Post Implementation Review Report Section 5.6.7
The purpose of this section is to determine if the system provides adequate security of data and programs. In addition to access security, procedures for backup, recovery, and restart had been reviewed.
5.1 Data Security
Unleashed as an online system, has transaction logging for us to review the adequacy of its data safeness. We do have concern of data security as the implementation group mentioned, the system only asks for user name and password for access. We suggest we add a feature that after entering user name and password on the website, each authorized user need to click on a link which generates a random security code ...view middle of the document...
We have also run several adequacy-of-recovery tests under different scenario, such as restart the computers and unplug the cables. The results are satisfying.
We have evaluated the adequacy of the controls on the database, source documents, transactions, and outputs of the system. We used Run-to-Run Controls (Hall, 2011) to review the entire database. The application run whenever there is data input; accounts receivable update; inventory update and/or output. Errors detected in each run are flagged and placed in an error file, the application then adjusted to reflect the deletion of these records. (Hall, 2011)
5.4 Audit Trails
We have reviewed the ability to trace transactions through the system and the tie-in of the system to itself. As mentioned in section Data Security, Unleash as an online system do has a feature of transaction log. The system produces a hard copy transaction listing of all successful transactions of our clients, it includes log of automatic transactions; listing of automatic transactions; unique transaction identifiers and error listing. The client can run internal audit and regular reconciliation based on this information. (Hall, 2011)
5.5 Allowed Access
Unleash have tailored an access control list (including occasional users, frequent light users and frequent power users) based on what client provide to us. It contains information that defines the access privileges for all valid users. Details about visitor access within access log are recommended to store in client’s local server for their internal auditing purposes. If the user of the system is terminated or substituted, the client will need to provide an updated database authorization table (Hall, 2011) for us to redefine new user’s access.
6 CLIENT SATISFACTION
The purpose of this section is to ascertain the current level of operational activities.
Implementation group have trained the warehouse manager and all other employees accordingly to work with NCR computers, they also come up with detailed operation run manual and user guide manual along with Help section on our website to service the best of our client. The new Unleash allows several terminals to access it at once without locking them up. The data security which we mentioned earlier have solved issue of data alteration and Unleash also reduce the actual response times of the sales at the counter because of the real time feature. The implemented Unleash satisfy all the requirements asked by Joe Hopper.
7 MAINTENANCE ACTIVITIES
The purpose of this section is to evaluate maintenance activity involving the system.
Unleash use adaptive method for system maintenance that adjusts applications so that they reflect changing business needs and environmental...