DEVELOPMENT METHOD AND FRAMEWORK Nguyen Hong Son – GCH16287 Sonnhgch16287@fpt.edu.vn Contents Part A: Part B B1 1.1: 1.2: List of high-level requirements for building the system B2 2.1: 2.2: Part C: C1 Data Controllers and LSEPI: 1.1 What is a data controller: 1.2 Data controller role: 1.3 LSEPI: 1.3.1 Legal issue: 1.3.2 Social issue: 1.3.3 Ethical issue: 1.3.4 Professional issue: C2 BCS Code of Conduct 10 2.1 What is the BCS Code of Conduct 10 2.2 Examples 11 References: 11 Part A: The DSDM Atern Agile Method is a refined version of Dynamic System Development Method or DSDM There are multiple reasons why I would consider the use of Atern Agile Method in this case study First due to its principles it can help ensure that the project is delivered on time with all the defined requirement For example, in the case study, the first problem that I noticed was the time period that the company required that the project be done is months which I believe is too short of an amount of time But because of Atern’s second principle (deliver on time), we can ensure that the project will be delivered on time Also with the first (focus on business need) and fourth (never compromise quality) principle the project is guaranteed to have all the business requirement delivered without the compromise of its being of bad quality Next in the case study, I can see that in the meeting to define requirements, created by the project manager, that there are lots of differing opinions of what the requirements need to be for the new system from prioritizing user friendly experience first like a comment and rating system for a product or a way to return item that the customer is unhappy with, to helpful functions that will help administrators with their job like a juice bar manager or charities management Also in the list of requirement I can see that there are lots of repeating requirements from different peoples I think this happen due to the lack of quality in communication between the higher official of the company so by using the DSDM Atern method with its third (collaborate) and seventh (communicate continuously and clearly) principle to help with this issue This will also make sure that any future communication between members of the project is efficient and effective and also ensure that members cooperate productively and adequately Part B B1 1.1: Ben Brode (CFO): Non-High-Level Requirement: Points Requirement # We also need the following: Why it’s not an HLR These requirements are for the * The site should be easy to use and quick to load website’s usability and accessibility * We probably need to arrange for this site to not for what the site need to actually “be” on the internet * We need to register the web URL Walk2Live.co.uk I want to be able to see management reports of This requirement online product sales and compare these to sales administrator’s at the centers themselves is for usability the and accessibility not for what the site need to The look and feel of the website should This resemble the healthy lifestyle we are selling requirement is for the website’s design not for what the site need to Dave Davidson (Shipping and Logistics) Non-High-Level Requirement: Points Requirement # Why it’s not an HLR A way for people to return items they are This requirement isn’t essential for unhappy with an e-commerce solution A rating system for our products with a This requirement isn’t essential for comments section an e-commerce solution Laine Conway (Marketing) Non-High-Level Requirement: Points Requirement # Why it’s not an HLR People should be able to ask us questions This requirement is more of a way to about products and services, so we can link help with user’s ease of use them to the correct merchandise or franchise John Oldman (Consultant): No Non-High-Level Requirement: Paige McMan (Franchise owner) Non-High-Level Requirement: Points # Requirement Why it’s not an HLR My center also has a juice bar and I would like to be able This to manage my stock levels of fresh fruit and is a very specific requirement and it is a vanity vegetables for smoothies and juices, so I can order items from the local supermarket before I run out Sue Thompson (Franchise owner) Points Requirement # Why it’s not an HLR Clients can use the system like Facebook, to This requirement is not communicate with each other and build an online necessary for an e-commerce community They should be able to find out who are in solution their classes and contact those people 1.2: List of high-level requirements for building the system Points Requirement # Log-in for customers Provide a way for us to gather information and keep track of customers statistics Product Reasoning purchasing for This is a good thing to have for the site, it keeps the customers customer from having need to physically go to a store to purchase a product Product Search for customers This provide a way for customer to look for a (logged-in or not) product without having to browse through every product on the site Shipping product to customer’s location a This save customers of the hassle of having to go to the store to pick up an order Order marketing material for This can help administrator better manage their centers center ‘s marketing and help speed up operation Order products for centers This is needed to keep center’s stock up from depleting and making there are always a product for customers Connect the database to the This is needed for the centralized system that the site company is requesting to make Charities management for This can help administrator better manage their centers center’s charities partner and help speed up operation of that center Bookkeeping system for This can help administrator bookkeep and improve administrators a center’s performance Class booking and payment This help customer with booking class and paying 10 methods for customers for them so customer don’t have to go to the center to book a class and/or pay them 11 Report for This can help employee create report quickly which administrators Staff 12 generation can help improve operational speed of a center management for This can help administrator better manage their administrators center’s staff and help with the operation’s speed significantly B2 2.1: Points Requirement # Priority Level Log-in for customers Must Have Product purchasing for customers Must Have Product Search and browse for customers (logged-in or Must Have not) Shipping product to a customer chosen location Must Have Order marketing material for centers Won’t Have This Time Order products for centers Won’t Have This Time Connect the database to the site Charities management for centers Won’t Have This Time Bookkeeping system for administrators Won’t Have This Time Must Have 10 Class booking and payment methods for customers Must Have 11 Report generation for administrators Could Have 12 Staff management for administrators Should Have 2.2: When I decided how I would set the priority level of the high-level requirement, I looked at the goal of the company meeting that is mentioned in the appendix In the appendix, the CFO set a target of getting the e-commerce solution working in months and the centralized system in the subsequence months So, I made a decision of setting any requirements that are needed for a good functional e-commerce solution as must have For example: “Log-in for customers”, “Product purchasing for customers”, “Product search and browse for customer (logged-in or not)”, “Shipping product to a customer chosen location” Next, any requirement that I found related to the centralized system the CFO mentioned is assigned a “Won’t Have This Time” level so they will be worked on after the completion and implementation of the e-commerce solution Here are some examples: “Order marketing material for centers”, “Order products for centers”, “Charities management for administrators”, “Bookkeeping system for administrators” As for the ‘Could Have’ priority level, I had chosen any requirement that can be easily implemented depend on whether or not the e-commerce solution is designed and implemented in a certain way An example would be the “Report generation for administrators” requirement And lastly, for the ‘Should Have’ requirement level, any requirement that I think that can improve the usability, performance, design of the e-commerce solution or the centralized system An example would be the “Staff management for administrators” requirement Part C: C1 Data Controllers and LSEPI: 1.1 What is a data controller: According to the EU’s General Data Protection Regulation (GDPR) a controller is defined as a “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law;” [4] 1.2 Data controller role: The role of the data controller in an organization is to implement and appropriate technical and organizational measures to ensure and demonstrate that its processing activities are compliant with the requirements of the GDPR These measures may include implementing an appropriate privacy policy Adherence to approved Codes of Conduct may provide evident of compliance [3] 1.3 LSEPI: 1.3.1 Legal issue: When the company design and release the program, they need to make sure that it complies with the law defined by the United Kingdom For example: If the company decide to ask the users about their information the company need to inform the users of what information the company is keeping what they are doing with it A real life example is the Facebook scandal recently where they were in trouble because of the fact that they weren’t clear about the fact that they use the user data to make money [5] Another issue that might occur is the possibility of using copyrighted material In the process of designing the website and using copy righted picture or songs or something else will open the company up to being sued by the copy right owner For example: DashCon, a convention organized by a group of Tumblr use, used some copyrighted picture in their promotional website and it was taken down [6] 1.3.2 Social issue: The solution should also be able to prevent, avoid or mitigate some social issue that can come with releasing a website for a wide user base When designing a website, you need to be careful and make sure that you don’t offend anybody’s race, culture and appearance For example, H&M in early 2018 released a new shirt with the quote “Coolest monkey in the jungle”, in a picture on their website a child of African descent is wearing one of those shirt They then have to apologies for the incident a short time later [7] One more thing that the company might want to stay away from is politic because if you say anything that upset anyone on the political spectrum can result in a huge lost in sale or stock In 2017 Pepsi had to remove an ad which feature Kendall Jenner handing out a can of Pepsi to a police officer in a protest The ad was criticized for trivializing demonstrations aimed at social justice causes [8] 1.3.3 Ethical issue: An importance aspect of online ethic is privacy, when the company gather the user information the company itself need to ensure that the user’s information can’t be accessed by third parties without the company knowing An example is the PlayStation Network hack of 2011, the hack resulted in the hacker having access to 77 million user’s information [9] It is also unethical for us to use material that is own by small content creator since they don’t have the resource needed to go to court with us Not only is it unethical it is also bad press One example is when IGN, a video game and entertainment media website, released a review the game “Dead Cell” and then later found out that the review was just copied from a small YouTube channel called “Boomstick Gaming” As a result, the writer of the review got fired and IGN released an apology for the situation [10] 1.3.4 Professional issue: One issue that can come up in this line of work is legal issues and one easy way to deal with those issue is with bribery In 2014, Hewlett-Packard also known as HP, had to pay 108 million dollars to US regulators to settle charges of bribing government officials to win and retain lucrative public contracts [2] Another problem that you might come across is employee wages In this industry it is common for employee to work overtime and those work need to be paid properly according to the law In 2017, an insurance software start-up called Zenefits had to pay 3,4 million dollars in unpaid overtime [11] C2 BCS Code of Conduct 2.1 What is the BCS Code of Conduct The British Computer Society (BCS) Code of Conduct specifies the professional standards required by them as a condition of being a member The code covers four main area: The public interest [1]: You shall: a have due regard for public health, privacy, security and wellbeing of others and the environment b have due regard for the legitimate rights of Third Parties c conduct your professional activities without discrimination on the grounds of sex, sexual orientation, marital status, nationality, color, race, ethnic origin, religion, age or disability, or of any other condition or requirement d promote equal access to the benefits of IT and seek to promote the inclusion of all sectors in society wherever opportunities arise Professional competence and integrity [1]: You shall: a only undertake to work or provide a service that is within your professional competence b NOT claim any level of competence that you not possess c develops your professional knowledge, skills and competence on a continuing basis, maintaining awareness of technological developments, procedures, and standards that are relevant to your field d ensure that you have the knowledge and understanding of Legislation and that you comply with such Legislation, in carrying out your professional responsibilities e respect and value alternative viewpoints and, seek, accept and offer honest criticisms of work f avoid injuring others, their property, reputation, or employment by false or malicious or negligent action or inaction g reject and will not make any offer of bribery or unethical inducement Duty to relevant authority [1]: You shall: a carry out your professional responsibilities with due care and diligence in accordance with the Relevant Authority’s requirements whilst exercising your professional judgement at all times 10 b seek to avoid any situation that may give rise to a conflict of interest between you and your Relevant Authority c accept professional responsibility for your work and for the work of colleagues who are defined in a given context as working under your supervision d NOT disclose or authorize to be disclosed, or use for personal gain or to benefit a third party, confidential information except with the permission of your Relevant Authority, or as required by Legislation e NOT misrepresent or withhold information on the performance of products, systems or services (unless lawfully bound by a duty of confidentiality not to disclose such information), or take advantage of the lack of relevant knowledge or inexperience of others Duty to the profession [1]: You shall: a accept your personal duty to uphold the reputation of the profession and not take any action which could bring the profession into disrepute b seek to improve professional standards through participation in their development, use and enforcement c uphold the reputation and good standing of BCS, the Chartered Institute for IT d act with integrity and respect in your professional relationships with all members of BCS and with members of other professions with whom you work in a professional capacity e notify BCS if convicted of a criminal offence or upon becoming bankrupt or disqualified as a Company Director and in each case give details of the relevant jurisdiction f encourage and support fellow members in their professional development 2.2 Examples The public interest: SudoSoftly have the responsibility to protect the user of the new Alive system, keeping the user’s information safe from unauthorized third parties Professional Competence and Integrity: SudoSoftly also need to conform to the laws of the UK, like the Data Protection Act (DPA) 2018 Duty to Relevant Authority: If for some reason an employee of the company decides to leak personal information of the user to a third party and is found out, the company itself have to take responsibility for the action and compensate according to the law of the UK Duty to the profession: If the company is convicted of a criminal offense Sudosoftly need to inform BCS to the fact they convicted that crime References: 1- The British Computer Society 2015 conduct.pdf [ONLINE] Available at: https://www.bcs.org/upload/pdf/conduct.pdf [Accessed 23 November 2018] 2- Hewlett-Packard to pay $108m to settle scandal over bribery of public officials 2014 Hewlett-Packard to pay $108m to settle scandal over bribery of public officials [ONLINE] Available at: https://www.theguardian.com/business/2014/apr/09/hewlett-packard-108m-corruption-governmentit-us-bribery [Accessed 23 November 2018] 11 3- Chapter 10: Obligations of controllers – Unlocking the EU General Data Protection Regulation 2017 Chapter 10: Obligations of controllers – Unlocking the EU General Data Protection Regulation [ONLINE] Available at: https://www.whitecase.com/publications/article/chapter-10-obligations-controllersunlocking-eu-general-data-protection [Accessed 23 November 2018] 4- EUR-Lex 2016 Consolidated TEXT: 32016R0679 - EN - 04.05.2016 [ONLINE] Available at: https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02016R0679-20160504 [Accessed 23 November 2018] 5- Motherboard 2018 Let’s Talk About Mark Zuckerberg’s Claim that Facebook 'Doesn’t Sell Data' [ONLINE] Available at: https://motherboard.vice.com/en_us/article/8xkdz4/does-facebook-sell-data [Accessed 23 November 2018] 6- Internet Historian (2017) The Failure of Dashcon | The world's first Tumblr convention [Online Video] 22 February 2017 Available from: https://www.youtube.com/watch?v=1ZgxeX2dCnQ [Accessed: 23 November 2018] 7- The Telegraph 2018 H&M apologises for image of black child wearing 'coolest monkey in the jungle' hoodie [ONLINE] Available at: https://www.telegraph.co.uk/news/2018/01/09/hm-apologises-imageblack-child-wearing-coolest-monkey-jungle/ [Accessed 23 November 2018] 8- Independent 2017 Pepsi advert with Kendall Jenner pulled after huge backlash [ONLINE] Available at: https://www.independent.co.uk/arts-entertainment/tv/news/pepsi-advert-pulled-kendall-jennerprotest-video-cancelled-removed-a7668986.html [Accessed 23 November 2018] 9- The Guardian 2011 PlayStation Network hackers access data of 77 million users [ONLINE] Available at: https://www.theguardian.com/technology/2011/apr/26/playstation-network-hackers-data [Accessed 23 November 2018] 10- Games Industry 2018 IGN drops Dead Cells reviewer after plagiarism investigation [ONLINE] Available at: https://www.gamesindustry.biz/articles/2018-08-07-ign-removes-dead-cells-review-after-youtubersplagiarism-accusations [Accessed 23 November 2018] 11- Tech Crunch 2017 Zenefits will pay $3.4 million in unpaid overtime to 743 employees [ONLINE] Available at: https://techcrunch.com/2017/06/20/zenefits-will-pay-3-4-million-in-unpaid-overtime-to743-employees/ [Accessed 23 November 2018] 12 ... misrepresent or withhold information on the performance of products, systems or services (unless lawfully bound by a duty of confidentiality not to disclose such information), or take advantage of