Ethical Principles in IT Services

Scenario 1: (Code of Ethics): Every organisation has a set of principles which are designed in a way wherein they can help the professionals to run the business with integrity and honesty. This guide of principles is called Code of Ethics.  Code of Ethics is a document which contains the values and mission of an organisation, the ways in which their professionals need to approach and solve issues.  The ethical principles of a company are based on its core values. It also outlines the standard the professionals need to maintain in their day to day jobs (Hayes, 2019).

Task 1.1: In this scenario being an ITC consultant for Bottler Company I would strongly recommend them to follow the Code of Ethics guidelines in order to maintain integrity and honesty which will reflect on the company’s image. My responsibility would be not only to see what the issues are but also work around possible solutions to the problem and then take a decision which will be beneficial not only for Bottler Company but also for our clients. As the system is not sufficiently tested my responsibility would also include making the client as well as company’s employees aware of the consequences in case if the system fails. I have to put forth all the information without any prejudice and with utmost honesty thus abiding by the Code of Ethics.

Task 1.2: Integrity: By following this tenet of the Code of Ethics I need to use my skill in finding the solution to the problem the ‘Integrated inventory control system’ is facing, as it has not been tested properly. I need to take proper judgements and also take the initiative to put forth various solutions.

Informed Consent: I have to inform the employee’s as well as the client of the possible consequence they may have to face in case if the system fails.

Conflict of Interest: As the system is not properly tested and may have faults, it is my duty to inform it to Bottler Company about it, so that we can implement some changes or carry out full testing of the system. As the Manager of Bottler is pressurising me to provide consultation to client I have to tell him that as the system is not fully tested I have to inform this to the client as well. There should be no conflict between Bottler and their client later on this issue.

The 2 solutions I can provide are:

1.  Product or the system will be rechecked

2. Disassembling the product and start to build it again.

The second option will be expensive for Bottler as they will have to spend more again to start from scratch so the first option is feasible. We will recheck the product thoroughly. Following the code of ethics no product will be sold to client without checking. In case if the product turns out defective there should be an written agreement wherein client or consumer can return the product within a particular timeframe and we will substitute it with a brand new product.

Scenario 2: (Ethical Issues):

In this scenario Code of Ethics tenet ‘Conflict of Interest’ will be applicable. As per this tenet an IT professional has to maintain complete confidentiality when it comes to his company’s data or information. He has to see that it is kept secured and no one has access to it, except those who have authority to do so. Another important thing is they should not take part any such activity or deal that may lead to ‘conflict of interest’ between them and the company they are working for and should also refrain from working for personal gains. IT professional also need to be careful as to what information about the company they are giving out to others, outside the company, as it is against the Code of Ethics to give out sensitive information to others about your own company (Resnik, 2015).

Task 2.1:

As an ITC consultant of Bottler Company when the new Manager puts forth the topic of working with market sensitive information, I cannot force or influence him in any way to consider by cousin for this project just because he is related to me. I should also not hide my relation with my cousin. I should honestly tell the manager that he is my cousin and that I also have a shared portfolio with him. As per the Code of Ethics, Bottler should also be made aware that I am thinking of starting my own company in the near future. The dilemma I will face in this scenario is that if I hide any of the above mentioned information from my company then I will be violating the tenet of ‘Conflict of Interests’ of Code of Ethics. Another dilemma I face here is how much sensitive information of the company I can share with my cousin if the Manager agrees to offer him the project.

Task 2.2:

The new Manager of Bottler has discussed with me that he wants to work on market sensitive information. This means he is going to share some very sensitive data and information of the company. My duty is to be sure that I don’t share this information with anyone. If the company gives the go ahead of offering this project to my cousin, I need to share only that much information with him, which is allowed by my company. No other information will be shared with him. Furthermore I also have to be sure that the information I share with my cousin should not get leaked to anybody else in his firm or anyone from outside should not have access to that information. Only those people who have been given the authority to access the information can access it. It is my moral responsibility to see that I can trust my cousin with sensitive information. It would be good to sign a contract with my cousin which will have all the terms and conditions about protecting Bottler’s data and information and also the consequences both my cousin and I can face if any of the terms are violated. If I start my own company in the future I must sign a document or write a declaration signed by me saying that I won’t be sharing any sensitive information of Bottler with my employees or colleagues. This agreement or declaration needs to be signed by both parties, Bottler and I.

Scenario 3: (Privacy and Security)

In today’s world not only IT companies or technical businesses need security and privacy. All organisations need a robust security and privacy structure to safeguard their data and information and this plays an important role in making a business successful. Security is safeguarding the data of your company and privacy is protecting the identity of users (employees) of a company. Different companies have different strategies of building their privacy and security structure. Privacy and security should be taken very seriously and any employee breaking the rules should be dealt with strictly (HIV.gov, 2018).

Task 3.1:

Securing confidentiality of Bottler’s information:

• When Bottler updates any security software which is critical, at the same time they should also adopt all the security procedures and keep them up to date.
• For managing the information system Bottler company should have a set recommended security process in place which everyone needs to follow.
• Systems which have all the confidential information stored in them should be maintained well with up to date registry.
• Bottler staff should be trained in the timely documentation of confidential data. They also need to be trained in time management.
• For accessing important information every Bottler employee can be given access code or a face, or fingerprint recognition method can also be adopted. In this way only authorised people can have access.

Code of Ethics also helps in maintaining privacy and security of data. In the scenario when B company where I have gone for an interview asks me about the strategies I will use for designing a particular product, I can answer the question by stating what ideas I would implement and not disclose the strategies of my current company in designing that product. By not disclosing the strategy which Bottler Company is implementing in designing the product I have safeguarded the security and privacy of the information.

Task 3.2:

As per the Code of Practice in order to maintain data security an IT professional needs to be highly competent professionally. As an ICT consultant following the Code of Practice guidelines I need to keep myself updated with the AS/NZS ISO/IEC 27000 series which consists of standards that need to be followed Information Security. I also need to have thorough understanding of all the relevant guidelines and regulations for data privacy and security. Myself and the employees of Bottler need to be kept updated about the latest threats, what are the vulnerabilities to those threats and how to deal with them in order to protect the data. I will also consider the use of specialised tools for strong security and privacy. If there is a threat I will implement countermeasures which are cost-effective, balanced robust and at the same time will maintain the required levels of integrity and confidentiality. I also will create awareness amongst the employees of Bottler, about how important security and privacy is and make them aware of their responsibility towards it, like how important it is for any employee to report an incident immediately when he or she notices it.

Scenario 4: (IT code of conduct and practices)

Task 4.1: I will need to implement the following things to adhere to the regulations for Bottler Company:

1. I will need to arrange for a meeting with the employees who are working on this project as it is necessary for me to get all the updates from them and also get inputs as to what problems and obstacles did they face while completing this project.
2. I also need to see that all the members of the team are on the same page because as per the scenario, the members are not working as a team so team work is lacking and each member has his or her own ideas of finishing the project and hence they are facing a problem in completing the project as per the deadline. They are not adhering to the regulations laid down by the company. “Adhere to Regulation” is one of the tenet of the IT Code of Practice and it needs to be followed by all employees.
3. As Bottler Company has given me the access to some sensitive information about their clients, it is my duty to be sure that I handle the information with utmost privacy and see to it that no one, except the people who are authorised to have access, gets access to this information. I need to keep the information safe and secured.
4. As per one of the tenet of Code of Practice “Maintain your Competence” I need to attend the training and courses which Bottler wants me to undertake to keep myself updated on the task which I am supposed to work on.
5. I have to inform Bottler about my cousin who is interested in knowing some data about Bottler. I have to take their consent before sharing the information and also how much information I can share with him ( Institute of IT Professionals New Zealand Inc, 2012) Page number 7.

Task 4.2:

I need to follow certain professional practices as an IT professional in order to maintain my competence. They are mentioned below:

1. There is a tenet “Practices common to all Disciples” which a part of the Code of Practice. As per this tenet a professional needs to keep on improving their skills and keep themselves updated with the latest technology. In order to improve the competence they have to attend various training sessions and courses from time to time. Another thing mentioned is that one should be well qualified and should have all the necessary knowledge to handle the task assigned to them. They should not take up or try to perform task in which they are not proficient. This is known as “Maintain your Competence”.
2. By following the principle of “Adhere to Regulations” I need to tell the higher management of Bottler company to make their employees aware of the rules and regulations and make them adhere to it strictly. As an IT professional it is my duty to follow the company’s rules and regulations strictly as well, encourage my colleagues and other employees to adhere to them and in case if some regulations, which are necessary to implement but are missing, then put forth a proposal to the company to include them as well.
3. Another tenet I need to follow is “Respect the Interests of the Client”. As per this I need to make sure that the client’s data (to which Bottler has given me access to) is safeguarded and only people who are authorised to get access to it can view the information. Also I need to inform Bottler about my cousin’s interest in accessing some of Bottler’s data. As per this tenet employee needs to honestly declare to the employer if they are going to gain personally or financially out of this job. They also need to declare that they will not share the information to any third party.
4. “Participate Maturely” is another tenet which I need to adhere to as I have been given the responsibility to lead a team in the project. As per this, I will provide feedback to my team members in a constructive way, so that they don’t feel offended. My relationship with my team members and client should be friendly yet very professional (Cobuild, 2019).

Scenario 5: (Health and Safety)

The health and safety of employees is one of the determining factors of a prosperous company. A company’s productivity will obviously be high if all its employees are healthy and well taken care of. Today almost all companies follow Health and Safety guidelines and have a proper Health and Safety policy in place for all its employees. There are guidelines of what ‘To Do’ and what “Not To Do”, safety precautions every employee should take before starting a particular task. What needs to be done if there is an emergency or accident of an employee at work. What sort of First Aid can be provided, which steps to follow in case of a medical emergency. What precautions should be taken to avoid such situations etc (NZ, 2019).

Task 5.1:

As per the scenario the room where Bottler company wants me to conduct the workshop is not meeting the health and safety standards at all. There are a lot of loop holes. In order for me to conduct the workshop of mobile repairing certain safety requirements need to be met. They are as follows:

1. All tools which are required for repairing a smart mobile phone should be available.
2. As we are going to train people on mobile repairing there is a risk of getting a shock via electric current. So anti-static equipments and ESD safe workplace is necessary.
3. Room is not safe as there is a soldering iron and hot air machine. Both these items are not required for mobile repairing they should be removed from the premises. Room should be tidy and clean and should only have tools and equipments which are required for smart phone repairing.
4. All the members of the team including me who are going to attend this workshop need to be properly dressed, should be given glasses to protect their eyes from the light and also special gloves which they need to wear when they are performing the practical task of repairing mobiles.
5. Members taking part in this workshop should have basic knowledge of how to repair a mobile. If there is anyone who is a total novice then he should either not be included in the team or should be given proper basic training before he joins the workshop.
6. As at present data was not backed up, of those mobiles which had come for repair directly from the customer we need to inform them about the data loss. We can try to regain the lost data but if not then in future we need to be careful and do a data back up every time we get a mobile or repair from customers. If necessary training should be given on data backup (Worksafe, 2018).

Task 5.2

As per the scenario the possible hazards in the workshop area would be contact injuries, injuries caused by using electrical equipment, use of hazardous substances, slips and trips and manually handling heavy equipments. Below I have shown a table which accesses the possible risks and whether they are low, medium or high in intensity and what precautionary measures can be taken to avoid or minimise them.

Scenario 6: (Contract Management Issue)

Task 6.1

As per the scenario the conflict of interest in contract management comes to the fore regarding the Kiwi Saver contribution. As per the contract it said that the Kiwi Saver account which I have will also have contribution from Bottler (employer) but the employer says it is not mandatory. Another conflict is when I exceeded my sick leave 3 days they deducted my 3 day’s salary.

As per my point of view when a company signs a contract with the employee or the terms and conditions should be made clear. In the above scenario, it should have been clearly mentioned in the contract that it is not mandatory for the employer to contribute to the employee’s Kiwi Saver account (they can do so by their own will). In this way we are setting the expectations of the employee as what can happen in the future right from the beginning. Just verbally telling the employee later on that “It’s not mandatory for the employer to contribute” is not professional enough for a big company like Bottler. Usually it is mentioned in the contract as to how many paid leave and how many sick leave a employee is entitled to. However in this case the contract should have had an extra clause saying if the employee exceeds his sick leave then extra leave will be unpaid. I would suggest that instead of making those extra sick leave unpaid the contract should have an option that employee can use the paid leave (if he has some remaining) as sick leave if he does not have any paid leave left only then it will go unpaid.

Task 6.2:

I feel KPIs are very important for a company’s and also for individual’s performance. In Bottler if an employee achieves all the KPI targets then his performance is appreciated by giving him a bonus. This is a very healthy practice as it motivates an individual to give their best and this in turn is beneficial for the company’s performance as a whole. Another good thing the Bottler company has implemented is the Performance Improvement Plan (PIP). In this way employees who are a bit slow or low on performance are not directly given notices or fired from their job, but given a chance to improve themselves and are trained in the areas where they are lacking and thus they are made to come up the learning curve slowly but surely. This also in a way motivates an individual and they are likely to remain loyal to the company as they see themselves valued. In this way with the help of KPIs Bottler company can keep a track of the performance of each and every individual and see how they are performing. They can easily identify individuals who need help and training and also those who are doing exceptionally well.

Scenario 7: (Treaty of Waitangi)

Task 7.1:

3 Ps form the crux of the Treaty of Waitangi Partnership Participation and Protection. Below I have discussed how Bottler can achieve each principle:

1. Partnership: This principle means that all local people that is Maori should be included in developing strategies which will be helpful for an organisation. Bottler can involve their Maori employees in developing various policies for their company. They can appoint them as Head of any department like HR or IT or Marketing if they have the right qualifications and skills.

2. Participation: This means the local Maoris should be involved in all the sectors and levels of any organisation. This includes planning, decision-making, developing and delivering and all aspects of an organisation. Bottler can involve their Maori employees in important decision making which will be beneficial for the company. Maori employees can give their valuable inputs in improving the business can suggest strategies which will help the company’s performance. They can organise workshops or events for employees to voice their opinion, what is causing them stress, what can the company do for better emotional satisfaction of the employees and these workshops and events can be headed by a Maori.

3. Protection: This principle states that the government should make sure that all Maoris have equal level of health as non- Maoris and the government should protect Maori culture, practices and values. Bottler can organise an event wherein all their employees are urged to dress I Maori cultural clothing, and the actual Maori employees can hold a session wherein they explain the significance of the Maori art crafts, signs and tattoos. They can also organise a week for Maori language wherein they can play various word games which involve translating English words to Maori so that non Maoris get to learn about the Maori alphabets.

Task 7.2:

The possible constraints Bottler can face when the comply with the Treaty of Waitangi are that they first have to hire Maoris who are efficient and suitable to handle higher positions in the company, while doing so they also have to make sure that the other non Maori employees who may be senior and expecting a promotion, feels ignored and feels that the management is partial with the local people and gives only them the chance to hold responsible posts. Due to cultural differences there can be disharmony between Maori speaking and non Maori speaking employees and the company has to treat everyone fairly. Though Bottler company has to promote Maori culture by organising special events it cannot force non Maoris to participate in it as this can lead to dissatisfaction among them. In development field when tey involve a Maori in decision-making and suggesting new ideas they also need to confirm that all others are happy with that person’s inputs and suggestions. In leadership, if they choose a Maori who is perfectly capable for a leadership position, they have to be sure that he is accepted and respected by his juniors and that they don’t see him as a threat or hindrance in their progress. In this way Bottler has to maintain an equilibrium between encouraging the Maoris to participate more in the company matters and the satisfaction level of non Maori employees.

Task 7.3:

In my opinion it is necessary for Bottler to implement the Treaty of Waitangi at their workplace as by doing so they will be adhering to NZ law and the company will gain success and profit in the Maori market. As Bottler is a NZ company so they should respect the law of the land and also respect and give opportunities to Maoris which will boost their business. It will not gain by going against the Treaty of Waitangi as it is also included in the guidelines of good and acceptable practice for IT professionals and organisations operating in New Zealand. It will also establish a multicultural atmosphere at work and if there are Maori employees even the migrant employees will get to learn about NZ culture and values which will help them gel well with their surroundings and people in general.

Bottler is already taking initiative to implement the Treaty of Waitangi. As we can see in the scenario that Maori employees are given an opportunity to give their inputs for important projects, they treat all their employees including Maoris with respect and also resect their tikanga (customs and traditional values). They also consult them on important matters of the company. They also take inputs from Maoris which support planning and management decisions (Health, 2014).

Scenario 8: (IT Relevant Legislation)

Task 8.1:

In legal terms copyright is an exclusive right which the creator of a specific work is given. It gives the creator the right of reproducing his work within a certain period of time. It is a kind of ‘Intellectual Property Right’. Copyright allows the creator of a work to decide how their work can be used. Usually the creator or the author can choose either to retain their work or   commercialise it. They can also give someone else an authority to exercise one or more than one of their copyright rights. There is a law in place for this called Copyright Act 1994. It is set of guideline which explains a content which is published, can or cannot be used. The rule in general is if the work of an author is published then it is copyright protected. In the scenario as the presentation of Bottler Company is already copyright protected, then they can file a case against Company C of breaching the Copyright Act. In this way Company C will have to pay a fine to Bottler for copying their work without Bottler’s knowledge or permission (Copyright, 2019).

Task 8.2:

Bottler company should be aware of the following laws to deal with misuse of computer and protecting their data:

1. Computer Misuse Act 1990: This act was passed by the UK Parliament in 1990. This Act was passed in order to curb the rising incidents of cyber crime and internet fraud. The main aim of this law is to declare the act of misusing computers and unauthorised access to computer systems as a crime. It also prevents repeat offenders of this Act, to use computers so that they do not have access to any data which is stored in the computers, and hence prevent them for misusing it (Rouse, 1999-2019).

2. Data Protection Act 1998: This was also passed by the UK Parliament. It defines how information about people should be handled in a legal lawful manner. The main of this Act is to prevent the misuse or abuse of information. The Data Protection Act 1998 has the following principles:

• Fair and lawful processing of data
• Data should be obtained for lawful purpose and processing should done only for that purpose and not for any other purpose.
• Data must be current, adequate and accurate.
• Retaining of data should be for a limited period of time.
• It should be protected from being used for unlawful purpose and also from loss and damage (Rouse, U.K. Data Protection Act 1998 , 1999-2019).

Bibliography

• (n.d.). Retrieved from https://www.business.govt.nz/risks-and-operations/health-and-safety/health-and-safety-basics/?gclid=CjwKCAjw9qfZBRA5EiwAiq0AbVxp-IPaxCeJ-kjVveOZMwzJgBUmIbNtyPFkSwZ_a8PXHuO66dYyZRoC9XAQAvD_BwE
• Institute of IT Professionals New Zealand Inc. (2012). Code of Practice for Information Technology in New Zealand. Auckland: Institute of IT Professionals New Zealand Inc.
• (2014, 06 06). Retrieved from https://www.health.govt.nz/our-work/populations/maori-health/he-korowai-oranga/strengthening-he-korowai-oranga/treaty-waitangi-principles
• Cobuild. (2019). Code of Practice. Retrieved from collinsdictionary.com: https://www.collinsdictionary.com/dictionary/english/code-of-practice
• Copyright. (2019). What is copyright? Retrieved from copyright.co.nz: https://www.copyright.co.nz/understanding-copyright/what-is-copyright
• Hayes, A. (2019, 05 31). Code of Ethics. Retrieved from www.investopedia.com: https://www.investopedia.com/terms/c/code-of-ethics.asp
• Health, M. o. (2014, 06 06). Treaty of Waitangi principles. Retrieved from health.govt.nz: https://www.health.govt.nz/our-work/populations/maori-health/he-korowai-oranga/strengthening-he-korowai-oranga/treaty-waitangi-principles
• HIV.gov. (2018, 04 26). The Difference between Security and Privacy and Why It Matters to Your Program. Retrieved from hiv.gov: https://www.hiv.gov/blog/difference-between-security-and-privacy-and-why-it-matters-your-program
• NZ, G. (2019). Health and Safety Basics. Retrieved from business.govt.nz: https://www.business.govt.nz/risks-and-operations/health-and-safety/health-and-safety-basics/?gclid=CjwKCAjw9qfZBRA5EiwAiq0AbVxp-IPaxCeJ-kjVveOZMwzJgBUmIbNtyPFkSwZ_a8PXHuO66dYyZRoC9XAQAvD_BwE
• Resnik, D. B. (2015, 12 01). What is Ethics in Research & Why is it Important? Retrieved from niehs.nih.gov: https://www.niehs.nih.gov/research/resources/bioethics/whatis/index.cfm
• Rouse, M. (1999-2019). Computer Misuse Act 1990 (CMA). Retrieved from techtarget.com: https://whatis.techtarget.com/definition/Computer-Misuse-Act-1990-CMA
• Rouse, M. (1999-2019). U.K. Data Protection Act 1998 . Retrieved from techtarget.com: https://whatis.techtarget.com/definition/UK-Data-Protection-Act-1998-DPA-1998
• Rouse, M. (1999-2019). U.K. Data Protection Act 1998 (DPA 1998). Retrieved from techtarget.com: https://whatis.techtarget.com/definition/UK-Data-Protection-Act-1998-DPA-1998
• Worksafe. (2018, 05 4). Health and safety at work – quick reference guide. Retrieved from worksafe.govt.nz: https://worksafe.govt.nz/managing-health-and-safety/getting-started/health-and-safety-at-work-quick-reference-guide/