Cambridge Technical Introductory Diploma in IT

(Unit 2 - Exam Preparation 10th January 2018)

Global Information.

Scenario

Organisational Profile

Introduction

Progress DogTravel is a business which organises travel for dogs whose owners are emigrating from the UK. (Everything is arranged by Progress DogTravel for the owner, documentation and travel arrangements as well as veterinary support.)Dogs stay in the kennels before travelling to their destination country. Dogs that stay in the kennels must be up-to-date with their vaccinations and be micro chipped.(Interestingly someone has mistaken what an Air Kennel actually is, it is the pet carrier that the animal flies in not the residential accommodation for dogs. One assumes that "start date of the stay at the kennels" implies that there will be accommodation needs for animals that are travelling.)

Travel Service Progress DogTravel organises all aspects of the travel process including dropping the dog off at the Animal Health Centre of the departure airport. (This will have the veterinary support. Consider where documentation is required to enable the dog to get to place to place given that it cannot communicate, on the other hand it isn't just a parcel. What information is collected where in this process? Progress DogTravel is responsible for the creation of the travel plan but is it also responsible for the management of the plan for an individual dog. So, would they have to ensure that the right Pet Passport and EHC accompanied the correct dog. How could this be tracked as the dog makes its journey? Might it be possible for the dog to have its own blog with pictures and video so the owner can see that everything is working as it should? There may be payments involved between the owner and Progress DogTravel that will be passed on to third parties such as kennel fees and vets bills and the airline costs, so security will become paramount with a financial involvement.)

To enable the travel process to be started the following details are required: (What type of information is being collected at each stage of the process? Why is it being captured, how is it being captured and how can we be sure that the information is accurate and complete? Given the issues that have been identified later in the scenario, how can we be sure that Progress DogTravel is discussing the correct dog?)

  • owner’s contact details;
  • name, microchip number and breed of the dog;
  • proposed departure date;
  • destination country;
  • start date of the stay at the kennels;
  • contact details of the vet the dog is currently registered with;
  • details of the insurance policy if appropriate;
  • vaccination details;
  • any preferences, e.g. airline to be used.

All aspects of the dog travelling out of the UK are organised including:

  • organising and booking flights;
  • DEFRA Export Health Certificate (EHC);
  • EU Pet Passport (EUPP);
  • mandatory checks on departure including blood tests and the checking of microchips and vaccinations, including rabies;
  • vet checks on departure from the UK and arrival in the destination country;
  • IATA Approved Air Kennels.

Each country has different rules for dogs arriving from the UK. For example, some countries require dogs to have up-to-date rabies vaccinations whilst others, because the UK is free of rabies, do not have this requirement. (That would mean that there is information for each country available to Progress DogTravel - is this shared with the owner or is it used to facilitate the emigration?)

The most up-to-date rules and regulations are consulted before a booking is taken for the travel service. Progress DogTravel is then able to advise owners of the relevant rules and, where appropriate, of any health and medical requirements. It will then also reserve the quarantine kennels in the country of arrival. (This event would have to be planned in advance - just this week - 3rd December - a Japanese airport stopped taking pets as their quarantine kennels were full.)

For example, if a dog is travelling to Australia then a permit from the Australian Quarantine and Inspection Service must be obtained prior to any travel arrangements being organised. On arrival in Australia, the dog must stay in quarantine kennels for a minimum of 10 days. However, if a dog is travelling to Europe then a pet passport and vaccination details are required. The dog must also have had a rabies injection at least 21 days before the dog travels. (All this information needs to be gathered before the dog travels. It would need to be stored securely and then distributed to the relevant authorities in a timely manner.)

Most of the communication with the destination countries is done electronically. Some countries require the paperwork to be scanned and emailed or uploaded to an online storage area as the dog’s flight departs the UK. There are other countries, however, where the paperwork, in hard copy format, must accompany the dog.(Electronic data sharing is easy world wide. Provided that the firewalls are adequate and there is suitable protection for the stored data then this is the most sensible method of data exchange. However, some documents are documents and have to be delivered physically - the Pet passport or EHC for example. Scans can be shared but some organisations rely on email. Is email data exchange encrypted or secure in any way? By default emails are not encrypted but the option exists to establish a secure transmission between two email accounts provided the digital key can be exchanged securely. Like the old bank algorithm with different keys for different customers Progress DogTravel would have to manage multiple keys, one for each email recipient. The recipient would have to manage the key (digital certificate) as well which ads yet another layer of complexity.)

The dog’s travel arrangements are kept in a database which is backed up at the end of every day to a secure online storage area. (This would be backing up to the cloud, so the main system is not cloud based. See the diagrams further down the page.)

Problems have begun to arise as, currently, the dog’s record is accessed using its name. This has caused confusion when two dogs have the same name. There have been several instances when the incorrect paperwork has accompanied the dog. (This is easily fixable if the right primary key is selected. If the dog is being searched for by name then there needs to be a second value such as the surname of the owner that can be used to discriminate between dogs. This is a more of a procedural issue.)

Fig. 1 shows an excerpt from the dog travel arrangements database, showing some complete records. The actual database contains all the data about every dog for which travel has been arranged during the past two years. Progress DogTravel has incorporated validation routines into the database, such as drop down lists, to minimise data entry errors. (What other validation methods might be available to Progress Dog Travel?)

Further research suggestions

The examiner has made some suggestions for study related to this pre-release. In particular they suggest that to prepare for the examination, you should research the following themes:

  • The differing global holders of information including location, the technologies available, access issues and the category of information used.
  • The differing information styles, sources and data types used by Progress DogTravel.
  • The consequences of poor quality information on Progress DogTravel and its stakeholders.
  • Legal requirements relating to the storage and use of information, including the impacts and consequences and how Progress DogTravel can conform with these requirements.
  • How information can be kept securely to maintain confidentiality, integrity and availability.

The differing global holders of information including location, the technologies available, access issues and the category of information used and how this might affect Progress DogTravel.

One thing to consider here is the benefit of the microchip data as part of the pet passport. This is normally required as part of the insurance documentation too.

Looking first at differing global holders of information. With which organisations does Progress DogTravel share information and where are these organisations based? Are they UK, EU or international organisations? Do organisations in different countries have different regulations regarding information? How might GDPR affect Progress DogTravel? The US for example has no specific laws on Data protection but has adapted trade law to incorporate these issues. Are there operational issues for Progress DogTravel that change depending on the country the dog is travelling to or from?

Next, given that some countries require paper documentation to accompany the dog, the technological requirements are reduced, however some countries allow a scanned emailed copy and others it can be all electronic where the technological requirements are greater. Clearly in all cases the information must be accurate and timely.

The scenario mentions issues with using a dog's name as a search term and incorrect data has accompanied the dog; what issues will this cause for the dog, the owner, the receiving country and Progress DogTravel? How might this be resolved?

Where is the information kept by Progress DogTravel actually stored? It says "secure online storage" but what is this? can this storage be accessed from anywhere or is it just the back up? What are the advantages of operating online "in the cloud"? Are there any drawbacks to this? How might it help resolve the issues outlined earlier with the wrong paperwork? If outside agencies can use the data that Progress DogTravel has collected would there need for any technologies such as an extranet? Would this have access issues and legal consequences? Would there need to be "tiers of access"? What are the issues with access if the CIA triad has not been adopted fully?

If the information is sent outside the organisation does Progress DogTravel have any control over it? Consider all of the organisations that are involved in the travel arrangements; some are given in the database excerpt.

Finally in this section, what are the categories of information that are mentioned in the scenario? Sensitive or non-sensitive, private or public, personal or business, confidential or classified or partially or completely anonymised. Information that is personal such as an owner's name is also private; as such it is covered by one of the provisions of the Data Protection Act (1998) and would need to be held in a manner commensurate with the provisions of the Act. On the other hand the dog's name needs to be shared as it is the main search term at the moment.


The differing information styles, sources and data types used by Progress DogTravel.

Consider all of the information that can be collected about the dog and how and where might it be stored? What are the styles that could be used for this information, text, graphic, video, animation, audio, braille text, tactile images, subtitles (on video), boolean, tables and spreadsheets, charts and graphs. What styles are not appropriate and why? What styles and data types are used for the data stored in the database - check the excerpt)? (LO2). How can the sources be categorised?


The consequences of poor quality information on Progress DogTravel and its stakeholders.

The scenario mentions issues with using a dog's name as a search term and incorrect data has accompanied the dog; what issues will this cause for the dog, the owner, the receiving country and Progress DogTravel? How might this be resolved? What is a primary key and what is the most important fact about a primary key? What fact about a dog might be unique and therefore would make a better primary key? Who are the stakeholders in the organisation? Do they all have the same access? How does CIA help with the security and consequently the quality of the data help by Progress DogTravel?

In addition there are the issues that can be addressed regarding the quality of the information that Progress DogTravel captures and processes. Is the information valid - has it been checked in some way - or is it biased for some reason - perhaps the dog owner is not as accurate as they should be with the breed of dog (not really an issue) or the veracity of the pet passport (an offence). Is there any comparable information that can be used to check the data that has been captures or processed? What could be the consequences of poor quality information on the stakeholders of Progress DogTravel - don't forget that the stakeholders include everyone that makes use of the system and that includes dog owners, airlines, vets, immigration services world wide.

How is it possible to assess the standard of the information that Progress DogTravel is processing? Consider reliability, validity, relevance, time frame, accessibility, quality, appropriateness and cost-effectiveness.


Legal requirements relating to the storage and use of information, including the impacts and consequences and how Progress DogTravel can conform with these requirements.

The first first thing to consider is all of the legislation: The Data Protection Act 1998 (DPA); The Regulation of Investigatory Powers Act 2000 (RIPA); The Protection of Freedoms Act 2012; The Privacy and Electronic Communications Regulations 2003 (amended 2011); The Freedom of information Act 2000 (FOI); The Computer Misuse Act 1990 (CMA) ; The Information Commissioner's Office (ICO) code of practice ; The Copyright, Designs and Patents Act 1988; The Equality Act 2011 (EQA); The Communications Act 2003; The Digital Economy Act 2010; and The Malicious Communication Act 1988 (MCA). The legislation in relation to Progress DogTravel is given in more detail here.


How information can be kept securely to maintain confidentiality, integrity and availability.

This is the CIA Triad that has cropped up in previous research. Confidentiality relates to the individuals being able to see the data that they are entitled to see but no more. This could be accomplished with access rights, tiers of access, physical restrictions on the PCs that show the data and encryption of data at rest as well as in transit. Integrity is crucial given the issues with the dog's name as the search term and is necessary to ensure that the data is complete and fit for purpose. Given that data is being sourced from a variety of sources it would need to be checked to make sure that the right owner is associated with the right dog travel plan. Availability will be important given the need for data being worldwide, either as transmitted documents, emails or access to the database (possibly through an extranet). If Progress DogTravel is sharing data with other agencies that have responsibility for the welfare of dogs and the health of their nation (rabies is a killer for people) there is an expectation that the data is accurate. For example a dog travelling from the UK (which is rabies free) to Europe is undertaken under a pet passport where no inoculations are required, if a dog from Southern Europe was the dog that was travelling on the British dog's papers than it might be let in to a country with out its rabies status being checked.

The key question to address is how the data can be kept securely. The 7th principle of the 1998 Data Protection Act states that an organisation must take:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

This means that an organisation would be required to:

  • design and organise their security to fit the nature of the personal data you hold and the harm that may result from a security breach;
  • be clear about who in the organisation is responsible for ensuring information security;
  • make sure they have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
  • be ready to respond to any breach of security swiftly and effectively.

The unfortunate issue of using the dog name as the primary key should have been addressed under Integrity as soon as it was detected. Data checking such as this should have been one of the business processes that the business undertakes routinely to ensure that their data is up-to-date, accurate, complete and fit for purpose. Clearly the system is currently not fit for purpose. This would have significant business consequences in the age of social media where condemnation is swift and spreads rapidly.

Speaking of social media might this be an invaluable tool for spreading the word about Progress DogTravel, it would be easy to gather positive reviews and with careful media management the positive reviews should outweigh the negative ones.

If the database is set up correctly though it would be impossible to have two dogs with the same name (if dog name was the primary key), the second dog could simply not be added to the database.


How different types of information access and storage devices can be used in Progress DogTravel.

Types of information access and storage devices can be found here. Media for storage devices can be found here. One thing to consider here is the benefit of the microchip as part of the pet passport. The microchip readers look something like this:

and are hand held.

Types of information access
Hand-held Device   A piece of computing equipment that can be used in the hand, such as a smart-phone or tablet computer.
Wearable Device   Wearable technology is a category of technology devices that can be worn by a consumer and often include tracking information related to health and fitness
Portable Device   A portable communications device is a hand-held or wearable device. For example, the walkie-talkie is a device that is hand-held when in use, and wearable (just) when not in use
Fixed Device   A fixed device is not portable either because it is physically not possible (too bulky or heavy) or it is wired to devices that are fixed; i.e. the connection is not portable. Fixed wireless is the operation of wireless devices or systems used to connect two fixed locations
Shared Device   In computing, a shared resource, or network share, is a computer resource made available from one host to other hosts on a computer network. It can be accessed by one or more authorised (we hope) users.

Characteristics and purpose

Examples of devices Purpose Characteristics Advantages Disadvantages
Hand-held devices: Small tablet, smart phone, wearable device,
eBook readers
A small portable device which has a touch screen and can perform many functions of a traditional PC (as well as phone based communication in some cases). A small touch screen based device that can access the Internet; not very heavy; has some data processing capability. Portable as it is small and lightweight; can perform many functions of a traditional PC. It is fragile so can break easily; it is expensive and can be easily lost or stolen.
Smart-phone An electronic device that can resemble a cell phone which can run applications. Small; touch screen; can get applications; can access the Internet; has some data processing capability.

Small and lightweight therefore portable; enables you to do everyday life tasks such as phone calls, messaging and emails; low power consumption.

Over time, battery life fades; fragile so it can break easily; frequently updated version are on the market; limited range of "serious" software.
A wearable device such as a smart-watch A device that is worn on the body which incorporates some of the functions and features of a small tablet in particular the data collection features - accelerometer and heart rate monitor.

Small with a touch screen; worn on a wrist or round the neck or arm; usually paired to a lager device such as a smart-phone; health trackers have additional sensors.

Convenient as it's always with you; provides short-cuts instead of getting the smart-phone out.

Less versatile; small so can hardly see the screen; usually paired to a lager device such as a smart-phone

Laptop
and large tablet
Fully functional computers that have portability and convenience; battery powered. More expansive then a PC for the same performance. Sub-notebooks are all solid state. Less weight and smaller size than a desktop; keyboard (on screen for a tablet); large screen. Very convenient. Portable; can take it places when work needs to be done; lightweight; increasing battery life. Usually incorporate a touch screen. It does not support expansion or upgrade; fragile; currently short battery life; limited range of "serious" software.
Large tablet A large portable device which is touch screen and solid state based and can perform many functions of a traditional PC. Big; large screen; thin and lightweight; can access the Internet Portable as it is easy to take places rather than a taking a desktop system; can perform many functions of the traditional PC They are expensive and can break easily.
Fixed devices Desktop computer
Smart TV
Games Consoles
A general purpose computer that is based in a single location. Separate device, keyboard mouse and screen; most powerful system; usually room for expansion. Most powerful system; easily upgraded; largest range of "serious" software; possibility of a huge screen or multiple screens. Large size; not portable.

IF the system is cloud based then it would be possible to access it on almost any device, in fact platform independence is a key asset when designing a product such as this.


Different types of www technology networks and the characteristics that make them suitable for Progress DogTravel including how email communication can be used.

Types of www technology can be found here. Consider the characteristics that Progress DogTravel has makes particular www technologies more suited to their issues than other technologies. There would seem to be a compelling case for the use of Internet technologies, either with a cloud based system that can be accessed from anywhere using Internet technologies or an extranet with access via the Internet. There will be interface issues between various agencies needing access to the system as well as agents acting on behalf of Progress DogTravel working in other countries. Again , the system must be platform independent.

Do they need an open or closed system? Clearly this is an open system.

However given that the scenario mentions that back up is to the cloud then perhaps this is not a totally cloud based system, more like this and extranet based system possibly:

There are a wide number of users listed (below) who would need access to the system to either input data or access data to process it further. Are these details captured online or though forms or email? On the face of it, all of the information can come from the owner but as Progress DogTravel organises the move then the airline and kennel information might be determined by Progress DogTravel and not the owner in the first instance. How and where is the information stored? How frequently might this data change and how might this affect the back up procedures?

To enable the travel process to be started the following details are required:

  • owner’s contact details; (Owner)
  • name, microchip number and breed of the dog; (Owner - microchip registration - vet - pet passport)
  • proposed departure date;(Owner - airline)
  • destination country;(Owner)
  • start date of the stay at the kennels;(Owner - IATA approved air kennels)
  • contact details of the vet the dog is currently registered with; (Owner - vet - pet passport)
  • details of the insurance policy if appropriate; (Owner - insurance company- vet)
  • vaccination details; (Owner - vet - pet passport)
  • any preferences, e.g. airline to be used. (Owner - airline)

All aspects of the dog travelling out of the UK are organised including:

  • organising and booking flights;(Can all be done online)
  • DEFRA Export Health Certificate (EHC);(Must be completed by the owner, the exporter and a vet - physical document, no electronic copy.)
  • EU Pet Passport (EUPP);(This is almost entirely completed by a vet and an officially recognised one at that.)
  • mandatory checks on departure including blood tests and the checking of microchips and vaccinations, including rabies;(Must be completed by an official vet.)
  • vet checks on departure from the UK and arrival in the destination country;(Must be completed by an official vet.)
  • IATA Approved Air Kennels.(Supply or ensure that the pet carrier box meets IATA standards and regulations.)

Is their information private, or sensitive or confidential? Having looked at the official documentation (and I have) DEFRA states on the documentation that some is sensitive and some is confidential. The EHC is regarded as officially "sensitive" by DEFRA for example whereas the Pet Passport is regarded as "confidential". Types of information classification can be found here.

How and why different information styles are used in a database.

Information on information styles can be found here, although you will have to select the styles that suit a database. Text, numbers, dates and boolean values are the styles in evidence in the example. However a modern database can include almost any data style, graphics, animation, video and sound can be added to a database table. You must select suitable styles and you must give appropriate reasons for your selection. I have included a screenshot to show that every field seems to have a drop down arrow but this would be for sorting purposes. The field that could be picking from a list would be airline an possibly destination, the tick boxes are clearly boolean, the dates are clearly dates. A field that is a list requires that all the possibilities are known in advance so that it can be in the list before the user makes use of it. This reduces errors on data entry as "paris" and "Paris" are different but it would not prevent a user picking the wrong destination by accident.

Having dog name as the key field (primary key) is a mistake as it would be possible for two dogs to have the same name - an issue that has already arisen. The field that is unique ( a primary key is a "unique identifier") is MC number - the microchip number - each dog will be given a unique value for the chip so that if the chip is scanned the dog can be identified. As the chip number can be used to identify the dog in real life and it would be how the dog is identified as it is travelling then it can be used in the database. Possibly a consideration would be to check the owner's name or some other fact about the dog to make sure that the correct dog has been identified.

The legislation relevant to the storage of data and the actions required to comply with the legislation.

The detail of all of the legislation can be found here. However what specific legislation applies to Progress DogTravel and how might it apply? If the question is for more than a single mark then you need to include an example or hypothetical event where the legislation may or may not apply.

The Data Protection Act 1998 (DPA) - will prevent people's information getting spread around the world, preventing the likeliness of crimes toward said person.

Clearly Progress DogTravel is storing customer data (personal data) and provision 7 of the Act says that this must be kept safely. In addition some of the data is confidential (see types of data here) and so extra care must be taken not only with the data but data requests under other laws may have consequences. The adequacy provision (3) means that Progress DogTravel collect no more data than is necessary for their purposes (provision 2). Provision 7 also has procedural implications for Progress DogTravel as not only must technical precautions be taken but organisational measures too; these would be outlined in the ICO guidance. There are issues too with the 8th provision in that data cannot be transferred outside the EU unless it can be shown that the receiving country has adequate protection of the freedoms of data subjects. In addition there is information about other subjects, vets, couriers, airlines, travel information that is either sensitive or confidential and is equally subject to the act.

The Regulation of Investigatory Powers Act 2000 (RIPA)- covers central and local government looking at workers' email security etc.

At first glance this might not appear to apply to Progress DogTravel but as they have access to airline or veterinary information that in some cases transmitted via email, this may be applicable to Progress DogTravel. I cannot imagine that someone would want to misuse pet travel information but it is possible. As I write this I was reminded that about 3 days before Prince Harry became engaged the speculation about his future wife increased as someone had noted that arrangements had been made for Meghan Markle's dogs to come to Britain so perhaps there is something to talk about here.

The Protection of Freedoms Act 2012 - strengthens the FOI Act with respect to DNA, fingerprints and footprints.

Part 6 (Data protection and freedom of information) may apply only in terms of clarification of a public company which Progress DogTravel probably is not and the role of the ICO which is incorporated into the ICO guidance anyway.

The Privacy and Electronic Communications Regulations 2003 (amended 2011) - covers unsolicited phone calls and emails.

This is an implementation of the EU directive relating to cookies which may be applicable if the system was cloud based, but also includes reference to keeping communication secure which could apply to Progress DogTravel with respect to their email communication and the operation of any cloud based system. Again the ICO guidance will apply in this instance.

The Freedom of information Act 2000 (FOI) - covers the right to access information on activities carried out by public bodies.

It can be debated that Progress DogTravel is not a public body and therefore has no responsibility under the FOI, however there is the government connection again and there may be some compulsion tempered with their responsibilities and possible exclusions under the DPA.

The Computer Misuse Act 1990 (CMA) - covers hacking.

While the CMA covers the hacker more than the hacked there is an assumption that a business will make it as difficult as is practicable for a hacker to gain access to their system. This is more appropriate given that the system may be all cloud based. Encryption of data both at rest and in transit is a wise move.

The Information Commissioner's Office (ICO) code of practice - covers how an organisation should behave.

The ICO code of practice on data sharing identifies two types of data sharing; systematic and exceptional. In the case of Progress DogTravel it is the systematic sharing with DEFRA and other government agencies that will be considered. What data is to be shared? It must be sufficient but not excessive (DPA). Would DEFRA know about animal cruelty cases and might an animal be exported to avoid a prosecution or perhaps as a result of a prosecution. How often and when it should be shared? Crucially how it is to be shared so that security of the data is maintained. Have the risks of data sharing been given sufficient consideration? Would the data sharing still work if the data was annonymised? - clearly not.

The Copyright, Designs and Patents Act 1988 - covers copyright.

There may be issues about reproducing any official documents such as the Pet Passport and the EHC which are Crown copyright

The Equality Act 2011 (EQA) - is a consolidation act that covers protecting UK citizens from discrimination.

This act aims to prevent discrimination and applies only if Progress DogTravel undertakes a discriminatory activity.

The Communications Act 2003 is often used when people send offensive emails etc.

Section 127 of this complex act may apply in the case of Progress DogTravel in that it relates to the use of email. We are assuming that the emails that are sent on behalf of the business are not going to be offensive.

The Digital Economy Act 2010 - covers software piracy.

It is unclear how this act may apply to Progress DogTravel unless there are piracy issues with the software being used in the cloud.

The Malicious Communication Act 1988 (MCA) - covers Internet trolls and other formats of digital and non-digital harassment.

This should not impact on Progress DogTravel.

Different types of logical protection methods and how these can be used by Progress DogTravel.

The detail of all of the types of protection can be found here.

In addition the ICO suggests:

Categories of holders.

Categories can include individuals, local businesses and organisations, national and international businesses and organisations and governments; each of which have differing requirements and are subject to different regulation. There is scope for the examiner to ask about how different categories of holders of information are regulated or behave.

Location of information.

This again provides scope for questioning. Does the regulation change based on the location? Does the type and quality of the information change based on the location? Does the changes in information style have implications for the global divide? Web technologies can add significantly to the was that Progress DogTravel does business. What implications does the use of web technologies have for Progress DogTravel and the organisation with which they interact?

Information formats.

Would any web pages used by Progress DogTravel be static or dynamic? A dynamic website is written using more complex code — such as PHP or ASP — and has a greater degree of functionality. Would this functionality allow Progress DogTravel to capture information? If so what precautions need to be taken with the site and its data? What sort of content should be on such a site - blogs, podcasts, streamed audio and video, social media channels, document stores and rss feeds.

Information styles.

What information styles might Progress DogTravel use in all of their documentation. In many cases, the style is predetermined by the originator of the document. How does a different style present information more clearly or more efficiently than another style?

Information classification.

Considering sensitive and non-sensitive, private and public, personal and business, confidential and classified or partially and completely anonymised where might these different classifications be used to best effect? Are some classifications predetermined by the external organisation (for example the Pet Passport is regarded as "confidential".)

Quality of information.

Can the information that Progress DogTravel processes be biased in any way - if so how? How does poor quality information affect the public perception of the company? What is the importance of good quality information to stakeholders? Good quality information can promote understanding within the business's stakeholders. Stakeholders must understand what Progress DogTravel is trying to achieve. Influence can flow from the appropriate use of quality information. Communication helps to build positive relationships with people and organisations, such as the media or special interest groups, who influence other stakeholders. Press releases, interviews with journalists and meetings with government departments and interest groups build understanding and ensure that communications from those groups reflect a point of view. It is important to maintain a dialogue with all of the stakeholders provided it remains professional. Communication with stakeholders builds this dialogue. By setting up forums or inviting other forms of feedback, it is possible to gain a better understanding of the stakeholders’ interests and attitudes so that Progress DogTravel can fine tune its communications. Using forums or other social media to communicate enables the business to respond to critical comments or correct any misunderstandings. Communicating through social media can also spread the message further as stakeholders share attitudes with others. Not all stakeholders need to be treated equally; there should be some consideration of power. A business's communication program must focus on the stakeholders who have the greatest influence on it's success. If government agencies or industry regulators are considering legislation that could cause problems for the business, for example, concentrating significant communications on those groups ensures that they take the business point of view into account. The use of good quality information can build relationships. Communicating regularly with stakeholders and creating a positive understanding can help a business to build effective long-term relationships with key groups. A strong relationship brings a range of benefits. Communicating with customers can put a business in a strong position when customers are making purchasing decisions. Supplier communications can help Progress DogTravel to build a supply chain that is aligned with it's needs. Shareholder communications can give Progress DogTravel easier access to funds. Or look here for some useful information on data quality.

Standard of information.

The Standard of information used within Progress DogTravel is important, a lot of information from an unreliable source is useless, detracting, whereas a small amount of information from a reliable source, or a valid source, could be invaluable to a company’s finances and legal status. Progress DogTravel must consider the reliability of data sources, the validity of the information, it's relevance and time frame, how accessible the information is and how cost-effective it is. It must always be appropriate (what law says this?)

Information management.

How does Progress DogTravel use information management to its advantage?

Location dependent information.

Does Progress DogTravel make use location dependent information in its day-to-day activities? In what way could it make use of such information to help both itself, external organisations with who it interacts and it's customers?

Management information systems (MIS).

Might Progress DogTravel use an MIS? How can such systems be used for the benefit of Progress DogTravel and it's stakeholders? Is it possible for Progress DogTravel to make beneficial use of "big data"? Very large data sets enable data analysis that can generate further information that will be beneficial to Progress DogTravel. I am not necessarily convinced that there would be a sufficiently large dataset to benefit.

Data analysis

Whilst the data generated by Progress DogTravel might not be regarded as "big", almost all data can be subject to analysis. There are 8 stages identified by OCR.

  • 1. Identify the need
  • 2. Define scope
  • 3. Identify potential sources
  • 4. Source and select information
  • 5 Select most appropriate tools
  • 6. Process and analyse data
  • 7. Record and store information
  • 8. Share results

Data analysis tools

This is how the results are generated and more importantly shown to the stakeholders. If the information that the analyst is trying to show is hidden in a chart or a table then there is no benefit to the business. Data tables need to be well constructed and must highlight the key facts that the analyst is trying to make. Visualisation of data can be used to make the point very clearly or that trends and patterns are identified. How might Progress DogTravel make use of such techniques?

Data Cleaning

It is appropriate from time to time to check the data captured and generated by Progress DogTravel and ensure that it is up-to-date and correct. If there have been errors in the past such as the wrong documentation being sent with the wrong dog then this fact should not be corrected as this would be information that the analyst would want to know so that systems can be developed to make sure that such an error is not repeated.

UN Convention on the Rights of Persons with Disabilities (UNCRPD)

The UN Convention on the Rights of Persons with Disabilities includes a specific recognition of the right of access to information systems (article 9) as well as the right to use digital means to express opinions (article 21). For example, websites have to be planned so that they can be used by those with disabilities. The use of ALT tags so that website reading software can say what an image is has allowed people with visual impairments to access sites more easily. Given that the dog who is travelling might be a guide-dog how might this UN convention and the Disability Act affect Progress DogTravel?

Green IT

Progress DogTravel is like any other business, it will have a response to the green issue, either it tries its best to be green-compliant or it fails to do so. There will be issues surrounding consumables, e-waste and the security issues with recycling.

Sources

When considering Progress DogTravel how does it source its data? There are internal and external sources, primary and secondary sources as well as considering qualitative or quantitative data.

Data Flow Diagrams

I am not sure if you will be required to draw a data flow diagram but it is not out of the question. It might be worth outlining a DFD for Progress DogTravel just in case.

Risks to data

Unauthorised or unintended access to data can lead to accidental loss of data or intentional destruction of data or intentional tampering with data. What would be examples of the data loss that Progress DogTravel might have if it were not taking it's data security seriously?

Impact of data loss

Not all of the impacts of data loss listed below would apply to Progress DogTravel.

  • Loss of intellectual property - This would probably not apply as the software is not exactly complex or bespoke.
  • Loss of service and access - Key issue, along with the next three points would be the primary loss for Progress DogTravel.
  • Failure in security of confidential information - Which law addresses this issue?
  • Loss of information belonging to a third party - Which law addresses this issue?
  • Loss of reputation - This would be hardest to recover.
  • Threat to national security - I cannot see where this would apply other than the Meghan Markle issue mentioned above or if the US President were to move a dog or is an explosive "dog" were to be put on a plane.

Protection measure.

Sytematic protection - organisational policies - What policies can Progress DogTravel put in place to ensure that their data and that of their customers is safe?

Physical protection such as locks and keypads or biometric access, back up systems in geographically different locations, appropriate security staff and the shredding of old records.

Logical protesction such as tiered levels of access or firewalls or anti-malware applications, encryption of data at rest and in transit as well as the use of password protection.