Acquisition from external sources
There are several principal ways to acquire an information system from outside the organization. Many firms have resorted to outsourcing their information systems. Outsourcing entails transferring the major components of the firm’s systems and operations such as data centres, telecommunications, and software development and maintenance to a specialized company that provides its services under long-term contracts specifying the service levels (that is, the scope and the quality of service to be provided). In some cases the outsourcing entails moving the services abroad i.e., offshoring in pursuit of the cost or expertise advantages. Responsibility for the acquisition of new applications then falls to the outside company. In other cases the company may outsource just the development or maintenance of their information systems, with the outside company being a systems developer.
Cloud computing is increasingly being adopted as a source of information services. It offers on-demand access via the Internet to services furnished by a provider that runs data centres with the necessary software and other resources. The services can be provided at one of three levels: as the infrastructure for running existing applications, as the platform for developing new applications, or as software-as-a-service (SaaS) to be used by the firm over the network. In particular, SaaS has become a cost-effective way to use enterprise systems. Generally, cloud computing is provided by external vendors, although some firms implement their own private clouds in order to share resources that employees can access over the network from a variety of devices, often including smartphones. Scalability and avoidance of capital expenditures are notable advantages of public clouds; the partial loss of control is a drawback.
Internal information systems development
When an information system is developed internally by an organization, one of two broad methods is used: life-cycle development or rapid application development (RAD).
The same methods are used by software vendors, which need to provide more general, customizable systems. Large organizational systems, such as enterprise systems, are generally developed and maintained through a systematic process, known as a system life cycle, which consists of six stages: feasibility study, system analysis, system design, programming and testing, installation, and operation and maintenance. The first five stages are system development proper, and the last stage is the long-term exploitation. Following a period of use (with maintenance as needed), the information system may be either phased out or upgraded. In the case of a major upgrade, the system enters another development life cycle.
The principal objective of a feasibility study is to determine whether the system is desirable on the basis of long-term plans, strategic initiatives, and a cost-benefit analysis. System analysis provides a detailed answer to the question, What will the new system do? The next stage, system design, results in an extensive blueprint for how the new system will be organized. During the programming and testing stage, the individual software modules of the system are developed, tested, and integrated into a coherent operational system. Further levels of testing ensure continuing quality control. Installation includes final testing of the system in the work environment and conversion of organizational operations to the new system, integrating it with other systems already in place. The later stages of development include such implementation activities as training users and modifying the organizational processes in which the system will be used.
Industrial methods of software production and reuse have been implemented in systems development. Thus, reusable software components are developed, tested, and catalogued to be deployed as parts of future information systems. A particularly important method of component-based development is the use of Web services, which are software objects that deliver a specific function (such as looking up a customer’s order in a database) and can be stitched together into interorganizational information systems enabling business partners to cooperate.
Managing information systems
For an organization to use its information services to support its operations or to innovate by launching a new initiative, those services have to be part of a well-planned infrastructure of core resources. The specific systems ought to be configured into a coherent architecture to deliver the necessary information services. Many organizations rely on outside firms that is, specialized IT companies to deliver some, or even all, of their information services. If located in-house, the management of information systems can be decentralized to a certain degree to correspond to the organization’s overall structure.
Information system infrastructure and architecture
A well-designed information system rests on a coherent foundation that supports responsive change and, thus, the organization’s agility as new business or administrative initiatives arise. Known as the information system infrastructure, the foundation consists of core telecommunications networks, databases and data warehouses, software, hardware, and procedures managed by various specialists. With business globalization, an organization’s infrastructure often crosses many national boundaries. Establishing and maintaining such a complex infrastructure requires extensive planning and consistent implementation to handle strategic corporate initiatives, transformations, mergers, and acquisitions. Information system infrastructure should be established in order to create meaningful options for future corporate development.
When organized into a coherent whole, the specific information systems that support operations, management, and knowledge work constitute the system architecture of an organization. Clearly, an organization’s long-term general strategic plans must be considered when designing an information system infrastructure and architecture.
Organization of information services
Information services of an organization are delivered by an outside firm, by an internal unit, or by a combination of the two. Outsourcing of information services helps with such objectives as cost savings, access to superior personnel, and focusing on core competencies.
Information systems security
Information systems security is responsible for the integrity and safety of system resources and activities. Most organizations in developed countries are dependent on the secure operation of their information systems. In fact, the very fabric of societies often depends on this security. Multiple infrastructural grids including power, water supply, and health care rely on it. Information systems are at the heart of intensive care units and air traffic control systems. Financial institutions could not survive a total failure of their information systems for longer than a day or two. Electronic funds transfer systems (EFTS) handle immense amounts of money that exist only as electronic signals sent over the networks or as spots on storage disks. Information systems are vulnerable to a number of threats and require strict controls, such as continuing countermeasures and regular audits to ensure that the system remains secure.