SlideShare a Scribd company logo

INFO380-FinalProposal

S
Sunny Jayswal
1 of 32
Download to read offline
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 1 FINAL PROPOSAL University of Washington - iSchool Information Systems Analysis and Design INFO 380 - Winter 2015 - Team AE5 Emmanuel “Izzy” Gambliel, Prottush Hossain Sunny Jayswal, Seth Kvam EXECUTIVE SUMMARY Green Lake Games currently has a Shipping Process that has no major flaws with it that impede day-to-day operations. However, there are several refinements that can be implemented to make the entire system more efficient, robust, scalable, and resilient to interference. INTRODUCTION A dependable order processing structure is paramount for the success of any business wishing to satisfy its customers--especially so for a business exposed to 21st century America’s growing desire of instantaneous gratification. Amazon Prime, Amazon Fresh, digital downloads, and countless other technological innovations are conditioning us to expect our desired products quickly. This may cause us to cease use of any service that fails, or is simply not fast enough, on that expectation. What an average customer can’t see easily are the moving pieces constituting their order. The transfer of information to complete the order all happens behind the scenes. These are the payment processing, order sorting, order picking, product sorting, package formation, and package transportation processes. It is critical that these processes do their best to remain out of customers’ minds as well, as that indicates they are working to their potential. A satisfied customer should never need to spend energy worrying of the logistics of their order’s processing and instead focus on the product itself and its market. This is what can be achieved with dependable order processing.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 2 Over this quarter, our team has interviewed employees, examined documents, and shadowed procedures to obtain a comprehensive grasp over Green Lake Games’ order processing system. Using the knowledge, strategies, and conceptual thinking taught in the UW iSchool’s ‘Information Systems Analysis and Design’ course, we will present our analysis and professional opinion for potential increases in efficiency.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 3 TABLE OF CONTENTS Executive Summary Introduction Table of Contents Problem Statement Project Scope Behavioral Analysis Placing the Order: Customers, Amazon, and CrystalCommerce Order Sorter Product Picker Product Sorter Order Packers Post Office Delivery Structural Analysis Pull Sheets Shipping Labels Customer Invoice Entity Relationship Diagram and Analysis Security Analysis User Authentication Analysis Amazon / CrystalCommerce Trust Boundary CrystalCommerce / Green Lake Games Trust Boundary Green Lake Games / U.S. Post Office Trust Boundary Security Breach Response Procedures Analysis Change Proposal
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 4 PROBLEM STATEMENT Over time, Green Lake Games has developed its operations into a very efficient order processing system consisting of time tested inventory management software in CrystalCommerce, a well trained staff, and a well-established work culture. This means that the problems Green Lake Games does face are few and miniscule in comparison to the risk of breaking up an already well established system; however there is always potential for growth and improvement over the years to prevent business stagnation. With this, it means that there is no single large problem that we can point out as a cause for concern, but instead several smaller refinements that can be implemented to improve the system in place. PROJECT SCOPE This project will cover the flow of shipping processes used by Green Lake Games from the point that a customer places an order online to the point that the product is passed to the Post Office. We are doing a detailed analysis with Amazon being the primary point of contact for customer ordering, but with additional analysis done in places to cover orders that come in directly through Green Lake Games webstore on the CrystalCommerce platform. Since this is an analysis of the Shipping Processes of Green Lake Games, it is important to note what is not covered by this analysis project: ● Shipping done through Amazon Fulfillment ● Orders placed through EBay or In-Store sales ● Processes occurring before the Point-Of-Sale or after transfer to Post Office ● Customer Service, HR, or Management processes ● Business Analytics processes
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 5 BEHAVIORAL ANALYSIS Green Lake Games has a well-defined set of tasks and roles in their system of processing orders for shipment. An efficient shipping process is crucial to Green Lake Game’s customer satisfaction as customers have high expectations of a speedy delivery once the order is placed. Once the order is placed, Green Lake Games has full control of the shipping process until the product is properly packaged and delivered to the U.S. Post Office for end user delivery. This section of analysis will cover the physical process that an order goes through, from initial placement to the point it reaches the Post Office. Data Flow Overview
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 6 PLACING THE ORDER: CUSTOMERS, AMAZON, AND CRYSTALCOMMERCE Customers order Green Lake Games’ products primarily on Amazon but can through their own website as well, which is hosted by CrystalCommerce. CrystalCommerce handles all of Green Lake Games’ online order processing. Amazon and CrystalCommerce are synced and once the item is paid for on Amazon, it is placed into a “Payment Received” category on CrystalCommerce. Going one step further, CrystalCommerce is synced accurately with Green Lake Games’ physical inventory counts at all times. This process is relatively seamless and highly automated. Customers order from Amazon
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 7 ORDER SORTER An Order Sorter employee first logs in to CrystalCommerce on a web browser to begin organizing the orders to pick and ship for that day. Next, they separate the orders into two categories: “Preorders” and “Processing.” Orders to be moved to “Preorders” include multiple orders placed by the same customer, orders with a negative value created by a glitch in CrystalCommerce in combination with Amazon promotions, all orders above $4, all orders containing more than 10 items, and international orders. It is important to note that the title of “Preorders” is nothing more than a placeholder for the categorical tool the store uses within CrystalCommerce. It provides an easy way to separate orders within the full batch, according to what their shipping grade will be. In an ideal world, this might simply be called “Large” orders. All the remaining, “Small” orders, are grouped into “Processing”. Again, it is important to note that all the orders could theoretically be placed into “Processing,” but this separation is beneficial to the logistics of shipping items with different grades. Next, the employee confirms each order has a correct shipping grade and updated order weight. This involves iterating through all the orders. Multiple orders by the same customer are synchronized to one shipping label and package here. Finally, the employee begins printing the pull sheets, invoices, and shipping labels simultaneously, with a separate printer for the shipping labels and the pull sheets/invoices.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 8
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 9
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 10 PRODUCT PICKER The pull sheets are given to the Product Picker who enters the back room and picks the cards from their places on the wall. The products on the wall and the orders on the pull sheets are each alphabetically arranged by their respective larger group of card set. This allows for very easy picking because the cards and the actual arrangement of stock follow the same organization as the pull sheet. The pull sheet’s nature is to be synchronous with the physical location of the inventory to make the Product Picker’s job as straight-forward as possible.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 11 PRODUCT SORTER The Product Sorter then obtains the shipping labels, pulled cards, and invoices. He arranges the cards by their card set and then goes through each invoice and manually picks the cards each called for. These cards are then put into their own pile which will be in order with the pile of the invoices. For example, an invoice pile of: A,B,C would be matched with a card pile of: a1, a2, b1, b2, b3, b4, c1.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 12 ORDER PACKERS Once the products have been sorted they are packed in various ways depending on the type of product at hand. This process is defined separately for small orders, large orders, and board games. The small order packing process involves stacking all the invoices, cards, and envelopes in preparation for packing. For each order, the packer checks how many cards there are - if the order has less than 4 cards, filler cards are added until the total count of cards is 4. These filler cards have no reasonable value. The set of cards is then sealed in a soft plastic sleeve and placed with the invoice in an envelope. If there are more than 4 cards in an envelope, a stamp is required otherwise a stamp is not needed. Small orders are grouped together into large post office bins for bulk mail shipping. The large order packing process is similar to that of small orders, with a few key differences. The packer first checks the invoices to see if there are multiple orders from the same customer. After compiling all the appropriate cards from all the invoices, the packer then assess which cards are considered “valuable” and will put those cards in a heavier protective plastic sleeve. This assessment is rather arbitrary, where there is not a clear system for how to judge whether to protect the cards with the heavier card sleeve, but is generally left to the judgment of the employee. The packer will then check the invoice or label to see if it is Regular, First-Class, or Priority mail, and place the cards and invoice into an appropriate envelope. Finally, the label is attached to the outside, covering the envelope seal for extra protection. The board game packing process begins with finding the weight and dimensions of the board game package and inputting them into a computer system, this system calculates which form of packaging will be the most cost efficient for a specific game going to a specific address. Games that go in envelopes or flat-rate shipping will simply be packed in the appropriate containers. If first class parcel is selected as the most appropriate for the game board, the packer will travel to the store warehouse and spend a reasonable amount of time finding a best-fitting box, which can be inefficient.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 13
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 14 POST OFFICE DELIVERY Every few days, enough bulk mail orders are queued up to necessitate a trip to the Post Office. This is done whenever the number of bulk mail orders is over 500 waiting or approximately three full bins of bulk mail orders. An employee with a car will take all the bins of orders and sort them so that all the local bulk mail is in one group and the priority and large orders for that day are in another. The remaining bins of bulk mail are put in another group for processing. All the mail is loaded into a car, and the employee verifies if any new stamps need to be purchased for further non-bulk mail orders. The employee drives to the Bitter Lake Post Office and unloads all the mail in the back door where the Bulk Mail office is. The post office employee weighs the bulk mail and calculates the cost, then provides the Green Lake Games employee with an invoice. The Green Lake Games employee then takes the invoice to the front counter and pays for the bulk mail and any needed stamps.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 15 STRUCTURAL ANALYSIS The structure of the information that Green Lake Games uses comes mainly in the form of customer shipping addresses and product data. All of this is used in the company’s shipping system in a variety of formats, ranging from computer databases to printed sheets. PULL SHEETS Pull sheets are printed pages of paper which detail the products that have been ordered online. There are three vertical columns on these pages: quantity, name, and information. Quantity is the number of a given product that must be pulled. Name is the name or title of the product. Information is the state of the card: regular or foil. Foil is a glossy finish on the card that increases its value and regular is default. Additionally, there is subtext underneath the name which gives the condition grade and language of the card. These pull sheets are divided by bold headers that describe the category of the products. Within each of these categories, all products are listed alphabetically. Once the compilation of the pull sheets is understood, their practicality becomes apparent. The form mimics the physical arrangement of the cards in the inventory storage room. Each header correlates with a storage drawer with a matching name. In this drawer lies all of the cards in alphabetical order. This then is easily traversed using the alphabetized list on the pull sheet. Next, the desired quantities are removed in an orderly fashion and we are ready for the next stage of the system.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 16 SHIPPING LABELS Shipping labels come in three varieties--those for parcels, letters, and small orders. They are stickers with various shipping information that the staff places on packages to be mailed. They contain the customer’s shipping information in the middle, the return mailing address of Green Lake Games in the upper left corner, the shipping class (priority, first class, standard, etc.) in the top right corner, and the tracking information with bar code at the bottom* Examples of shipping labels Other shipping information indicating the payment of shipping fees, payment rate, date of shipment, and zip code of sender. *small orders (usually 1-4 cards) only contain the customer shipping information and are put together with other small orders in bulk in a special type of envelope with a label to indicate bulk shipping. A bulk envelope with shipping label
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 17 CUSTOMER INVOICE The customer invoice contains information about the various purchases made by the customer in their order (with prices and product names) as well as shipping information (customer shipping address) and order information (order id, order date, customer name, phone number, items in order, and sender name). There is also a bar code for matching the invoice to the order id. At the bottom there is an area showing payment information of the customer. A customer invoice
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 18 These invoices are sent to the customer along with their orders for their own information. There are also smaller receipts which contain the same information but in a condensed manner for small orders. A small order invoice
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 19 ENTITY RELATIONSHIP DIAGRAM AND ANALYSIS An Entity Relationship Diagram represents the structure of unique information produced and contained in the system. We call the data structures producing and containing information entities and the diagram seeks to study the relationship between these entities, hence the name. Through this diagram, we sought to capture the attributes of each entity and the general nature of data in the system. Entity-Relationship Diagram
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 20 Green Lake Game’s order processing is structured in a way that data is pulled from both the product and customer into the customer’s order which is then consolidated into a shipping label for shipping purposes. There are also additional data structures like the invoice and pull sheets which are not modeled here because they merely replicate data from the order for various purposes as opposed to contributing new data for the system. A line item table acts as an intermediary between products and the customer’s orders for orders with either multiple distinct products or multiple quantities of the same product. In most cases the data model is sufficient for Green Lake Game’s needs and covers the order processing and shipping methods in a well-tested manner. One minor issue is that there is no easy way in the client system to illustrate the relationship between customers and orders and how customers may have multiple orders. Even though one order may have many products, there are some customers who place multiple orders because they do not fully understand the online shopping features or for various other reasons. This can cause a headache for the shipping employees as they try to match orders to customers but have trouble distinguishing between two orders from the same person or two orders by two separate people with the same name. If multiple orders could be consolidated into one by the online system, Crystal Commerce, or if there was a more apparent way to link orders together (like a username or some sort of unique identification for each user who orders online) then that would greatly help ease this problem. Another minor issue is that data entry from products relies on a hugely manual method where each product must be specially analyzed. This is a slow and tedious process but may be absolutely necessary given the nature of the work and Green Lake Games has defined methods to make the process easier. Nevertheless this is an issue that is out of context with our chosen task of analyzing problems associated to order processing and shipping.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 21 SECURITY ANALYSIS Security is a cornerstone to any user’s dependability in any given system. When purchasing and trading items in good faith over the internet, users make themselves vulnerable by supplying sensitive information to the vendor such as their names, home addresses, and credit card details. In order for that vendor to retain users and match their expectation for responsible security, they too must act in good faith by practicing holistic, up-to-date security measures in that transaction. After companies’ poor security practices have been revealed, it is very difficult, if not impossible, for them to fully regain the users trust. Rather than working tirelessly to correct security leaks after-the-fact, an optimal system would embed values of proper security as early as in the design phase. It is, of course, never too late to implement sufficient security measures. This is a small, yet invaluable aspect of a proper system design. USER AUTHENTICATION ANALYSIS A wise man named Dr. David Stearns once told us, “the best way to do user authentication...is to have someone else do it.” Green Lake Games has the fortune of having user authentication, on every front, covered by Amazon or CrystalCommerce. The information Green Lake Games receives from Amazon, of which the vast majority of orders are placed, are: the items a customer has ordered, a masked-Amazon email address for that customer, their Amazon tracking number, their mailing address, and their phone number. The email address listed is masked, and therefore a controlled variable due to Amazon’s “fake” email address generation process, this is a factor of Amazon’s security. Sign-on, user authentication, and payment services are handled within Amazon and then only the necessary information is passed on to Green Lake Games to complete the order. This is a benefit to Green Lake Games because no store resources need to be spent on authentication. Similarly, CrystalCommerce handles customer information for orders placed through them and keeps payment information secure. The last four digits of credit card numbers are stored within CrystalCommerce, but are not accessible to the employees. Additionally, CrystalCommerce operates a Fraud Detector that monitors IP addresses of users. Once the order details are synchronized from Amazon into CrystalCommerce’s order processing database, a Green Lake Games employee uses CrystalCommerce’s login to authenticate themselves and view received orders. Only the owner and designated
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 22 employees have the clearance and password to sign-on to CrystalCommerce. Once the browser is signed-in, there is at least one employee stationed on the computer at all times to maintain the physical security of the machine. During the order packing process, there are order invoices containing sensitive information that are physically in motion. As outlined above, this includes the user’s shipping address, email address, phone number, and Amazon tracking number (if applicable.) Green Lake Games controls this potentially sensitive information during the order packing process by using specialization amongst employees and secure disposal. The employees packing the orders have the authorization and knowledge to do so securely and keep everything within line-of-sight at all times. In the instance of any leftover or unused invoices, those invoices are shredded and disposed of. The final leg of the shipping process is handled by either the post office’s employees during store pick-up or by an authorized Green Lake Games employee who personally delivers orders to the post office. The actions I have listed are all internal of Green Lake Games or its sourced vendors; end users have virtually no ability or authentication within the system. Outsourcing payment processing and user authentication to the services of Amazon and CrystalCommerce relieves a tremendous amount of risk from Green Lake Games. Data Flow Diagram with Trust Boundaries illustrated
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 23 AMAZON / CRYSTALCOMMERCE TRUST BOUNDARY Since this trust boundary exists between two external vendors in our system, we are not considering it within the scope of our analysis. However, it is important to note that it exists. If those trust boundaries are breached, the impact could affect many different parts of Green Lake Games’ business model, including the shipping processes. CRYSTALCOMMERCE / GREEN LAKE GAMES TRUST BOUNDARY Common threats by spoofing include fake emails or websites sent to employees to gather data or login info. These are very common on the internet and many email servers and modern day browsers can detect these frauds but due to the widespread nature of this phenomenon it is still a likely threat for Green Lake Games which leaves potential access for compromising the whole system. In order to counter this Green Lake Games can educate employees on how to avoid spoofers, use a service with stronger filters for email, restrict usage of the computer for business only, and keep the system up to date. This is a threat that can be completely avoided if these proper prevention techniques are used. Hacking into the CrystalCommerce site and changing customer data is a method of tampering that could potentially be used to steal orders or sensitive information of the customers. This would likely lead to decreased customer trust in Green Lake Games, as well as potentially create liability costs and lawsuits against Green Lake Games. However, as Green Lake Games is not a major corporation, we can assume that not many enemies exist with high-levels of combined motivation and skill to hack Green Lake Games website or the Crystal Commerce system. As such, this threat is not very likely. Most fixes for this tampering are out of Green Lake Games hands directly, although following proper online safety standards and investing in web security for the website will help. Similarly, hacking into the CrystalCommerce site and removing customer orders that have already been shipped is a form of repudiation that is not directly stealing, but does interfere with the shipping process and damages customer relations. Like the prior hacking threats, this is not very likely and as such the same mitigations of improved web security and safety standards apply. Finally, hacking can be used to gain customer data in an act of information disclosure that could severely hurt the customers and lead to lawsuits and liability costs for Green Lake Games, not to mention the decreased customer trust and
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 24 relations. This is an unlikely, but still potentially threatening, event that improvements in web security and online safety will help mitigate. Shoulder-surfing customer data in store during order processing or shipping/packaging processes is another way someone could disclose information. However, as the shop is relatively small, closely monitored, and has low levels of traffic this threat is not very likely. The effects of this one would be relatively small scale if to occur and may just result in one dissatisfied customer which is still a liability for Green Lake Games. Improvements in store policies to protect customer data and employee training can help mitigate this threat. Taking down the CrystalCommerce site can lead to a Denial of Service which could setback Green Lake Game’s activities indefinitely. Since Green Lake Games is usually not the target of such threats and the traffic on the site is usually not very high, this threat is not very likely. It is advised to watch server performance and adjust as necessary but this is relatively in the hands of Crystal Commerce, so fostering transparent relations with CrystalCommerce is crucial. Someone can steal user logins to the CrystalCommerce site to access it as an employee as an elevation of privilege attack to severely compromise the system’s performance and steal sensitive information. This is threat is likely as this information is in the hands of employees and could potentially be breached in varieties of ways. It’s important to protect sensitive user account information by requiring mandatory password changes for employees in order to mitigate this threat. GREEN LAKE GAMES / U.S. POST OFFICE TRUST BOUNDARY One common spoofing threat that would arise from Green Lake Games’ relationship with the U.S. Post Office would be an individual posing as a Green Lake Games employee, and tampering with the mail at the Post Office. Though this threat is not likely, it could have a significant impact on the business: high-cost orders could be regularly and easily tampered with, which could severely impact Green Lake Games’ revenue stream, and limit their product stock. To mitigate this threat, a regular checking of identification could be done - each time a Green Lake Games employee interacts with the U.S. Post Office, the employee would show proof of employment, to assure that the mail does not get tampered with. In addition, bulk mail could only be delivered to the Bitterlake Bulk Mail Office employee, to assure no unverified employees are involved.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 25 One possible tampering threat involves damaging Green Lake Games’ mail, and stealing its contents. Due to the value of some orders, and the high volume of general theft, this threat would be a likely one. This threat would also be of high impact to the business, as stolen goods lead to losses in revenue and stock, as well as loss in trust in the business itself. To mitigate this tampering threat, each employee should make sure each piece of mail is properly sealed and securely transferred. In addition, sensitive information such as tracking numbers and addresses should be kept in safe hands. The most likely repudiation threat involves the proof of an individual ordering making it to the Post Office. There is no repudiation with Bulk Mail processing for individual orders, which is simply a part of the cost of business with having a bulk mail license. This means that lost parts of these bulk orders may go unaccounted for. Due to the frequency of orders and shipments, this threat is a likely one. To mitigate this threat, the most expensive pieces of each bulk order could be verified, to make sure they were not lost. Losing smaller, low-cost parts of the order could be accepted as cost of business, and would not be checked. One relevant information disclosure threat would be scanning and opening envelopes for phone numbers, email addresses, and physical addresses. Though this threat is not likely, as there is little interest to do it, it still serves as a threat to customers and the business. Basic pieces of information can be used to breach other sources of information, and are a serious violation of a customer’s privacy - customers expect their information to be kept private, and have a level of trust with the business because of it. To mitigate this threat, all packages should be properly sealing and transferred. In addition, proper storage and disposal of sensitive information should be done, including shredding unneeded sensitive documents. One possible denial of service threat at Green Lake Games would be if the Post Office were closed. Green Lake Games needs to the Post Office to conduct their shipping procedures, and cannot do so if it is closed. Though this threat is not likely, as the office is usually open, not being able to do shipping procedures at any given time would really set back Green Lake Games schedule. Always checking the status of the Post Office before leaving the store would be an easy way to mitigate this threat. Another possible denial of service threat at Green Lake Games would be if a driving route were crowded and overflowed. This is a likely threat, as urban traffic is often unpredictable, and can seriously change the amount of time it takes to travel between two places. This threat could severely impact the efficiency of Green Lake Games operations, where driving times to areas take much longer than anticipated. To mitigate this threat employees should check online traffic maps before leaving the
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 26 store, so that they can account for the level of traffic on the roads. In addition, deliveries should be scheduled for earlier in the day, where there is generally less traffic and crowding. The most probable elevation of privilege threat would be a person stealing payment checks from the Green Lake Games employee and using it to buy alternate products. As the theft of individual checks is rarely done anymore, this threat is not likely. Mitigating this threat would involve training all employees on proper handling of employee checks, and how to handle any issue with a check so that the check issuer can be contacted and the proper fraud report is handled in a timely manner. SECURITY BREACH RESPONSE PROCEDURES Currently there is no particular response plans if Green Lake Games suffers a security breach of some sort. Since a majority of the information is handled within the Crystal Commerce and Amazon system, breaches will occur mainly inside the vendor side of the trust boundaries of the Data Flow model. Two specific processes were noted as the probable response path from their General Manager, as mitigation processes to handle supposed data breach scenarios. 1. If a data breach has occurred on Amazon or CrystalCommerce, then Green Lake Games would reset the passwords of all their accounts on both of those systems to remove that as a potential avenue of attack. The same would be done of all Green Lake Games email accounts, to cover the potential compromise of other systems. 2. If a list of affected customers is known, then an email would be crafted by Customer Service to inform the affected customers about the breach. No other notification techniques would be utilized in this situation. One of the major concerns of the Green Lake Games organization is the trust of their customers, especially when dealing with the volatile nature of online sales. By reducing the visibility of the breach, they hope to maintain the implicit assumption of safety that their customers would have by ordering from them.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 27 ANALYSIS While Green Lake Games has a variety of avenues that a potential threat can utilize to interfere with their regular shipping operations, the likelihood of many of these security breaches are fairly low. A majority of the reason for this is because the impact of any particular order is low, with most orders being only a couple dollars at most. The only Personal Identifiable Information that is utilized in the system is contact data, which has little value to an attacker without a specific motivation. Thus, the low cost of a majority of individual orders, along with many of the internal processes being manual in nature means that an active threat would either need to have access to a method of identifying specific orders, either for the PII or for the contents of a particular order. Furthermore, a majority of the security processes are handled by the external vendors, so the controls that can be utilized to mitigate these particular attacks are controlled by them. For these reasons, it’s important for Green Lake Games to continue to build the relationships with these vendors so that security issues can be identified and communicated quickly in this ever-evolving world of security. Thus, it would show that Green Lake Games has two attack vectors they would need to be most cognizant about. First are the larger generalized threats that are not malignant in nature, but originate from more natural threats, such as inclimate weather or changing traffic patterns. Having backup procedures ready in case large amounts of physical information are affected, such as a disaster destroying the orders being stored for delivery, or orders being worked on by employees on any given day. Second are the targeted attacks that are internal in nature, since the value of any particular order would require internal knowledge and access to the physical space where orders are processed. This can be mitigated through strong physical controls, such as making sure all orders and their representative components are always in the hands of employees. Additionally, care should be taken in ensuring all new hires at the company are trustworthy and would not have any reason to exfiltrate products or information for their own purposes. However, it is still important to consider all the security implications in the shipping process and maintain all the free or low-cost controls that can be used to alleviate any potential breaches. By periodically checking and updating the controls that are in place, a secure environment can be maintained throughout the entire work flow at Green Lake Games.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 28 CHANGE PROPOSAL Due to Green Lake Games’ development of a very efficient process over the years, there are no big issues that could potentially compromise the whole system. As such we have not identified just one problem and changes to that specific problem. Instead what follows is a list of refinements to the order processing and shipping system. One notable problem is the complexity and requirements in the Order Sorting process. This procedure is tightly coupled, so that if one part of the task breaks, the entire process will cascade into failure and need to be started over. In addition, it’s highly complex with many different tasks done in a process that is known to only a few employees. These processes can cause setbacks and delays in the process, or can lead to packing errors which would need to be tracked down over the rest of the day. There are two options that we can recommend to alleviate these problems: ● Create a posted document of the task process or workflow diagram in a place that is easily accessed. This can be done with a low cost up-front, and would only need to be updated periodically as other changes come by. There is a medium benefit to this, as it will help reduce potential errors during the process by having a visual aid while working. ● Install MediaWiki* software on Green Lake Games hosted webspace, a free open-source wiki software package. Here, tasks can be documented in a way that all employees can access and understand. The initial investment would be small, since MediaWiki is free, but there still is a medium cost, since employee hours would need to be devoted to document tasks. We believe that this has a high benefit, though, since it will allow employees to cover tasks when needed. This will alleviate stress on the people with specific process knowledge, allowing them to not worry about the store if they are sick or on vacation. * http://www.mediawiki.org/ A common problem is distinguishing multiple orders placed by the same customer in the system. While this is not a common issue, it does occur when customers do not know how to properly utilize the online order system and can cause a headache for employees when they are processing these orders for shipment. There are two solutions we recommend for this problem:
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 29 ● Appeal for changes in the online order system to Crystal Commerce that would combine multiple orders before they are even processed. This is a medium to high cost solution that possibly requires implementation of new software functionality. This is a medium benefit solution as it would completely alleviate the problem but at the same time the problem may not be significant enough to warrant such an investment. ● Use some sort of quick identification tag for customers in manual processing of orders before preparing shipments. This can be relatively easy and low cost to implement with just pen and paper, but will require some changes in procedure and thus training on behalf of the employees. While still requiring some manual processing on behalf of the employees, it would go a long way in improving efficiency overall and be an overall medium benefit solution. The next notable problem involves the Order Sorter’s order processing tasks in CrystalCommerce. The Order Sorting requires a specialized employee to undergo time-consuming, tedious, and prone-to-error tasks in CrystalCommerce. For reference, these tasks include grouping large and small orders into “Preorders” and “Processing”, respectively, manually assigning each order an order weight and shipping grade, and manually adjusting shipping label printing settings using pre- formatted Microsoft Word and Excel documents. There are three suggested solutions to improve this process: ● Increase CrystalCommerce’s capability to automate sorting of large and small orders, using business logic provided by Green Lake Games to determine the rules of the categorizations (ex: “if order items are more than 10, place in ‘Large’”) under the oversight of employee that currently does the process manually to ensure correct decisions are made. Going hand-in-hand with this added feature would be dedicated categories for “Large-Processing” and “Small-Processing” orders rather than resorting to using “Preorders” for large. The cost is low for this because CrystalCommerce is a proprietary service that Green Lake Games is already partnered with and this would be implemented by CrystalCommerce, externally. The benefit is medium for this implementation because it would create a less error-prone and more time-efficient order sorting process. Additionally, the higher-specialized employee originally doing order sorting could either continue overseeing this process OR spend time on any other matters at hand and hand this off to a less-specialized employee that could be more capable now that automation is in place. ● Create software to be run complementary to CrystalCommerce that’s job is solely to run scripts that execute the differing one-by-one tasks the Order
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 30 Sorter completes when they use the Word and Excel documents to arrange printing successfully between items. This could also be implemented into CrystalCommerce as a plug-in and used with just a button or tab in CrystalCommerce. This could have a friendly and direct UI. The cost is medium for this because it would require a developer to create this piece of software. The benefit is low because it would make the process easier, more structured, and more time-efficient, but the specialized employee already has this knowledge and nothing would be done better from a functional standpoint. Rather, it would be done more securely. ● Assign each inventory item a weight in CrystalCommerce’s system that will be automatically considered during shipping grade choice and produce accurate total shipping weights. The cost is low for this because coordination between Green Lake Games’ management and CrystalCommerce could implement this ability. If weights of all items in current inventory are ignored, but all weights of incoming shipments of inventory are recorded into a database as they arrive, eventually the database would be complete (Chinese proverb: the best time to plant a tree was twenty years ago; the second best time is today.) The cost would be medium for this if a route independent of CrystalCommerce was taken. This could be accomplished by managing a Relational Database Management System (RDBMS) independently, such as Oracle* and MySQL*. There is a medium benefit to this because while the specialized employee already has sufficient knowledge or order weights to simplify the process, new weights will always come into play and this would be an effective way to store this knowledge to pass it down. This promotes scalability of the system. *http://www.oracle.com *http://www.mysql.com Packaging board games for first parcel involves eyeballing various boxes in the warehouse, and arbitrarily picking the most appropriate box which can be time consuming and inefficient. There are two solutions to this problem: ● Each board game’s dimensions and weight can be logged with an appropriate box size and available boxes can be organized by dimension in the warehouse. This will allow for finding the most appropriate box nearly instantaneously and also ensure that the box used is the most space efficient box that is available. Overall this is a medium benefit solution as it would save a lot of time and is relatively low cost to implement but will require an initial investment in time to organize the boxes and subsequently maintain the organization.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 31 ● Another medium benefit solution is to have standardized box sizes that are chosen based on the most-purchased board games and most-used boxes. This solution is at a mid-level cost range as it requires purchasing standardized boxes and sacrificing having the most space efficient boxes in favor of standardized sizes. In the long run however, there would be no need to measure any boxes or board games and finding the right box will be a quick and easy process. The system in place doesn’t scale to higher dimensions very well, in particular due to restrictions on physical space and product storage. If there is a significant increase in orders, Green Lake Games is restricted in capacity by the size of its facilities. The throughput of particular processes is limited by the space available to employees and inventory. This is further compounded by much of the active space in the store being used for customer events. The events are a key part of Green Lake Games core mission, so restructuring those is not included in our analysis. However, if business continues to grow, this might be one of the main problems that Green Lake Games would face. Here are two suggestions that we can provide. ● Altering the times that shipping and packaging are done would help keep any space conflicts between events and the shipping employees to a minimum. Events primarily occur in the evenings, so starting the Order Sorting process early in the morning would provide time to complete the daily shipping processes even if an abnormal number of orders are present. There is little cost to this, as it would require scheduling employees slightly differently. There is only a small amount of benefit to it a well, unless the number of orders starts increasing on a consistent basis. Then, this may be a excellent measure to implement. ● Another suggestion is the locating of a larger space to operate out of. This may be done by finding a separate location to handle shipping, keeping the retail store in its current location. The potential for additional space can allow for no restrictions on shipping and packaging processes, and keep it from interfering with in-store events. There is a very high cost to this, though, as larger space is not cheap in the Seattle area and moving would cause a whole host of other issues that would need to be addressed. There is a high benefit to this, however, as additional space can allow for much larger throughput in order processing, leading to larger profits in the wake of increased sales.
INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 32 APPENDIX A: WORK FLOW DIAGRAM As the complete Work Flow Diagram is too large to fit in this document, it is presented as a separate diagram for use by Green Lake Games.

Recommended

Project Report for Chocolates
Project Report for Chocolates Project Report for Chocolates
Project Report for Chocolates butest
 
Xinno IR LinkedIn
Xinno IR LinkedInXinno IR LinkedIn
Xinno IR LinkedInRyan Chung
 
12 ways to run successful E-commerce logistics!.pdf
12 ways to run successful E-commerce logistics!.pdf12 ways to run successful E-commerce logistics!.pdf
12 ways to run successful E-commerce logistics!.pdfKey-CMS Outsource
 
Who is FW Warehousing?
Who is FW Warehousing?Who is FW Warehousing?
Who is FW Warehousing?FW Warehousing
 
Blue Ice Reporting Presentation
Blue Ice Reporting PresentationBlue Ice Reporting Presentation
Blue Ice Reporting Presentationmsteiner19
 
Knowledge Graphs for Supply Chain Operations.pdf
Knowledge Graphs for Supply Chain Operations.pdfKnowledge Graphs for Supply Chain Operations.pdf
Knowledge Graphs for Supply Chain Operations.pdfVaticle
 
Corevist Case Study--3A Composites
Corevist Case Study--3A CompositesCorevist Case Study--3A Composites
Corevist Case Study--3A CompositesEsker, Inc.
 
Alerts & Workflow for Sage 100 ERP
Alerts & Workflow for Sage 100 ERPAlerts & Workflow for Sage 100 ERP
Alerts & Workflow for Sage 100 ERPNet at Work
 

Recommended

Project Report for Chocolates
Project Report for Chocolates Project Report for Chocolates
Project Report for Chocolates butest
 
Xinno IR LinkedIn
Xinno IR LinkedInXinno IR LinkedIn
Xinno IR LinkedInRyan Chung
 
12 ways to run successful E-commerce logistics!.pdf
12 ways to run successful E-commerce logistics!.pdf12 ways to run successful E-commerce logistics!.pdf
12 ways to run successful E-commerce logistics!.pdfKey-CMS Outsource
 
Who is FW Warehousing?
Who is FW Warehousing?Who is FW Warehousing?
Who is FW Warehousing?FW Warehousing
 
Blue Ice Reporting Presentation
Blue Ice Reporting PresentationBlue Ice Reporting Presentation
Blue Ice Reporting Presentationmsteiner19
 
Knowledge Graphs for Supply Chain Operations.pdf
Knowledge Graphs for Supply Chain Operations.pdfKnowledge Graphs for Supply Chain Operations.pdf
Knowledge Graphs for Supply Chain Operations.pdfVaticle
 
Corevist Case Study--3A Composites
Corevist Case Study--3A CompositesCorevist Case Study--3A Composites
Corevist Case Study--3A CompositesEsker, Inc.
 
Alerts & Workflow for Sage 100 ERP
Alerts & Workflow for Sage 100 ERPAlerts & Workflow for Sage 100 ERP
Alerts & Workflow for Sage 100 ERPNet at Work
 
How To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven OrganizationHow To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven OrganizationGross, Mendelsohn & Associates
 
GolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINKGolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINKOz Development
 
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_indiaP2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_indiaCapgemini
 
Mm
MmMm
MmMohanish Murkute
 
Mm
MmMm
MmMohanish Murkute
 
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERSOPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERSEsker, Inc.
 
[Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen Dinh [Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen DinhLam Le
 
1st Party
1st Party1st Party
1st Partymdnunez
 
Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”Elemica
 
E-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICESE-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICESData Insight
 
Russian Fulfillment Market research
Russian Fulfillment Market researchRussian Fulfillment Market research
Russian Fulfillment Market researchEvgeniy Shchepelin
 
A Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal ClientsA Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal ClientsTiffany Mathias
 
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docxjackiewalcutt
 
Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)amyacker3
 
6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systems6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systemsi95Dev
 
agropur-natrel
agropur-natrelagropur-natrel
agropur-natrelAijaz Shaikh
 
Dynamics crm implementation for carbon provider
Dynamics crm implementation for carbon providerDynamics crm implementation for carbon provider
Dynamics crm implementation for carbon providervarianceinfotech
 
Business Process and Design Report
Business Process and Design ReportBusiness Process and Design Report
Business Process and Design ReportSaljoq Khurshid, CAPM
 
Accounts Payable Processing Presentation
Accounts Payable Processing PresentationAccounts Payable Processing Presentation
Accounts Payable Processing Presentationrdpigott
 
5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP Overview5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP OverviewAshim Sikder
 

More Related Content

Similar to INFO380-FinalProposal

How To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven OrganizationHow To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven OrganizationGross, Mendelsohn & Associates
 
GolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINKGolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINKOz Development
 
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_indiaP2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_indiaCapgemini
 
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERSOPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERSEsker, Inc.
 
[Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen Dinh [Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen DinhLam Le
 
1st Party
1st Party1st Party
1st Partymdnunez
 
Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”Elemica
 
E-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICESE-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICESData Insight
 
Russian Fulfillment Market research
Russian Fulfillment Market researchRussian Fulfillment Market research
Russian Fulfillment Market researchEvgeniy Shchepelin
 
A Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal ClientsA Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal ClientsTiffany Mathias
 
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docxjackiewalcutt
 
Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)amyacker3
 
6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systems6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systemsi95Dev
 
Dynamics crm implementation for carbon provider
Dynamics crm implementation for carbon providerDynamics crm implementation for carbon provider
Dynamics crm implementation for carbon providervarianceinfotech
 
Accounts Payable Processing Presentation
Accounts Payable Processing PresentationAccounts Payable Processing Presentation
Accounts Payable Processing Presentationrdpigott
 
5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP Overview5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP OverviewAshim Sikder
 

Similar to INFO380-FinalProposal (20)

How To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven OrganizationHow To Leverage Sage Software To Become A Data-Driven Organization
How To Leverage Sage Software To Become A Data-Driven Organization
 
GolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINKGolfEtail.com Scores a Hole-in-One With OzLINK
GolfEtail.com Scores a Hole-in-One With OzLINK
 
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_indiaP2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
P2 p enabled through blockchain sanjay badhai and rahul pasrija-cwin18_india
 
Mm
MmMm
Mm
 
Mm
MmMm
Mm
 
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERSOPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
OPTIMIZING THE ENTRY AND ARCHIVING OF CUSTOMER ORDERS
 
[Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen Dinh [Provided Data - US] ChiQuyen Dinh
[Provided Data - US] ChiQuyen Dinh
 
1st Party
1st Party1st Party
1st Party
 
Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”Gary Neights – Customer Management “Order Automation Pays”
Gary Neights – Customer Management “Order Automation Pays”
 
E-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICESE-COMMERCE ORDER FULFILLMENT SERVICES
E-COMMERCE ORDER FULFILLMENT SERVICES
 
Russian Fulfillment Market research
Russian Fulfillment Market researchRussian Fulfillment Market research
Russian Fulfillment Market research
 
A Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal ClientsA Guide to Fulfilling the Needs of our Internal Clients
A Guide to Fulfilling the Needs of our Internal Clients
 
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
1.1 DetailsCase Study Scenario - Global Trading PLCGlobal Tra.docx
 
Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)Folio3 dynamics expertise deck v2.0 (1)
Folio3 dynamics expertise deck v2.0 (1)
 
6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systems6 types of data to synchronize between e commerce and erp systems
6 types of data to synchronize between e commerce and erp systems
 
agropur-natrel
agropur-natrelagropur-natrel
agropur-natrel
 
Dynamics crm implementation for carbon provider
Dynamics crm implementation for carbon providerDynamics crm implementation for carbon provider
Dynamics crm implementation for carbon provider
 
Business Process and Design Report
Business Process and Design ReportBusiness Process and Design Report
Business Process and Design Report
 
Accounts Payable Processing Presentation
Accounts Payable Processing PresentationAccounts Payable Processing Presentation
Accounts Payable Processing Presentation
 
5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP Overview5. Cloud-BuyingHouse ERP Overview
5. Cloud-BuyingHouse ERP Overview
 

INFO380-FinalProposal

  • 1. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 1 FINAL PROPOSAL University of Washington - iSchool Information Systems Analysis and Design INFO 380 - Winter 2015 - Team AE5 Emmanuel “Izzy” Gambliel, Prottush Hossain Sunny Jayswal, Seth Kvam EXECUTIVE SUMMARY Green Lake Games currently has a Shipping Process that has no major flaws with it that impede day-to-day operations. However, there are several refinements that can be implemented to make the entire system more efficient, robust, scalable, and resilient to interference. INTRODUCTION A dependable order processing structure is paramount for the success of any business wishing to satisfy its customers--especially so for a business exposed to 21st century America’s growing desire of instantaneous gratification. Amazon Prime, Amazon Fresh, digital downloads, and countless other technological innovations are conditioning us to expect our desired products quickly. This may cause us to cease use of any service that fails, or is simply not fast enough, on that expectation. What an average customer can’t see easily are the moving pieces constituting their order. The transfer of information to complete the order all happens behind the scenes. These are the payment processing, order sorting, order picking, product sorting, package formation, and package transportation processes. It is critical that these processes do their best to remain out of customers’ minds as well, as that indicates they are working to their potential. A satisfied customer should never need to spend energy worrying of the logistics of their order’s processing and instead focus on the product itself and its market. This is what can be achieved with dependable order processing.
  • 2. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 2 Over this quarter, our team has interviewed employees, examined documents, and shadowed procedures to obtain a comprehensive grasp over Green Lake Games’ order processing system. Using the knowledge, strategies, and conceptual thinking taught in the UW iSchool’s ‘Information Systems Analysis and Design’ course, we will present our analysis and professional opinion for potential increases in efficiency.
  • 3. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 3 TABLE OF CONTENTS Executive Summary Introduction Table of Contents Problem Statement Project Scope Behavioral Analysis Placing the Order: Customers, Amazon, and CrystalCommerce Order Sorter Product Picker Product Sorter Order Packers Post Office Delivery Structural Analysis Pull Sheets Shipping Labels Customer Invoice Entity Relationship Diagram and Analysis Security Analysis User Authentication Analysis Amazon / CrystalCommerce Trust Boundary CrystalCommerce / Green Lake Games Trust Boundary Green Lake Games / U.S. Post Office Trust Boundary Security Breach Response Procedures Analysis Change Proposal
  • 4. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 4 PROBLEM STATEMENT Over time, Green Lake Games has developed its operations into a very efficient order processing system consisting of time tested inventory management software in CrystalCommerce, a well trained staff, and a well-established work culture. This means that the problems Green Lake Games does face are few and miniscule in comparison to the risk of breaking up an already well established system; however there is always potential for growth and improvement over the years to prevent business stagnation. With this, it means that there is no single large problem that we can point out as a cause for concern, but instead several smaller refinements that can be implemented to improve the system in place. PROJECT SCOPE This project will cover the flow of shipping processes used by Green Lake Games from the point that a customer places an order online to the point that the product is passed to the Post Office. We are doing a detailed analysis with Amazon being the primary point of contact for customer ordering, but with additional analysis done in places to cover orders that come in directly through Green Lake Games webstore on the CrystalCommerce platform. Since this is an analysis of the Shipping Processes of Green Lake Games, it is important to note what is not covered by this analysis project: ● Shipping done through Amazon Fulfillment ● Orders placed through EBay or In-Store sales ● Processes occurring before the Point-Of-Sale or after transfer to Post Office ● Customer Service, HR, or Management processes ● Business Analytics processes
  • 5. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 5 BEHAVIORAL ANALYSIS Green Lake Games has a well-defined set of tasks and roles in their system of processing orders for shipment. An efficient shipping process is crucial to Green Lake Game’s customer satisfaction as customers have high expectations of a speedy delivery once the order is placed. Once the order is placed, Green Lake Games has full control of the shipping process until the product is properly packaged and delivered to the U.S. Post Office for end user delivery. This section of analysis will cover the physical process that an order goes through, from initial placement to the point it reaches the Post Office. Data Flow Overview
  • 6. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 6 PLACING THE ORDER: CUSTOMERS, AMAZON, AND CRYSTALCOMMERCE Customers order Green Lake Games’ products primarily on Amazon but can through their own website as well, which is hosted by CrystalCommerce. CrystalCommerce handles all of Green Lake Games’ online order processing. Amazon and CrystalCommerce are synced and once the item is paid for on Amazon, it is placed into a “Payment Received” category on CrystalCommerce. Going one step further, CrystalCommerce is synced accurately with Green Lake Games’ physical inventory counts at all times. This process is relatively seamless and highly automated. Customers order from Amazon
  • 7. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 7 ORDER SORTER An Order Sorter employee first logs in to CrystalCommerce on a web browser to begin organizing the orders to pick and ship for that day. Next, they separate the orders into two categories: “Preorders” and “Processing.” Orders to be moved to “Preorders” include multiple orders placed by the same customer, orders with a negative value created by a glitch in CrystalCommerce in combination with Amazon promotions, all orders above $4, all orders containing more than 10 items, and international orders. It is important to note that the title of “Preorders” is nothing more than a placeholder for the categorical tool the store uses within CrystalCommerce. It provides an easy way to separate orders within the full batch, according to what their shipping grade will be. In an ideal world, this might simply be called “Large” orders. All the remaining, “Small” orders, are grouped into “Processing”. Again, it is important to note that all the orders could theoretically be placed into “Processing,” but this separation is beneficial to the logistics of shipping items with different grades. Next, the employee confirms each order has a correct shipping grade and updated order weight. This involves iterating through all the orders. Multiple orders by the same customer are synchronized to one shipping label and package here. Finally, the employee begins printing the pull sheets, invoices, and shipping labels simultaneously, with a separate printer for the shipping labels and the pull sheets/invoices.
  • 8. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 8
  • 9. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 9
  • 10. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 10 PRODUCT PICKER The pull sheets are given to the Product Picker who enters the back room and picks the cards from their places on the wall. The products on the wall and the orders on the pull sheets are each alphabetically arranged by their respective larger group of card set. This allows for very easy picking because the cards and the actual arrangement of stock follow the same organization as the pull sheet. The pull sheet’s nature is to be synchronous with the physical location of the inventory to make the Product Picker’s job as straight-forward as possible.
  • 11. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 11 PRODUCT SORTER The Product Sorter then obtains the shipping labels, pulled cards, and invoices. He arranges the cards by their card set and then goes through each invoice and manually picks the cards each called for. These cards are then put into their own pile which will be in order with the pile of the invoices. For example, an invoice pile of: A,B,C would be matched with a card pile of: a1, a2, b1, b2, b3, b4, c1.
  • 12. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 12 ORDER PACKERS Once the products have been sorted they are packed in various ways depending on the type of product at hand. This process is defined separately for small orders, large orders, and board games. The small order packing process involves stacking all the invoices, cards, and envelopes in preparation for packing. For each order, the packer checks how many cards there are - if the order has less than 4 cards, filler cards are added until the total count of cards is 4. These filler cards have no reasonable value. The set of cards is then sealed in a soft plastic sleeve and placed with the invoice in an envelope. If there are more than 4 cards in an envelope, a stamp is required otherwise a stamp is not needed. Small orders are grouped together into large post office bins for bulk mail shipping. The large order packing process is similar to that of small orders, with a few key differences. The packer first checks the invoices to see if there are multiple orders from the same customer. After compiling all the appropriate cards from all the invoices, the packer then assess which cards are considered “valuable” and will put those cards in a heavier protective plastic sleeve. This assessment is rather arbitrary, where there is not a clear system for how to judge whether to protect the cards with the heavier card sleeve, but is generally left to the judgment of the employee. The packer will then check the invoice or label to see if it is Regular, First-Class, or Priority mail, and place the cards and invoice into an appropriate envelope. Finally, the label is attached to the outside, covering the envelope seal for extra protection. The board game packing process begins with finding the weight and dimensions of the board game package and inputting them into a computer system, this system calculates which form of packaging will be the most cost efficient for a specific game going to a specific address. Games that go in envelopes or flat-rate shipping will simply be packed in the appropriate containers. If first class parcel is selected as the most appropriate for the game board, the packer will travel to the store warehouse and spend a reasonable amount of time finding a best-fitting box, which can be inefficient.
  • 13. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 13
  • 14. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 14 POST OFFICE DELIVERY Every few days, enough bulk mail orders are queued up to necessitate a trip to the Post Office. This is done whenever the number of bulk mail orders is over 500 waiting or approximately three full bins of bulk mail orders. An employee with a car will take all the bins of orders and sort them so that all the local bulk mail is in one group and the priority and large orders for that day are in another. The remaining bins of bulk mail are put in another group for processing. All the mail is loaded into a car, and the employee verifies if any new stamps need to be purchased for further non-bulk mail orders. The employee drives to the Bitter Lake Post Office and unloads all the mail in the back door where the Bulk Mail office is. The post office employee weighs the bulk mail and calculates the cost, then provides the Green Lake Games employee with an invoice. The Green Lake Games employee then takes the invoice to the front counter and pays for the bulk mail and any needed stamps.
  • 15. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 15 STRUCTURAL ANALYSIS The structure of the information that Green Lake Games uses comes mainly in the form of customer shipping addresses and product data. All of this is used in the company’s shipping system in a variety of formats, ranging from computer databases to printed sheets. PULL SHEETS Pull sheets are printed pages of paper which detail the products that have been ordered online. There are three vertical columns on these pages: quantity, name, and information. Quantity is the number of a given product that must be pulled. Name is the name or title of the product. Information is the state of the card: regular or foil. Foil is a glossy finish on the card that increases its value and regular is default. Additionally, there is subtext underneath the name which gives the condition grade and language of the card. These pull sheets are divided by bold headers that describe the category of the products. Within each of these categories, all products are listed alphabetically. Once the compilation of the pull sheets is understood, their practicality becomes apparent. The form mimics the physical arrangement of the cards in the inventory storage room. Each header correlates with a storage drawer with a matching name. In this drawer lies all of the cards in alphabetical order. This then is easily traversed using the alphabetized list on the pull sheet. Next, the desired quantities are removed in an orderly fashion and we are ready for the next stage of the system.
  • 16. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 16 SHIPPING LABELS Shipping labels come in three varieties--those for parcels, letters, and small orders. They are stickers with various shipping information that the staff places on packages to be mailed. They contain the customer’s shipping information in the middle, the return mailing address of Green Lake Games in the upper left corner, the shipping class (priority, first class, standard, etc.) in the top right corner, and the tracking information with bar code at the bottom* Examples of shipping labels Other shipping information indicating the payment of shipping fees, payment rate, date of shipment, and zip code of sender. *small orders (usually 1-4 cards) only contain the customer shipping information and are put together with other small orders in bulk in a special type of envelope with a label to indicate bulk shipping. A bulk envelope with shipping label
  • 17. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 17 CUSTOMER INVOICE The customer invoice contains information about the various purchases made by the customer in their order (with prices and product names) as well as shipping information (customer shipping address) and order information (order id, order date, customer name, phone number, items in order, and sender name). There is also a bar code for matching the invoice to the order id. At the bottom there is an area showing payment information of the customer. A customer invoice
  • 18. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 18 These invoices are sent to the customer along with their orders for their own information. There are also smaller receipts which contain the same information but in a condensed manner for small orders. A small order invoice
  • 19. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 19 ENTITY RELATIONSHIP DIAGRAM AND ANALYSIS An Entity Relationship Diagram represents the structure of unique information produced and contained in the system. We call the data structures producing and containing information entities and the diagram seeks to study the relationship between these entities, hence the name. Through this diagram, we sought to capture the attributes of each entity and the general nature of data in the system. Entity-Relationship Diagram
  • 20. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 20 Green Lake Game’s order processing is structured in a way that data is pulled from both the product and customer into the customer’s order which is then consolidated into a shipping label for shipping purposes. There are also additional data structures like the invoice and pull sheets which are not modeled here because they merely replicate data from the order for various purposes as opposed to contributing new data for the system. A line item table acts as an intermediary between products and the customer’s orders for orders with either multiple distinct products or multiple quantities of the same product. In most cases the data model is sufficient for Green Lake Game’s needs and covers the order processing and shipping methods in a well-tested manner. One minor issue is that there is no easy way in the client system to illustrate the relationship between customers and orders and how customers may have multiple orders. Even though one order may have many products, there are some customers who place multiple orders because they do not fully understand the online shopping features or for various other reasons. This can cause a headache for the shipping employees as they try to match orders to customers but have trouble distinguishing between two orders from the same person or two orders by two separate people with the same name. If multiple orders could be consolidated into one by the online system, Crystal Commerce, or if there was a more apparent way to link orders together (like a username or some sort of unique identification for each user who orders online) then that would greatly help ease this problem. Another minor issue is that data entry from products relies on a hugely manual method where each product must be specially analyzed. This is a slow and tedious process but may be absolutely necessary given the nature of the work and Green Lake Games has defined methods to make the process easier. Nevertheless this is an issue that is out of context with our chosen task of analyzing problems associated to order processing and shipping.
  • 21. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 21 SECURITY ANALYSIS Security is a cornerstone to any user’s dependability in any given system. When purchasing and trading items in good faith over the internet, users make themselves vulnerable by supplying sensitive information to the vendor such as their names, home addresses, and credit card details. In order for that vendor to retain users and match their expectation for responsible security, they too must act in good faith by practicing holistic, up-to-date security measures in that transaction. After companies’ poor security practices have been revealed, it is very difficult, if not impossible, for them to fully regain the users trust. Rather than working tirelessly to correct security leaks after-the-fact, an optimal system would embed values of proper security as early as in the design phase. It is, of course, never too late to implement sufficient security measures. This is a small, yet invaluable aspect of a proper system design. USER AUTHENTICATION ANALYSIS A wise man named Dr. David Stearns once told us, “the best way to do user authentication...is to have someone else do it.” Green Lake Games has the fortune of having user authentication, on every front, covered by Amazon or CrystalCommerce. The information Green Lake Games receives from Amazon, of which the vast majority of orders are placed, are: the items a customer has ordered, a masked-Amazon email address for that customer, their Amazon tracking number, their mailing address, and their phone number. The email address listed is masked, and therefore a controlled variable due to Amazon’s “fake” email address generation process, this is a factor of Amazon’s security. Sign-on, user authentication, and payment services are handled within Amazon and then only the necessary information is passed on to Green Lake Games to complete the order. This is a benefit to Green Lake Games because no store resources need to be spent on authentication. Similarly, CrystalCommerce handles customer information for orders placed through them and keeps payment information secure. The last four digits of credit card numbers are stored within CrystalCommerce, but are not accessible to the employees. Additionally, CrystalCommerce operates a Fraud Detector that monitors IP addresses of users. Once the order details are synchronized from Amazon into CrystalCommerce’s order processing database, a Green Lake Games employee uses CrystalCommerce’s login to authenticate themselves and view received orders. Only the owner and designated
  • 22. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 22 employees have the clearance and password to sign-on to CrystalCommerce. Once the browser is signed-in, there is at least one employee stationed on the computer at all times to maintain the physical security of the machine. During the order packing process, there are order invoices containing sensitive information that are physically in motion. As outlined above, this includes the user’s shipping address, email address, phone number, and Amazon tracking number (if applicable.) Green Lake Games controls this potentially sensitive information during the order packing process by using specialization amongst employees and secure disposal. The employees packing the orders have the authorization and knowledge to do so securely and keep everything within line-of-sight at all times. In the instance of any leftover or unused invoices, those invoices are shredded and disposed of. The final leg of the shipping process is handled by either the post office’s employees during store pick-up or by an authorized Green Lake Games employee who personally delivers orders to the post office. The actions I have listed are all internal of Green Lake Games or its sourced vendors; end users have virtually no ability or authentication within the system. Outsourcing payment processing and user authentication to the services of Amazon and CrystalCommerce relieves a tremendous amount of risk from Green Lake Games. Data Flow Diagram with Trust Boundaries illustrated
  • 23. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 23 AMAZON / CRYSTALCOMMERCE TRUST BOUNDARY Since this trust boundary exists between two external vendors in our system, we are not considering it within the scope of our analysis. However, it is important to note that it exists. If those trust boundaries are breached, the impact could affect many different parts of Green Lake Games’ business model, including the shipping processes. CRYSTALCOMMERCE / GREEN LAKE GAMES TRUST BOUNDARY Common threats by spoofing include fake emails or websites sent to employees to gather data or login info. These are very common on the internet and many email servers and modern day browsers can detect these frauds but due to the widespread nature of this phenomenon it is still a likely threat for Green Lake Games which leaves potential access for compromising the whole system. In order to counter this Green Lake Games can educate employees on how to avoid spoofers, use a service with stronger filters for email, restrict usage of the computer for business only, and keep the system up to date. This is a threat that can be completely avoided if these proper prevention techniques are used. Hacking into the CrystalCommerce site and changing customer data is a method of tampering that could potentially be used to steal orders or sensitive information of the customers. This would likely lead to decreased customer trust in Green Lake Games, as well as potentially create liability costs and lawsuits against Green Lake Games. However, as Green Lake Games is not a major corporation, we can assume that not many enemies exist with high-levels of combined motivation and skill to hack Green Lake Games website or the Crystal Commerce system. As such, this threat is not very likely. Most fixes for this tampering are out of Green Lake Games hands directly, although following proper online safety standards and investing in web security for the website will help. Similarly, hacking into the CrystalCommerce site and removing customer orders that have already been shipped is a form of repudiation that is not directly stealing, but does interfere with the shipping process and damages customer relations. Like the prior hacking threats, this is not very likely and as such the same mitigations of improved web security and safety standards apply. Finally, hacking can be used to gain customer data in an act of information disclosure that could severely hurt the customers and lead to lawsuits and liability costs for Green Lake Games, not to mention the decreased customer trust and
  • 24. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 24 relations. This is an unlikely, but still potentially threatening, event that improvements in web security and online safety will help mitigate. Shoulder-surfing customer data in store during order processing or shipping/packaging processes is another way someone could disclose information. However, as the shop is relatively small, closely monitored, and has low levels of traffic this threat is not very likely. The effects of this one would be relatively small scale if to occur and may just result in one dissatisfied customer which is still a liability for Green Lake Games. Improvements in store policies to protect customer data and employee training can help mitigate this threat. Taking down the CrystalCommerce site can lead to a Denial of Service which could setback Green Lake Game’s activities indefinitely. Since Green Lake Games is usually not the target of such threats and the traffic on the site is usually not very high, this threat is not very likely. It is advised to watch server performance and adjust as necessary but this is relatively in the hands of Crystal Commerce, so fostering transparent relations with CrystalCommerce is crucial. Someone can steal user logins to the CrystalCommerce site to access it as an employee as an elevation of privilege attack to severely compromise the system’s performance and steal sensitive information. This is threat is likely as this information is in the hands of employees and could potentially be breached in varieties of ways. It’s important to protect sensitive user account information by requiring mandatory password changes for employees in order to mitigate this threat. GREEN LAKE GAMES / U.S. POST OFFICE TRUST BOUNDARY One common spoofing threat that would arise from Green Lake Games’ relationship with the U.S. Post Office would be an individual posing as a Green Lake Games employee, and tampering with the mail at the Post Office. Though this threat is not likely, it could have a significant impact on the business: high-cost orders could be regularly and easily tampered with, which could severely impact Green Lake Games’ revenue stream, and limit their product stock. To mitigate this threat, a regular checking of identification could be done - each time a Green Lake Games employee interacts with the U.S. Post Office, the employee would show proof of employment, to assure that the mail does not get tampered with. In addition, bulk mail could only be delivered to the Bitterlake Bulk Mail Office employee, to assure no unverified employees are involved.
  • 25. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 25 One possible tampering threat involves damaging Green Lake Games’ mail, and stealing its contents. Due to the value of some orders, and the high volume of general theft, this threat would be a likely one. This threat would also be of high impact to the business, as stolen goods lead to losses in revenue and stock, as well as loss in trust in the business itself. To mitigate this tampering threat, each employee should make sure each piece of mail is properly sealed and securely transferred. In addition, sensitive information such as tracking numbers and addresses should be kept in safe hands. The most likely repudiation threat involves the proof of an individual ordering making it to the Post Office. There is no repudiation with Bulk Mail processing for individual orders, which is simply a part of the cost of business with having a bulk mail license. This means that lost parts of these bulk orders may go unaccounted for. Due to the frequency of orders and shipments, this threat is a likely one. To mitigate this threat, the most expensive pieces of each bulk order could be verified, to make sure they were not lost. Losing smaller, low-cost parts of the order could be accepted as cost of business, and would not be checked. One relevant information disclosure threat would be scanning and opening envelopes for phone numbers, email addresses, and physical addresses. Though this threat is not likely, as there is little interest to do it, it still serves as a threat to customers and the business. Basic pieces of information can be used to breach other sources of information, and are a serious violation of a customer’s privacy - customers expect their information to be kept private, and have a level of trust with the business because of it. To mitigate this threat, all packages should be properly sealing and transferred. In addition, proper storage and disposal of sensitive information should be done, including shredding unneeded sensitive documents. One possible denial of service threat at Green Lake Games would be if the Post Office were closed. Green Lake Games needs to the Post Office to conduct their shipping procedures, and cannot do so if it is closed. Though this threat is not likely, as the office is usually open, not being able to do shipping procedures at any given time would really set back Green Lake Games schedule. Always checking the status of the Post Office before leaving the store would be an easy way to mitigate this threat. Another possible denial of service threat at Green Lake Games would be if a driving route were crowded and overflowed. This is a likely threat, as urban traffic is often unpredictable, and can seriously change the amount of time it takes to travel between two places. This threat could severely impact the efficiency of Green Lake Games operations, where driving times to areas take much longer than anticipated. To mitigate this threat employees should check online traffic maps before leaving the
  • 26. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 26 store, so that they can account for the level of traffic on the roads. In addition, deliveries should be scheduled for earlier in the day, where there is generally less traffic and crowding. The most probable elevation of privilege threat would be a person stealing payment checks from the Green Lake Games employee and using it to buy alternate products. As the theft of individual checks is rarely done anymore, this threat is not likely. Mitigating this threat would involve training all employees on proper handling of employee checks, and how to handle any issue with a check so that the check issuer can be contacted and the proper fraud report is handled in a timely manner. SECURITY BREACH RESPONSE PROCEDURES Currently there is no particular response plans if Green Lake Games suffers a security breach of some sort. Since a majority of the information is handled within the Crystal Commerce and Amazon system, breaches will occur mainly inside the vendor side of the trust boundaries of the Data Flow model. Two specific processes were noted as the probable response path from their General Manager, as mitigation processes to handle supposed data breach scenarios. 1. If a data breach has occurred on Amazon or CrystalCommerce, then Green Lake Games would reset the passwords of all their accounts on both of those systems to remove that as a potential avenue of attack. The same would be done of all Green Lake Games email accounts, to cover the potential compromise of other systems. 2. If a list of affected customers is known, then an email would be crafted by Customer Service to inform the affected customers about the breach. No other notification techniques would be utilized in this situation. One of the major concerns of the Green Lake Games organization is the trust of their customers, especially when dealing with the volatile nature of online sales. By reducing the visibility of the breach, they hope to maintain the implicit assumption of safety that their customers would have by ordering from them.
  • 27. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 27 ANALYSIS While Green Lake Games has a variety of avenues that a potential threat can utilize to interfere with their regular shipping operations, the likelihood of many of these security breaches are fairly low. A majority of the reason for this is because the impact of any particular order is low, with most orders being only a couple dollars at most. The only Personal Identifiable Information that is utilized in the system is contact data, which has little value to an attacker without a specific motivation. Thus, the low cost of a majority of individual orders, along with many of the internal processes being manual in nature means that an active threat would either need to have access to a method of identifying specific orders, either for the PII or for the contents of a particular order. Furthermore, a majority of the security processes are handled by the external vendors, so the controls that can be utilized to mitigate these particular attacks are controlled by them. For these reasons, it’s important for Green Lake Games to continue to build the relationships with these vendors so that security issues can be identified and communicated quickly in this ever-evolving world of security. Thus, it would show that Green Lake Games has two attack vectors they would need to be most cognizant about. First are the larger generalized threats that are not malignant in nature, but originate from more natural threats, such as inclimate weather or changing traffic patterns. Having backup procedures ready in case large amounts of physical information are affected, such as a disaster destroying the orders being stored for delivery, or orders being worked on by employees on any given day. Second are the targeted attacks that are internal in nature, since the value of any particular order would require internal knowledge and access to the physical space where orders are processed. This can be mitigated through strong physical controls, such as making sure all orders and their representative components are always in the hands of employees. Additionally, care should be taken in ensuring all new hires at the company are trustworthy and would not have any reason to exfiltrate products or information for their own purposes. However, it is still important to consider all the security implications in the shipping process and maintain all the free or low-cost controls that can be used to alleviate any potential breaches. By periodically checking and updating the controls that are in place, a secure environment can be maintained throughout the entire work flow at Green Lake Games.
  • 28. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 28 CHANGE PROPOSAL Due to Green Lake Games’ development of a very efficient process over the years, there are no big issues that could potentially compromise the whole system. As such we have not identified just one problem and changes to that specific problem. Instead what follows is a list of refinements to the order processing and shipping system. One notable problem is the complexity and requirements in the Order Sorting process. This procedure is tightly coupled, so that if one part of the task breaks, the entire process will cascade into failure and need to be started over. In addition, it’s highly complex with many different tasks done in a process that is known to only a few employees. These processes can cause setbacks and delays in the process, or can lead to packing errors which would need to be tracked down over the rest of the day. There are two options that we can recommend to alleviate these problems: ● Create a posted document of the task process or workflow diagram in a place that is easily accessed. This can be done with a low cost up-front, and would only need to be updated periodically as other changes come by. There is a medium benefit to this, as it will help reduce potential errors during the process by having a visual aid while working. ● Install MediaWiki* software on Green Lake Games hosted webspace, a free open-source wiki software package. Here, tasks can be documented in a way that all employees can access and understand. The initial investment would be small, since MediaWiki is free, but there still is a medium cost, since employee hours would need to be devoted to document tasks. We believe that this has a high benefit, though, since it will allow employees to cover tasks when needed. This will alleviate stress on the people with specific process knowledge, allowing them to not worry about the store if they are sick or on vacation. * http://www.mediawiki.org/ A common problem is distinguishing multiple orders placed by the same customer in the system. While this is not a common issue, it does occur when customers do not know how to properly utilize the online order system and can cause a headache for employees when they are processing these orders for shipment. There are two solutions we recommend for this problem:
  • 29. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 29 ● Appeal for changes in the online order system to Crystal Commerce that would combine multiple orders before they are even processed. This is a medium to high cost solution that possibly requires implementation of new software functionality. This is a medium benefit solution as it would completely alleviate the problem but at the same time the problem may not be significant enough to warrant such an investment. ● Use some sort of quick identification tag for customers in manual processing of orders before preparing shipments. This can be relatively easy and low cost to implement with just pen and paper, but will require some changes in procedure and thus training on behalf of the employees. While still requiring some manual processing on behalf of the employees, it would go a long way in improving efficiency overall and be an overall medium benefit solution. The next notable problem involves the Order Sorter’s order processing tasks in CrystalCommerce. The Order Sorting requires a specialized employee to undergo time-consuming, tedious, and prone-to-error tasks in CrystalCommerce. For reference, these tasks include grouping large and small orders into “Preorders” and “Processing”, respectively, manually assigning each order an order weight and shipping grade, and manually adjusting shipping label printing settings using pre- formatted Microsoft Word and Excel documents. There are three suggested solutions to improve this process: ● Increase CrystalCommerce’s capability to automate sorting of large and small orders, using business logic provided by Green Lake Games to determine the rules of the categorizations (ex: “if order items are more than 10, place in ‘Large’”) under the oversight of employee that currently does the process manually to ensure correct decisions are made. Going hand-in-hand with this added feature would be dedicated categories for “Large-Processing” and “Small-Processing” orders rather than resorting to using “Preorders” for large. The cost is low for this because CrystalCommerce is a proprietary service that Green Lake Games is already partnered with and this would be implemented by CrystalCommerce, externally. The benefit is medium for this implementation because it would create a less error-prone and more time-efficient order sorting process. Additionally, the higher-specialized employee originally doing order sorting could either continue overseeing this process OR spend time on any other matters at hand and hand this off to a less-specialized employee that could be more capable now that automation is in place. ● Create software to be run complementary to CrystalCommerce that’s job is solely to run scripts that execute the differing one-by-one tasks the Order
  • 30. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 30 Sorter completes when they use the Word and Excel documents to arrange printing successfully between items. This could also be implemented into CrystalCommerce as a plug-in and used with just a button or tab in CrystalCommerce. This could have a friendly and direct UI. The cost is medium for this because it would require a developer to create this piece of software. The benefit is low because it would make the process easier, more structured, and more time-efficient, but the specialized employee already has this knowledge and nothing would be done better from a functional standpoint. Rather, it would be done more securely. ● Assign each inventory item a weight in CrystalCommerce’s system that will be automatically considered during shipping grade choice and produce accurate total shipping weights. The cost is low for this because coordination between Green Lake Games’ management and CrystalCommerce could implement this ability. If weights of all items in current inventory are ignored, but all weights of incoming shipments of inventory are recorded into a database as they arrive, eventually the database would be complete (Chinese proverb: the best time to plant a tree was twenty years ago; the second best time is today.) The cost would be medium for this if a route independent of CrystalCommerce was taken. This could be accomplished by managing a Relational Database Management System (RDBMS) independently, such as Oracle* and MySQL*. There is a medium benefit to this because while the specialized employee already has sufficient knowledge or order weights to simplify the process, new weights will always come into play and this would be an effective way to store this knowledge to pass it down. This promotes scalability of the system. *http://www.oracle.com *http://www.mysql.com Packaging board games for first parcel involves eyeballing various boxes in the warehouse, and arbitrarily picking the most appropriate box which can be time consuming and inefficient. There are two solutions to this problem: ● Each board game’s dimensions and weight can be logged with an appropriate box size and available boxes can be organized by dimension in the warehouse. This will allow for finding the most appropriate box nearly instantaneously and also ensure that the box used is the most space efficient box that is available. Overall this is a medium benefit solution as it would save a lot of time and is relatively low cost to implement but will require an initial investment in time to organize the boxes and subsequently maintain the organization.
  • 31. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 31 ● Another medium benefit solution is to have standardized box sizes that are chosen based on the most-purchased board games and most-used boxes. This solution is at a mid-level cost range as it requires purchasing standardized boxes and sacrificing having the most space efficient boxes in favor of standardized sizes. In the long run however, there would be no need to measure any boxes or board games and finding the right box will be a quick and easy process. The system in place doesn’t scale to higher dimensions very well, in particular due to restrictions on physical space and product storage. If there is a significant increase in orders, Green Lake Games is restricted in capacity by the size of its facilities. The throughput of particular processes is limited by the space available to employees and inventory. This is further compounded by much of the active space in the store being used for customer events. The events are a key part of Green Lake Games core mission, so restructuring those is not included in our analysis. However, if business continues to grow, this might be one of the main problems that Green Lake Games would face. Here are two suggestions that we can provide. ● Altering the times that shipping and packaging are done would help keep any space conflicts between events and the shipping employees to a minimum. Events primarily occur in the evenings, so starting the Order Sorting process early in the morning would provide time to complete the daily shipping processes even if an abnormal number of orders are present. There is little cost to this, as it would require scheduling employees slightly differently. There is only a small amount of benefit to it a well, unless the number of orders starts increasing on a consistent basis. Then, this may be a excellent measure to implement. ● Another suggestion is the locating of a larger space to operate out of. This may be done by finding a separate location to handle shipping, keeping the retail store in its current location. The potential for additional space can allow for no restrictions on shipping and packaging processes, and keep it from interfering with in-store events. There is a very high cost to this, though, as larger space is not cheap in the Seattle area and moving would cause a whole host of other issues that would need to be addressed. There is a high benefit to this, however, as additional space can allow for much larger throughput in order processing, leading to larger profits in the wake of increased sales.
  • 32. INFO 380 - Team AE5 - Green Lake Games Shipping Analysis Project 32 APPENDIX A: WORK FLOW DIAGRAM As the complete Work Flow Diagram is too large to fit in this document, it is presented as a separate diagram for use by Green Lake Games.