This section discuses legal compliance for S-Global in relation to technology, new launches of products, and new business model development. This is followed by discussing ethical management for S-Global in relation to geographic, cultural, functional, and organizational boundaries.
Legal compliance is an important part of regulating any business. However, it is especially crucial for a new business because the new business is attempting to create a reputation for itself. Moreover, by establishing legal compliance, the business has more opportunities for advancement because the foundation for expansion has been set through compliance.
There are many components to technological legal compliance. For example, there are requirements at the local, state, national, and international levels. The most common technology regulations are in relation to “compliance, privacy, and data protection” (Anon 2015). It is expected that with the success of the ‘Surf Your Life’ application and the shark deterrent electronic chip, the company will desire to launch new products. Business models change due to a variety of reasons. However, there are steps that can be taken to ensure that the new business model is developed to the most impactful resolution. This involves using techniques from Peter Drucker, known for his development of entrepreneurial activities for success (Lee 2014). In order to account for these issues, different types of agreements and/or contracts are needed.
The service agreement needs to be developed, naming SGlobal as the owner of the application. By listing SGlobal as the owner, the patent and trademark is established legally. Patents are important because they provide “an exclusive right granted for an invention to the inventor or patentee, by the patents office which allows the inventor exploit the invention for a limited period, generally 20 years within the given territory” (PACRA 2013). Furthermore, the scope of the license is established, showing that the application can be used in order to determine the status of the water in relation to predicting the height, velocity and duration of the surfing waves and showing them in 3D representation about how it might look like in real time. Thus, the code can only be used within this specific scope in order for the agreement to remain valid. The service agreement also establishes the terms of the warranty for the product, showing the only ways that the product can be used and what will invoke the warranty into action. The service agreement is important because it provides legal information regarding trademarks, such as icons, logos, and owner name. This information also provides recognition of the developer of the application. One of the final components of the service agreement discusses security and authentication information regarding the application. This is done to ensure the safety of the user’s equipment, as well as the application itself. Finally, the service agreement provides information regarding breach of laws (such as data protection laws) and conflicts of interest (by developers and employees). Service contracts can also be between the company and third party developers and/or freelancers. Therefore, the employee contract is important in that it contains non-disclosure agreements regarding the code and ways that the code may be used within the company. Thus, confidentiality agreements are encompassed in the non-disclosure agreements and employee contracts. However, all agreements consider that the open-source nature of the application. The limitations of which are disclosed within all agreements provided to all parties. Contractual agreements will need to be established between SGlobal and its business partners, such as companies involved in surf-related accessories, equipment, and recreational activities (such as restaurants). This allows these organizations to promote and/or the mobile application. Two organizations that may be utilized to promote and distribute the ‘Surf Your Life’ application are Apple and Google. This is because users can utilize the Apple store and Google Play in order to purchase and download the application.
Another important agreement and contract is between SGlobal and its investors. This contract considers the rights of the investors and the rights of the company itself. For example, the investors may not have IP rights. However, investors may have rights in relation to privacy, confidentiality, authority to suggest changes, or non-disclosure agreements. These agreements allow investors to be involved in the development of applications, but not be able to use the knowledge gained to pirate the code for personal gain.
These agreements are instrumental in assisting in the development of the service contract between SGlobal and its customers which establishes consumer protection laws. The customer agreement focuses first on disclosures relating to the product, releasing the company from liability due to misuse. The information obtained from the application is considered a guide, not a definitive answer. The customer agreement provides information regarding privacy. Due to the nature of the application, personal information, such as location, behavior tracking (surfing locations and frequency) will be obtained. The privacy agreement assures the customer of protection of sensitive data. This also includes information regarding parental controls, allowing parents to track where their children are surfing. Data protection also relates to clauses within the agreement discussing anti-spam regulations, showing that the company will not sell personal information, nor will customers receive unsolicited e-mails, texts, and/or social media posts. Thus, customers are assumed, through the purchase of the application, to have provided informed consent as addressed within the agreement. Through informed consent, customers are aware of what the application does and does not do. Finally, the agreement installs provisions for the company to install ads to the application in order to promote other products.
Another type of agreement is between SGlobal and its advertisers. These agreements establish the limitations of the advertisers and the company alike. The agreements address short-term and long-term campaigns.
Ethical management is important because it ensures that the company respects others around it, especially for long-term success.
Ethical management is important across geographic boundaries. Since the application can be used world-wide, there are different needs of these different areas. Ethical compliance is ensured through the installation of recognizable ethic policies that are easily recognizable across the world (Chryssides & Kaler 1993). This involves the use of different languages in the warranties, agreements, and applications to increase usage capabilities.
Ethics are also found within cultural boundaries. For example, the pace of surfing may change dependent upon the time of day (i.e.: those wanting to surf before work for exercise and/or those surfing for relaxation). Therefore, there are different cultural boundaries within these two types of surfers. This means that the company will want to develop distinctive cultural ethics that accommodate the needs and expectations of each group (Svensson et al. 2009). Ethical compliance is established by creating different skins to the application that are more visible dependent upon the time of day surfing. Furthermore, it is possible to add an addition to the application that shows the density of surfers at any given time.
The company offers different functions for its applications. For instance, the ‘Surf Your Life’ application is designed to determine information about the current surfing conditions. The related microchip is designed to repel sharks. Therefore, these are the basic functions of these technologies. However, each also has nonfunctional properties that must be accounted for. According to the company, this mobile application will be developed consisting of multiple layers based on user-requirements, user-experience, business and data layers. Key components include building the software to change as opposed to building it to last, modeling the software in such a way as risk is reduced, and ensuring that the design is flexible, allowing for ease of modification to take advantage of future trends. Therefore, the functions will need to be able to accommodate different usage platforms, such as Android, iPhone, or tablet. This will provide greater opportunities for meeting customer needs/expectations. Ethical compliance occurs through discussing these functional boundaries in the warranties and agreements so that users know exactly how the application can be used.
The company is primarily focusing on technology for surfers under the current business model. Therefore, continuing under this model, the company needs to remain within this product line. In order to introduce other products, such as a hiking application, the company will need to modify its existing business model to accommodate the additional products (Bassellier et al. 2001). Ethical compliance occurs by ensuring that the application remains unique, allowing the company to remain unique.
SECTION II – GOVERNANCE
This section addresses IT governance in relation to SGlobal. Included within this section is a discussion of the applicable governance frameworks to the company, the enterprise operational risk management model, enterprise architecture, infrastructure, and information security practices to be employed within the construct of the company.
Governance frameworks are designed to assist in minimizing risks (Anon, 2015). For SGlobal, there are a great many risks present in the provision of such an app, and it is necessary for the company to work to ensure that such risks are mitigated to the degree possible. To start, the primary governance framework that will be in place within the company will consist of the creation of agreements that are developed to ensure that the company is absolved of liability to the degree possible. One of the largest means through which this will be accomplished will be via the implementation of an end user license agreement, or EULA. The EULA will work to detail the processes and procedures that consumers of the app and the information provided within the app will need to use to contact the company. It will indicate that the company is not liable for the manner in which the individual decides to apply the information collected therefrom, and it will indicate that the sonar chip is designed as a deterrent and cannot protect the user from all shark or shark based attacks, and further, that the company is not liable for any shark related attacks that may occur while the user has the device activated. All users of the app and the associated sonar chip must agree to the EULA before they can access the app or any of its subsequent programming.
Enterprise Operational Risk Management Models and Information Security
When looking to risk management, it is necessary for the company to consider this from the IT perspective, given the nature of the product being offered by the organization. There are many operational risk management models that may be applied by the organization; however, in this case, SGlobal has decided to work to incorporate its own means of addressing risk within the product instead of utilizing the model for another company. Within the construct of the app, the program will be secured against intrusion within the code, and the program will be unable to function without purchase. At the time of purchase, the activation code within the app will be added to the database, which will in turn allow the app to connect to the servers, ensuring that only purchased copies of the app may be used by others, which works to further ensure the company against risk as this means that all individuals will have accepted, though most likely not have read, the EULA, thus working to reduce the overall risk to the company itself. Furthermore, the app, each time it connects to the servers, will verify that the authentication code for the product is still in the purchased database. In addition, the code will be one use only; so if it registers on multiple devices, all devices using that code will have the app deactivated and will need to repurchase should the user decide that he or she wishes to continue its use. This will serve as a login system for that app for that individual on that mobile device. Any additional databases that the user wishes to connect to through the app will require the use of a username and password in conjunction with the valid authentication code in the programming of the app, thus working to prevent unauthorized access. SSL (Secure Socket Layer) technology will be used for establishing a secured and encrypted-link between the client and server. The databases will be created by the coders at the time the code is written. Servers will be rented from Hostgator, and c-Panel/WHM be used as the control panel. No Windows servers will be used by the company. The coders will have access to the databases they have created and have access to the code of the software written. Network administrators will be responsible for and have access to the servers themselves, on top of the security provided by Hostgator, will be responsible for the control panels, the databases, and will be responsible for the basic security of the servers themselves, which will include ensuring that the servers, their drivers, hardware, control panels, and access levels all remain up to date and that only those who should have access, will have access to the servers themselves. Furthermore, these are the only individuals who will have access to the software, databases, and servers themselves, with their level of access remaining in line with the level of access necessary to complete the functions of their job duties and no more. In order to further minimize risk to the company, the company will also require the routine changing of master passwords in order to help prevent unauthorized access. The application will be stress-tested by employing various performance and security tools by the coders supervised by the CIO.
The enterprise architecture of the organization works to align the company’s vision with IT. As the company’s primary focus is the designing of apps and app related architecture, it may be argued that the whole purpose of the company is IT or IT related actions. The vision of the company, as previously indicated, is to create high quality, high utility apps that are designed to assist surfers in obtaining the most up to date conditions of local bodies of water, providing them with the information necessary to be safe at the same time they are being provided with the information that will allow them to make a determination regarding their desired leisure activities.
Currently, the company is focused on the production of the software, which is scheduled to be completed within the first 4 months. When designing any new form of software it is well known that issues may arise during the coding process and the manner in which the code interacts with the different databases that it is designed to connect to. Ensuring that the code runs smoothly and that the app functions properly is the first step in ensuring a strong enterprise architecture for the company, as by doing so, the company will work to decrease potential customer service issues, work to ensure the stability and the reliability of the app, and serve as the foundation on which the company can continue to build and develop new apps that will be equally efficient and beneficial to the desired customer base.
Company infrastructure looks at the basic physical and organizational structures and facilities of the company. In its relation to IT specifically, this refers to the servers that the company is renting, the support structure of the IT department, the customer service department, and the databases that the company has created to ensure the successful operation of the app. The infrastructure is important because it ensures that the product is made effectively within the organization. Infrastructure and server related operational issues would be looked after by the two back-end coders. Any other front-end architectural and design issues related to operation will be looked after by the front-end coder and the CIO. This group will also make sure that the hosting environment is operational and safe and secure without any functional and operational issues. This group will be headed by the CIO.
- Anon, 2015. IT governance and legal compliance strategies for CIOs. Tech Target. Available at: http://searchcio.techtarget.com/feature/IT-governance-and-legal-compliance-strategies-for-CIOs.
- Bassellier, G., Reich, B.H. & Benbasat, I., 2001. Information Technology Competence of Business Managers: A Definition and Research Model. Journal Of Management Information Systems, 17(4), pp.159–182.
- Chryssides, G.D. & Kaler, J.H., 1993. An introduction to business ethics 1st ed., London, England: Chapmann & Hall.
- Lee, K., 2014. Four Entrepreneurial Disciplines Necessary For Success. Above the Law. Available at: http://abovethelaw.com/2014/04/four-entrepreneurial-disciplines-necessary-for-success/.
- PACRA, 2013. “Why Patent?’ The Importance of patents for Innovation. Available at: http://www.pacra.org.zm/index.php?option=com_content&view=article&id=162:why-patent-the-importance-of-patents-for-innovation&catid=1:latest-news.
- Svensson, G. et al., 2009. Ethical Structures and Processes of Corporations Operating in Australia, Canada, and Sweden: A Longitudinal and Cross-Cultural Study. Journal of Business Ethics, 86(4), pp.485–506.