HRIS Information Security

Project Mgmt and HR Mgmt Advice
and HRMS Implementation
Module 5
Project Management and HRM

Advice for HRIS Implementation
CHAPTER 6
Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource
Information Systems: Basics, Applications, and Future Directions, 2e 2012 SAGE
Publications, Inc.
STATISTICS
It Has Been Estimated That The Failure Of

HRIS Projects Costs Organizations In The
United States Alone At Least $100 Billion A
Year (Ewusi-Mensah, 1997).
Of Those Systems That Are Completed,
More Than 55% Will Exceed Cost And Time
Estimates By A Factor Of 2.
Only 13% Of The IS Projects That Are
Completed Are Considered Successful By
The Executives Who Sponsor Them

Publications, Inc.
IT FACTORS AFFECTING PM
SUCCESS
Solve The Right Problem.
2. Have Systems Developers Who Are
Sensitive To Hr Issues And Willing To Learn
About The Constraints In Hr Functionality.
3. Have Project Managers Who Understand
The Dynamic Nature Of Any HRIS Project
And The Interrelations Among Various
Factors
In Addition, Three General Factors That Affect
Successful PM Are Time, Cost, And Scope.
1.

Publications, Inc.
THE HRM PERSPECTIVE:

ORGANIZATIONAL
REQUIREMENTS
1. Identification Of Steering Committee
And Project Charter
Selection Of Project Sponsor
2. Configuring The PM Team
Representatives From The Functional
Units Affected, Most Notable HR And
IT
Team Training
3. Identification Of Available Resources
And Constraints

Publications, Inc.

ORGANIZATIONAL
REQUIREMENTS
4. Controlling Project Creep
Project Creep Is Defined As The
Enlargement Of The Original
Boundaries Of The Project As Defined
In The Project Charter.
5. Selection Of The Implementation Team
The Implementation Team Also Has
Primary Responsibility For
Communication With The Entire
Organization

Publications, Inc.

ORGANIZATIONAL
REQUIREMENTS
6. Training And Documentation
Complete, Accurate, And Up-to-date
Documentation Of The System Is
Critical For The Implementation Of A
Successful HRIS.
Training In Both Group Processes And
Change Management Methods.
Training On The New System
Publications, Inc.
Barriers to Success
Inadequate resources Lack of

management commitment
Project team instability
Organizational Politics
Poor needs analysis
Omission of key persons on project
team
Failure to include key groups in needs
analysis
Inadequate control/involvement by HR

Publications, Inc.
Critical Success Factors
Top Management Support

Provision Of Adequate & Timely
Resources
Ongoing Communication
Conducive Organizational Culture
User Involvement
Project Champions (Steering
Committee)
Organizational Structure
Change Management Methodology
Project Control & Monitoring
Cross Integration Between Business
J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Michael
Publications,
Inc.
Creating an Environment of
Motivation
Consider rewards of recognition.
They dont have to be large, but they need

to be a standard part of operating
procedures to create a motivating project
environment.
Be sure to include all project employees, not
just the highly visible ones, or those above a
certain rank.
Recognizing work done well and keeping

communications open are the two most
important operating procedures for any
project manager.

Publications, Inc.
10
CHAPTER 16
Information Security and
Privacy in HRIS
INTRODUCTION
A Great Deal Of Confidential Information

Employees are Captured and Stored by
Organizations
Employee Personal Details

Pay And Benefits History
Medical Records
Disciplinary Records
Data Are Stored Electronically And Transmitted

Across Networks.
Increasing Integration Of HRIS Has Made
Information Security Management A Complex
AndMohan
Challenging
Undertaking
Michael J. Kavanagh,
Thite, and Richard D. Johnson
- Human Resource

Publications, Inc.
12
Information Security in
HRIS
Protecting Information In The HRIS From

Unauthorized
Access, Use, Disclosure, Disruption,

Modification, and estruction
Objectives of Information Security
Protect Confidentiality, Integrity And

Availability Of Information (Pfleeger, 2006;
Wong, 2006b).

Publications, Inc.
13
COMPONENTS OF
INFORMATION SECURITY
Three Main Principles Of Information Security
The HRIS Is Composed Of Three Components
Confidentiality
Integrity
Availability
Hardware
Software
Communications
As Mechanisms Of Protection
Physical
Personal
Organizational Levels

Publications, Inc.
14
COMPONENTS OF INFORMATION
SECURITY
Figure 16.1
SOURCE: Wikipedia (2007)

Publications, Inc.
15
LEGAL REQUIREMENTS
FOR INFORMATION
TECHNOLOGY
Personal Information Protection And Electronics

Document Act (Canada)
Security Breach Notification Law (California,

USA)
Supports And Promotes Electronic Business By

Protecting Personal Information That Is Collected,
Used Or Disclosed
Requires Organizations To Notify Customers Or

Employees When Unencrypted Personal Information
May Be Compromised, Stolen Or Lost.
Computer Misuse Act 1990 (UK)

Proposed To Make Computer Crime (e.g. Hacking Or
Cyber-terrorism) A Type Of Criminal Offense.

Publications, Inc.
16
LEGAL REQUIREMENTS FOR

INFORMATION TECHNOLOGY (Cont.)
The European Union Data Protection Directive

(EUDPD)
Requires That All EU Members Must Adopt National

Regulations To Standardize The Protection Of Data
Privacy For Citizens Throughout The European Union.
Health Insurance Portability And Accountability

Act (USA)
Sets National Standards for Electronic Healthcare

Transactions and Requires Healthcare Providers,
Insurance Companies And Employers To Safeguard
The Security Of Health Information Of Individuals.

Publications, Inc.
17
THREATS TO INFORMATION
SECURITY
Human Errors In Data Entry & Handling
Damage By Employee
Disgruntled & Ill-informed Employees: Critical Role Of

HR
Misuse Of Computer Systems:
Unauthorized Access To Or Use Of Information
Computer-based Fraud
Viruses, Worms & Trojans: Cyber Terrorism
Hackers
Natural Disasters
Michael
J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource
Publications, Inc.
18
BEST PRACTICES IN HR
Adopt A Comprehensive Privacy Policy
Store Sensitive Personal Data In Secure

Computer Systems And Provide Encryption
Dispose Of Documents Properly Or Restore

Computer Drives And CD-ROMs
Build Document Destruction Capabilities Into

The Office Infrastructure
Conduct Regular Security Practice Training
Conduct Privacy Walk-throughs
(Canavan, 2003; David, 2002; Tansley & Watson,

2000)
Publications, Inc.
19
ADDITIONAL BEST
PRACTICES IN HR
The Careful Selection Of Staff with Regard to

their Honesty and Integrity
Raise Information Security Awareness and

Ensure Employees Understand Corporate
Security Policies
Institute Measures To Address The Personal

Problems Of Staff, Such As Gambling And Drug
Addictions, Which Might Lead Them Indulge In
Abuse For Financial Gains
Provide Access To Effective Grievance

Procedures
Kovach, Hughes, Fagan,
and Maggitti (2002)
Grundy, Collier, and Spaul (1994)
Since The Motivation For Much Computer Abuse
Publications,Is
Inc. Retaliation Against Management
20
SECURITY
MANAGEMENT FOR
HRIS
ISO/IEC 27002
Administrative/Procedural
Logical/Technical
Physical Controls

Publications, Inc.
21
INFORMATION PRIVACY
Comprises Ethical, Moral, And Legal Dimensions

And Has Assumed Greater Importance With The
Increased Adoption Of The Internet And Web 2.0.
Privacy Is A Human Value Consisting Of Four

Elements (Kovach & Tansey, 2000):
Solitude: The Right To Be Alone Without Disturbances

Anonymity: The Rights To Have No Public Personal
Identity
Intimacy: The Right Not To Be Monitored
Reserve: The Right To Control Ones Personal Information
Including The Methods Of Dissemination Of That
Information Systems:
Basics, Applications, and Future Directions, 2e 2012 SAGE
Information.
Publications, Inc.
22
CONTROLLING ACCESS TO
HR DATA
Administrative Controls
Logical (Technical) Controls
Physical Controls
Security classification for Information
Access control
Cryptography
Defense in depth

Publications, Inc.
23
INFORMATION PRIVACY
AND HRIS
Concerns
Types Of Employee Information that Can be Collected

And Stored In The System
Who Can Access And Update The Information
(Noe et
al., 1994; Sadri & Chatterjee, 2003)
Considerations
Collect and store information Based On Sound And

Valid Business Reasons (Hubbard Et Al., 1998)
Collect only information which is Necessary, Lawful,

Current, And Accurate (Camardella, 2003)

Publications, Inc.
24
HRIS SECURITY BEST

PRACTICES
1. Train Users On How To Securely Use And Handle
The Equipment, Data, And Software.
2. Train Employees To Log Off Personal Computers
After They Are Through Using Them.
3. Do Not Allow Passwords To Be Shared. Change
Passwords Frequently.
4. Run Software Through A Virus-detection Program
Before Using It On The System.
5. Ensure That Backup Copies, Data Files, Software,
And Printouts Are Used Only By Authorized Users.
Publications, Inc.
(Noe et al., 1994; Pfleeger, 2006)
25
HRIS SECURITY BEST

PRACTICES
1. Make Backup Copies Of Data Files And
Programs.
2. Ensure That All Software And Mainframe
Applications Include An Audit Trail (A Record Of

The Changes And Transactions That Occur In A
System, Including When And Who Performed
The Changes).
3. Use Edit Controls (Such As Passwords) To Limit
Employees' Access To Data Files And Data

Fields.
(Noe et al., 1994; Pfleeger, 2006)

4. Employees Take Responsibility For
Updating
Their Employee Records Themselves 26Via The

Self-service System.

Publications, Inc.

HRIS Information Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HRIS Information Security

Uploaded by

Copyright:

Available Formats

Project Mgmt and HR Mgmt Advice

and HRMS Implementation

Project Management and HRM

It Has Been Estimated That The Failure Of

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

THE HRM PERSPECTIVE:

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

THE HRM PERSPECTIVE:

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

THE HRM PERSPECTIVE:

Inadequate resources Lack of

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Critical Success Factors

Top Management Support

J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Consider rewards of recognition.

They dont have to be large, but they need

Recognizing work done well and keeping

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

A Great Deal Of Confidential Information

Employee Personal Details

Data Are Stored Electronically And Transmitted

Information Systems: Basics, Applications, and Future Directions, 2e 2012 SAGE

Protecting Information In The HRIS From

Access, Use, Disclosure, Disruption,

Objectives of Information Security

Protect Confidentiality, Integrity And

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Three Main Principles Of Information Security

The HRIS Is Composed Of Three Components

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

SOURCE: Wikipedia (2007)

Personal Information Protection And Electronics

Security Breach Notification Law (California,

Supports And Promotes Electronic Business By

Requires Organizations To Notify Customers Or

Computer Misuse Act 1990 (UK)

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

LEGAL REQUIREMENTS FOR

The European Union Data Protection Directive

Requires That All EU Members Must Adopt National

Health Insurance Portability And Accountability

Sets National Standards for Electronic Healthcare

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Human Errors In Data Entry & Handling

Disgruntled & Ill-informed Employees: Critical Role Of

Misuse Of Computer Systems:

Unauthorized Access To Or Use Of Information

Viruses, Worms & Trojans: Cyber Terrorism

Adopt A Comprehensive Privacy Policy

Store Sensitive Personal Data In Secure

Dispose Of Documents Properly Or Restore

Build Document Destruction Capabilities Into

Conduct Regular Security Practice Training

Conduct Privacy Walk-throughs

(Canavan, 2003; David, 2002; Tansley & Watson,

The Careful Selection Of Staff with Regard to

Raise Information Security Awareness and

Institute Measures To Address The Personal

Provide Access To Effective Grievance

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource

Comprises Ethical, Moral, And Legal Dimensions

Privacy Is A Human Value Consisting Of Four