Tuesday, 2 May 2017

Unit 3 - Information Systems (P3,P4,P5,P6,P7,M1,M2,M3,D2)

Unit 3 - Information Systems



Task A - How a Business Works (P4,P5,M1)

P4: What are the features and functions of information systems?

Information systems are built to a point where their purpose is to perform specific functions such as gathering input data, storing and processing in, and finally producing output information for the overall outcome.​


Not only do information systems such as computers carry out the gathering, processing and producing in order to gain relevant and useful information, but they also help control the feedback they may receive on certain information being produced.



What is data?

Computer data is essentially the raw facts and figures of information before it actually gets processed and given a meaning. This information can be in the form of text, audio, or other types of data, and is usually processed by a computer itself; it is processed in the computer's CPU.​
Computer data is basically a bunch of ones and zeros as it is made up of binary code, and because of this it means that all computers are able to create, process, save and store this information without losing any quality overtime no matter how often it is used. This is useful as it allows an organisation to transfer this information between computers and employees.

Who uses information systems?

When it comes to using information systems such as computers it is likely than everyone in an organisation who is involved in collecting and obtaining data to process it will be somehow involved in using an information system, usually in the form of a computer itself.​
However it is not always just as simple as using a computer, as the staff within the company will need the correct training in order to gain the skills needed to use the necessary equipment and software that is relevant to the purpose of the company; they will need specific training in order to successfully and effectively collect and process data for their job.​

Hardware & Software

Hardware - The hardware used inside information systems needs to ensure the user that it can handle and is capable of running the software which they need the computer system for; it is no good having a computer that cannot handle software used in the business, and that cannot handle large amounts of data and information that the company might need to process on a daily basis. The hardware must also be kept up to date in order to meet high demands put onto the internals of a system in the modern day of technology.​

Software - In order for a business to use a specific software it must grant them the features and functionality that they will need in order to produce and process data and information on a daily basis created by the company itself. This software must also enable the staff within the organisation to efficiently carry out analysis of information also in order to undergo their job efficiently on a day to day basis.​

Telecommunications

Within a business, any output information produced may need to be shared with other people within the company itself, which may be vital if the company has multiple offices around the world for example. ​
Telecommunications helps the company to share processed information between different people in the organisation, whether they be in the same office or located elsewhere. Different types of telecommunication devices could include the likes of computers to send emails, fax machines and telephones to call people either in the same location or at another location elsewhere.​

Input, Output, Processing

Input - Input is essentially the data being entered into any information system, and comes in two sections; detailed data and analysis. Detailed data is when the data is entered into a system in order for it to be stored and processed to form an outcome. Analysis is the second half of the input process, which is when a user chooses how to read and make use of this information they have input through analysis.​
Storage - All data and information should be stored as detailed as possible. Regular backups of any information and data you have should also be kept to avoid any chance of losing any of it due to the likes of errors and faults. It would be wise to not only have backups, but to keep these backups located elsewhere geographically, so there is no chance to lose the backups due to fault also.​
Processing - Processing is essentially the function of turning data into information. A simple example of processing data could be the likes of adding up the number of items sold by a business by variable such as store location, which can be done by a person. However, an example of complex processing could be the likes of a computer performing many calculations and making assumptions about missing data.​

Output, Control/Feedback Loops, Closed & Open Systems

Output - The output of data and information usually comes in one of two forms, being either graphical or textual. A graphical output is usually used to present information on a large scale, for example the information of large numbers may be put into a chart of some sort, a diagram or even pictures themselves. A textual output is usually used when the information is presented on smaller scale, and is viewed as charts, numbers or text.​
Control/Feedback Loops - Control/feedback loops are used to determine how future inputs into a system will be affected by the output that is currently being processed by the system at the present time; the feedback loop will usually analyse the output and if required it will alter the system's performance to produce the necessary results.​
Closed & Open Systems - Information systems are usually defined as being open or closed systems. Closed systems usually refer to when there is a set output, which only a few formats of output can be chosen from; this system is usually easy to use and aims at presenting information to management. Open systems however give the user a more open and wider variety of format options for the information to be outputted and presented as. This form of system usually requires some expertise to be used effectively.​
P5: Real world example - Tesco Store

Tesco is a well known retail store who use many types of information systems on a daily basis. Most of the equipment and systems they use help with the likes of management of the information systems, marketing and financial/human resources.​
In terms of marketing and sales within Tesco the use of electronic point of sale stands (EPOS) comes in very handy. The reason for this is that the EPOS stands are essentially the electronic checkout, however when the items are scanned it will link back to the main database within the store, being able to count how many of what products are being sold which will be used for both stock replenishment and trends in purchases. By being able to spot these trends means that the store will know what to try and advertise within the store itself, knowing that it will sell well, making more money.​

The previously mentioned EPOS not only benefit in the discussed topic, but can also help in monitoring employee's work, such as how many items they have scanned to be sold etc. ​
Another piece of equipment that could help monitor the workplace could be the likes of the PDCU's that they have as Tesco; a PDCU (Portable Data Capture Unit) is a handheld mobile unit which connects to the mainframe and back office - the mainframe is a specialist software used for stock management, and the back office essentially helps with the store layout. As part of human resources this device will help employees on the move around the store, monitoring their activity and feeding back how active they are in their role.​
The likes of PDCU's could also help in the financial side of the retail store, along with the EPOS', as they can both help monitor the workplace, and especially the goods sold. From the data gathered the store could create and produce reports to represent the findings; they could for example see whether they are making profit or not thanks to the information systems.​

Some other pieces of equipment/information systems that they use within the Tesco retail store are the likes of CCTV and THAF – Tesco's own payroll and management tool. ​
CCTV is used within the stores as it keeps an eye out on the entire store, watching over all of the staff and customers. CCTV cameras are installed with the idea of helping to prevent shrinkage (theft) within the store by detecting crime when it happens. It can also make sure that the staff are doing their job as they should. THAF on the other hand is Tesco's own tool which helps keep track of employees also, but by communicating with other stores and the head office, exchanging employee data such as sickness, overtime etc.​

M1: Information flow between different functional areas

Information within a business will get passed along and flow between the different areas/departments within the company, either up, down or across. ​
Downward information flow is when the higher departments are providing the lower ones with the required information, such as Administrators passing employees working procedure manuals for example. ​
Information flow that goes across is when the information is being passed within the same department, which could be the likes of ideas to help boost work efficiency within the same department. ​
Upward information on the other hand is when those in the lower end departments provide relevant information to those in a hierarchical department level.​


Within a business – especially in those who specialise in trading goods and services – they will have several information flows including an external body. (Refer to the previous slide for a visual representation).​
As you can see the highest level of department usually is the administration department, which gathers useful information flowing up from the lower departments such as sales, distribution etc. You can also see how information flows between these lower departments, and how they share information. From the diagram you can also see which departments may need to exchange information with an external source also; the supplier.​
Such information that may be flowing through the company could be strategic plans, tactical plans or operational plans for the business, all of which help out the company for the better. A strategic plan is when the company decide to focus on long term plan, a tactical plan is a short term plan, and an operational plan is when the company take immediate action to help try and benefit the business.​

Task B - Issues with Information (P3,M2)

P3: Legal Issues

• Data Protection Act of 1998

The Data Protection Act (DPA) of 1998 was created in order for one's own personal information and data to be kept confidential and private, whilst being handled correctly by the employer that the person may be working for. This Act has been put into place in order to stop any distribution and misuse of any person's data and information, which is done by ensuring that all of the companies who follow the DPA stick to strict rules put into place to ensure the safety and privacy of the employees in the workplace. The rules and guidelines that need to be stuck to are as follows: 

• All information kept by an organisation must be fairly lawfully processed 
• The information kept can only be processed for the purpose it is being used for 
• Only a limited amount of information can be stored, and therefore cannot be excessive and must be relevant 
• The information about the person has to be accurate and up to date; must have been recently collected in order to store it 
• The information about a person can only be kept for a limited amount of time 
• It can only be processed in accordance with the person's legal rights 
• The information must be stored away securely so that only the company has access to it, in order to keep it safe 
• The information must not be distributed to any other country without the correct amount of protection 

(These guidelines ensure that any piece of data or information stored on a person working for a company is kept safe and protected, but also entitles them to request to know what information about themselves is actually stored for the company's use). 

The use of information within a large banking company may well be affected because of the Data Protection Act in the sense that any information kept from the customers of the bank must be kept confidential, otherwise the bank would get into serious trouble and issues would arise if the information was to be released and breached the terms of the Data Protection Act. This information could include the likes of names and addresses, along with any information regarding their bank account itself. 

• Computer Misuse Act of 1990

The Computer Misuse Act (CMA) of 1990 was introduced in an attempt to stop people committing crimes and offences when using a computer system. This act essentially creates a protective barrier for securing computer material against unauthorised and/or modification. It is vital that workplaces follow the guidelines of the Computer Misuse Act in order for data and information to be kept safe in the right hands, but also to ensure that the employees do not access material that they should not be accessing. The Computer Misuse Act recognises and helps to protect against the following offences: 

• Unauthorised access to computer material 
• Unauthorised access with intent to commit or facilitate a crime 
• Unauthorised modification of computer material 
• Making, supplying or obtaining anything to use under any of the sections of the act 

The use of information within a large banking company may be affected in a good way due to the fact that it helps to stop other companies attempting to breach through security barriers to gain access to your company's computer files, perhaps in order to analyse data trends in collected data to gain a competitive advantage with regards to their customers, or the likes of hackers may use prohibited material and sources in order to try and gain unauthorised access to the bank's systems; by having the legislation in place helps to try and prevent these crimes and punishes those who are believed to be breaching the terms of the Computer Misuse Act.

• Freedom of Information Act of 2000

The Freedom of Information Act (FOI) of 2000 was a legislation brought into play to essentially create a public "right of access" to information held by the public authorities; any person making a request for information to a public authority is entitled to be informed on whether it holds information on the description specified. This basically means that people are able to request to know and gain access to the information a business may have about that individual, in which the business would need to respond within twenty days on whether they accept or deny their request. The legislation is essentially made up of the following two points: 

• Public authorities are obliged to publish certain information about their activities 
• Members of the public are entitled to request information from public authorities 

Within a large banking company this legislation would play a big part of work as it entitles the employees to request to know what information their company holds about them, and the same would be put in place for the customers of the bank also. Although they have the rights to request and access information held about themselves, it does not mean they have the rights to request to be informed about the information of other people however.

Ethical Issues

It is not only legal issues that companies have to deal with on a daily basis, but also ethical issues is something that can arise when it comes to the topic of information. The following guidelines are not enforced by anyone as such, but companies usually tend to follow the following rules:

• Staff use of emails

Within a company there is usually a policy when it comes to sending emails, as using them incorrectly or abusing their use can lead to implications for the company itself. Examples of this would be the likes of sending inappropriate content within an email to another user outside of the company using the company email. By doing this is representing the business in a negative way and puts a bad name to the company; using the business email will display the name of the company and the end user will see this and think negatively of the business. Another example with emails is the use of the emails to spam another user, whether this be with malicious emails, or just purely down to sending a large number of irrelevant emails, as this can be seen as harassment. To try and prevent this companies might put a limit onto the number of emails an employee can send for private purposes.

• Internet usage

Like with the use of emails in a company there is usually a policy put in place when it comes to internet usage. Misuse of the internet can sometimes lead to punishment such as losing a job – depending on how far you go to misusing it. However, to avoid this there is usually the likes of website blockers and a filtration system put into play to stop employees accessing these prohibited sites, which could include the likes of pirating sites, gambling sites and pornography websites. The internet is also usually limited for personal use also so that the likes of social media and news pages cannot be accessed, as these sites have nothing to do with the workplace. 

• Whistle blowing

Whistle blowing is essentially the act of reporting certain types of wrongdoing that may be coming from a fellow colleague or someone of higher power than you in the company, ie. A manager. If you spot yourself – or hear about – someone in the wrong it can only refer to the user to be a whistle blower if the act they are reporting is in public interest meaning it affects others. As a whistle blower you are protected by law to stop any unfair treatment within the workplace, which includes the likes of not losing a job if you are whistle blowing against a manager or boss for example. You are protected by the law from whistle blowing if you are a worker, which is working as one of the following: 

• An employee, such as police officer, NHS employee, office worker, factory worker etc. 
• A trainee, such as a student nurse, apprentice etc. 
• An agency worker 
• A member of a Limited Liability Partnership (LLP) 

You can raise a concern at any time with regards to an incident you may have seen within the workplace, whether it be in the past, happening in the present day now, or even if it has not happened but you believe there is a chance it may happen in the future. This could be reporting the likes of criminal offences, someone's health and safety being at risk or even if you believe someone is covering up someone else's wrongdoing. However, personal grievances such as bullying, harassment or discrimination are not classed as whistle blowing, unless it is in the case of public interest and other's are affected also.

M2: Operational Issues

When working as part of any business it is essential that all of the information contained within the company – no matter how big or small – is kept safe and secure. In order for this to happen the business needs to follow a few procedures.

• Backups

Every business should aim at creating backups of the information they have hold on, for security reasons. If information is not backed up and becomes lost or corrupted then it will be very hard to recover it all, hence why this procedure of backing up the information the company might have needs to be abided by. For example, if the company was to come under fire from a natural disaster, it is likely that they may lose physical equipment such as computers depending on how big the disaster may be; if the computers were to be lost in either a natural disaster for example or just due to unfortunate corruption, then any information held on the systems will be lost. If a backup is taken however, it would be wise to store a copy of this backup at another geographical location, in case there was in fact a natural disaster or any other form of disaster to lose the information, so that the backups do not get lost or destroyed also. In terms of working in a bank it is essential that they backup their files and information very regularly, as they are dealing with information of many people, containing important personal information.

• Organisational Policies

Within any organisation it is likely that they will have policies put into place on their own terms to help protect information they have held within their company, which all members of staff would need to abide by. By having these policies put into place helps to keep any and all information confidential from external sources such as other companies who may want to get their hands on said information. Another aspect of the organisational policies is that the business should amend any information that they know is incorrect, if they know the correction to resolve the false information.

• Health and Safety

Health and safety within a business is essentially a set of guidelines put into place in order to ensure the employees are working in a safe environment, and in no way are working alongside any dangers. Health and safety plays a part in keeping information secure in the sense that if the employees are in no harm and working in a good working environment then they are going to work more effectively and efficiently at their work space, and are able to work to their best ability. Examples of health and safety guidelines could be as follows: 

• Having a neatly organised working desk, including tied up cables 
• Having suitable equipment to work with, including the right adjusted height of a computer monitor and chair 
• Staff are given health and safety talks when they begin work, so that they are aware of the procedures etc.

• Impact of Increasing Sophistication of Systems

With technology becoming more and more advanced in the modern day means that not everyone will know how to use the latest technology, or perhaps some people may not have even had experience to use the basics in computer and information system technology. Due to this, it is vital that all employees are taught both the basics and the necessary skills in order to carry out every work tasks effectively, resulting in ensuring that all information processed and handled by a business is kept in safe hands; if the employees did not know how to use the necessary material and equipment then there is a chance the information could become lost or unusable. For working in a bank the staff will need to have a good amount of knowledge in using computer systems in order to handle the data and information of many people/customers - if the staff are not skilled enough or do not know what they are doing then consequences could arise, for both the company and the customers if information is lost or altered in a bad way.

Task C - Using Information (P6,P7,M3,D2)

P6: Notes

For this section of the unit I have been asked to find suitable target locations for a roadshow that aims to target their opportunities towards young professionals. In order to find these locations I visited the Nomis website (http://www.nomisweb.co.uk/) as they are an organisation who house an extensive range of government statistical information on UK employment, earnings etc., making it a trusted source for the information I require. This source of information is fit for the purpose as it runs on behalf of the Office of National statistics, making it quite reliable for my purpose of needing the data and information.  
To find the right locations for the roadshow I checked the Nomis website in order to see what data they had in regards to the population of young people in each location who were in employment with professional occupations. By narrowing down the search results meant that I was only shown the relevant data that I needed for my search, without the needing to worry about sorting and removing unnecessary data.



The above screenshot is of the data I was left with after sorting the data found on the Nomis website with the necessary search filters in order to give me the results I would require in order to fulfil my findings for a location. As you can see I have singled out the top six locations with the highest population in terms of young people in a professional occupation at the time, the highest being Westminster with over eight thousand, and the lowest of the six being four and a half thousand people. By deciding to choose the highest populated locations means that there are more people to try and aim the opportunities at if we were to take the roadshow to that specific location.

P7: Gathering the Data set

In order to gather the data I required to get an outcome/decision on what locations the roadshow is best visiting I had to search the Nomis website for the necessary data. In order to do this I had to filter the search results, which consisted of me going through multiple menu options to find the right set of data. At the top of the page was the Data Downloads option, which I proceeded to choose the Query Data option. From here I had to search and think about what data I wanted, and where it would fit in terms of the options presented to me; I found the data required under Census 2011 > Workplace Population > WP6112EW – Occupation by Age (Workplace Population). Now that I was in the right area to gather the data I required I had to narrow the data down a little, which included changing the geographic location of the data, the age of the people it would present data for and the occupations it would show data for – the geographic location was set to 'All' in the Local Authorities: District option, the age (because we are looking at offering opportunities to young people) was set to 16-24, and the occupation was set to the option for 'Professional Occupations'. Now that the data for 'Occupation by Age' had been refined down a little further by myself I just now had to download this data in an Excel Document format.  

Once I had gathered the necessary data set I sorted it from highest to lowest total population, by first adding the two age gap totals together. After the data had been sorted I chose the top six populated locations with the filters I have previously chosen, as these places would probably give the roadshow the best opportunity to offer the individuals the opportunity for your professionals.  

Below you will see a more visual representation of the locations which were involved in my data gathering, along with the top six locations shown more clearly amongst the rest of the locations; if you compare the top six locations in the pie chart to the other locations it is clear that the dedicated space/each "slice of the pie" the top six have are larger than the other locations, which towards the bottom of the list becomes barely visible due to the sheer amount of locations, but also because of the small number of people there are in that location that fit the filtered aspects of the search. To really see a visual difference in the likes location population I have made a second pie chart of the top six and bottom six locations. From looking at the second pie chart you can see a huge difference in the young person population from the top six populated locations and the bottom six.


All in all, the locations that I believe we should take the roadshow to are the top six highest populated locations on our list of young people in professional occupations. My reason being is that by going to these locations we are more likely to gain a bigger audience to the roadshow than by going to those locations who have a smaller population of young people in professional employment, and by having a bigger audience gives us more chance to give those individuals opportunities for saving and investing purposes. 

(The charts below represents the many places listed in the research how only a small number stand out on top with regards to a higher population of people there that fit the criteria. In the first chart you can see the top six places listed, and how big they are compared to all of the places in the research, whereas the bottom chart shows how populated the top six places are compared to the following six places which follow in the list of the most populated areas that meet the criteria; the bottom charts just shows why the top six places would be a good place to have the roadshow, as the sizes of the chart pieces of the top six are considerably larger than those of the next six places).



M3: Front Sheet

The information you see in this unit is proven to be valid, accurate and useful by being from reliable source, whose data and information is relevant to our search. We can rely on this data as it is from a website that houses a lot of governmental statistics. 

By the information we have gathered being both valid and accurate means that it is more likely to be useful to us than information we may have gathered otherwise, which may not have been valid or accurate – this would be if we generated the information after receiving the data from another source. Using this information gathered can help lead to better business decisions, as the information used is valid, accurate and relevant. This information will be accurate as it comes from a trusted source, dealing with governmental statistics. In the case above, the business decisions that will need to be made from the gathered information would be where to take the roadshow tour in order to try and target to largest audience of young professionals. 

Another way in which the information will help out with the business by being valid, accurate and relevant is by helping to rule out any competitors that there may be in terms of gaining a wider audience on the roadshow. By having valid, accurate and relevant information to refer to means that we can have a lead over any competing businesses who may undergoing the same work as ourselves, however their findings may not be as useful as ours; although they may have gathered the same information as ourselves, theirs may not be as accurate or valid as ours depending on whether they spent time filtering through the full set of data, and it also depends on how they gathered their data – if they got their data from a secondary source there is a chance it may not be as reliable as the data set we gathered ourselves from a reliable source.  

Although the information we ended up with is useful to us in terms of it giving us a good outcome to our search for locations for the roadshows, this doesn't mean that there was no rejected information – in fact, there was a lot! The data set we gathered our information from included a lot of location options for our roadshow to visit based on the filters we put in to receive the data we would need, however this presented us with a lot of information on a list of places where there are many young professionals. For example, the data set we were presented with had a lot of locations which had a lower population of young professionals, which would not be very useful to us as we are trying to promote ourselves and give the opportunity to as many young professionals as we can see to – if we were to take our roadshow to the lower populated locations then we could not be as efficient in terms of seeing more people as we would be if we were to visit the more populated locations. In my case, I have chosen the top six populated locations presented to use by filtering the accurate and valid data set, which presented us with more a more accurate outcome, showing us locations which we are more likely to attract a wider audience of people which we are aiming to target our roadshow at.  

However, as mentioned above, although being valid and accurate the locations which were less populated with young professionals was not really relevant to our search, as we want to aim our roadshow to as many people as possible – by going to less populated area limits us to target smaller groups of people. This led to us rejecting some of the information we had gathered as it was not relevant to our search for locations. 

D2: Email


Unit 13 - IT Systems Troubleshooting & Repair (P1)

Unit 13 - IT Systems Troubleshooting & Repair



Task A - Troubleshooting and the Organisation (P1)

P1: Impact of Organisational Policies on the Troubleshooting and Repair Process – Report on Nexus' Company Policy and How it Affects IT Troubleshooting & Repair

Within the organisation of Nexus it is important that the policies they have in place are stuck by during the troubleshooting and repair process. Not only does this keep a structure within the company in regards to this process, but it also keeps a good name going for the organisation of Nexus itself.  
 
One of the policy categories that Nexus has put into place would be the likes of security, which plays a big role in the troubleshooting and repair process. The reason this plays a big role is due to the amount of customer's details that Nexus would have to deal with on a day to day basis – the company cannot afford to let the details get into the wrong hands! The technicians who would undergo troubleshooting and repair will have to ensure they stick to the security policies such as "No unauthorised software is to be installed on company machines unless proof of a licence is available" and also the policy of "Internet use is restricted to permitted sites at all times". By having these two policies in place will help with the security of the company and customer details in the sense that it helps to prevent the breach of the computer machines used from malicious files and malware which could take advantage of the computer to dig out important customer and organisational details. These details could include the likes of passwords, bank details, addresses etc. By restricting the internet usage in the company helps to prevent the workers from gaining access to any websites that may potentially download unwanted and/or malicious files, and also prevents unauthorised software being installed, which is the second security related policy the company has in place – these policies could not only help protect information, but also protect people from the DPA (Data Protection Act) and CMA (Computer Misuse Act). 

The impact on the IT Technicians who will be doing the troubleshooting and repairing process for the company however is that it may lead to restricting them from certain software they might need in order to complete a certain job they need to do, resulting in an outcome that might not be the best outcome if the job cannot be done properly. However, it does in fact help protect the Technician's machines from unwanted and malicious files.

The second category of policies that Nexus has in place comes under cost. Within the organisation there is likely to be a set budget for each department – with Nexus only being a small company the budget is not likely to be high, but a budget is set for a reason nonetheless. With this set budget each department can use the money on necessary things to get the job done, whether that be spend on specific hardware or to upgrade software etc. With only having around thirty-five employees in total the IT department – and other departments in general – are likely to be made up from a small number of people, meaning that the money budget each department gets only has to be distributed between a small number of people. If this money has to only be spent on a few Technicians for example, it means that each Technician can make sure they have the best equipment possible to run the daily tasks they are required to do; less people means more money can be invested in each individual machine the Technician's have in work, which could lead to a more efficient and effective work space. The company policies which could come under the category of cost could be the likes of "Hardware replacement will take place on a five year rolling programme". Other policies that will affect the company in costs could be "Hardware under guarantee must be returned to the manufacturer in order not to invalidate the warranty" and also "All other hardware will be repaired on site if possible, otherwise it will be sent to a recognised specialist". The reason this would come under the cost category would be that if the company was to unfortunately make a mistake in the repair process rather than sending the product to a specialist then it will cost them more money to fix the issue. Likewise with the warranty – they do not want to remove the warranty on the product, so sending it back to the manufacturer would be a more suitable idea than voiding the warranty trying to fix an issue themselves. 

However, money costs policies could affect the Technicians on Troubleshooting and Repair in the sense that if the money was to get spent completely then there might not be any left if one of the components of hardware they need was to become faulty and needed replacing. This means that the Technicians will have to have good money handling skills so that they spend only what's necessary to leave some money for replacements etc.

The third category of policies that Nexus has in place comes under downtime/system downtime. System downtime can be caused by a number of things, such as hardware faults or even if the Technicians just need to do a little bit of maintenance within the office. In the case of it not being a scheduled downtime and due to a fault there are ways in which they can be prevented, if the correct procedures are taken prior and all legislations and policies have been followed in the correct manner. One of the company policies that would fall into this category of downtime would be "Requests made by the managing director or accountant must be given top priority". The reason for this is that if there was a system downtime then it is likely that the managing director will try and give certain orders in order for the downtime to be resolved as quick as possible, as if the issue – if not scheduled – is not resolved quickly then it could potentially lead to losing out of profit for Nexus, but would be worse in larger companies.  

System downtime can affect IT Technicians in a bad way however, as if they needed the systems to go down to run a little maintenance or other work which required the systems to be down in order to perform the work then they will need to be granted access first by the person in charge. This might not always get granted however, as to have the systems go down would mean that an entire backup would have to be done in case there was an error in the system when it goes down. Also with the systems going down for maintenance by the Technicians means that all of the other employees would have to stop their work for a certain amount of time as they would not have access to the systems due to the downtime, which as mentioned could lead to less profit being made and less work being done, as there is no saying how long the Technicians will need the systems  to be down for.

From looking at the organisational policies Nexus has in place we can clearly see how the Technicians in the IT department of the company are affected by them, including being affected by security, costs and system downtimes. Overall, although the policies are put into play to keep the structure baseline of the company together, it is evident that the Technicians can be affected in negative ways, such as not being able to get their work done if the system in the workplace cannot be turned off for maintenance when needed to etc.

Unit 32 - Networked Systems Security (P1,P2,P3,P4)

Unit 32 - Networked Systems Security



Task A - Are We Safe? (P1,P2)

P1: Attacking a Network

When it comes to networks and their security, people may think that they are safe with only a few harmless people in the household/work environment that use the network, however this is not always the case. Depending on what security procedures have been taken to secure the network, it can be vulnerable to malicious attacks targeted at it by harmful people – these attacks are usually done with software whose intentions are for malicious attacks on networks, or through the misuse and exploitation of software/programs which are usually used for other things. 

Some examples of attacks could be the likes of Denial of Service (DoS), Backdoor attacks, Spoofing, Brute Force, and Software Exploitation as mentioned above. The source of the attacks however can be found through the likes of internal attacks within the network, external attacks from outside of the network, and via unsecured wireless access points of the network.  

• DoS Attack 

A Denial of Service attack is essentially a cyber attack in which the attacker intends to make a machine or network resource temporarily unavailable for the end user by disrupting the services of the host when connected to the internet. The attack itself is usually accomplished by flooding the targeted machine with superfluous requests and useless traffic, in an attempt to overload the system's network and prevent some or all legitimate requests being sent through themselves. Another form of DoS attack would be a Distributed Denial of Service (DDoS), where the incoming traffic of the attack comes from many sources, rather than the single source it originates from in a DoS attack – having many sources for the attack makes it very hard to block the IP address(es) of the attack itself, and simply makes it near enough impossible to avoid and stop the DDoS attacks. Known examples of DoS attacks could be the likes of the Ping of Death and Teardrop attacks; the Ping of Death is where the attacker sends an IP packet larger than the allowed 65,536 bytes by the IP protocol, and the Teardrop is where fragmented packets are sent over to the targeted machine where they overlap and cannot reassemble causing the crashing of the network device. 

• Backdoor Attacks 

Backdoor attacks are what can be seen as an attack by means of gaining access to one's computer system by bypassing security mechanisms, usually going undetected and opening ports for the attacker. Attackers often use exploits in software and programs to accomplish backdoor attacks, and in some cases a worm virus is created to take advantage of the exploits themselves. All in all, Backdoor viruses can compromise files and gather confidential information on the infected system, as well as allowing the attackers to run malicious and harmful software from the system's internet connection and launch other attacks from – the infected system can be used to launch attacks on other victims. A Backdoor virus can be seen to be similar to the likes of a Trojan virus, in the sense that it opens up and exposes the infected computer to the threat of unwanted remote access. 

• Spoofing 

The act of Spoofing refers to when the attacker impersonates another device or user on a network in order to launch any attack that would usually require a reply from the victim device network such as a sending a ping command or packets. However, the attacker spoofs their identity to portray themselves as another device or user, and therefore any reply from the attack will not go back to the attacker themselves, but to the spoofed identity. This form of attack is usually carried out on a larger scale, so that the attacker can make use of a collection of infected computers without having to do much work himself when attacking a network. Some of the most common forms of Spoofing are the likes of IP Address Spoofing, ARP Spoofing and DNS Spoofing. With the example of IP Address Spoofing, this form of attack fits hand-in-hand with DoS attacks, as it would result in the victim being targeted by what seems to be many 'legitimate' sources, rather than the one source, being the hacker himself. 

• Brute Force/Dictionary Attack 

Brute Force attacks are essentially the act of guessing one's password protecting some form of important information, whether that be a network password or a password for an account etc. - with regards to attacking a network it will most likely be guessing the password protecting the network access point. The process involves using a computer program in order to begin by guessing every possible password there is, starting with a one digit password, then trying all possible two digit passwords, then three digit etc. The computer program manages to do this automatically at very high speeds depending on the hardware within the computer. An attack similar to Brute Force would be the Dictionary Attack, which is essentially the same as the Brute Force but tries to guess words in the dictionary – or a list of common passwords – rather than going through all possibilities by guessing every character of the password. These two forms of attacks can be very effective as a lot of people use weak and common passwords, so gaining access to a network could be very easy. 

• Social Engineering 

Social Engineering is essentially the act of attacking password protected things such as a network through the use of finding out certain information from other people. This information could be personal, and by finding it out the user has intentions to try and use it against the victim. For example, the user may ring up the victim claiming to be from a banking company who requires the need of the victim's personal bank details. Another example that could be used to attack a network could be the user calling the victim saying they are from Microsoft saying the victim has a virus on the computer and that they will need to remote access the system to remove it. The user would then get the victim to download a remote access program, to which the hacker would then have full access and control over the victim's machine – unless the machine is disconnected from the internet of course.  
 
P2: How Networked Systems Can Be Protected 

Although there are many ways in which a networked system can be attacked from hackers with the likes of viruses and other methods, that doesn't stop the end user from trying to prevent these attacks in the first place – with the correct know how, this can be done. 

The first set of methods I am going to talk about is for email security, when it comes to working in an organisation the use of emails tend to be very popular and used on a daily basis. Email servers could become victim of attacks and spam mail, with spam emails making up a large percentage of all network traffic around the world. One way in which these spam emails can try and be stopped is by having a Spam Guard set on the email inbox, which will usually scan through an email as it is delivered, searching for key aspects of spam emails and looking back at databases to see if the email contains spam or not. However sometimes spam emails can  bypass the spam guard by having some specific data altered in the email itself, and essentially becoming a hoax email rather than a spam email – a hoax email is usually when the sender alters a small section of the email for it to bypass the guard, usually by changing the 'sent from' address bar to something similar to what the government in the receiving country might use. To prevent this the staff in the company will need to have the correct knowledge on how to spot these types of fake emails by maybe having small talks on what to do and how to spot one etc., but to also help prevent these emails from causing any harm could be to have only one email server/one entry point to the server; if there were more email servers then they might all process the incoming emails differently, some letting through more spam and hoax emails than others, than if there was just one main email server checking all of the mail. 

It is not just emails that people can target their victims  by, but by targeting them directly if they find a way onto the victim's internet network/wireless network. Wireless networks are a big target to hackers, especially those that are available to the public by having no password to protect it. One main reason they are a big target is due to the fact that they can plant viruses and worms onto the network that will infect all of the users that are connected to the network itself. The first and main way to prevent this from happening is to set a password on the wireless network so that only the people who should be allowed to connect can access the network, blocking out any harmful individual who may intend to infect and harm other users of the network. The password is put onto the network in the form of WPA/WPA2 which is a security technology that requires users to enter a password in order to connect to the wireless network device/router - the data is encrypted at a bit rate of 128-bits. Another form of wireless security would be the use of WEP, which is another security protocol that encrypts all data that is transmitted, but the encryption can be breached if there is a hacker who knows what they are doing with the correct equipment and tools. One final way in which the wireless network can be protected is if a network limits its users by their hardware MAC address – a MAC address is a unique code that all hardware has if it is able to connect to a network. This is a very useful feature to have to prevent unauthorised access to the network as each MAC address is unique, however it is possible for a device to spoof it's MAC address (if they know what MAC addresses are allowed on the network, which is hard to find out) however some devices can tell if one's MAC address is being spoofed or not. 

When it comes to making the password for the wireless network and for personal access control in general, to keep it secure there should be a few rules to follow in order to create a strong password that will be hard to crack by hackers. The rules to follow can be shortened down and be called the "8 4 Rule" as it is made up of two simple rules to follow, in order to create a password that will be hard to crack: 

• Rule 1 – Length: The minimum amount of characters you should aim for in your password should be eight, but the more the better. The more characters you have the longer it will take a hacker to crack. 

• Rule 2 – Complexity: To make a complex password it should contain at least one character from the following groups, and the password as a whole should have at least four characters being the following: 

1. Lower case letter 
2. Upper case letter 
3. Number 
4. Special character 

The name of the "8 4 Rule" comes from the combination of the above two rules: 

• 8 = Eight characters minimum length 
• 4 = 1 lower case + 1 upper case + 1 number + 1 special character 

However, when it comes to making a password to use for security purposes you need to ensure that you do not use simple passwords that can be cracked easily by the hacker, whether that be dictionary words and phrases along with common passwords that may be used by other people – your password should be changed regularly in order to keep the security of the networked system as high as possible. You should try and avoid using a password that means something to you in a personal way, ie. a pet's name, year of your birth etc. that someone can easily guess if they do their research. 

Another way in which networked systems can be protected is with he use of an Anti-virus software being installed on the machine you are using. Anti-virus software's offer a few ways in which they can help protect you from potential threats, including the ability to scan the system for malicious files and viruses along with being able to real-time monitor the system itself. Another prevention method that works hand-in-hand with Anti-virus software's would be the use of an IDS, an intrusion detection system. An IDS is essentially a device or software that monitors a network or system for malicious activity. Any detected activity or violation is usually reported to the administrator of the system. 

Task B - What's Best? (P3)

P3: Minimising Security Breaches

Security Policies

Within all organisations there will be a form of policy put into place in order to keep the security of any important work and information safe – this policy will most likely be in the form of a written/digital document which states any rules and regulations which are in place, which are more than often regarding computer network access.​
The purpose of the security policies are so that the workers have a set of rules to follow in order to protect the company's devices and systems. The policy is likely to change regularly over time, as improved rules will be added in order to ensure the company's security and safety in regards to networked system access – the updates to the policy will ensure that data and information is secure, and only accessible by authorised people.​

Backups

All organisations should have a way of making backups of their data and information, and a way of restoring any necessary information and data also. These procedures should be put into place in order to recover any work when necessary, which could include physical disasters which may wipe out the data within an organisation, or perhaps even if the networked systems were breached and an unauthorised person was able to bypass the security and make a breached entry to take any information or data – if anything is taken then a backup will help to restore it.​
Backups should be taken on a daily basis, which are usually taken at the end of the day. By taking the backups at the end of the ensures that the organisation has the most recent copy of any file/information/data that they have or may have been working on in that day so that it will not get lost or damaged. Every now and then all of the backups should be checked to ensure that everything is as it should be and that the backups were taken correctly, and can then be compared to a version of the backups that may also be kept externally from the network within the organisation.​

Monitoring

Most organisations will have a policy in place involving the system networked devices to be monitored for all of the employees within an organisation – monitoring of the devices refers mainly to the employee's computers to be watched over to ensure that they are working efficiently and not doing anything that they should not be. ​
In order for monitoring of the devices to be most effective then random checks should be made during the working day at various times. This will ensure that no worker knows when the check will be made, so anyone who is not doing what they should be can be caught out which will prevent anything that may breach any policy from being carried out. ​

Permissions

Access permissions for the employees is advised to be set in any organisation as it essentially is a list of things which each user is able and unable to do. For example, some people may have access to certain applications and programs that they may need to use for their specific role within the company, whereas another program on the computer may not be available to them but will be for someone else who needs to use it in order to carry out their work.​
Access permissions is unique to individual workers, however they are usually assigned in groups, for example Managers will usually have a lot more permissions set for them than normal employees as they will need to access more things in regards to work on the computer systems.​

Physical Security

Physical security of networked systems involves trying to physically protect any networked system within an organisation. This is vital within a company as networked systems are not only breached by the likes of hackers over the internet, but can also be breached by the likes of people breaking into the office building which is why it is important to go the extra step to ensure that all of the networked devices and systems are physically kept safe and secure. There are a few ways in which a company can physically secure their networked systems, which are as follows:​
• CCTV/Security Staff – The use of security staff alongside CCTV cameras would ensure that the work area is monitored 24/7. Not only would this help prevent any unlawful action being carried out, but it can help find the culprit if any of the systems were to get breached physically by someone.​
• Lock & Key – Using a lock and key to secure the systems is a good idea as will be difficult for people to gain access to them. However, if the key(s) were to get lost then the lock will not be able to open anymore – likewise if an authorised person got ahold of the key they were then have access to the systems.​

• Logging of Entry – Within some organisations there are security measures in place that record each person who enters and exits certain areas of the business building, mainly through the use of swipe cards. Like with the previously mentioned lock and key method of security the use of swipe cards to enter different zones gives a high sense of security on the premises, but if someone gets a hold of one of the cards then they will have the access rights to enter and exit through the different doors.​
• Biometric Authorisation – This method is similar to the logging of entry with the use of swipe cards, however instead of cards you gain access through doors through the use of physical attributes ie. finger, pal, eyes etc. Unlike the previous two methods an imposter cannot easily replicate physical attributes to be scanned of someone else like with getting a simple key or card, however it is fairly expensive to install and maintain these security systems.​

Task C - Start Installing! (P4)

P4: Plan Procedures to Secure a Network

When it comes to the security of a network we have to ensure that no one else – who is not permitted to – can access the network itself. The reason for this is that if the network is not secure then anyone may be able to get onto the network easier, to which we do not know whether that person will be harmless or harmful; people on the network could attack it in a malicious way. There are a few ways in which we can try to prevent this, by carrying out the likes of changing the default login credentials to the network router itself, and enabling WPA/WPA2 wireless network security by changing the wireless network password to something unique that people will not be able to guess to gain access to the network. To be able to change any of the above settings we need to access the router configuration by entering the default IP address in a web browser, to which 192.168.0.1 was entered in the URL bar in the web browser. From here I will be presented with the router login page, and once logged into the router I will be able to go and change the network security settings.


Unit 12 - IT Technical Support (P1,P2,P3,M1,M2)

Unit 12 - IT Technical Support



Task A - Technical Support Report (P1,P2,P3,M1,M2)

P1: Tools and Techniques Used for Technical Support

Although over at DigiCom there is an IT department, they may  not always be able to resolve any faults they may stumble upon with only the use of their brain; there is only so much one person can know on a topic, and may not even be able to find the solution with the help of the other members of the department. However with the use of diagnostic tools and techniques the IT department could find the solution to a fault more quickly, and more effectively, saving up unnecessary time and effort in order to find the solution to the fault they are looking into. Not only should the IT department consider the likes of diagnostic tools such as device manager and resource monitor along with malware and virus diagnostic tools such as Malwarebytes, but they also need to think about the questions they could ask the user in order to find more information about the fault; they can ask closed questions, but should stick to open questions in hope that any information given to them can help them more effectively to find the solution to the fault. All questions asked must try and be direct questions to receive the best possible feedback and outcome. 

When trying to find the solution to a fault the IT department at DigiCom should consider what sort of questions they are going to ask the user in order to gain a little information about the fault itself. A structured approach when asking relevant questions should be taken, as this would allow the IT department to get answers and a conclusion more quickly. When asking the customer the questions, a logical approach should also be taken, and any additional symptoms other than the main fault itself should be noted as well. When asking questions the IT department should consider what direct questions they are going to ask, such as "Do..?", "Is..?", "Can..?", etc. One of the first questions the IT department could ask would be for the user to point out what the fault is and where it is located, if they know the answer. This in itself is quite an closed question, as it allows for the customer to pinpoint the location and what they know about the fault, and by passing it on to the IT department aids them in trying to resolve the fault. Not only would the would the Technician need to ask questions about the fault, they could also monitor the user's system remotely with the likes of RDP, which would be another useful technique in order to strive in resolving the issue. 

Another technique that the IT Technician for DigiCom might use would be the use of keeping a fault log. This in a sense is the Technician's own personal diary of any information related to the fault the user has. By making a fault log means that they will not forget any information given to them, and they have it all there in front of them to refer to at all times; this fault log can be either down on physical paper or a digital copy such as on a notepad on the computer. Similar to the fault log, the Technician should try and get access to the solution database for the faulty system, if it has one. This would allow the Technician to see if the system has had any faults prior similar to the current one, and see what actions were taken to resolve this issue last time. 

Although said techniques should offer the Technicians a lot of information to help in resolving the fault they are faced with, techniques alone will not get them where they need to be. This is where certain tools jump into play, in order for these techniques to make the biggest effect possible. The first tool that a Technician could try would be the troubleshooter found on the system. Troubleshooting essentially tries to find the fault with a program or service and automatically fix it for you, however if it cannot find the issue or resolve it then it will give suggestions on how you can do it yourself. Another tool that would come in handy for the Technician to use would be the likes of an anti-virus or malware removal software, such as Malwarebytes. Malwarebytes – or any other anti-virus software – can run scans on the fault system and try and locate any malicious files that may be harming the system and causing faults to occur. Alternatively you can have them set to do real-time checks on the system, monitoring things you download etc. Other examples of anti-virus software could include the likes of Norton and AVG. 

Other tools that could help in resolving faults in computer systems could be the likes of the control panel, but more importantly the install/uninstall options on it. If the fault is known to be linked to a specific program then the Technicians would be able to uninstall the program from here to help resolve the issue. To be able to locate the program that is causing the fault however the Technician might need to use the likes of task manager to be able to get a visual of performance data, and any running applications and service; task manager might be able to pinpoint any that look very suspicious, using up lots of memory over others and those that's don't look familiar etc. One final tool that the IT Technicians at DigiCom may be able to use effectively would be the event viewer on the system. By browsing the event viewer allows them to see if and when any errors or faults may have occurred on the computer itself, and from here they may be able to find a solution more quickly. 

P2: Impact of Organisational Policies and Procedures on the Provision of Technical Support

The job of the IT Technicians at DigiCom require them to download and use many softwares and programs which will help them to try and resolve the faults that they are faced with. However, despite this they have to ensure that they stick to the policy procedures put into place over at DigiCom. Below you will find some of the ways in which DigiCom's policies affect the provision for technical support: 

• Internet Use – Company computers are meant to be used for the purpose of work within the company, and nothing more. Companies must ensure that all of their employees stick to this guideline, and in return will monitor the internet usage of the company computers, usually by blocking certain websites. Sites that will usually get blocked within a workplace are the likes of illegal sites, pornography sites, gambling sites etc. In most cases, blocking of sites and restricting internet usage in general will lead to a better outcome for the company, in terms of the technician whose job it is to give technical support at DigiCom will not get distracted from their work by playing games out of boredom for example, and will focus more on their work for the business. However, sometimes websites may be falsely blocked, and a technician may need to access it to research into specific information, but with the restrictions in place they cannot do so, and will have to spend time finding it elsewhere. 

• Security – The majority of companies will have some form of anti-virus installed onto their computers in order to prevent any risk of getting malware and other malicious files on the computer itself. To help prevent any viruses being downloaded onto the company computers the business will usually have a rule in place which prohibits unauthorised software and programs to be downloaded. Like with the previous policy, by putting a restriction on downloaded software and programs will help prevent distracting the workers from potentially needing to find solutions to remove any viruses or malicious file they may accidentally download through unauthorised software and programs. 

• Technician Experience – Within DigiCom they allow their technicians two training days per year to allow for professional development. By offering their technicians these training days allows for them to go over the necessary skills they need to undergo day to day tasks for the business; the technicians will work more efficiently and effectively without the need to ask a colleague for help, which would take up time in the work day to go over how to do a task, using up time which could be spent on the work itself. Using up this work time to see how a task or job is done wastes time essentially, especially if you were to add up the amount of time spent trying to find the solution, but by adding in the two days each year will help prevent this loss of time if the technician is unsure on how to do something on a daily task.

P3: Types of Faults That Can Occur

When we take a look at the extract from the fault log it is clear that there are many types of faults, however they all seem to fit in either one of a number of categories. These categories are as follows:

Loss of Service  

This usually applies to a large scale service, such as a network, however it can be triggered by a number of issues that the computer system may have, from accidental data corruption or system crashes. The likes of servers may undergo loss of service if for example more information flowing through became over the limit as what it can handle, as information is constantly flowing through them; if programs and software are pushed over the limit of what they are capable of then the loss of service can take place. An example of this from the given fault log could be the one submitted by Edith, with regards to not being able to make something print off, assuming that she is using the printer wirelessly.  

Hardware Faults  

This issue occurs when the physical components of the computer system or other peripherals may have a fault, resulting in them not working properly. These issues are usually relatively easy to fix, as it may just consist of replacing the faulty component, however sometimes one faulty component can have an effect on all of the other components within causing the system to become faulty as a whole and not work; one faulty component can make other components faulty, meaning that more than one of the interior components may have to be fixed or replaced, rather than the original faulty one. An example of this issue from the fault log could be the one given by Sunil with regards to the screen going 'pop' with a following bad smell. This indicates that one of the interior components of the monitor he was using has a fault, causing it to essentially explode which is where the 'pop' noise and strange smell had come from; he could probably smell the burning from the faulty component perhaps. 

Software Faults  

These issues usually occur when the specific software or program do not respond as they should do, causing it to not work properly. They are common when a programming error becomes evident, and is executed by the computer's processor. An example given from the fault log would be Ben's fault, with regards to Microsoft Word which keeps freezing for him, resulting in him to lose the work on his Word documents. By the sounds of it, Microsoft Word encounters a software fault, and therefore the CPU will attempt to close down the program.  

Poor Performance  

This essentially refers to when the computer system is not performing to its full potential standards, or when it under performs to what it will usually perform like; poor performance is usually noticeable if the computer is running slower than usual, and is generally caused by hardware or software faults, or exceeding the limits of the installed RAM or hard drive. An example from the fault log of poor performance would be John who states his laptop used to run like new and now runs slow. This could be from the capacity of the hard drive filling up or exceeding the limits of RAM, or it may be more serious and could be the outcome of a hardware or software fault.  

Viruses  

Viruses are probably one of the most threatening things to a computer system, due to the sheer amount of harm it can cause to the computer itself. These threats can vary from malware, malicious files, spyware, keyloggers etc. and many other harming things, which can also include unauthorised remote access to the system. From the fault log we can see that it looks like Jules may have a virus on his computer, as he states that the mouse keeps jumping across the screen, and pops up with a message box saying 'Gotchya'. This could be as harmless as a prank from a friend, or as harmful as a virus causing the pop up message.  
Error Messages  

These are usually displayed stating that a command cannot be performed for a specific reason, and might sometimes prompt the user with some troubleshooting tips to try and resolve the issue. The example shown in the fault log of an error message occurring would be Freya's submission, which states that her file cannot be saved when using a template on the word processor she is using.  

Complaints  

Complaints are usually when someone submits a fault complaining about an issue they have, rather than explaining or stating what is wrong with their system. A complaint can be from the likes of the user complaining about a fault with their system, or even complaining about the service they may have received from the technical support team regarding an issue they had. An example of a complaint from the fault log can be seen from Martin, who states that it is around the sixth time he has had to call the support team regarding the same issue, and therefore he is unhappy with both the continuing issue he has and is also unhappy on the support team's assistance. 

Network Access
  
As mentioned a little in the loss of service, network access can sometimes play quite a big part of some faults that a user may have. For example, if there is no network access then it may cause the likes of not being able to connect to wireless peripherals, not being able to connect to the internet and not being able to logon to the system if the user accounts are connected to a main server. I believe network access may be the cause of some of the issues in the fault log, such as Freya who cannot seem to login to the system, which as mentioned might be because she cannot connect to the main server where all of the accounts login and connect to. 

User Requests 


A user request is usually an issue a user has where they are simply asking for a little help with something small – or big – where they may have a little idea on something but not fully understand it. An example of this can be found in Ben's issue asking the technical support for help in regards to adding a signature to outgoing emails in Outlook.  

(On some occasions, the issues listed in the fault log may look to fit under multiple categories of faults, and may not be limited to just one category to be listed under).



From the above chart we can see that the most common type of issue that arises on the fault log provided is an issue regarding network access. I believe the reason for this could be down to the fact that network plays a huge role in every day life within a workplace; many of the issues with regards to failed login attempts I believe are due to network access if the company is running user accounts from a server, and if the network is down or playing up they would not be able to log on to their account.  

M1: Importance of Keeping Fault Logs

With fault logs it is Important for a company to keep a backup of old and present logs which could be referred back to in the future, and could become very useful rather than having no purpose – it will keep a backup of faults, including what happened, where it was located and possibly what was done to resolve it. By having said fault log means that in the future if the fault – or a similar one – happens again then you can refer back to the log to see what actions were taken in order to resolve the fault, or if the resolution is not there then you can refer back to see if it is the same and in the same location, and how many times it has already occurred; if it has occurred multiple times then it indicates that perhaps the system the fault is occurring on my need a deeper look into it, and possibly might need replacing. An already existing fault log will help reduce the time it takes to resolve other faults of a similar nature, which helps to resolve the new fault more efficiently and effectively – without the log you might end up wasting time trying to remember what was done last time off the top of your head, or spending a lot of time trying to find an answer to an already answered a solved question, but without a copy of any fault log. 


If a company was to keep a fault log however they must ensure that it is accurate. By having an accurate fault log will give the technicians accurate data to look back on. If the report log is not accurate then someone might try and resolve an issue in a way that they are not meant to, and could end up damaging the system with the fault even more than it already may be; if the data on the fault log is not accurate then it may show a supposed fix for the issue which is not true, and if someone looks back at it trying to resolve the same issue or similar, then they may damage the system even more or might even injure themselves, and therefore will become a safety risk!

An example of a fault log can be seen below: 

Technician's Name: Jeff 
Date & Time: 23/03/17 - 2:10 pm 
Description of Fault: Cannot log on to user account which is managed through the company's server 
Actions Taken to Resolve: Checked the network settings to make sure it has a connection to the server 
Problem Solved?: Yes 
Cause of the Issue: Ethernet cable was not plugged into the computer properly and therefore a connection to the server was not established 
Time Taken to Fix: 5 minutes 


The example is above can be seen as an accurate fault log example is it details all of the relevant information needed in order for the fault to be resolved. If the log did not have the likes of the actions taken to resolve or whether the issue was resolved or not then it may not be seen as an accurate log entry as important and vital details and information would be missing. 

M2: Advantages and Disadvantages of Outsourcing Technical Support

With DigiCom considering to disband the in-house support team and begin outsourcing the provision of technical support – outsourcing is where a business will pay another company to help with any work or tasks that are needed to be completed for a deadline, which can have many benefits but also can have some disadvantages to it also.  

Outsourcing has many advantages which include the likes of being able to complete specific types of work without the need in buying expensive essential material, by getting the outsource company who has it already to do the work needed. This can lead to financial benefits for the initial company as they would not need to invest in the expensive material and equipment they may need for specific tasks, as well as some companies outsourcing to companies in a different company where work may be cheaper than in the original company's country, with the minimum wage in the UK being £7.20 for an over 25 year old person whereas in the likes of India the minimum wage is lower – this could mean the business would not have to spend as much money on their work, and can use the money elsewhere within the company. This idea of outsourcing will also help free up the amount of resources the first company would need to spend money on, and if getting a foreign company to do the work then the first company is essentially paying the other workers less for the same work. 


However, with the advantages comes disadvantages also. For example, if the initial business were to outsource in general then there is the chance that the control over the work being done will be considerably less than if they were to do the work themselves. Also, if the outsourced company was located in a foreign language then there may not only be language barriers between the two companies, but also to the customers also, if the outsourced company has to also get in contact with the customers they are working for – the foreign language they may speak might not contain specific names and vocabulary that the initial business may use within the workplace. This could lead to the customers not being very happy with the initial company if there is a language barrier to stop clear communication between the customers and the business, as they may feel they are not getting the top standard professionalism than they would expect to receive. Another aspect of outsourcing that would need to be put into consideration would be the time zone if the outsource company was in another country, as it would be difficult – time wise – to work with someone on the other side of the world to yourself, as they may be asleep when you are awake and working, and vice versa.