Analyze Asian Point Quests' facility to gain knowledge on its operation.

Legal Issues in Acquisition

Legal issues play an important role in acquisition for APQ. Contracts and agreement have to be implemented before any project can be implemented so that issues associated with copyright, information privacy principles; computer crime and abuse are all avoided.

Contracts  

APQ has a separate department that deals with the technical aspects of contract law and preparation. The contracts are designed and created by the head of each department in APQ. After the contract has been produced, it will be passed to CEO to be assessed. Once the CEO approves it, the deal between the buyers and sellers will be negotiated based on the approved contract.

Below are points that are essential to a successful contract development:

1. Aim for win-win fair contract
2. Specify legal jurisdiction
3. Nominate referee/ arbiter for resolution
4. Define meaningful penalty clauses
5. Use progress payments to ensure satisfaction
6. Use the standard warranty clauses
7. Define insurance responsibility and timing
8. Include protection for workers compensation, both vendor and purchaser
9. Identify taxes, duties, payments and liabilities
10. Specify who has liability for delivery charges
11. Specify transit and installation repair/replacement costs and procedures
12. Specify patent and/or copyright protection

2.3 Data Facility Layout

Physical Facility Layout in APQ Corporation

Below are the descriptions of the attributes of the layout:

I. Physical Environment

• Electrical cables are concealed to prevent tripping, electromagnetic interference.
• Temperature- is maintained at 25 degrees Celsius for optimum hardware performance and staff comfort.

II. IT Environment

• The wiring of the LAN that connects each floor is implemented under the floorboard for cost effective implementation and future upgrade.
• Hardware and peripherals are strategically located depending on their purpose of use.
• Sufficient hardware/terminals on the network to meet user’s needs.
• In case of emergency, backup storage tapes and redundant file servers are used to backup critical data and duplicates databases.

3. Security

According to Asian Point Quest Manager MR Chiew, the first step in developing the design is a presentation of various systems that satisfy the security objectives for their facility. The criteria necessary to review each alternative should include the following:

• Reliability and Integrity
• Flexibility and Scalability
• Maintainability
• User Friendliness

Their system provides continuous monitoring of vulnerable areas. It could report any security breaches or abnormal operating conditions. This is to eliminate the need for regular patrols and drastically reduce the frequency of visit to remote sites.

3.1 Reliability and Integrity

Asian Point Quest Security designs can be divided into physical barriers and monitoring devices. Physical barriers can include walls, fences, doors, landscaping and other designs and natural barriers. These measures also provide protection without undue hardship to operations.

They also fixed Monitoring equipment which can be outfitted with alarms that indicate intrusion into an area or zone. Electronic monitoring equipment such as motion detectors, infrared sensors, video cameras which compatible is fixed within the environment it operates. Restricting access through ingress and egress controls and additional intruder sensing and alarms offered additional security for critical operating areas.

Their monitoring devices also offering a high degree of data integrity to minimize false alarms, which degrade the system by desensitizing monitoring personnel. This data communication provides interference-free transmission to ensure continuous monitoring operations. It also offer maximum protection from outside intrusion— hackers, viruses and other potential threats. A stand-alone system provides maximum protection from hackers and Internet-related viruses. Plus, the use of spread spectrum frequency hopping technology ensures transmission integrity.

Further, continuous monitoring was included such as solar panels, battery back-up and other means to ensure transmission even during outages or extreme weather conditions. Building back-up power systems which can add cost, but to ensures 24/7 monitoring capabilities for comprehensive surveillance.

3.2 Flexibility and Scalability

Another main factor which stated by Asian Power Quest Manager Mr.Chiew is Flexibility of the security which was designed into the security system so that the system can be easily modified according to changes in threat, operational changes, and system or program changes. Mr.Chiew also mentioned that threats can change according to local crime statistics and operations logs. But these threats can change due to local or national events as well. Their system allows changes to include modifying access routes or using open areas for existing operations.

As their facility grows, security and operational procedures are integrated; therefore, changes to one part will be integrated into the other. The security system designed is to anticipate facility expansion and offer easy scalability. If the system cannot accept additional components for the expanded operation, then fixture for these operations can become costly. This could include replacement of the existing system or the addition of a redundant system.

The overall system included remote locations within a region or community. The security system was designed to be responsive to the entire system as well as individual facilities. Remote monitoring from regional facilities to the central location is not only offers standardization in technology, but also reduces monitoring labor. Their system is very flexible to accommodate additional remote facilities without overhauling the entire security system. Asian Point Quest system changes are inevitable, for example, new equipment or new technology.

3.3 Maintainability

As with any system, maintenance is required. Asian Point Quest will conduct regular repairs or preventative maintenance includes the physical work of the maintenance activity as well as the inventory of spare parts. The design of the security network is also considered as a part of the entire system. According to Asian Power Quest Manager Mr Chiew, they believe in standardization of technology applications and monitoring services provide the company with easy maintenance. Special personnel are appointed for the purpose of maintenance and skills improving training for maintenance is conducted on regular basis.

3.4 User Friendliness

According to Mr.Chiew, the user friendliness is very important criteria to be consider and play major role on security of the center. MR.Chiew also mentioned that the data operator may ignore, bypass or shutdown the security system if it is very hard to handle or operate. Minimizing the number of activities, false alarm with heightened data integrity and time required will promote acceptance by operating staff.

3.5 Security and SCADA Systems

Asian Power Quest has many facilities employ Supervisory Control and Data Acquisition (SCADA) systems. The major advantage of SCADA systems is that security measures are coordinated with operations.

A SCADA system linked to perimeter monitoring devices can either significantly reduce or eliminate the need for manned patrols. Security systems equipment, including video cameras, motion detectors, contact switches, keypad entry devices and card readers is interfaced directly to the SCADA network or via a nearby RTU.

Wireless communications from these devices to the RTU offers easy remote monitoring. With some programming effort or the use of a DVR or digital/analog converter, digital camera is also interfaced with other networks via Ethernet modem connection. For audits or investigations, video offers the benefit of an image archive. SCADA is designed on private network structure which is resistant to hackers, viruses and other outside intruders. Hackers simply cannot access the network off-site. The use of spread spectrum frequency hopping further heightens network and data security.

3.6 Listed Below are the security products which are use by Asian  Power Quest Sdn. Bhd to reduce their data facility vulnerability.

Electronic Access Control (EAC).

Technology is usually considered one of the fundamental building blocks or backbones of all asset protection. EAC systems allow firms to control employee access to specific areas and facilities. These systems can provide an audit trail that indicates who went where; it will also track when the action took place. The vast majority of these systems will allow users to define the days, dates, times, locations, and conditions under which individuals may enter and leave an area. Depending on the manufacturer, the system may offer integration with some – or ideally all – of the other tools mentioned in this article.

Visitor Management.

Controlling or identifying exactly who is visiting an organization and who is receiving the visitor is critical. While most companies ask visitors to sign a register and put on a "Visitor" badge, this information is often kept in record, unusable formats (books stored in cabinets), and can be virtually useless in attempting to conduct an investigation after an incident takes place. Software-based visitor management systems are fairly new. Many offer integration into electronic access control systems and provide a database record of an organization's visitors.

Intrusion Detection 

Range from the very basic to the extremely sophisticated. Most access control systems offer physical intrusion detection capabilities as an integral part of their design. Some traditional intrusion detection systems can be integrated into a separate access control system for greater flexibility and coverage.

Electronic Asset Tracking 

Is a fairly new tool for security applications that uses radio frequency identification technology (RFID), infrared (IR), bar code, or multiple technologies. RFID and IR are the preferred technologies because they can be read at a distance, often without anyone's knowledge. In an asset tracking system, a tag with a unique identifier is placed on an asset. Information about the asset is stored in a database, along with the unique identifier. Tag readers strategically placed throughout a facility then record the movement of the asset.

Video.

Video surveillance can not only provide evidence to investigate an incident, it can also be a strong deterrent to any type of inappropriate action. One of the benefits that digital systems provide is the ability to integrate the systems with some electronic access control systems. If the digital video is seamlessly integrated, firms can simply open the event record in their access control database, and the video clip will be linked to the event, thereby eliminating all the searching.

Authentication 

Is the process of verifying individuals, in the information world, it is often defined by some type of item (a card, token, key, etc.) and something known (such as a password or access code). Authentication incorporates a third element: a physical or biometric trait such as fingerprint, voiceprint, hand geometry, iris print, or some other distinct identification feature.

Firewalls 

Are typically hardware-based appliances that serve as the computer network's first line of defense. A firewall is essentially a filter or access control system for a network that allows data to enter user-definable portions of the network from specific addresses and/or specific users. Think of a firewall as a gate on a network's perimeter that allows firms to define who or what can get in or out. Attempts to breach the firewall are typically displayed in simple text-based messages on a central management console.

Data Network Intrusion Detection Systems (DNIDS)

Are the information world’s equivalents to a burglar alarm. A DNIDS can consist of a hardware component or appliance and a software component, or it can be software-based only. Intrusion detection systems typically analyze the activity on a computer network at the data packet level, looking for anomalies in network activity or predefined "attack signatures" that would indicate a hacking attempt. These systems are used inside the network and behind firewalls. Network intrusion detection systems will report when somebody is trying to access data that they are not authorized to view. Typically, DNIDS will annunciate suspected illicit activity on some form of graphical user interface (GUI). Many systems can block an attacker through manual intervention, or automatic actions may be triggered by user-defined criteria.

Antivirus Systems.

Of all the threats information may be exposed to, the one that is almost guaranteed is some form of computer virus. Antivirus systems typically scan incoming e-mail to each client (user) for known viruses, then either sanitize the content so it is safe to open or warn the user that a virus may be present. AV systems are simple to install and use, and should be required for every computer that accesses the network.

Encryption.

Data encryption software allows firms to encrypt their files, e-mails, and other data so unauthorized individuals cannot use it if it is stolen or intercepted. Today's encryption software focuses not only on preventing unauthorized usage, but also on making it easy for users to encrypt their data. Encryption tools are vital for any type of portable information asset such as a notebook computer.

Virtual Private Networks (VPN)

Are essentially private networks on a public network infrastructure. VPN encrypt the data that is transmitted between the two parties, so that information is useless if intercepted. If anyone in an organization is going to send or receive sensitive information from a remote location outside the network, a VPN is vital for security.

Public Key Infrastructure (PKI)

Addresses the management and issuance of digital certificates. Digital certificates are a type of authentication where an individual keeps one piece of a mathematical key ("private key") – typically some kind of token or smart card. On the organization's PKI server, or on a trusted third-party server, is the other piece of the key ("public key") is kept. When the private key matches the public key, authentication (identity) is established and management can be reasonably certain that the data being transmitted is coming from the authorized individual or site.

Information system disaster and recovery techniques

• Redundancy - excess capacity to provide backup in the event of disaster.
• Duplicate networks - use standard configurations, maintain mobility of hardware.
• Software standardization - lowers training costs, offsite backups of critical programs.
• Spare PCs - spare machines to support disaster recovery.
• Non-flammable cabinets - for cabling, peripherals and network connections
• Intrusion detection – burglar alarm system and heat detectors
• Keycards and padlocks – to limit and authorized access.
• Training – adequate and regular training to avoid user instigated losses.
• Off-site backup – storage of duplicate software and data to facilitate recovery.
• Insurance coverage – for all equipments and software.
• Operating system and software – maintain current versions and backup off-site.
• Documentation – documentation lists logged and kept off-site to enable rebuild.

4. Performance

Performance Evaluation planning plays a very important role in the APQ. Performance evaluation is a comparison between desired criteria and actual measurements that are targeted towards resource utilization, operations and service to end users.

According to Mr.chiew, APQ would focus on performance evaluation that is because it will direct affect the company goodwill and the quality of the product. The evaluation will necessarily reflect the company goals and measure, it will affect the effectiveness in achieving the organization goal, benefit of the company, and it also will increase the expenditure if we had not very good performance evaluation procedure.

4.1 What to be evaluated:

According the criteria of APQ, company required the entire product to have:

1. Correctness - in correctness, APQ is requirement system’s product is providing the correct information, correct output and met the user requirement. Those are also required traceability, completeness and consistency for the final product’s output.

2. Reliability - in reliability, APQ is requiring system’s product to be accuracy in data outcome, error tolerance in system performance and consistency. APQ will require all the final product runs properly for very long period of time and make sure without failure.

3. Efficiency -in efficiency, APQ is require throughput volume in time, all the productivity is follow the schedule times and complete on time, fully usage/utilization of resources and cost minimization. It can execution efficiency and storage efficiency.

4. Integrity - in integrity, APQ is requiring the system’s product produces the correct result to the correct degree of accuracy.
5. Usability -in usability, APQ is require all the system’s product display screens, message, report format and other aspects that may relate to ease of use and met the user requirement. APQ also require their staff investigate requirement dealing with the user interface to the system when the new project is start.

6. Maintainability - in maintainability, APQ more concern in how easy the software and hardware’s maintenance activity can be carried out.

7. Testability - in Testability, APQ is concern in whether the system’s product is available to testing and how it easy to perform the testing.

8. Reusability - in Reusability, APQ is require all their programmer / tester  to evaluate the final’s system product from current and former development project, to determine if they are the type and quality that they want for the next project they will be building. Object-Oriented model is APQ most prefer in the system development.

4.2 How to do evaluation:

According to mr.Cheiw, all the projects will require doing the performance testing. In the performance testing, APQ require their programmer or System analyst to document what they need to testing and how to testing it. This documentation is very important, because it can make sure the tester know what they support to do, and how to do it. This documentation can make sure they are doing the correct testing procedure and all the system function been tested will met the user requirement.

After the project tester was documenting and approval by project manager, then the tester can start to test the system’s product. APQ is required all the project must testing in black box and white box testing. Normally, APQ required all the projects must be testing in unit testing, integration testing, function testing, performance testing, acceptance testing and installation testing.

Performance testing is designed and administered by the test team and the results are provided to the customer. Performance testing usually involves hardware as well as software. In performance testing, tester will need to do some testing as below.

• Stress test, which evaluate the system when stressed to its limits over a short period of time.
• Volume test, which address the handling of large amounts of data in the system.
• Configuration test, which analyze the various software and hardware configuration.
• Security test, which ensure that the security requirement are meet.
• Timing test, which evaluate the requirement dealing with time to respond to a user and time to perform a function.
• Quality test, which evaluate the system’s reliability, maintainability and availability.

After the tester gathers data on the performance, they need develop a report. This report need clearly to define what function is not meet the criteria and user requirement, and develop recommendation to solve the problem. Programmer will base on this report and recommendation to take the corrective action.

When the project been implemented in the real life, that doesn’t mean their job was finished. They also need doing the end-user survey. End-user survey can direct get the respond by end user; all of those responses will record and will improve all of those features on next project and it also can provide a basic form which to make comparisons for the next system’s product.

5. Processing

5.1 Data Facility workflow:

In accordance to APQ, the data facility manager deals with quality issues and inherent error management. The job of a data facility manager is very critical since if the data facility manager does not take the job seriously, then it can cause a lot of problems and causing a lot of loss to the company as well. It should be obvious that some error is built into systems by poor design or programming oversight. However, many are the result of procedural mistakes or careless operation. In APQ scenario, the data facility manager employed automated data handling to attempt to eliminate the majority of error occurrence like normal human errors. It is quite common for organization to employ automated data handling as it can help them to some extent in their jobs. The manager needs to identify the data requirements, protection measures, and control standards.

The APQ data facility manager also need to take steps to make proper use of the processing so that it ensure that the results of the processing are effective, efficient, security and computing resources integrity is maintained. The quality of the processing is also important. In APQ, when a job is sent for processing the job is processed and then later the output is inspected for accuracy, consistency, etc. In any case the job’s output is not what is expected, then the job is re-sent again for processing and then corrections are made and the output is checked again for quality and other relevant steps to ensure that the output is good and of better quality. Workflow then monitors and controls data processing for potential errors to ensure quality, efficiency and effectiveness.

5.2 Standards, procedures and codes manuals:

Standards, codes and procedures are also very important when it comes to processing since standards provide good quality. Procedures also is very important since its more like standardized and thus quite effective if there is a proper procedure to carry or handle the operations or processing or anything like that. Code manuals play an important role since it can show the codes of how things are done and how it should be maintained and so on. The database administrator (DBA) of Asia Pacific Quest is responsible for the establishing the unique codes required by processing. The APQ database administrator also conducts gets feedback from users which help him to review or update the procedures or codes or anything so that he can improve the effectiveness and efficiency of the processing. Lets say you have an error while processing a particular thing, so the DBA need to check for the cause which is most likely would be like ‘Incorrect manual’ or ‘incomplete manual’. So the DBA need to rectify and solve the problem by upgrade testing, improve updating problems and other measures like controlling the location of the manuals.

5.3 Source Forms:

Data collection has been predominantly through the use of forms. Critical to the accurate and reliable sourcing of data is the design of the form. Form design can have great influence on the validity and error content of the data being collected. It is the designer's intent to minimise errors by complying with appropriate principles of form design so that the form contains all the relevant information.

In APQ, the form’s are designed to suit the customers well and it is also designed in a way such that the forms are easy to understand, so that it would easy for user and they would feel more comfortable when filling up the form. The form also should have unique and unambigiuous input codes. The source form also should have adequate space to complete data entry. It also should be properly sequenced with the appropriate questions to avoid confusion. It should be arranged in a way so that it looks more consistent, if not the user would be confused and may end up giving wrong information.

The source form provided by the APQ is also designed with additional text boxes for additional comments and they also use the appropriate colour for emphasis and readability. The design of the APQ source form is also in such a way they group the related data. The source form also provide instruction for data input, like providing hint or example as what kind of data they are expecting, thus helping the user. The source form also provides unambigiuous instructions for special data requirements.

Data Collections:

Data collection can be the source of errors due to carelessness, but also the result of deliberate or malicious criminal activity. Principally, criminal activity focuses on fraud and theft crimes while inadvertent error can still be costly to an organisation. Data collection is very important in any organization as it can help the organization in a variety of ways. The other important thing to be aware of is that data can be misused in some ways and thus its quite important to take care of the data that you had stored. Criminal activities and other data theft can cause some organizations quite huge loss.

In APQ data collection is done in a variety of ways, such as normal interview, questionnaires, feedback, observation and so on. Data collections should be done so that the user does not omit some data, so the data should be captured in a more efficient and better way. In case of a form, the design is very important and if you need to capture more accurate information, steps like glance check of data, use of guideline cards, use turnaround documents and check digits would avoid the omission of data. In cases where you lose data, precautionary steps has been taken by APQ company such as logging all data, validity checks during processing and as well as selecting the right staff who do the data entry. The selected staff who is in charge of data entry must be a person who can trusted and loyal. If not the staff can manipulate the input and cause the company to lose a huge amount of money and thus selecting an appropriate staff is necessary. In addition to this APQ also took precautionary steps like prioritizing the duties, as like separation of duties, like a particular staff can do some things and is not allowed to do other processes which the staff is not allowed to do.

5.4 Data Preparation:

Data preparation is very important as it is where by the data is converted from handwritten to machine readable form. The main responsibility lies in the hand of the staff who is in charge of entering the data to the computer. The data entry clerk should be more careful while entering the data. But still humans are tend to make errors and thus APQ has implemented error detection and correction procedures as a precautionary step. It is also important to source the errors and amend the procedures to ensure the same errors do not recur.

To avoid incorrect data being entered as input to the system, APQ provides visual aides. It also important to get a staff who is more careful when preparing the data. As a precautionary step, APQ supervises the staff who is in charge of entering the data, as like providing guidelines or just making sure that the staff is doing his job well. APQ supervises the staff for some time and after that if the staff is doing well, then APQ stops supervising the staff who is in charge of presenting the data. Additional steps which APQ implements is that they monitor the data entry operators, glance checking of data once in a while and so on.

To avoid handling errors, poor management of data, APQ uses validity programs to check for human errors, like common errors and typos and so on. If the staff is new to the company, then APQ does provide training, then monitoring the staff’s performance. Additional security measure related to data misplacement and other related problem, APQ log data of the staff who logged into the system, and also log data details such as when it was last accessed, the location from where it was accessed, which can help the APQ company to know more in detail of the person who accessed the data, in case anything goes wrong.

5.5 Staff Operations:

Training of staff involves consideration of not only the expected operational activities but those that are unexpected. For example, emergency procedures for flood, fire, earthquake, explosion, etc., must be practiced regularly. Safeguarding the data must be prioritised only second to human life. Duplication of data or backup is essential to ensure rapid return to operational strength in as short a time as possible. The major concerns for data protection are for unintentional human error, natural disasters and sabotage or intentional damage.

APQ provides good staff operations, when a new staff is recruited for the company, APQ provide training in case if it is necessary and also familiarize the staff with the companies structure and also the emergency exits and what are the steps to be taken in a situation like natural disaster and so on.

         

To avoid incorrect operations by staff, APQ takes precautionary steps by upgrading staff selection, training and procedure testing. APQ also monitors new staff of the company for 3 months, they are placed under probation for 3 months.

        

To avoid machine breakdown in APQ company, the company always maintain their machines, in order to keep the machines (server) tuned to work around the clock, because they cant let the server down as its going to spoil their company image and losing customers and a lot of money too. To overcome in a situation where by natural disasters hit, APQ provides fire drill and other necessary drills to evacuate the place. Human life is given more importance rather than machines. APQ also keeps a backup of all the data in a different location, far apart from the company which can be retrieved later. Other standard measures taken are like installing fire alarms, panic switches, heat/smoke detectors and so on.

        

APQ also takes strict actions to avoid fraudulent operations. The company gives username and password to appropriate staff and also restricts each staff’s previlages. The data facility centre is covered with window glass and the door is opened via card system with staff with appropriate authentication. Camera are also installed to monitor the staff and other main areas of the company.

5. 6 Data files:

Data file security is the responsibility of the owner of the data. The owner of the data is fully responsible and the person has to protect the data from any kind of vulnerabilities like sabotage and other related stuff. In APQ data backup procedures are applied so that they always have a backup of the data in case for emergency purposes due to natural disasters, theft, fraud or sabotage.

5.7 Systems and Applications Programming

In APQ the system analysis checks for the systems and application programming. The system analyst checks for fraud programming which might would lead to errors in computerized information systems. To avoid fraud programming, APQ upgrades its program training after certain period of time, it also established some standards to its programming procedures. APQ also has established and enforced documentation standards as measure of fraud programming or incorrect output/solution to some transactions. The system analyst also checks the files periodically for changes in the file as a measure to check for fraud or changes in the file and APQ also implies program audit too.

5.8 Processing:

APQ uses validation software to check for the validity of the data.  The validity checking program checks for the completeness, format, consistency, and validity of the data that has escaped from the detection on the previous control point.

5.9 Output:

The output of processing should also be checked for validity and errors. APQ uses validation programs to check for the errors in outputs and other related errors.  The data is also checked manually whether it is free from errors and they also conduct sample output by entering corresponding input. If the output is inaccurate due to any error, the DBA will have to audit the data from the input and the processing and come out with the appropriate data. It is the responsibility of the staff for output production and the end users who use the output.

        

5.10 Data Facility Scheduling:

APQ’s data facility scheduling is very standard since the computing environment is very well managed and the computer facilities and resources are also provided and made available when it is required. There is no conflict in processing among multi users in the company since the process is allocated to the first person who sends the job to the server, but there are special cases when the queue is broken where by an important job has to be ended by a particular date, and thus giving it more priority.

APQ sees to that the results of the processing are effective and efficient. It also checks whether the processing power, time and resource utilisation is maximised for efficiency. It also checks for the protection and security of the data, resources and other staff.

APQ’s scheduling algorithm is First in first out (FIFO). Although it is considered quite considerable, I would like to say that it is not really good as for the reason there can be other important jobs that need to be finished early. I would recommend APQ to use earliest deadline date first scheduling algorithm because I feel that it is more safe and good and reasonable too. If the deadline of a particular processing is considered as the fact of scheduling, then it would benefit the employees and staff as they all would get the jobs done before the deadline of the particular job/transaction or anything like that. In scenarios where there is a really important job, then it should be given more priority first. So it is up to the scheduling staff to handle the stuff in a better way.

Scheduling algorithms are either user oriented or data facility oriented. But APQ does not follow any of this. So I recommend APQ to follow the data facility oriented which would maximize mean throughput, reduce the number of jobs waiting for processing, maximize the resource allocation percentage and also reduce the total processing cost. So APQ should definitely go for data facility oriented scheduling algorithms.

5.11 Resource Allocation:

The data facility management of APQ has taken all the necessary actions to allow

the resources in a way that it is utilized to the maximum, while cutting down cost. The allocation of resources involves the efficient aggregation of these resources to effectively produce the required output while minimising the costs of providing these resources and/or maximising the return on the cost of providing the required output.

It is necessary to coordinate all data facility activities to meet user commitments and to ensure resources are neither over- nor under-loaded. APQ’s data facility management takes necessary steps to avoid the resources being wasted or the processing time used for no purpose. The data facility management takes the necessary precautions to see that the resources are used in the best interest of the company and also which would help them to cut down the expenses of the company.

The data facility management should see to that the performance got by using the particular resources. The data facility management focuses on optimizing the computing resources.

In order to check whether the performance is good or not, we should check for “sufficiency”, “efficiency” and “effectiveness”. After you evaluate these 3 things, you will get a clear idea of how well the performance is and then adhere changes if necessary.

5.12 Monitoring and Measurement:

Monitoring is usually done to check whether there is a possibility of improving the performance of the system. Meaning, whether they can improve the system’s sufficiency, efficiency and effectiveness of the system.

APQ periodically evaluate the performance of,

• Hardware
• Systems software
• Application server
• Organisation of data and storage,
• Operation procedures and so on.

APQ does all these monitoring as a precautionary step as well as a way to check whether they can improve the performance of the system. APQ uses software monitors which are loaded into the computer memory and accessing data at specific times to measure duration and number of events that occur in processing. APQ does not want to use hardware monitors as they are hard to install and expensive and APQ is not that big company to spend so much money on hardware monitors. So basically the software monitor does the work of monitoring.

There has been a progressive trend for the increased use of software monitor packages since they are easy to use and affordable too. Increased sophistication, networks, the internet, etc., have all influenced the development and use of software monitoring devices.

5.13 Communications and PC environments:

Data Communications – Processing

Here we are more concerned about how the computers in the organization are given consideration to process and other related stuff. APQ uses on-line processing method as it links the transmission and processing operations. The transmitted data is under the control of the computer that processes it and is immediately queued for processing. This provides faster processing since the jobs are queued and processed according to priority assignment and resource availability. APQ use on-line processing since it more manageable as it queued and done based on resource availability. That’s more effective and efficient too.

Data Communications – Planning

APQ data communication systems are designed in a way so that it can provide more effective and efficient processing and communications among the machines in the company. The planning for data communications concerns about the organizational structure, network design, and operating control.

5.14 Organizational Structure:

You can find many organizations form a separate data communication department, but as APQ is a small company, the organization incorporates the data communications function as a part of their data facility organization structure.

The data communication support function is responsible for :

• Reviewing user requests for data communications services; It is critical that data communications staff are aware of immediate and future effects and establish good rapport with users and vice versa.
• Analysing current applications for: variations in usage, modifications for improved efficiency and conversion to less demanding types of processing.
• Analysing resource utilization transmission reliability, and security, cost effectiveness and other performance criteria.
• Knowledge of technological change to identify opportunities for competitive advantage and improvements.
• Monitoring data communications processing to isolate and correct data communications problems.
• Recruiting and training personnel for data communications processing and to train and assist users in effective and efficient use of computers and data communications facilities.
• Establishing policies, standards and procedures for data communications processing and documentation.

It also important for the staff to communicate well among each other and APQ does have occasional meetings where by they brainstorm and where by staff get to know each other, their intentions, ideas and so on which can be used to convey information about intended workload and system changes, data facility activities and so on.

5.15 Network Design:

APQ’s data facility manager is in charge of establishing and designing the network. System analysis and system designer also worked together to come out with a better network design. They main concerns while designing a network is that it should establish a framework that allows effective and efficient modifications.

The network design framework that allows modification follows these following steps:

• Assign personnel to data communications network analysis and design. Prepare a development plan and schedule.
• Collect information from end-users to project traffic distribution data and operating requirements.
• Identify critical success factors that highlight potential benefits, for example, cost reductions, increase return on capital investment, quicker turn-around, improved quality of processing and output.
• Establish agreed performance criteria and standards that indicate better availability, response times, access security, data integrity ability to meet changing user demand and technology.
• Collect information relating to hardware, software, and communications links.
• Define alternatives that are likely to meet user demand and satisfy agreed performance standards.
• Perform cost-benefit analysis considering both direct costs such as equipment and personnel and indirect costs such as training and support services.
• Decide on a particular alternative that considers immediate and long term benefits, particularly overall reliability and general adaptability of the data communications network.
• Establish policies, standards, and procedures for implementing, documenting and operation the data communications network. However, Motorola Malaysia won’t establish any policies, standards, and procedures set by Motorola International as it follows them as part of Motorola International quality campaign.
• Assign personnel to implement and operate the data communications network and prepare an implementation plan and schedule.

5.16 Operating Control:

APQ’s management has taken the necessary steps so that there is no lack of coordination, process disruption and confusion and frustration. They takes precautions to guarantee processing that will be controlled and error free.

Given below are the 3 areas of importance related to operating control:

1. Developing Operating Competence in an environment where quick responses to problems are mandatory requires operators who are well-trained in start and emergency procedures. They must be able to react immediately to equipment failures and know how to identify and isolate breakdown sources and correct them rapidly. They need to have on-going training prior to technological and procedural changes occurring.

        Effective systems controls and error message generation must be in place together with relevant and useful documentation. This documentation must provide material in the operator’s manual that includes start-up, restart, and shutdown procedures.

2. Monitoring processing activities by establishing centralized network control facilities permits:

• Centralized problem identification, isolation, reporting, resolution, and control,
• Centralized analysis of services provided and indications of service degradation, and proactive management of failures.
• Analysis and simulation of changes to networks factoring in service, security and cost-effectiveness,
• Management of activities including backup and restarts, advising users of probable delays,
• Communication and coordination between internal and external specialists,
• Control and reporting of service received from external providers

Monitoring requires equipment and software for continuous or periodic sampling and testing of the data communications environment.

3. Assisting user personnel by the establishment of a help or service desk is a valuable tool for the provision of immediate assistance when problems are encountered. Remote interaction with the user’s computer screen allows the service desk personnel to correct the problem, advice and train the user in avoiding similar circumstances and provide sources of information as a reference for the user.

5.17 Data Communications – Elements

APQ’s data communication setup is very efficient and effective as for the reason that the company is a considered a medium sized company and the setup for data communication element wasn’t that a big hassle. As there a fewer departments the elements of data communications the setup is very good and reliable. Data communications systems face nice challenges to their effective operation. They are,

Distance: It is known that the signals sent attenuate or reduce in strength over distance. But in APQ we don’t face such problem as for the company is medium based and thus they do not face problem with strength getting reduce over distance and so on. Although they use twisted pair as they of wiring which has interference, but still it seems like they are doing good well enough with twisted pair.

Volume: Is the rate of information transfer and is measured as baud rate or bits per second. The capacity of a network to move signals is measured in two ways. For connection such as ADSL model as in APQ, the transfer is measured in bits per second or bps. APQ has a ADSL connection which is configured to share the line to all the employees of the company. In a network the bandwidth overall is limited by the slowest component. Time is critical in network operations for its influence on costs. And thus APQ compressed data to reduce transmission volume and consequently times.

Costs: Costs are well managed by the datacom manager of the APQ. Costs usually increases with distance, transmission rate, traffic volume and so on. As far as APQ is considered they don’t have to spend much money on distance, transmission rate as the company is medium based one and the distance is very much limited and thus cutting down the necessary costs on distance and other related stuff.

Noise: APQ designed the system which is built to adjust to noise and correct for problems that occur when noise affects transmission. This is usually done by installing a software that builds in fault-toleration into the transmission system. APQ did not design the hardware and transmission media to be designed to be as noise-insensitive. They did not design in that way because that approach is more expensive.

Errors: Errors are the most difficult to trap in the data communication environment. APQ uses mathematical error detection methods which enable the receiver of the signal to determine than an error has occurred during transmission. These error-detection and error-correction techniques add further information to the signal that indicate that the message is wrong. The other method that APQ uses are odd and even parity checks that add an extra bit to the code that is sent. This enables error checking and is very helpful.

Coordination: APQ coordinates the networks that are being implemented in the company in such a way everything is smooth and simple. As long as the communication is simple the protocols are also simple. Another aspects of coordination is the communications units used during the communication. It is the  duty of the network manager whether he can control and manage the communication aspects of network operations. Sometimes APQ hires outside people to come and tune the network so that there is perfect coordination among the network.

Configuration: configuration of networks provides the means by which infrastructure and operations costs can be minimized. It is based on two considerations. Total connection between all pairs of communicators is unreasonable and at times the connectivity needs will be different. APQ uses client-server approach to network problems. This is due to the fact because it is easy to configure, redesign and patch networks.

Mobility: Mobility is increasingly important to enable an organization to be flexible and competitive. Instant access to decision making information and tools is essential for maintaining a presence in the global market place. Mobility places additional pressure on the data communications manager to ensure facilities are fast, reliable and accessible.

Standards: Standards, which can be viewed as both the opportunity and the constraint for an organisation.

5.18 Client Server Architecture:

APQ implement 3 tier architecture in their client-server structure. 3-tier architecture got 3 layer. That is presentation logic (user interface) on the first tier. Application logic(functionality) on the middle tier, and the data management (storage) at the third tier. 3-tier architecture is the separation of a distributed computing environment into presentation, functionality, and data components.

When user after their work on the user interface. All the request will pass to the application server (middle tier). In this tier, application server determining where the data comes from, how it should be formatted for the user interface and how to storage the data. It was provide a bridge between the user interface and storage .When the request had been manipulated, the data will store in the storage.

According Mr.Chiew, 3 tier architecture can be very rapidly to build an application, highly scalable application. It can handle more complex application and long application life. It was support multi-language programs, multi-developer applications and multi-application communication. Besides that it allow evolve to new architecture.

If the application logic need handle more complex work, some time it need take more time in transaction. Besides that, it was costly to setup a highly performance application server.

5.18 Data communications – Design and operations

There are several criteria that impact upon comprehensive APQ’s data communications design and operating guidelines. The following are the criteria:

1. Data integrity refers to protecting data from modification or loss.

• Modification occurs when signals are distorted by discontinuance or fading. Detection of data modification is done by program verification (examination of transmission control characters, counts and formats, content validity etc.) or transmit-receive comparison by hardware (constant transmission of test patterns on ails network paths). Dual database updating provides a redundant source of current data as backup. Periodic database copying requires databases to be backed up usually once a day. By far a better approach is to back up daily onto seven tapes. At the end of the week the most recent daily dump replaces the oldest of the four weekly tapes. At the end of the month the oldest of the twelve monthly tapes is replaced by the most recent weekly tape. At the end of the year the most recent monthly tape becomes a yearly tape that is archived forever.
• Loss occurs when transmitted data are not received or are not processed. The simplest solution is to require acknowledgement to the sender of receipt of each transmission. Tins will require a log of transmissions that clearly identifies the transactions and the database records to permit accurate updating.

2. Data security for data communications systems is complex and must protect the site from unauthorized access, the communications links and the computer hardware, Apart from the usual site security measures access to storage tapes, queues and buffers must be restricted.
3. Network availability can be affected by fluctuating or degrading levels of service, failure of hardware and software, etc. The possibilities are numerous. Whilst reliability and availability are often used interchangeably, reliability should be viewed as the probability of a component failing whereas availability should be viewed as the existence of the service whether components have failed or not.

Hardware and software monitoring devices provide feedback information for the network manager in detecting failures and being able to respond promptly with effective recovery action.

4. Network service is usually judged by response time and network staff can monitor for this criterion. If degradation in response time is imminent due to heavier than usual workloads (more processing or more users) users can be advised.
5. Network adaptability is dependent upon the design parameters factored into the original development of the network. These parameters include ability to quickly change configuration and capacity, input and output devices and so on.

5.19 Microcomputers – Users:

The microcomputers used in APQ company are mostly standalone PC which does some kind of jobs. Most of these microcomputers are running on windows 2000 server. APQ company users are independent from the data processing. Other microcomputers used in the company are normal PC which are assigned to each employee or the relevant staff who needs a PC to do his tasks. The company gives them the choice to switch off and on a software of their choice, share applications and so on.

5.20 Microcomputers – Support and Maintenance:

APQ does the support and maintenance procedure by conducting the following,

• Evaluation of software and hardware.
• Selection of software and hardware.
• Involvement in acquisition software and hardware.
• Provision and maintenance of inventories for backup, software, and hardware.
• Involvement in repairs to hardware and peripherals.
• Maintaining appropriate levels of consumable supplies.
• Establishing best practice standards and procedures.
• Evaluating end-user need.
• Conducting and monitoring staff training.
• Involvement in systems development projects.
• Identifying and solving problems.
• Monitoring and evaluating performance.

5.21 Microcomputers – Control and Security:

Control

APQ provides training to end users on how to make use of the microcomputer in a way that doesn’t harm the system at all. The user also follows standards, procedures and codes so that the users know what they are supposed to do and what they are not supposed to do.

Security: security of the computers are done by installing anti-virus and other software. Employees are also advised and given training about the latest security issues at that particular time to keep them updated and thus preventing them from being a victim,

6. Conclusion

In order to become 'The One-Stop Solution Provider and Consultant' for enterprise and e-commerce requirements, APQ has developed an effective and efficient human resource group. This is evidenced by their efforts to attract, retain, and motivate a highly skilled and diverse workforce that contributes to strive for excellence. APQ commit to the recruitment, development and retention of high qualified employee. At the same time, effective employee training, workshop, seminars and development strategies are also committed by APQ to assure the staff’s expertise and excellent. Although APQ is not a big company, but I will think they still do well in the Performance evaluation. APQ strongly require their staff doing the performance evaluation because they got experience in project can not complete on time, and system functionality is not met the user requirement, so they didn’t get any payment in this project and they felt they loss their reputation in this case. The cause of this case and need avoid this kind of case will be happen, APQ got their own evaluation procedure to test their system’s product and strongly require their staff follow the procedure. As for security concerns, it requires different mixes of prevention detection and response. Integrating firewall, anti-virus software, padlocks, fire detection, etc are not enough to secure one company’s data facility. People or human factor must be taken much consideration too. Designing a security system involves open communication and an objective assessment of vulnerabilities versus cost to secure. Creating a reliable, flexible, scalable, easy to maintain and user-friendly system can be accomplished if objectives are realistic. The MIS department of APQ uses a direct text book approach on planning their IT facility. This proves to be effective given that no major problem has occurred since the facility is implemented several years ago. APQ has a client server based system architecture. The main reason behind them having a client server based architecture was that it was to setup, it is considered cheap and also easy to upgrade. To say it all, APQ have room for improvement and better performance.

APPENDIX

7. Survey Questions  

 

7.1 Human Resource Management

1. How will your organization use and manage information technology in the future?

IT is become important in our organization. In future, we plan to implement more capable and powerful IT environment. Of course, we will always measuring and planning for everything first to ensure that whether it is worthy before really go into development and implementation.

   

2. What is the objective(s) which apply to the business of your organization?

Our objectives include providing system solution which focus on solutions for enterprise environments where security, high availability, complex systems management as well as business continuity planning. Besides that, we assisting and easing organization tasks to manage, understand and use the business information systems. We aim to be 'The One-Stop Solution Provider and Consultant' for enterprise and e-commerce requirements.

3. How many employees are there working under your supervision? What is the job positions concerned?

There are 5 people under my supervision which include system analyst, system designer, senior programmer, programmers, and tester. However, in the development stage of project, the number of employees may increase. It is depends on the human resources needs for the project.

4. How do you distribute the task for your employees?

I usually assign a task to people who have the appropriate knowledge and technical skills to perform the task. I notice on the specializations, strengths and weaknesses of the employees and assign the task to person that can maximize his strengths. However, I will give chances to employee to improve their weaknesses too by assigning them to assist in some related tasks.

5. How do you select the employees you need?

Firstly, I will find up the job that are available and their responsibilities. Then, I will set the requirements that a candidates should fulfilled in order to fill in the job. At most time, to run an efficient division, we need people that are willing to learn, willing to work hard, adaptability and have a satisfactory level of technical skills, and interpersonal skills. It would be appropriate and preferable if the employees with working experiences in the related fields. However, fresh graduates with high potential are encouraged joining us too.  

6. What stages involved for the recruitment of your organization?

In fact, we have a professional recruiter with knowledge of benefits and policies and procedures as well to handle recruitment. However, the common stages of recruitment may  include identifying the job requirement which involves analyzing the requirements, responsibilities and the content of jobs, identifying the required skills, experiences and attitudes which involves analyzing the basic qualifications for a candidate, decide on to have an internal or external recruitment, designing the recruitment material such as newspaper, conducting the interview and then select the best candidate which involves make conclusion in selecting the best among the candidates. The management will hire the best candidate with ‘best’ salary. Upon selecting the best candidate, HR division of APQ will call the selected candidate to inform the news of the job offer.

7. What benefits that your organization provide to the employees?

Every employee is provided with their own table, stationery and computer. For permanent employees, they will enjoy 12 annual leave, 14 days of mc, over time claims, transport and meal allowances and also insurance coverage. Then, there are some additional benefits for loyalty employees. It includes pension plan which with benefits of savings and thrift, profit sharing, and stock ownership plans. House loan, parental leave, child and elder care, long-term nursing home care insurance, employee assistance and wellness programs, and flexible benefits plans may provide to employees as well depends on the employee’s performance.

8. One of the challenges faced by manager is managing and motivating employees. How do you managing this issue?

I keep my staffs well-informed with related matters. Training is always provided such as leadership and technical training especially when there is new or updated technique to learn and to enhance those new skills. Sometimes, we will enroll some external workshop and seminars on behalf of our employees too.

9. How do you managing the change in your organization?

Firslyt, we identify the need for change through competitive threats, strategic planning and market research. We analyse the change due to increase of cost and excess of cycle time. After that, we manage the change with some appropriate steps such as provision of training that used to influence staffs adapt to change and also to improve staff morale. Besides that, we also use techniques such as team communication or the re-communication of goals to deal with resistance.

10. How do you ensure the communication with employees of your organization?

To establish and enhance an effective and efficient communication between management and employees, employees are giving chances to raise their suggestions and ideas at any time. We held meetings and discussions sessions. The employees are always well-informed with the updated information concerning the organization.

7.2 Planning

a) Project Management

b) Finance and Acquisition

c) Facility Layout

7.3 Security

7.4 Performance

1. Do you think performance evaluation is important to your company?

Ans: Yes, I will think performance evaluation is important to my company.

2. Have your company doing the performance evaluation in all the project?

And: Yes, my company is strongly required doing performance evaluation in any project.

3. What component will require comparative measurement for your company?

Ans:

 1) System’s function has met the user requirement.

2) Good quality in documentation

3) Computing resource being available when required

4) Minimum response times to user

5) Complete job on time.

6) Reduce productivity cost.

4. Why performance evaluation is important for your company?

Ans:

1) Performance evaluation can make sure project processing in high quality, and high quality product will satisfy customer need and increase reputation of the company.

2) It will reduce cost and expenditure in project implementation.

3) Effectiveness in achieving the organization goals and objective.

5. What method of data gathering is your preferred?

Ans: end-user survey

6. What factor is you most concert in effectiveness performance measures?

Ans: availability of resources, quality of product and accuracy and reliability of output.

7. What factor is you most concert in efficiency performance measures?

Ans: cost minimization and complete task on time.

8. Have you company implement automated monitoring in performance evaluation?

Ans: No

9. Are you satisfied the process of performance evaluation implemented now? If not, what need to be improved?

Ans: Yes, I was satisfied the way for performance implementation, but I will think it still needs to be improved.

7.5 Processing

1. Is there any scheduling officer to schedule all the processes of data or all the processes are automated by any specialised algorithm?

No, there is no scheduling officer, but the system analysis takes the responsibility of the scheduling tasks and other different things. Yes we do have a special algorithm, scheduling is done by FIFO method, first in first out.

2. Are there any Standards, codes and procedures related with processing?

Yes, there are standards, codes and procedures regarding processing. Procedures also is very important since its more like standardized and thus quite effective if there is a proper procedure to carry or handle the operations or processing or anything like that. Code manuals play an important role since it can show the codes of how things are done and how it should be maintained and so on. The database administrator (DBA) of Asia Pacific Quest is responsible for the establishing the unique codes required by processing. The APQ database administrator also conducts gets feedback from users which help him to review or update the procedures or codes or anything so that he can improve the effectiveness and efficiency of the processing.

3. Is there any steps taken to avoid errors in data preparation. If yes, how?

Yes. Steps are taken to avoid errors in data preparation. To avoid incorrect data being entered as input to the system, APQ provides visual aides. It also important to get a staff who is more careful when preparing the data. As a precautionary step, APQ supervises the staff who is in charge of entering the data, as like providing guidelines or just making sure that the staff is doing his job well. APQ supervises the staff for some time and after that if the staff is doing well, then APQ stops supervising the staff who is in charge of presenting the data. Additional steps which APQ implements is that they monitor the data entry operators, glance checking of data once in a while and so on.

4. Regarding staff operations, is there any steps taken to monitor them, is training provided for new employees?

APQ provides good staff operations, when a new staff is recruited for the company, APQ provide training in case if it is necessary and also familiarize the staff with the companies structure and also the emergency exits and what are the steps to be taken in a situation like natural disaster and so on. To avoid incorrect operations by staff, APQ takes precautionary steps by upgrading staff selection, training and procedure testing. APQ also monitors new staff of the company for 3 months, they are placed under probation for 3 months.

5. Regarding systems and application programs, how does your company checks for fraud and other related activities?

In APQ the system analysis checks for the systems and application programming. The system analyst checks for fraud programming which might would lead to errors in computerized information systems. To avoid fraud programming, APQ upgrades its program training after certain period of time, it also established some standards to its programming procedures. APQ also has established and enforced documentation standards as measure of fraud programming or incorrect output/solution to some transactions. The system analyst also checks the files periodically for changes in the file as a measure to check for fraud or changes in the file and APQ also implies program audit too.

6. What is the role of micro computer and mainframe of the company?

The micro computers act as normal PC where by the staff and other employees of the staff use them to do their daily activities and other related jobs. Mainframe of the company acts as a server where by provider internet access to all the microcomputers and does other necessary processing for the employee.

7. How does your company monitor the performance of the system?

APQ uses software monitors which are loaded into the computer memory and accessing data at specific times to measure duration and number of events that occur in processing. APQ does not want to use hardware monitors as they are hard to install and expensive and APQ is not that big company to spend so much money on hardware monitors. So basically the software monitor does the work of monitoring.

8. Response Analysis

8.1 Human Resource management

As a result from the interview with Mr. Chiew, we know that APQ is actually operates with the objectives to provide system solutions, emphasizing the MSC initiatives of country which focus on solutions for enterprise environments where security, high availability, complex systems management as well as business continuity planning are concerns and to assist and ease organization tasks to manage, understand and use the business information systems. To achieve these objectives, human resource management plays am important role as nothing can be done without the use of human resource.

In order to become 'The One-Stop Solution Provider and Consultant' for enterprise and e-commerce requirements, APQ has developed an effective and efficient human resource group. This is evidenced by their efforts to attract, retain, and motivate a highly skilled and diverse workforce that contributes to strive for excellence. APQ commit to the recruitment, development and retention of high qualified employee. At the same time, effective employee training, workshop, seminars and development strategies are also committed by APQ to assure the staff’s expertise and excellent.

 

APQ is adaptive to change. They have their own ways in managing change in order to maximize the advantages and minimize the disadvantages caused by the change. APQ is considered as a caring organization by encouraging, supporting, rewarding, and recognizing employee’s performance, creativity, and innovation. Many benefits have offered by APQ to their employees. As s return, the employees are loyal to the organization. This can be evidenced by the low rate of employees’ turnaround. Therefore, from the point of view, we can say that APQ is operate with satisfaction and considered good human resource management.

8.2 Planning

Planning plays an important role in defining tasks that are to be done so that a certain development has a solid base for success. Proper documentation is essential as to avoid confusion among personnel and set procedures and practices that would make a project run smoothly.

        The MIS department of APQ uses a direct text book approach on planning their IT facility. This proves to be effective given that no major problem has occurred since the facility is implemented several years ago.

8.3 Security

As for security concerns, it requires different mixes of prevention detection and response. Integrating firewall, anti-virus software, padlocks, fire detection, etc are not enough to secure one company’s data facility. People or human factor must be taken much consideration too. Designing a security system involves open communication and an objective assessment of vulnerabilities versus cost to secure. Creating a reliable, flexible, scalable, easy to maintain and user-friendly system can be accomplished if objectives are realistic. Commonality of devices throughout the system offers not only economy of scale, but also the opportunity to monitor and control remote sites at a central facility. This reduces labor costs and time, and streamlines the system.

8.4 Performance

Although APQ is not a big company, but I will think they still do well in the Performance evaluation. APQ strongly require their staff doing the performance evaluation because they got experience in project can not complete on time, and system functionality is not met the user requirement, so they didn’t get any payment in this project and they felt they loss their reputation in this case. The cause of this case and need avoid this kind of case will be happen, APQ got their own evaluation procedure to test their system’s product and strongly require their staff follow the procedure.

In APQ, they got their own standard and procedure to do the performance evaluation. They know what they want, what is that needs to perform evaluation, and they also know how to evaluation it. Basically, I agree and satisfy the way they perform in the performance evaluation.

In What to evaluate, APQ had list down the goal and objective of the performance evaluation ( correctness, reliability, efficiency, integrity, ,maintainability ,testability and reusability), so all the staff, who are include programmer, system analyst and tester, will very clear what they support to do to met the company requirement. It also provide a guideline for the programmer, system analyst and tester when they processing in system development.

In How to do evaluation, APQ had their own procedure in evaluation, which are

1. Documentation

APQ require their staff documenting and identify what is to be evaluated, it can make help their staff to know what they support to do and make they are doing the correct thing and ways . it help their staff organize and plan for the evaluation.

2. Processing testing

Black box and white box testing will make sure system is performing well in functionality and logicality, it can minimizing the error in the system performance.

3. End-User survey and Recommendation

The last step of the procedure of the evaluation in APQ is doing the survey and recommendation.  End-user survey will direct get the feedback from the customer, analyses data on performance. It is important because the opinion/suggest from the customer will direct affect the profit of the company, it can help company to know what is the user need and what area we need to improve in the product. Implementation of recommendations for system improvement and the modification of the evaluation process can make sure it will more accuracy and more efficiency in performance evaluation.

Recommendation

According the interview with Mr.Chiew, I will know that APQ is more concern in software part and human’s way control . they “ hu lie” hardware also play a very important role in the performance evaluation. Performance data on hardware component such as direct access storage, input and output unit, main memory utilization and other will direct affect the system performance and the confident of the user. Besides that, the equipment using by programmer, system analyst and tester in processing project development also will direct affect the quality of the system’s project. Example: using slow speed in computer CPU, it will slow down the development time and delay from the schedule. Therefore, I will suggestion APQ develop a standard or criteria for the performance evaluation in Hardware and the procedure to test in hardware.

8.5 Processing

From the answers that we got via survey questions, it is known that APQ does not have any scheduling officer, but the work of the scheduling officer is taken over by the system analyst and the scheduling algorithm that they use in their company is FIFO which is first in first out, we have recommended a new scheduling technique in our research which would be more effective and efficient to the company. APQ also follows standards, codes and procedures so that the processing is carried out in a proper way and everything is done according to the needs of the company.

APQ also monitors its staff when the employees of the company are doing data preparation. APQ supervises the staff for some time and after that if the staff is doing well, then APQ stops supervising the staff who is in charge of presenting the data. Additional steps which APQ implements is that they monitor the data entry operators, glance checking of data once in a while and so on.  And when there is a new employee or staff being recruited to the company, APQ provide training in case if it is necessary and also familiarize the staff with the companies structure and also the emergency exits and what are the steps to be taken in a situation like natural disaster and so on.

APQ also monitors the performance of the system by installing softwares which actually monitors the system for errors and looks for changes in the hardware and the system and also checks for the performance of the system. This is done, so that the system is stable and to avoid the system to go down.

APQ has a client server based system architecture. The main reason behind them having a client server based architecture was that it was to setup, it is considered cheap and also easy to upgrade. To say it all, APQ way of processing is considered quite good based on the size of the company. There is room for improvement for APQ company in relevancy to processing.

9. Assumptions

• Managers should be familiar with the types of improprieties with might occur in his/her area and be alert for any indication that such as a defalcation, misappropriation or irregularity is or was in existence in his/her area.

• DBA administrator does the scheduling work

• The server room is protected from unauthorized users.

10. Glossary

Access: The ability and the means necessary, to store or retrieve data, to communicate with, or to make use of any resource of a data processing or telecommunications system.

Access control: Security measures that define who, when, and what can one access the computer.

Database: A collection of data arranged for ease and speed of search and retrieval.

Database Administrator: Person responsible for designing database

Disaster Recovery Planning: The process of developing and then testing a plan that would guide the recovery and restoration of a particular application, system and/or network for a facility or group in the event of a disaster.

Effectiveness: Concerns with how well the results of processing satisfy the workload demands made by users. Thus the main concern is the accomplishment and not how it is accomplished. The main criteria are: throughput, turn-around, and response time.

Efficiency: Relates to the processing itself and how the resources are utilized and bears no relationship to the workload. The main consideration of it is to focus on the resource utilization, waste reduction in processing application.

File Server: A network component dedicated to serving applications or storing data.

Firewall: The hardware and software used to restrict access to database and resources within a network.

Host: An intelligent device which stores or processes information in various forms, which must be configured or managed, regardless of whether an end-user interacts directly with the device.

Mainframe: A large powerful computer, often serving many connected terminals and usually used by large complex organizations.

Microcomputer: A personal computer, a computer built around a microprocessor for use by an individual, as in an office or at home or school.

Modem: A device that supports a telephone connection between computers.

Operating system: System software containing instructions that coordinate all of the activities of hardware devices, and instructions that allow the user to run application software.

Sufficiency: Is the resource capacities for the workload are adequate or not? Is the resource capacity for the workloads are excessive?

Threat: The potential for an event that can exploit vulnerabilities and cause harm by violating security on an information asset.

Vulnerability: Weaknesses that would enable unauthorized access, denial of service, or damage to our electronic information assets.

11. References

Jenny Preece (1998). Human-Computer Interaction. England: Addison-Wesley Longman Limited

Rob Stocker (2003). ITC 331 Computer Management, Ethics and Security [Online].

Availablefrom: https://online.csu.edu.au/Inter/Action?type=S&cmd=ITC331_200370_x_xi.htm

[Accessed 9 October 2003]

APQ [Online].

 Available from: http://www.asian-quest.com/

[Accessed 9 October 2003]

Robert Sales (2002). Are Remote-Data Centers on the Horizon? [Online].

Available from: http://www.wallstreetandtech.com/story/topNews/WST20020904S0009

[Accessed 11 October 2003]

ADN Group. Data Center & Facilities [Online].

Available from: http://www.adnc.com/net_data_center.php

[Accessed 11 October 2003]

Robert J. Yester, P.E., Swanson Rink (Consulting Engineers) ep1 (2002). A High Availability Electrical Design for Today's Data Center [Online].

Available from: http://www.powerquality.com/ar/power_high_availability_electrical/

[Accessed 11 October 2003]