Why is safety on the top of IT management's list

of objectives now more than ever before?

Michael Erbschloe, Republished from SafetyIssues Vol 2 Issue 19, June 2003

Volume 4 Issue 44

July 2005
The rapid growth in the number of organizations and people using computers combined with global connectivity brought many new information technology management challenges. Many people feel that information technology (IT) has gotten out of control. In some ways the may be right. However, most organizations in the world are now dependent on information technology and that dependency will only increase in the future. The central proposition of these principles are that exercising greater social responsibility can help control the potential negative impact of information technology on society and help your organization avoid the many potential liabilities that are emerging as we move further into the digital age.

How Did We Get Here?

Electronic computing was first launched in the early 1950s, making the industry and the practice about 50 years old.  What we view as end-user, or personal computing got off the drawing board in the late 1970s and by the middle 1980s was in full swing, making it about 25 years old. Networked computing started becoming popular in the late 1980s and by the middle of the 1990s was a standard in most organizations, making it about 15 years old. The Internet, although in limited use since the early 1970s boomed in the middle 1990s with the creation of the browser and by 2000 was a global phenomenon, making it less than ten years old. These events all represented major shifts in computing practices and brought with them a new and unique set of problems.

The Ten Principles of Socially Responsible IT Management

There is no magic to identifying the issues that individuals, organizations, and societies face as a result of the rapid growth of information technology. The ten principles of socially responsible information technology management are:

  1. Appropriately staff IT departments
  2. Fairly compensate IT workers
  3. Adequately train computer users
  4. Provide ergonomic user environments
  5. Maintain secure and virus free computer systems
  6. Safeguard the privacy of information
  7. Ethically manage intellectual property
  8. Utilize energy efficient technology
  9. Properly recycle used computer equipment
  10. Support efforts to reduce the digital divide

The ten principles of socially responsible IT management proposed in this book will not satisfy every critic. They are not meant to. The ten principles are designed to help mitigate the negative impacts of information technology. The principles, along with action steps to apply the principles were derived through the following process.

Step one: Establishing a mindset.

In formulating the ten principles the first and most basic step was to establish a mindset. Acceptance that computers and the Internet are here to stay and that deliberate social action would be required to mitigate negative impacts is essential. In addition, the manufacturers of IT products will only do so much to help you address the problems that are inherent in IT. Unlike the automobile and pharmaceutical industries, for example, the IT industry is unregulated and is relatively free of product liability.

Step two: Identify and categorize problems

Identify and categorize the problems that individuals, organizations, and societies face and group them into areas that are addressable through existing management structures.

Step three: Formulate basic principles.

The principles had to be easy to communicate and easy to understand. They also had to be some intuitive within the context of contemporary society.

Step four: Problem grouping.

The fourth step was to group problems and issues that can be addressed by applying each of the ten principles.

Step five: Develop actionable methods.

The final step was to provide actionable and workable methods that individuals with a wide range of skills could readily employ.
Principle one: Appropriately staff IT departments

If IT departments and functions are not appropriately staffed, an organization puts itself at risk in many areas including greater vulnerability to security breaches, poorly functioning equipment, improper intellectual property management, and inadequately performing applications. Regardless of how well an organization assigns job functions, or trains individual employees, failure remains imminent unless the workload of IT workers is well balanced and humane. Burnout and boredom are two of the most frequent social psychological diseases suffered by IT workers.

Burnout comes from long hours, excessive overtime, and stress. Keeping an IT worker in the same job too long and not having enough workers to adequately cover tasks and meet job or service level requirements will burn out IT workers very quickly. Boredom comes from repetition of work or performing tasks that do not challenge the intellect and development desires of an individual employee.

Both burnout and boredom leads to more frequent mistakes and less tolerance of coworkers and end-users; they will also eventually result in depression. All of these conditions will impact the performance of an individual. If such conditions are widespread in an IT department the performance of the entire department will deteriorate. A balanced working life also requires a large dose of humanity. It is humanity that gives social meaning to work.

In addition, adequate staffing can eliminate single points of failure which can happen when there are not enough IT staff trained to maintain mission critical systems. When, for example, there is only one person who totally understands an application, network, or system configuration an organization becomes mores vulnerable to failures or outages when that person is ill, on vacation, or leaves the organization.

There are several significant challenges that managers face when recruiting and retaining IT professionals including the following:

  • Developing a professional work environment.
  • Hiring the right people for a workplace.
  • Aligning job responsibilities with IT worker skills.
  • Evaluating and mentoring IT workers.
  • Professional development of IT workers.
  • Balancing the workload of IT workers.
  • How To Evaluate Staffing Needs
Principle two: Fairly compensate IT workers

Establishing a fair compensation plan for IT employees can mitigate turnover and the loss of key personnel. A 20% reduction in turnover in an IT department can save hundreds of thousands of dollars in recruitment cost. Reduced turnover can also help keep projects on schedule because work will not be disrupted when staff leaves and replacements must be recruited and brought up to speed on a project. Fairly compensated workers are also more motivated and will work more diligently to address security, privacy, and performance issues facing all organizations.

Compensation plans are not easy for many IT departments to develop. There are often corporate policies or procedures set by the human resource department that prove to be obstacles. Large IT departments often have human resource specialists to assist in developing compensation plans. However, the vast majority of IT departments are less than 100 people and usually do not have such internal support.

One issue in compensation planning is how to pay IT professionals for on-call time. Computer Economics has studied service level requirements for several years and has found that data centers are providing longer service periods and many face 7/24 uptime requirements. Although night shifts and weekends may not require full staffing levels, networks and applications still need to be available to a growing workforce of telecommuters and flex-time workers outside the IT department.

Even when IT professionals do not have to respond to incidents when they are on call, the revolving responsibility for on call sharing does impact their personal and family lives. Many organizations ignore this point. However, extensive on-call requirements and the resulting disruption of social life will contribute to burnout and to turnover rates. Thus, adequately compensating for on-call time may very well not cost as much as recruiting and training new staff because of high turnover rates.

There are several significant challenges that managers face when establishing fair compensation plans for IT professionals including the following:

  • Developing competitive compensation plans.
  • Assuring equal pay regardless of gender.
  • Providing adequate compensation for overtime and holiday hours.
  • Adequately compensating employees for on-call time.
  • Appropriately linking compensation to performance.
Principle three: Adequately train computer users

Companies are spending more on employee training and e-learning has reached its highest level since 1997, according to The 2002 ASTD State of the Industry Report from the American Society for Training & Development (ASTD). Training expenditures for many organizations did not decline with the economic downturn; in fact, companies expected spending on training to grow a healthy 10% between 2000 and 2001.

Training computer users is an important step in assuring that an organization gets the best return on investment from its information technology. Positive results achieved from adequately training users including:
  • Users feel more confident and will try new approaches to completing tasks.
  • Users have a better understanding of what information technology can do for the organization.
  • Help desk calls for simple problem solving decline allowing support staff to spend time on more critical issues.
  • Co-workers are not coerced into providing support to the under trained user and will be able to force more on their jobs.
  • Accidental security breaches can be reduced.
  • The incidents of viruses entering a corporate network can be reduce when users are trained on basic prevention skills.  
Principle four: Provide ergonomic user environments

Even though the republican congress squashed ergonomic requirements established by the democrats when Bill Clinton was in office, ergonomics remains a critical issue. Furthermore, problems are likely to mount in the future and within two decades the negative impact of poorly designed office furniture and information technology will result in considerable economic impact on individuals, corporations, the government, and ultimately the taxpayer.

The threat of litigation and the filing of widespread workman’s compensation claims are forcing companies to find remedies for the poor ergonomics of standardized off-the-shelf IT products. We estimate that end-user companies will spend over $3.5 billion by 2005 on addressing IT ergonomic issues. To determine how large corporations are dealing with this problem Computer Economics conducted a focus group of 16 companies that reported they had remedies in place.

All focus group participants reported that they have had workman’s compensation claims filed resulting from IT ergonomics. Each of the focus group companies have had on-demand ergonomic assistance for their employees in place for at least two years.

The on-demand approach provides employees with assistance in evaluating their needs and selecting appropriate products to ease the strain they experience when using IT equipment. The group reported a wide variety of methods for providing on-demand services. These included telephone hotlines, e-mail request systems, and walk-in showcase centers, where employees can test drive IT products designed to provide more comfort and to help minimize IT-related worker injuries.

Principle five: Maintain secure and virus free computer systems

All IT managers would agree that protecting their IT resources against security breaches is a necessity, but many are not willing to commit to the continual effort required. Without adequate security, the organization is open to a variety of risks—all of which are detrimental to the bottom line.

Based on Computer Economics projections, the likelihood that your organization will be hit with a security attack is growing. Computer crime will grow by an estimated 230 percent during 2002. Similar trends are expected with Internet fraud, which will be up over 100%, and viruses, which will increase by 22% during the same period. These statistics are even more disturbing than they first appear because the data used as the basis for these projections are probably underreported. According to government and industry sources, only about 20% of computer security violations are actually reported.

A firm foundation is required to develop satisfactory security protection, and that foundation is an organizational security policy that covers all the necessary contingencies. Among those contingencies are procedures for installing applications, e-mail and Internet practices, IT user policies, password protection, downloading data considerations, and network monitoring. The policy must provide a plan for responding to security attacks, and that plan must be rehearsed through dry runs and other simulated methods.

Viruses and other malicious code attacks are goring in number and so is the cost incurred by companies, government organizations, and private individuals to clean up systems and get them back into working order. In 2001 it cost computer users $13.2 in lost productivity and to clean up after virus attacks. Incident such as the I love You virus shut down systems around the world and had an estimated $8.75 Billion economic impact.

In a highly connected world computers are more vulnerable to attacks and hacks. In addition, having computers connected to the Internet requires that social responsibility similar to that required when operating a vehicle on the city streets including meeting safety and pollution guidelines.
Principle six: Safeguard the privacy of information

Maintaining the privacy of enterprise information is a meticulous process and requires coordination across all departments and functions within an organization. It is important that everyone on the privacy management team understand the basic issues and concepts of privacy management as well as enterprise policies and procedures. An understanding of the basic issues and concept will help managers make operational decisions about privacy during the day-to-day course of events. It also enables them to more fully participate in formulating policies and procedures.

Unfortunately the definition of privacy is not straightforward. There are cultural, societal, political, legal, and national viewpoints as to what privacy is and what constitutes a violation of privacy. Thus it is important to establish an operational definition of privacy in an enterprise. A strong definition of privacy will help prevent inadequate interpretations of policies and procedures as well as poor decisions regarding the privacy of information when there is a lack of specific procedures covering specific incidents or information elements.

When organizations exchange information to help facilitate business process the importance of privacy has been fairly well established and has become customary. An organization wants its information kept confidential to prevent damage that may occur if the information was obtained by competitors or other parties that could use the information to negatively impact the competitive position or the well being of the information providing company. The provider of the information has a public image to protect and the misuse of confidential information could result in bad publicity. In the case of publicly held companies improper dissemination of proprietary information could negatively impact stock value.

Individuals who provide information to businesses or government organizations can also be negatively impacted by the misuse of information. Such misuse may impact their job, career choices, and lifetime earnings. An individual who is gay or lesbian may choose to keep this information private in order to have to deal with potential social or financial negative consequences. People that are making investments decisions, who are considering changing jobs, or who have decided to get divorced may suffer damages from the release of information related to their life or their plans.

The common thread between the privacy or proprietary corporate information and personal data provide by individuals is that the improper dissemination and use of their information can cause damage. In some cases such damage could be financial while in other cases it could damage reputations.
Principle seven: Ethically manage intellectual property

The challenge that business face in managing intellectual property has greatly increased over the last decade. Some companies have been caught deliberately violating copyright laws. There have been many cases where management was unaware that laws were being broken. Cases of carelessness or independent acts by employees can put an organization in jeopardy.

The Software and Information Industry Association (SIIA) and KPMG LLP released a report in November 2001 entitled Doesn't Everybody Do It? Internet Piracy Attitudes and Behaviors . The survey-conducted to examine the acquisition and use of software and digital content via the Internet-found that nearly 30% of business people could be classified as pirating software through a variety of electronic methods.

Of the 1,004 business people surveyed, more than half of the business users surveyed said they are unaware of corporate policies governing intellectual property that may be in place. According to the study, 54% of business users indicated they do not know if it is permissible to redistribute information from on-line sites they subscribe to, while 23% said they believe it is permitted.

According to the study, most users of Internet content and software products said they were unaware of the proper legal use of such products, yet roughly seven out of 10 (69.5%) reported they have used the Internet to acquire software and 22% subscribe to business information services.
Principle eight: Utilize energy efficient technology

ENERGY STAR was introduced by the U.S. Environmental Protection Agency in 1992 as a voluntary labeling program designed to identify and promote energy-efficient products, in order to reduce carbon dioxide emissions. EPA partnered with the U.S. Department of Energy in 1996 to promote the ENERGY STAR label, with each agency taking responsibility for particular product categories. ENERGY STAR has expanded to cover new homes, most of the buildings sector, residential heating and cooling equipment, major appliances, office equipment, lighting, and consumer electronics.

If all consumers, businesses, and organizations in the United States made their product choices and building improvement decisions with ENERGY STAR over the next decade, the national annual energy bill would be reduced by about $200 billion. With that would come a sizable contribution to reducing air pollution and protecting the global climate.

A business can save $7 to $52 per year on utility bills by using ENERGY STAR labeled computers. ENERGY STAR labeled computers automatically power down to 15 watts or less when not in use and may actually last longer than conventional products because they spend a large portion of time in a low-power sleep mode. ENERGY STAR labeled computers also generate less heat than conventional models. Upgrading your existing equipment to ENERGY STAR can lead to reduced cooling costs.
Principle nine: Properly recycle used computer equipment

As the glut of high-tech junk accumulates, businesses are facing increasing pressure to properly dispose of obsolete computer hardware. In addition to compromising the environment, improper disposal of obsolete computer hardware can result in leakage of proprietary company information and violation of new federal privacy laws that ban the disclosure of non-public financial and medical information about employees and customers.

In September 2001 Computer Economics partnered with experts at Technology Recycling (www.techrecycle.com), the nation's largest electronics disposal firm and materials recycler to present guidelines for technology disposal. Technology Recycling serves more than 200 U.S. cities in the lower 48 United States.

Principle ten: Support efforts to reduce the digital divide

There are numerous compelling reasons why IT managers and companies that are dependent on IT should support efforts to decrease the digital divide. First, and foremost, full participation in life in the information age requires computer literacy and Internet access. Computer literate people are more likely to:

  • Have an interest in IT related careers.
  • Require less on the job training.
  • Contribute higher value to their employers.
  • Shop online.
  • Participate in e-government.
  • Raise computer literate children.

In February 2002, U.S. Department of Commerce released a report entitled A NATION ONLINE: How Americans Are Expanding Their Use of the Internet. IT professionals need to be concerned about the digital because this divide will likely reduce the number of people that will be interested in IT careers. Businesses that are now, or planning in the future to market or sell on line need to be concerned about the digital divide because it narrows their potential customer base.

The study determined that there is a sizable segment of the U.S. population (as of September 2001, 46.1% of persons and 49.5% of households), that does not use the Internet. This illustrates just how big the digital divide is and could be a predicator of how many people will grow up with little interest in entering the IT workforce.

How The Ten Principles Interlock

The independent treatment of the ten principles in this book allows for an easy understanding of what the related issues are and actions required to mitigate potentially negative consequences of not taking action. However, there are many ways that the ten principles are interrelated.

  • Principles one and two, appropriately staff IT departments and fairly compensate IT workers are interrelated. It will be difficult to appropriately staff IT departments if IT staff are not fairly compensated. In addition, the viewpoint of IT staff toward fairness in compensation will be impact by their work load and how well IT departments are staffed.
  • Appropriately staff IT departments are also necessary to maintain secure and virus free computer systems, safeguard the privacy of information, and ethically manage intellectual property. All of which require time, resources, and talent.
  • A lack of adequate training for computer users (principle three) in an organization impacts the work load of the IT department because help desk inquires in organizations where training is lacking are higher and more frustrating.
  • The proper recycling of used computer equipment helps to reduce problems in security, privacy, and intellectual property management.
  • Ergonomic user environments can reduce stress and result in greater productivity from a work force. Reduced stress also impacts the viewpoint of employees toward an organization and their level of compensation.
  • The interrelationships can be compiled numerous ways. The key thing to remember is that adhering to some of the principles will improve operations or reduce potential liability. However, taking a more holistic approach and adhering to as many of the ten principles as possible will yield far greater results because each of the principles helps to reduce vulnerabilities that may ultimately erode progress made in one area.
The Perception of Socially Responsible Will Continue to Evolve

When dealing with new technology, industrial process, or business practice it is often the case that organizations first look at the benefits and eventually become aware of the unanticipated problems which inevitably surface.

The industrial revolution resulted in massive pollution and often unsafe working conditions. Both were addressed by legislation over a long period of time. We are just beginning to understand some of the social and legal problems that are inherent in information technology. There has been considerably legislation that addresses some of the problems and eventually legislation will better address these problems. However, and for the time, applying social responsibility to information technology is largely a personal and organizational decision.

About the author

Michael Erbschloe is an information technology consultant, educator, and author. He has also developed technology-related curriculum for several universities and speaks at conferences and industry events around the world. Michael holds a Master Degree in Sociology from Kent State University. He has authored hundreds of articles on technology and several books including Guide to Disaster Recovery published by Course Technology. When instructors select the Guide to Disaster Recovery for use in their school Michael provides support to help develop their course on a gratis basis. He also provides onsite presentations for an honorarium that is customary for their institution.

Email this article to a friend

Email a friend a link to our web site
Next..
Previous
Back to Safety Issues...

Have you seen a safety device you think our readers should know about?
Does your company make or sell a safety device you would like to see featured in this column?
If so, please e-mail the information about the device to Safety Issues.
The purpose of this column is to make your life safer with the use of the latest technology.
Neither Safety Issues nor its affiliated companies are responsible for any opinions expressed in this column.
Thank you for reading this column.

  © 2008 SafetyIssues.com, Inc. All Rights Reserved.