Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Extra-Organisational Systems'

Extra-Organisational Systems: A Challenge to the Software Engineering Paradigm

Roger Clarke

Version of 10 January 1992

© Xamax Consultancy Pty Ltd, 1992

This paper was presented at the IFIP World Congress, Madrid, September 1992

This document is at http://www.rogerclarke.com/SOS/PaperExtraOrgSys.html


Abstract

Vulnerability is discussed in the context of data processing and information management applications. It is argued that a new class of information technology applications must now be recognised, in which one or more organisations cooperate with small enterprises and private individuals. The term 'extra-organisational systems' is coined for such applications.

Using illustrations arising from studies in the field of consumer EFTS, it is shown that the public is generally regarded as 'usees', beyond the system and affected by it, rather than as part of the system. It is argued that conventional systems life-cycle notions and techniques are inappropriate to extra-organisational systems. Rather than the software engineering, artefact-oriented philosophy inherent in existing techniques, such systems demand an alternative organically-based paradigm.


1. Introduction

It is conventional to define vulnerability as "the possibility of loss, injury or denial of equal rights to a significant segment of the population, the weakening of social stability, or risks to national sovereignty due to dependency on computer-based information-technology" (TDR 1981). A variety of sources of risk arising from information technology (IT) have been classified, and a variety of dimensions identified, including individual, organisational, economic, social and national sovereignty (SÅRK 1978, 1979; Hoffman 1986; Holvast 1989; Berleur 1992).

Parallel with the literature on vulnerability, a number of related areas have developed, especially safety-critical systems and system- and software-safety (e.g. Neumann 1979-, 1986, 1989; Malasky 1982; Perrow 1984; Leveson 1984, 1986, 1990, 1991; Parnas 1985; Smith 1985; Borning 1987). Systems engineering defines safety management as the measures taken to reduce the risk of accidents and of hazards, where the term 'hazard' means a set of conditions that can lead to an accident (Leveson 1991). Other relevant areas include software quality assurance (AS3563 1991), trusted systems (DoD 1987), risk management (Shain & Anderson 1989), information systems failures (Lyytinen & Hirschheim 1987), disaster recovery planning (Toigo 1989) and service continuity planning (Brunnstein 1991).

Vulnerability is usually discussed in the context of artefacts which manipulate the environment, such as process control, transportation control and weapons guidance systems. Vulnerabilities also arise, however, in respect of quite banal IT applications. Employees' interests are threatened by inadequacies in a payroll system, and by insensitively designed features of a personnel or human resource management system. Affluent people rely on the convenience and consistent availability of banking systems. Social welfare clients are highly dependent on the systems used by government welfare agencies, and in countries in which welfare payments are now made into clients' accounts with financial institutions rather than by cash or cheque, welfare beneficiaries too are heavily dependent on banking systems.

This paper focusses on human vulnerabilities in such more conventional, unromantic and seemingly harmless data processing and information management applications. Its thesis is that:

The paper commences by reviewing classes of systems previously identified in the literature, and the vulnerabilities associated with them. It identifies the need for a new class of system, for which the term 'extra-organisational' is coined. Subsequent sections identify weaknesses in conventional approaches to the conception, development and operation of extra-organisational systems, and suggest how the social vulnerability inherent in such systems can be significantly reduced.


2. Intra-Organisational Systems

Early applications of computers within organisations were oriented toward the automation of hitherto human tasks. It was soon found that a degree of rationalisation could be undertaken - the computer offered an opportunity to re-define the functions being performed. As the capacity of computing equipment grew, systems increased in scope, and integrated what had previously been separate business functions. The boldness and the capabilities of the new breed of programmers increased, and the seeds were sown for the technological self-confidence of contemporary systems designers.

During this period, which we can retrospectively dub the 'intra-organisational systems' era, it was claimed that computers were a productivity tool, and that the natural corollary was job-displacement. In practice, it appears that the early decades of intra-organisational computer applications may have resulted in more and better quality work being performed, but by comparable numbers of employees: evidence of actual increases in the gross productivity of labour has been hard to find (Franke 1987). By the end of the 1980s, however, the sophistication of IT had reached a point at which the long-promised reductions in staffing were beginning to be measurable, particularly in the information industries such as banking, and particularly in middle-managerial ranks.

Apart from the job-displacement issues, which are briefly discussed later in this paper, other vulnerabilities were created, but were seldom considered in a cohesive and systematic fashion. For example:

An area in which considerable maturation in systems life-cycle thinking has been apparent is the gradual appreciation that systems cannot be viewed only from the perspective of the system owner. The interests of 'users' have been increasingly recognised, not for altruistic reasons, but because lack of 'user involvement' has been shown to undermine systems' acceptance, and hence payback on the investment. To date, however, the interests of people affected by the system but external to the organisation, referred to within the IFIP TC9 community since the mid-1980s as 'usees', are seldom reflected.

An important development, traceable to the 1960s, has been the marriage of computing and telecommunications. This made the power of the computer available to organisational units remote from the central site, through such innovations as remote job entry (RJE) and terminals. Some applications of the emergent 'information technology' were more revolutionary. In passing beyond the organisation's boundaries, they ushered in new forms of information systems.


3. Inter- and Multi-Organisational Systems

The early inter-organisational systems involved the installation of terminals on the sites of an organisation's primary business partners. More sophisticated arrangements involve direct links between mainframes and/or front-end processors, and more recently inter-networking via third-party communications facilities. By definition, a degree of trust already existed between business partners, and hence security features had time to mature.

Inter-organisational applications continue to emerge, and to increase in power and complexity. In recent years they have been much-touted, and to some extent used, as a basis for implementing organisational strategies, and for realising competitive advantage through corporate collaboration and alliances (Kaufman 1966, Malone, Yates and Benjamin 1987, Wiseman 1988, Johnson and Vitale 1988, Rockart and Short 1989, Konsynski and McFarlan 1990, Brousseau 1990, Oesterle 1991).

Inter-organisational systems are essentially pairings of business partners. Each organisation may develop links with more than one important partner, but each link is largely independent of the others. Over time, however, economies of scale have become important, and organisations have tended to develop a technical infrastructure which serves the needs of each of the links. Third parties have grasped the opportunity of making a business of offering services to multiple user-organisations.

The natural result of this increase in sophistication has been the emergence of 'multi-organisational' systems. These can be distinguished from inter-organisational applications in that they are designed to support multiple linkages with many organisations, and, in principle, with any other organisation with which there is a need to communicate. Particular forms include:

In each case, standards and interfaces have been established, and appropriate controls and security features imposed.

Many different flavours of multi-organisational system have emerged. Some of them essentially automate existing relationships and flows, while others represent wholesale revolution. Some have been used as instruments of competitive aggression, and some to protect the existing industry configuration. Some are organised along industry-sectoral lines, whereas others cut across industry boundaries (Clarke 1991).

The creation of multiple, linked intra-organisational systems had created inefficiencies, because data captured into machine-readable form in one organisation was being printed, sent by physical means to another organisation, and then re-captured. This was not only inefficient in terms of unnecessary data capture steps, but also because it involved significant error-levels, expensive consequences, and detection, investigation and re-work. Most such errors are in principle avoidable, and well-designed inter- and multi-organisational systems are in the process of removing these inefficiencies. This is part of what Wiener (1949), Forrester (1961) and Beer (1975) had in mind when they proposed the application of cybernetics to industrial organisation.

The removal of inefficiencies is, of course, a cause for rejoicing, because it means that society can produce more goods and services for the same amount of labour input. There is, however, an inevitable negative impact on those employees who are displaced, and on their dependants, at the very least during an interim period while the person finds a new job.

To the extent that displaced people prove unable or unwilling to re-train and/or re-locate, the impact can be severe. Under some conditions, moreover, the impact may be long-term, when, for example:

Where long-term unemployment results, the consequences for the people affected can be very severe, particularly if there is an inadequate 'safety net'. Given that the main avenue for distributing national income to people is on the basis of their employment, social vulnerability appears to be now arising from the more advanced forms of applications of IT in commerce, industry and government.

Apart from the work-and-income issue, other vulnerabilities have emerged in greater number, and of greater severity, during this era. For example:

Inter- and especially multi-organisational systems appear certain to develop further during the coming years, and vulnerability issues will clearly require a great deal of attention.

The following section distinguishes a related class of IT application which has not to date received attention in the literature.


4. Extra-Organisational Systems

Implicit in the notions of inter- and multi-organisational systems are the assumptions that each of the nodes of the network is professionally managed, and that the facilities are used in an organisational context, with all of the discipline and cultural constraints that entails. These assumptions are important, because business partners depend on one another's professionalism in relation to such matters as:

There is an increasingly large number of systems which transcend the boundaries of an individual organisation, but for which these assumptions do not hold, such as:

In these cases, many of the organisation's 'business partners' are small, single-site (and in many cases single-person) enterprises, such as retail outlets and service agents, or are members of the public. These partners do not have professional IT managers with an understanding of such arcane arts and technologies as systems analysis and communications protocols. Despite this, some of them will reliably and consistently perform the intended functions, and interpret their interaction with the facility in the way the designer intended. It would be a highly idealistic designer, however, who relied upon all, or even a large percentage of these partners to do so.

In passing, it is noted that a complete taxonomy of IT applications must also include person-to-person or public systems, such as electronic bulletin boards and 'CB' services. Vulnerabilities arising in the context of such systems are identified and discussed in Dunlop and Kling (1991).

The following section draws on prior research relating to one particular form of extra-organisational system, to identify some specific instances of vulnerabilities, and trace the origins of those weaknesses to the philosophy and methods of contemporary systems life-cycle thinking.


5. The Case of Consumer EFTS

A variety of studies of electronic funds transfer systems have been undertaken (see, in particular, Kling 1983). This section draws heavily on studies of consumer EFTS in Australia (Walters 1989, Clarke and Walters 1989, Clarke 1990a and 1990b, Clarke and Greenleaf 1990, APSC 1990); and in Switzerland (Clarke 1992).

Consumer EFTS may be defined narrowly, to include only ATM services and point of sale systems in merchants' premises (EFT/POS), in which value is transferred between accounts on the basis of data captured from a card inserted in a remote terminal and an associated keyboard. A broader definition includes all transactions in which the magnetic-stripe on a credit- or debit-card is used to effect payment, whether with or without use of a personal identification number (PIN). Used in this less restrictive manner, the term also covers remote banking services from home or office, and card-facilitated tele-shopping, phone-calls, bill payments and reservations.

Automated Teller Machines were adopted very quickly when they were introduced in Australia in the late 1970s and early 1980s. Consumers have enjoyed the benefits of greater convenience, but unfortunately for the financial institutions, the anticipated large net savings in transaction-handling costs were not realised. This was because the average size of transactions is now much smaller than was the case before the introduction of ATMs, and the number of transactions is much greater.

Australia has been among the world leaders in the rate of adoption of consumer EFTS, but most forms, and especially EFT/POS, have achieved much slower growth rates than was the case with ATMs. A number of factors were involved, some peculiar to Australia, but many similar to those which have retarded growth in many other countries. They included:

On the basis of successful EFT/POS implementations, it appears that there are several important features of system architecture:

Once these corporate difficulties had been overcome, there remained the question as to whether consumers would actually use the resulting system. Too little attention was paid to the interests of the consumer, indicating a failure to appreciate the extra-organisational dimension of consumer EFTS. In particular:

It is apparent that successful EFT/POS systems depend on a strong affinity between the designers and the point-of-sale environment and consumers.

Debates about the security aspects of Australian consumer EFTS provide further evidence of the extent to which the consumer was long regarded as being outside the EFT/POS system, rather than an integral part of it. The Australian finance industry has been a world leader in the establishment of security standards, and the level of security is very high (AS2805 1988, Weber 1989). The banks have had, however, an internally focussed and technically oriented view of security. Some of the deficiencies during the late 1980s are documented in Appendix I.

No discussion of vulnerabilities arising from consumer EFTS would be complete without reference to the enormous potential for privacy invasions, both by private sector organisations (variously for marketing and debt collection reasons), and the public sector (for person-tracing and location). In most countries, including Australia and Switzerland, there is virtually no legal protection whatsoever against abuses. This is an area in which the public may in due course have its say, perhaps by orthodox lobbying for regulation, perhaps through the boycotting of consumer EFTS, and perhaps through civil disobedience in the form of habitual provision of false or misleading identity and other personal information.

During the period 1987-90, steps were taken by a variety of Australian Federal and State Government agencies to ensure that the financial institutions addressed at least the most pressing of consumers' concerns (although at no stage to date have privacy considerations been addressed). One remarkable aspect of the procedure was that the development and successive reviews of the EFTS Code of Conduct were undertaken without the formal participation of consumer representatives or advocates.

Despite the litany of inadequacies, the adaptability of both the technology and the major players has proven to be of a high order, and the confusion and mistrust which reigned in Australia from 1984 until 1989 is now being overcome, and steady growth is being experienced. Similarly, the openness and consumer-orientation of consumer EFTS in Switzerland appears to be resulting in brisker growth rates in transaction volumes.

The conclusions drawn from these studies of consumer EFTS are that the major players made costly mistakes as a result of conceiving of the consumer and his actions as being outside the system boundaries. They treated the system as (at best) a multi-organisational system, when it was really an extra-organisational application. It was only when external pressure was brought to bear that the financial institutions were forced to reflect consumers' interests in their system designs.

Organisations have a clear motivation to reduce their costs by transferring tasks to other organisations, and to their clients. For relatively high one-time capital costs and relatively very low recurrent costs, organisations can arrange for their clients to themselves perform data capture, acquire the organisation's services, and/or access stored data. For such arrangements to be effective, however, a number of requirements from the perspectives of all parties must be satisfied. These requirements are not readily analysable, because they are subject to interpretation by a wide variety of players, and are subject to ongoing change. The following section proposes a shift in the framework within which extra-organisational systems are developed, which will enable vulnerabilities to be reduced.


6. Towards an 'Organic' Paradigm

The prevalent approach to information systems conception, development and operation can be depicted as reflecting the attitude of the engineer, confident in his ability to harness the forces of nature to build bridges across yawning chasms. The primary concern is with the artefact, comprising hardware, network, electronic traffic and systems and application software.

This paper is not concerned with the efficacy of that approach to intra-, inter- and multi-organisational systems. It argues that the software engineering paradigm is inapplicable to extra-organisational systems, and that an alternative, more open and 'organic paradigm' is needed, based on a less deterministic interpretation of general systems theory and cybernetics than has been common in recent decades.

The basis upon which the argument rests is that:

As far as I am aware, the term 'organic paradigm' is original. The concept, however, is well-established. Presursors include 'sociotechnical systems' (Emery & Trist 1960, Mumford 1983), Beer (1972, 1975), Miller's 'living systems' (1978), Checkland's 'soft systems methodology' (Checkland 1981, Checkland & Scholes 1990), the Multiview approach (Wood-Harper et al 1985), and the stream of thought emerging at the less mechanistic end of the cognitive science community (Winograd & Flores 1986).

Winograd and Flores argue:

With them, I am arguing not for the rejection of rationalism and science in favour of holism, vitalism or some other ascientific framework, but rather for the re-direction of the rationalistic tradition.

There are increasing echoes of these kinds of thinking in the management and management information systems literatures. For example, Ciborra's at first sight revolutionary arguments about 'designing-in-action' and 'bricolage' (which holds that systems are not products designed by a master-architect, but rather the result of tinkering by the many people involved - Ciborra and Lanzara 1989, Ciborra 1991) is not meeting rejection, but rather being absorbed and rationalised back into the mainstream of information systems thinking.


7. Conclusions

Vulnerability has been discussed in the context of data processing and information management applications. A great deal of attention has been paid in the literature to inter-organisational and multi-organisational systems, and the opportunities, impacts and management of such systems have become clearly distinguishable from those of the long-standing class of intra-organisational applications. It has been argued that a new class of system must now be recognised, which is referred to in this paper as 'extra-organisational'. By this is meant systems in which one or more organisations cooperate with other entities which are not organisations, but rather are small enterprises and private individuals. Reports from studies in the field of consumer EFTS have illustrated ways in which the public is still generally regarded as 'usees', beyond the system and affected by it, rather than part of the system. It has been argued that conventional systems life-cycle notions and techniques are inappropriate.

Extra-organisational systems are different and important. Conventional approaches will not work, and their inadequacies are deep-rooted. The artefact-orientation of contemporary methods must be mediated by a fuller appreciation of the environment of application - rather than 'technology', the focus must be on 'technology-in-use'. And the dominant engineering credo must be replaced by a paradigm which owes more to organic conceptions of information systems.


Appendix I: Deficiencies in Consumer EFTS Security
From the Perspective of the Consumer
Australia, late 1980s


References

APSC (1990) 'Report on EFT Security Survey' Australian Payments System Council, Reserve Bank of Australia, Sydney (Novermber 1990)

AS2805 (1988) 'PIN Management and Security' Standards Australia, Sydney (1988)

AS3563 (1991) 'Software Quality Management' Standards Australia, Sydney (Sep 1991)

Beer S. (1972) 'Brain of the Firm' Allen Lane, London, 1972

______ (1975) 'Platform for Change' Wiley, New York, 1975

Berleur J. (1992) 'Assessment of Risks and Vulnerability in an Information and Artificial Society' Working Paper on behalf of IFIP WG9.2, available from the author, Facultés Univ. Notre Dame de la Paix, Namur, Belgium, January 1992

Borning A. (1987) 'Computer Systems Reliability and Nuclear War' Commun. ACM 30,2 (February 1987) Republished in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 560-592

Brousseau E. (1990) 'Information Technologies and Inter-Firm Relationships: The Spread of Interorganisational Telematic Systems and Its Impacts on Economic Structures' Proc. 8th Int'l Telecommunications Conf., Venice (March 1990)

Brunnstein K. (1991) 'Service Continuity Planning' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact II' Elsevier / North Holland, 1992 pp. 271-286

Checkland P. (1981) 'Systems Thinking, Systems Practice' Wiley, Chichester, 1981

Checkland P. and Scholes J. (1990) 'Soft Systems Methodology in Action' Wiley, Chichester, 1990

Ciborra C.U. (1991) 'From Thinking to Tinkering: The Grassroots of Strategic Information Systems' in DeGross J.I. et al, Proc. 12th Int'l Conf. Inf. Sys., New York, December 1991 pp.283-291

Ciborra C.U. and Lanzara G.F. (1989) 'Designing Networks in Action: Formative Contexts and Post-Modern Systems Development' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact' Elsevier / North Holland, 1991 pp. 265-279

Clarke R.A. (1990a) 'Consumer EFTS in Australia - Part II - Security Issues' Comp. L. & Sec. Reporter (1989-90) 5 CLSR (Jan/Feb 1990)

______ (1990b) 'Consumer EFTS in Australia - Testing Times for Guided Self-Regulation' Comp. L. & Sec. Reporter (1989-90) 6 CLSR (Mar/Apr 1990)

______ (1991) 'Towards a Framework for the Analysis of EDI's Impact on Industry Sectors' Proc. 4th Int'l EDI Conf., Bled, Slovenia, Uni. of Maribor, June 1991

______ (1992) 'Case Study Cardomat/Migros: An Open EFT/POS System'

Austral. Comp. J. 24,1 (February 1992)

Clarke R.A. and Greenleaf G.W. (1990) 'Consumer EFTS in Australia - Privacy Implications' Comp. L. & Sec. Reporter (1990-91) 1 CLSR (May/Jun 1990)

Clarke R.A. and Walters M. (1989) 'An Introduction to Consumer EFTS With Particular Reference to Australia' Comp. L. & Sec. Reporter (1989-90) 4 CLSR (Nov/Dec 1989)

DoD (1987) 'Trusted Computer System Evaluation Criteria', National Computer Security Center, National Security Agency, U.S. Department of Defence, DoD 5200.28.STD, 1987 (the "Orange Book")

Dunlop C. and Kling R. (1991) 'Social Relationships in Electronic Communities' in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 322-378

Emery F.E. and Trist E.L. (1960) 'Socio-technical systems' in Churchman C.W. and Verhulst M. (Eds.) 'Management Science Models and Techniques Vol. 2' Pergamon, Oxford, 1960

Forrester J. (1961) 'Industrial Dynamics' MIT Press, Cambridge Mass, 1961

Franke R.H. (1987) 'Technological Revolution and Productivity Decline: The Case of U.S. Banks' Techno. Forecasting and Social Change 31 (1987) 143-154 Republished in Forester T. (Ed.) 'Computers in the Human Context' Basil Blackwell, Oxford, 1989

Hoffman L.J. and Moran L.M. (1986) 'Social Vulnerability to Computer System Failure' Computers & Security 5 (1986) 211-217

Holvast J. (1989) 'Vulnerability of Information Society: The Conflicting Demands of Security and Privacy' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact' Elesevier/North-Holland, 1991 pp.411-424

Iacono S. and Kling R. (1984) 'Computerization, Office Routines and Changes in Clerical Work' IEEE Spectrum (June 1984) 73-76 Republished in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 213-220

Johnson H.R. and Vitale M.R. (1988) 'Creating Competitive Advantage with Interorganisational Systems' MIS Qtly 12,2 (June 1988) 153-165

Kaufman F. (1966) 'Data Systems That Cross Company Boundaries' Harv. Bus. Rev. (Jan/Feb 1966)

Kling R. (1983) 'Value Conflicts in the Design and Organisation of EFT Systems' Telecommunications Policy (March 1983) 12-34 Republished in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 421-435

Konsynski B.R. and McFarlan F.W. (1990) 'Information Partnership - Shared Data, Shared Scale' Harv. Bus. Rev. (Sep/Oct 1990) 114-120

Leveson N.G. (1984) 'Software Safety in Computer-Controlled Systems' IEEE Computer (Feb 1984) 48-55

______ (1986) 'Software Safety: Why, What and How' Comput. Surv. 18,2 (June 1986) 25-69

______ (1990) 'Software Safety' Addison-Wesley, 1990

______ (1991) 'Software Safety in Embedded Computer Systems' Commun. ACM 34,2 (February 1991) 34-46

Lyytinen K. and Hirschheim R. (1987) 'Information Systems Failures - A Survey and Classification of the Empirical Literature' Oxford Surv. in Info. Technology 4 (1987) 257-309

Malasky S.W. (1982) 'System Safety Technology and Application' Garland STPM Press, New York, 1982

Malone T.W. and Yates J. and Benjamin R.I.(1987) 'Electronic Markets, Electronic Hierarchies' Commun. ACM 30,6 (June 1987) 484-497

Marx G.T. and Sherizen S. (1986) 'Monitoring on the Job' Technology Rev. (Nov-Dec 1986) Republished in Forester T. (Ed.) 'Computers in the Human Context' Basil Blackwell, Oxford, 1989

Miller J.G. (1978) 'Living Systems' McGraw-Hill, New York, 1978

Mumford E. (1983) 'Designing Human Systems', Manchester Bus. Sch., 1983

Neumann P.G. (1979-) 'Risks to the Public' in Software Engineering Notes, particularly since 4,2 (April 1979)

_____ (1986) 'On Hierarchical Design of Computer Systems for Critical Applications' IEEE Trans. on Software Eng. SE-12, 9 (September 1986) 905-920

_____ (1989) 'Risks: Cumulative Index of Software Engineering Notes' Software Engineering Notes 14,1 (January 1989)

Oesterle H. (1991) 'Generating Business Ideas Based on Information Technology' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact II' Elsevier / North Holland, 1992 pp. 117-129

OTA (1987) 'The Electronic Supervisor: New Technology, New Tensions' Office of Technology Assessment, Washington DC, 1987

Parnas D.L. (1985) 'Software Aspects of Strategic Defense Systems' Commun. ACM 28,12 (December 1985) 1326-1335 Republished in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 593-611

Perrole J.A. (1986) 'Intellectual Assembly Lines: The Rationalization of Managerial, Professional and Technical Work' Computers and the Social Sciences 2,3 (July-Sept 1986) 111-122

Perrow C. (1984) 'Normal Accidents: Living With High-Risk Technologies' New York, Basic Books, 1984 Republished in Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 221-235

Rockart J.F. and Short J.F. (1989) 'IT in the 1990s: Managing Organisational Interdependence' Sloan Mngt Rev. (Winter 1989)

Rule J. and Brantley P. (1991) 'Workplace Surveillance' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact II' Elsevier / North Holland, 1992 pp.287-297

SÅRK (1978) 'The Vulnerability of Computerised Society: Preliminary Report' Ministry of Defence, Sweden, 1978

______ (1979) 'The Vulnerability of Computerised Society: Considerations and Proposals' Liberförlag, Stockholm, 1979

Shain M. and Anderson A. (1989) 'Computer Security Risk Analysis and Management' in Caellie W., Longley D. and Shain M. 'Information Security for Managers' Macmillan, 1989, pp. 81-117

Smith B.C. (1985) 'The Limits of Correctness' Computers & Society 14,4 (Winter 1985)

Toigo J.W. (1989) 'Disaster Recovery Planning - Managing Risk and Catastrophe in Information Systems' Yourdon / Prentice-Hall, New York, 1989

TDR (1981) 'OECD Workshop Stresses Dependency on Computers' Transnational Data Report 4, 5 (May 1981) 3-4

Walters M. (1989) 'EFTPOS - National Asset or White Elephant?' in Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact' Elsevier / North Holland, 1991 29-58

Weber R. (1989) 'Controls in Electronic Funds Transfer Systems: A Survey and Synthesis' Comp. & Security 8,2 (1989) 123-137

Wiener N. (1949) 'The Human Use of Human Beings' Avon Books, New York, 1949, 1974

Winograd T. and Flores F. (1986) 'Understanding Computers and Cognition: A New Foundation for Design' Ablex, Norwood NJ, 1986

Wiseman C. (1988) 'Strategic Information Systems' Irwin, 1988

Wood-Harper A.T., Antill L and Avison D.E. (1985) 'Information Systems Definition: The Multiview Approach' Blackwell, Oxford, 1985



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 15 October 1995 - Last Amended: 17 November 1997 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/SOS/PaperExtraOrgSys.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy