for enabling care providers to offer high-quality and more-efficient services to their clients. Technology can help overcome the issues facing the care home sector in a number of ways, including:

  • Improved communications and deepened stakeholder relationships via email, websites, social media, video conferencing, and electronic care records and documents.
  • Improved potential to track resident information.
  • Remote rehabilitation and autonomous care – improved autonomy and/or independence within care recipients’’ own residential homes.
  • Self-reporting of residents’ health.
  • Reduced overall hospital admissions, thus alleviating constraints such as limited number of beds and costly inpatient services.
  • Nurse time savings.
  • Error-free medication prescription, dispensation, administration, and monitoring or supervision.
  • Improved customer satisfaction.
  • Enhanced resource utilisation efficiencies through workflow and staff management to optimise scheduling without compromising care service quality.
  • Support for healthy and safe client independence, social integration and community engagement, and remote monitoring of patients’ sleep, and nutrition, and hydration statuses.
  • Continuous service quality improvement.

Use of appropriate software solutions can help a care home gain a competitive edge over its rivals through provision of value-added care and support services in terms of attractive quality and safety standards, responsiveness, efficiency, and effectiveness, pricing, and convenience. In addition, automation of various care home functions is also expected to deliver cost reduction benefits, which may further drive competitiveness.


Adamides, E 2015, ‘Linking operations strategy to the corporate strategy process: a practice perspective’, Business Process Management Journal, vol. 21, no. 2, pp.267-287.

Age UK Organisation 2016, Later Life in the United Kingdom, [Online], Available at: <> [Assessed 23 October 2016]

Care Quality Commission 2012, The state of health care and adult social care in England in 2011/12, The Stationery Office.

Cousins, C, Burrows, R, Cousins, G, Dunlop, E & Mitchell, G 2016, ‘An overview of the challenges facing care homes in the UK’, Nursing Older People, vol. 28, no. 9, pp.18-21.

De Wit, B & Meyer, R 2010, Strategy: process, content, context; an international perspective, 4th edn, Cengage Learning EMEA.

Despres, C 2011, Leading Issues in Knowledge Management Research, Academic Conferences Limited.

Docobo 2014, Use of low intensity Telehealth in Adult Social Care to prevent avoidable admissions, [Online], Available at: <>[Assessed 20 October 2016]

Halvorson, C 2013, Top 7 Challenges Facing Home Health Care Agencies in 2013, [Online], Available at: <> [Assessed 29 December 2016]

Harrington, C, Choiniere, J, Goldmann, M, Jacobsen, FF, Lloyd, L, McGregor, M et al. 2012, ‘Nursing home staffing standards and staffing levels in six countries’, Journal of Nursing Scholarship, vol. 44, no. 1, pp.88-98.

IDC 2014, ICT TRENDS 2020 Main Trends for Information and Communication Technologies (ICT) and their Implications for e-LEADERSHIP SKILLS, [Online], Available at: <> [Assessed 29 December 2016]

Jacobson, R D 2012, Leading for a Change, Routledge.

Jasper, M & Crossan, F 2012, ‘What is strategic management?’, Journal of nursing management, vol. 20, no. 7, pp.838-846.

Lane, G 2013, Meeting the Critical Challenges Facing Care Homes’ Operators in 2016, [Online], Available at: <> [Assessed 29 December 2016]

Laudon, K & Laudon, J 2010, Management Information Systems: Managing the Digital Firm, 11th edn, Pearson.

Laney, D & Edgehill, L 2015, Poll: Care home vs Home care, [Online], Available at: <> [Assessed 29 December 2016]

Letts, L, Edwards, M, Berenyi, J, Moros, K, O’Neill, C, O’Toole, C et al. 2011, ‘Using occupations to improve quality of life, health and wellness, and client and caregiver satisfaction for people with Alzheimer’s disease and related dementias’, American Journal of Occupational Therapy, vol. 65, no. 5, pp.497-504.

Lopez, KJ & Dupuis, SL 2014, ‘Exploring meanings and experiences of wellness from residents living in long-term care homes’, World Leisure Journal, vol. 56, no. 2, pp.141-150.

Maczka, M, Parry, D & Curry, R 2016, Technology And Innovation In CARE HOMES, [Online], Available at: <>[Assessed 24 October 2016]

Moura-Leite, R, Padgett, R & Galan, J 2012, ‘Is social responsibility driven by industry or firm-specific factors?’, Management decision, vol. 50, no. 7, pp.1200-1221.

Netten, A, William, J & Darton, R 2014, ‘Care-home closures in England: causes and implications’, Ageing and Society, vol. 25, no. 3, pp.319-338.

NHS England 2014, TECS CASE STUDY 002: Using telemedicine to reduce hospital admissions, [Online], Available at: <>[Assessed 21 October 2016]

Ott, M 2015, 5 healthcare technology trends to watch for in 2016, [Online], Available at: <> [Assessed 29 December 2016]

Paquet, M 2016, Top 3 Complex Care Challenges Facing Home Care Providers, [Online], Available at: <> [Assessed 29 December 2016]

Parahoo, K 2014, Nursing research: principles, process and issues, 3rd edn, Palgrave Macmillan.

Quadagno, J & Stahl, S M 2003, ‘Challenges in nursing home care: A research agenda’, The Gerontologist, vol. 43, no. 2, pp.4-6

Rendtorff, J 2009, Responsibility, ethics and legitimacy of corporations, Copenhagen Business School Press.

Rothaermel, F T 2012, Strategic Management: Concepts and Cases, McGraw-Hill/Irwin.

Ruddick, G 2015, ‘Crisis in UK care homes set to dwarf the steel industry’s problems’, theguardian, 31 October, [Online], Available at: <> [Assessed 29 December 2016]

Sciarelli, M 2008, ‘Resource-based theory and market-driven management’, Symphonya: Emerging Issues in Management, vol. 2008, no. 2, pp. 66-80.

Steffens, P, Davidsson, P & Fitzsimmons, J 2009, ‘Performance configurations over time: Implications for growth‐and profit‐oriented strategies’, Entrepreneurship Theory and Practice, vol. 33, no. 1, pp.125-148.

Swayne, L E, Duncan, J &  Ginter,  P M 2012, Strategic management of health care organisations, John Wiley & Sons.

Victor, C 2010, Ageing, health and care, Policy Press.

Wood, L 2015, Research and Markets: Connected Industry Insight – ICT Opportunities in the Global Aged Care Market, [Online], Available at: <—ICT> [Assessed 29 December 2016]