Tag Archives: Paperless and the I pad

The Last Post

Well I will say that this is the last post for the site SPA Paperless Office Project the reason why is that times have changed the site will have a new name and a new look complete with a totally new area to the paperless office, it will still have the roots of the S.P.A Foundation and still built around what I believe is still one of the fundamentals of achieving a paperless environment.

What will the new site have, a purpose built Management Efficacy SPA Template Tool and an Efficacy SPA Paperless Template Tool plus a few others.

How will the site be designed, it will have a new looking reader friendly screen a new external link friendly system plus the all the usual posts that are connected to the paperless environment for the person who wants to understand and read thought and interesting posts that are connected to this subject.

The site design will constantly be updated to improve the reader’s experience.

What will be the site called? To keep in line with the original thoughts of the first web site the name Paperless Endeavour will hope to keep the ever lasting and changing environment that to a certain degree will always try to keep up with the Technologies advances and break thoughts that are always trying to improve the world we live in weather it’s in the office or associated Technologies.

The new site will be launched in January next year, so I hope to see you then, other wise have a wonderful Christmas Holiday and a Happy New Year.

Martin Smith

Advertisements

Office Pc and the Paperless Interface

I have often wondered how the paperless system will become a more common factor and more usable within the work place. I have mention a few times now that it’s not a question in just designing a better software installation and simply down loading that onto your PC.

I do believe that the progression of the paperless system has passed that stage were we would just design a better software programme, that might have been the answer a few years ago but there is nothing wrong with trying to achieve a better software which will help and increase all areas concerned.

What you could say is that has the paperless system reached to a saturation point as a product or a service, I suppose that this would be a question that we could disagree with and I am sure that  some of you could have a serious discussion about.

I personally don’t think that we should stop the software development and realistically the software development that you transfer to a disk and you down load to your PC .

This will always be in the mind of developers not mentioning all the other factors which are connected to this subject.

But if we have reached a so called milestone to the development of paperless system should we be looking towards a different direction but not forgetting about what we have mentioned above. Could one of the areas that we need to be looking at and start to question that of the interface with the computer.

This is not a new subject we have been trying to master this area for some time now and there are plenty of experts about this subject.

It’s not a question of trying to re invent the wheel but just a case of looking at things a bit differently, we have all seen the explosion of computer aided devices for a more social media, but have we seen an explosion for the traditional office PC.

I think we all could agree that we have not notice any major developments to a degree that might change the way we use the office PC, but if we look at the advances towards the office PC , then there have been far and few between, could this be a stumbling block in the future development of the paperless system.

I will put my neck out on this one and state that I do believe that the future of the office PC will be a tablet and touch panel devices complete with a traditional keyboard and I will also state that these will have to be priced to beat the second hand traditional PC that we see in computer shops who buy and sell these items in bulk, I am not talking about the few we notice on E bay, but the serious dealers who make a living form this professional trade.

I mentioned in some of my past posts that we should be viewing and looking at the computer in a different way, we should segment and separate social media computers to the traditional office computers.

You may ask yourself what this has got to do with the paperless office and paperless systems well I personally think that it has a lot to do with how the paperless system will have to be developed in the future.


Paperless and the Data Protection Act 1998

We have stated that the DPA can be a complex act to process and can contain sensitive information and personnel information about individuals.

So can a paperless system assist this act?

I think the main question we have to ask ourselves is to what degree do we store or hold this type of information and for how long.

If you have read the post within this section you will know that there are eight key areas within this act.

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

I think the first four key areas are straight forward and are not really a key area to the paperless system although the process to achieve these areas must be given serious consideration when applying this information to a PC or to a system which has been developed for your organization or company.

One of the areas that sometime can be overlooked is that of first “input”, some system allow the person to do this electronically and this information is transferred automatically into the main data bank, but there are still a lot of paper information which has to be transferred manually into the electronic data system.

At this stage paper can cause a problem not only in the sense of a paperless environment but also transferring that information without paper and obtaining a secure transfer, this is a more to do with the Electronic Signature Regulations 2022 and the ESR Data protection which has been covered with an other section of the blog.

The next two areas: Not kept for longer than is necessary and processed in line with your rights, once again this will depend on the type of organization and company where these are used in the contents of there application.

The last two are certainly two of the main concerns within this act which have caused problems with the design and also its potential damage weather its long term or short term damage.

Secure can mean a lot of areas within this section, secure form hackers, secure loss of data, secure of storage, secure within a day to day usage. Secure of transferring and secure of non active viewing and usage.

One of the area that I am totally confused about is that, sometimes we read and see on the news, that a USB stick was left on a train or lost in a public place, its not the reason that the information was lost, unfortunately people are human and mistakes are made, but it’s the lack of protected procedures that companies introduce when applying this act, its knowing that these incidents happened not because of human or computer error but the procedures allowed this to happen.

How was the information transferred on the stick in the first place, you can say that its like a person working in a bank taking some of the money out of the bank, taking it home and saying that he or she has to count it while he or she is at home, it should not happen in the first place, it should not even entered the person mind, never mind carrying out the act

I think this act and the paperless system is difficult to separate, not because it is complex but it would be difficult to design a totally paperless system which is separate from the standard PC installation and keep it connected within the organizations computerized frame work.

We must also ask our selves do we want to separate this information, I think it can only be answered to the type of information you have in the first place, although storage and input and also day to day activities may benefit from totally paperless environment.

Once again this section is really dependant to the type of information and how the organization and company is using this information in the first place


Paperless and the Mobile

Just recently I have spent some time reading various articles and comments stating that the mobile phone can assist and is also used as a paperless office.

I must admit this statement makes me “shudder with horror”

I know you might say that the development of the mobile phone has helped with the general progression of the paperless system and you would be correct to state this, but in the next sentence the mobile phone has assisted the development of all most general gadgetry products that we used on a day to day basis.

If we are stating that the mobile phone is been used as a paperless office in what contents do we mean, looking and reading the articles it’s seems to be in the areas of convenience with regards to booking tickets and also paying bills through paperless transactions, this I would agree, but this is nothing new and we have been using this technology for some time now.

So what else could we be using this for with regards to the paperless office we must remember these are stating that your mobile can be your office.

We have things like apps for scanning so your mobile can scan any documentation , we all so have apps which are claiming to be paperless management documentation systems that you can down load into your mobile, we also have scribed I paper, which lets you down load individual documents into your phone and stores them into a file we also have programmes like OCR  (Optical Character Recognition) or Read Iris Pro which you can down load into your mobile read and view documents as and when required.

I suppose all these things are heading into the right direction and are assisting the development of the paperless system, I just have concerns that the general public believe that you could run your office from your mobile phone.

If you had to put your hand on your hart, could you realistically say that this is possible and is a realistic solution to a paperless office.

What I do like about the mobile industry is that it has been a great benchmarking product for the future of the paperless system, and we have to be gratefully that the general public are so fickle that they must have the latest and fastest technology that paves the way for development and progressive solutions that can be adapted to adjoining technologies within the paperless system.

 I could state that the advertising study that I carried out some time ago with Bradford University was correct, in that the terminology of the wording “Paperless Office” should be used with caution.

My personal belief this that this does not help the progressive development of the paperless office, it may assist the progressive development of paperless solutions which can help us in general termsc and that is a good thing to have as I have so many times stated that we must perceive the customer users perception  and not the technologies perception.


E Paper: Develop and Adapt

Just recently I have been spending a bit of time looking at the new areas of E paper, why because it will certainly play a part in the concept of the paperless office and also I have a general interest in new technology.

In some of my past posts I have indicated that E paper should take a closer look at its self and decide into which direct it should be travelling and also a small undertone that E paper could be a Roll Royce of paper and not E paper for the masses, a product that could change how we work and behave in a normal working office.

Should E paper look for a new direction, could it survive if a very simple product was designed and developed not just for social pleasure but a true working product that can be used in the work place which could be a replacement for paper.

Personally I do not think that E Paper should replace paper, when I say replace paper, I don’t think it has to replace paper in the sense of sheet paper.

Last year I carried out a survey with Bradford University, this mainly looked at SPA, Secondary Paper Activities within a work place, the general findings were that 63% of Paper Activities were computer based and the remaining paper activities were classed as small notary actions and came under the section of SPA.

What does this tell us, it tells us that 63% of activities within the work place is already performed using a standard PC so what we can use E paper for.

I think we have to forget the direct replacement for paper, writing on E Paper, is not in the forefront of our minds, and has not been development yet. I generally believe that E Paper will have to be categorised to the storage, viewing and display area if we are going to try to bring this into the work place.

I don’t think that this is a bad think, if you look at this and look at the whole picture, could we remove the paper file and lever arch files that are situated in all our offices.

One would assume that one of the reasons why we are developing E paper is to remove paper as we know it, in its traditional sense or is it to develop the computer device, we started with the computer and then the tablet and I pad, and now the E paper, could we view the E Paper as an extension development of the tablet and I pad.

 I personally hope not, I think that E paper will survive but only if we segment the product into a workable and practical solution that is cheaper and more user friendly that we have been used to within the work place.


ISO 27001

ISO/IEC 27001:2005 Information technology — Security techniques — Specification for an Information Security Management System

ISO/IEC 27001 is the formal set of specifications against which organizations may seek independent certification of their Information Security Management System (ISMS).

ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system – an overall management and control framework – for managing an organization’s information security risks.  It does not mandate specific information security controls but stops at the level of the management system.

The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations) and all sizes from micro-businesses to huge multinationals. 

This is clearly a very wide brief.

Bringing information security under management control is a prerequisite for sustainable, directed and continuous improvement.  An ISO/IEC 27001 ISMS therefore incorporates several Plan-Do-Check-Act (PDCA) cycles: for example, information security controls are not merely specified and implemented as a one-off activity but are continually reviewed and adjusted to take account of changes in the security threats, vulnerabilities and impacts of information security failures, using review and improvement activities specified within the management system. 

According to JTC1/SC27, the ISO/IEC committee responsible for ISO27k and related standards, ISO/IEC 27001 “is intended to be suitable for several different types of use, including:

  • Use within organizations to formulate security requirements and objectives;
  • Use within organizations as a way to ensure that security risks are cost-effectively managed;
  • Use within organizations to ensure compliance with laws and regulations;
  • Use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
  • The definition of new information security management processes;
  • Identification and clarification of existing information security management processes;
  • Use by the management of organizations to determine the status of information security management activities;
  • Use by the internal and external auditors of organizations to demonstrate the information security policies, directives and standards adopted by an organization and determine the degree of compliance with those policies, directives and standards;
  • Use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations that they interact with for operational or commercial reasons;
  • Implementation of a business enabling information security; and
  • Use by organizations to provide relevant information about information security to customers.”

Structure and content of ISO/IEC 27001

ISO/IEC 27001:2005 has the following sections:

0 Introduction – the standard uses a process approach.

1 Scope – it specifies generic ISMS requirements suitable for organizations of any type, size or nature.

Normative references – only ISO/IEC 27002:2005 is considered absolutely essential to the use of ’27001.

 3 Terms and definitions – a brief, formalized glossary, soon to be superseded by ISO/IEC 27000.

4 Information security management system – the ‘guts’ of the standard, based on the Plan-Do-Check-Act cycle where Plan = define requirements, assess risks, decide which controls are applicable; Do = implement and operate the ISMS; Check = monitor and review the ISMS; Act = maintain and continuously improve the ISMS.  Also specifies certain specific documents that are required and must be controlled, and states that records must be generated and controlled to prove the operation of the ISMS (e.g. certification audit purposes).

5 Management responsibility – management must demonstrate their commitment to the ISMS, principally by allocating adequate resources to implement and operate it.

6 Internal ISMS audits – the organization must conduct periodic internal audits to ensure the ISMS incorporate adequate controls which operate effectively.

7 Management review of the ISMS – management must review the suitability, adequacy and effectiveness of the ISMS at least once a year, assessing opportunities for improvement and the need for changes.

8 ISMS improvements – the organization must continually improve the ISMS by assessing and where necessary making changes to ensure its suitability and effectiveness, addressing nonconformance (noncompliance) and where possible preventing recurrent issues.

Annex A – Control objectives and controls – little more in fact than a list of titles of the control sections in ISO/IEC 27002, down to the second level of numbering (e.g. 9.1, 9.2).

Annex B – OECD principles and this International Standard – a table briefly showing which parts of this standard satisfy 7 key principles laid out in the OECD Guidelines for the Security of Information Systems and Networks.

Annex C – Correspondence between ISO 9001:2000, ISO 14001:2004 and this International Standard – the standard shares the same basic structure of other management systems standards, meaning that an organization which implements any one should be familiar with concepts such as PDCA, records and audits.

Mandatory requirements for certification

ISO/IEC 27001 is written as a formalized specification such that accredited certification auditors are meant to be able to use the standard as a formal description of items that their clients must have in order to be certified compliant. It does indeed specify certain mandatory documents explicitly. 

However, in other areas it is vaguer and, in practice, other documents are commonly demanded, including certain items which provide the auditors with evidence or proof that the ISMS are operating. 

Organizations can specify the scope of their ISO/IEC 27001 certification as broadly or as narrowly as they wish.  Understanding the scoping documents plus Statements of Applicability (SoA) is therefore crucial if one intends to attach any meaning to the certificates.  If an organization’s ISO/IEC 27001 scope only notes “Acme Ltd. Department X”, for example, the associated certificate says nothing about the state of information security in “Acme Ltd. Department Y” or “Acme Ltd.” as a whole. 

Similarly, if the SoA asserts that antivirus controls are not necessary for some reason, the certification body will doubtless have checked that assertion but will not have certified the antivirus controls – in fact, they may not have assessed any technical controls since ISO/IEC 27001 is primarily a management system standard, so compliance requires the organization to have a suite of management controls in place but does not necessarily require specific information security controls.

Certification is entirely optional but is increasingly being demanded from suppliers and business partners by organizations that are concerned about information security. 

Certification against ISO/IEC 27001 brings a number of benefits above and beyond simple compliance, in much the same way that an ISO 9000-series certificate says more than “We are a quality organization”. Independent assessment necessarily brings some rigor and formality to the implementation process (implying improvements to information security and all the benefits that brings through risk reduction), and invariably requires management approval (which is an advantage in security awareness terms, at least!).

The certificate has marketing potential and should help assure most business partners of the organization’s status with respect to information security without the necessity of conducting their own security reviews.


eReaders, can we curl upto a book !

So there is no confusion to what we are writing about, when we say hardware we mean what you physically hold in your hand, some people do class hardware as the software running application, I do think that this seems to be I little misleading at times and I do believe that it can play a important role when designing and also reading from a eReader.

What do you say is the most important factor when designing a eReader, it’s stylish looks with all the modern applications, it’s ability to connect to the world wide web, crystal clear reading surface, back and white print or colour, it’s looks and feel to replicate a book or newspaper the list is endless and it will be a personnel choice but there must be a bare minimum requirement to all eReader designs.

This has to be a clear and crystal reading screen, you can have all the latest gadgets, but if this is not acceptable then you are on to a loser before you begin.

I think in the early days when the eReader was just starting this was a problem but as we all know as technology grows, these small areas are ironed out and we do not have such a problem anymore.

E Ink displays has somewhat slowed lately, with the Kindle and the Sony reader models being out for quite a while now. Things are looking up, however, with the latest announcement from E Ink trying to update the display tech in order to beat the Apple iPad.

Most noticeable features are an improvement from the standard 7:1 contrast ratio screens to the much easier on the eye 12:1 ratio – and a faster refresh rate. E Ink claims this refresh rate is fast enough to support simple animations.

So if we are starting to master the concept of the reading ability, then what else could you class as been important.

To follow are the products on the market that everybody is buying and they all have a general same design parameters.

I generally believe that it’s not what you class been important but what do you want to read and how you want to read it, Do you want to read the item on the go or do you want to read it in the comfort of your own home.

I do think that this area has reached a turning point as to what the customer perceives to what the product should be to what the designer perceives what the product should be.

 

All the above Ereaders are approximately designed the same with regards to the overall demin 8 * 5.3* 0.36 to 10.4 * 7.2 * 0.4 Inches. Weighs approximately 8 to 12 ounces some are designed with touch screen some are not the running applications are a other story, as I have mentioned within an other post.

 My main point is that the above Ereaders are designed to be small, compact, portable and are really designed for the so called on goes that are constant on the move and who require information at a press of a button.

Is there or should there be a section if you want to read in private or in the comfort of your own home, I certainly believe that there is, if I wanted to read a book or even a magazine then I would not want to read a small potable compact screen.

I do believe that these types of Ereaders are great and they do provide a great portable devices for people which require information or need to read a few pages etc, but if I wanted to curl up to a book or magazine this is not the type of environment that I would be comfortable with.

So is there an answer I generally believe that the above Ereaders are great for the purpose but I have my concerns with regards to the type of environment that this will slowly progress to, it is only matter of time before the general public will start and want to read a book or a newspapers in the comfort of they own home

The above products will not be acceptable, Why , to small and to expensive , there is a nature progression here that the eReader will be become a thing of the past and the new buss word will be Tech paper, a single sheet that will let you down load any book, newspaper or document, the size of approx the I pad where you can keep the feeling of that traditional aspect.