hris issues
TRANSCRIPT
Today, we will be talking about issues of HRIS: integration; data integrity, security
and privacy (CHAPTER 16)
Mainly experienced in HRIS design and implementation phases
HR Payroll Integration
Example: fully integrated apphttp://www.empower-hr.com/
Integration Issues
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
Confidential information
A great deal of confidential information about employees is captured and stored by organizations Employee personal details
Pay and benefits history
Medical records
Disciplinary records
Data is stored electronically and transmitted across networks.
Increasing integration of HRIS has made information security management a complex and challenging undertaking
4
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
Information Security in HRIS
Protecting information in the HRIS from unauthorized
Access, use, disclosure, disruption, modification, and destruction
Objectives of information security
Protect confidentiality, integrity and availability of information (Pfleeger, 2006; Wong, 2006b).
5
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
COMPONENTS OF INFORMATION SECURITY
Three main principles of information security Confidentiality
Integrity
Availability
The HRIS is composed of three components Hardware
Software
Communications
As mechanisms of protection Physical
Personal
Organizational levels
6
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
SOURCE: Wikipedia (2007)
COMPONENTS OF INFORMATION SECURITY Figure 16.1
7
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY
The European Union Data Protection Directive (EUDPD)
Requires that all EU members must adopt national regulations to standardize the protection of data privacy for citizens throughout the European Union.
Singapore http://www.aar.com.au/pubs/asia/foasia24oct11.htm#Intro
8
OECD/APEC
https://www.privacyenforcement.net/public/activities
Transborder data transfer
Multinational employer New idea – centralised database for HR related data Business case template check-box: “Meets HR Data Privacy Requirements” Could not be marked because of lack of relevant
documentation
Project denied Data transfer privacy requirements Risk associated with non-compliance
(Gracen 2008, p.38)
HR Data Privacy and Project Metrics
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
THREATS TO INFORMATION SECURITY
Human errors in data entry & handling
Damage by employee
Disgruntled & ill-informed employees: critical role of HR
Misuse of computer systems:
Unauthorized access to or use of information
Computer-based fraud
Viruses, worms & trojans: cyber terrorism
Hackers
Natural disasters
11
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
BEST PRACTICES IN HR INFORMATION SECURITY
Adopt A comprehensive privacy policy
Store sensitive personal data in secure computer systems and provide encryption
Dispose of documents properly or restore computer drives and cd-roms
Build document destruction capabilities into the office infrastructure
Conduct regular security practice training
Conduct privacy “walk-throughs” (Canavan, 2003; David, 2002; Tansley & Watson, 2000)
12
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
ADDITIONAL BEST PRACTICES IN HR INFORMATION SECURITY
The careful selection of staff with regard to their honesty and integrity
Raise information security awareness and ensure employees understand corporate security policies
Institute measures to address the personal problems of staff, such as gambling and drug addictions, which might lead them indulge in abuse for financial gains
Provide access to effective grievance procedures since the motivation for much computer abuse is retaliation against management
Kovach, Hughes, Fagan, and Maggitti (2002) Grundy, Collier, and Spaul (1994)
13
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
INFORMATION SECURITY MANAGEMENT FOR HRIS
ISO/IEC 27002
Administrative/Procedural
Logical/Technical
Physical Controls
14
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
INFORMATION PRIVACY
Comprises ethical, moral, and legal dimensions and has assumed greater importance with the increased adoption of the internet and Web 2.0.
Privacy is A human value consisting of four elements (Kovach & Tansey, 2000): Solitude: the right to be alone without disturbances
Anonymity: the rights to have no public personal identity
Intimacy: the right not to be monitored
Reserve: the right to control one’s personal information including the methods of dissemination of that information.
15
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
CONTROLLING ACCESS TO HR DATA
Administrative controls
Logical (technical) controls
Physical controls
Security classification for information
Access control
Cryptography
Defense in depth
16
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
INFORMATION PRIVACY AND HRIS
Concerns
Types of employee information that can be collected and stored in the system
Who can access and update the information (Noe et al., 1994; Sadri & Chatterjee, 2003)
Considerations
Collect and store information based on sound and valid business reasons (Hubbard Et Al., 1998)
Collect only information which is necessary, lawful, current, and accurate (Camardella, 2003)
17
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
HRIS SECURITY BEST PRACTICES
1. Train users on how to securely use and handle the equipment, data, and software.
2. Train employees to “log off” personal computers after they are through using them.
3. Do not allow passwords to be shared. Change passwords frequently.
4. Run software through a virus-detection program before using it on the system.
5. Ensure that backup copies, data files, software, and printouts are used only by authorized users.
(Noe et al., 1994; Pfleeger, 2006)
18
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.
HRIS SECURITY BEST PRACTICES
1. Make backup copies of data files and programs.
2. Ensure that all software and mainframe applications include an audit trail (a record of the changes and transactions that occur in a system, including when and who performed the changes).
3. Use edit controls (such as passwords) to limit employees' access to data files and data fields.
4. Employees take responsibility for updating their employee records themselves via the self-service system.
(Noe et al., 1994; Pfleeger, 2006)
19
HR data management issues Siloed systems
Inaccurate or outdated information
Inefficient means of data sharing and transmission
Resulting in Delays in decision making
Missed opportunities
Preventing movement to strategic role
Costs millions of dollars each year
HR Data Availability, Quality and Integrity (Sopoci & Keebler 2005)
Government reporting requirements
Basic organisational efficiency
Credibility of HR function
Costs
Business critical issues (Sopoci & Keebler 2005)
Automation
Fragmented systems
Mix of manual and automated systems and processes
Manual override
Bad data
Outdated data
Why data becomes bad (Sopoci & Keebler 2005)
Best opportunity to fix data
Identify information needed
Don’t assume paper based data is accurate – check
Data audits
Conversions (Sopoci & Keebler 2005)
Develop an overall HR technology strategy
Master system into which all HR data is entered and resides (e.g. SAP HCM)
Keeping it clean (Sopoci & Keebler 2005)
Data integrity results in efficiency, effectiveness and strategic opportunities.
Protecting the privacy concerns of individuals requires a combination of law, processes, procedures and technology.
Organisations must ensure: Collection, maintenance, use and dissemination of personal
information is necessary, lawful, current, and accurate
Maintenance of high ethical standards(Wong & Thite 2009, p.404)
Conclusion