This section presents the results from a diagnosis of compliance with the ISO 10008 standard in the computer microenterprise. Furthermore, a proposal is presented to improve the e-commerce platform development process for a computer microenterprise, which is the objective of this research.
4.1. Stage 1: Diagnosis of Compliance with the ISO 10008 Standard in the Computer Microenterprise
For the elaboration of the results on the diagnosis of compliance with the guidelines of the ISO 10008 standard, as a first step, an analysis of the computer enterprise was carried out using a SWOT analysis and map process to establish its management system, in addition to creation of flowcharts. Secondly, two e-commerce platforms previously developed by the computer microenterprise were analyzed, to determine their grade of compliance with the guidelines of ISO 10008 standard.
For this, the standard was investigated, and the operation of the microenterprise was analyzed, focusing mainly on the development of electronic commerce platforms, one of its main lines of business. In the final part of this section, the results of this investigation are analyzed through interviews carried out with two clients of the computer microenterprise.
4.1.1. SWOT Analysis
A SWOT analysis of the microenterprise is presented below. Internally, one of the company’s main strengths is that when it delivers an e-commerce project to a client, the training is complete and detailed so that customers are satisfied. The main weakness of the platform development process is that it needs to use formal procedures. Externally, the foremost opportunity for microenterprises and their operations is the existing alliance with the Valdivia Business Development Center, in which potential clients are registered. The main threats are that the supply has increased due to the increase in demand for electronic commerce platforms, and there is more competition in the sector; see
Figure 1.
4.1.2. Process Map and Flowcharts of Computer Microenterprise
In this part, the analysis of the management system of the computer microenterprise is presented.
Figure 2 shows the process map of the computer microenterprise. This presents three categories of process: strategic, business, and support. Three strategic processes are identified: “strategic plan”, “to manage H&D projects”, and “services sales”. While the business processes recognized are: “mobile app development”, “e-commerce platform development”, and “e-invoice”. Finally, five processes are identified as support processes, including “administrative management”, “budgets”, “subcontracting management”, “service management with supplier”, and “purchase management”. This study focuses on the business process named “e-commerce platform development”, which includes the sub-processes “planning”, “development”, and “delivery” of electronic commerce platforms, for the improvement proposal.
Furthermore,
Figure 2 shows customers such as micro-, small-, and medium-sized enterprises. Further, relevant stakeholders are shown: Transbank, the government tax’s office, the business development center of the city, among others.
The computer enterprises of this study offer as products or services e-commerce platforms, web development, mobile apps, and e-invoicing services.
The business processes are detailed below.
- (a)
E-commerce platform development: Tailor-made platforms are developed, mainly for customers who require an electronic commerce platform designed with Woocommerce and Prestashop content management systems.
- (b)
Electronic invoice: These implementations are addressed jointly with the partnership’s alliance with other company and the main sub-processes of quality control and sale of these services.
- (c)
Mobile app development: Application development projects address custom mobiles compatible with IOS and Android in frameworks and platforms such as React Native for mobile applications and Vuejs, Nodejs, Expressjs, Mongodb, Reactjs, and Firestore administration WEB, among others.
The main process to be addressed in this study is e-commerce platform development, which has been divided into three sub-processes: planning, development, and delivery.
Planning Sub-Process: The development team (general manager, developer, and architect) prepares the electronic commerce platform required by the client based on their requirements and needs. Between two and three design proposals are made so that once the client approves it, progress can be made on what is required by said client.
Development Sub-Process: The project is technically carried out, implementing all the software technologies recommended by the company’s architect. Subsequently, the progress is shown to the client, and once feedback is received from the client, according to the initial requirements, the validation is supported using a meeting’s report. Once said development is finalized and endorsed by the client, the manual is written with the instructions for using the electronic commerce platform. This must be reviewed by the company’s manager.
Delivery Sub-Process: The e-commerce platform is delivered to the client. The milestone activity for this stage is to train the client and provide their user manual, considering a time of 2 to 3 weeks of accompaniment where the client tries the platform and corrects situations that may arise.
4.1.3. Compliance with the ISO 10008 Guidelines on Two E-Commerce Platforms Developed by the Computer Microenterprise
The final results of the compliance with the international standard ISO 10008 regarding the two selected companies are analyzed in this section. The summary information of the analysis of the responses of the semi-structured interviews was information captured in the gap analysis matrix, with predetermined and unstructured questions to the owners of the companies “Comp 1” and “Comp 2”. In these interviews, what was mainly sought was to know the level of compliance with the standard and its guidelines. The gaps analysis identified the general metrics for compliance with the ISO 10008 standard’s guidelines for Comp 1 was 64%, while Comp 2 obtained 63%, both similar results. For this, recommended techniques from the book “The integrated use of Management System Standards” [
37] were used.
We applied the gaps matrix to obtain the compliance analysis based on chapters 4 to 8 of the ISO 10008 standard for Comp 1 and Comp 2;
Table 1 shows an extract for better understanding.
Table 3 shows details of the level of implementation described above in the two companies, by chapter of the ISO 10008 standard.
In general terms, in both companies there was high compliance in chapters 4, guiding principles, and 6, single-phase processes. While chapter 8, maintenance and improvement, had the lowest compliance.
For a better understanding of the grade of compliance with the ISO 10008 standard of the e-commerce platforms analyzed, examples of some of the controls that are met and others where improvement is needed are presented.
In the case of Comp 2, the guideline “4.10 consent” was fulfilled. Since the terms and conditions are shown clearly at the moment of a consumer’s registration on the e-commerce platform, consumers can accept these terms informedly. Another guideline complied with is “4.11 fairness”, because the platform was developed with adequately sized letters and with a simple interface so that adults can understand and use it easily and fairly.
Comp 2 met the “4.15 security” guideline, since a secure sockets layer (SSL), an encryption-based internet security protocol, is used for browsers and servers, that allows the authentication, encryption, and decryption of data sent over the internet. In other words, credit cards are encrypted when making purchases on the e-commerce platform. In Comp 1, this is also covered, and in addition to this, system files are protected in terms of information security from phishing (disabling file permissions) and password breaches. In chapter 5 “business-to-consumer electronic commerce transaction system” of ISO 10008, Comp 1 presented a compliance of 44%, while Comp 2 obtained 46%. For instance, in relation to the “5.2 objectives” guideline, in both of the analyzed e-commerce platforms, the objectives and their compliance with performance indicators were not determined.
In chapter 6, “single-phase processes”, specifically in “6.2.5 payment selection support”, the companies had low scores, since in Comp 1 there were only two payment methods (bank transfer and Webpay Plus) and in Comp 2 there was one payment method (Webpay Plus), while the standard recommends providing the consumer with as many payment methods as possible.
Regarding “6.1.2 content creation”, which poses that e-commerce platforms should show information about their products [
25], in both of the reviewed platforms complete descriptions of the products were not included. Furthermore, since both e-commerce platforms offered food, they should comply with the regulation in Chile about informing the consumer of restrictive labeling such as calories, sugars, saturated fats, and sodium, but that information was not shown in the content. Moreover, “6.1.4 content governance” establishes that “An organization should continually ensure that the content of the B2C ECT interface is complete, accurate and up-to-date” [
25].
Concerning compliance with chapter 7, “multiphase processes”, it was 48% in Comp 1 and 55% in Comp 2. Regarding “7.1.2 B2C ECT code”, which is intended to address the organization’s promises to consumers [
25], in both study cases these were not included. However, in Comp 2 there was information on ordering procedures, product processing, information security, product delivery procedures, product corrections, exchanges and returns, consumer support, and handling of complaints, however, there was no management of customer feedback and complaints and information security policies, all topics on which companies can make promises. On the e-commerce platform of Comp 1, there is not complaint handling, external dispute resolution, or feedback handling, since if there is a complaint or problem it is resolved directly by phone.
In chapter 8, specifically “8.1 collection of information”, it points out that companies should collect information to evaluate the performance of the B2C ECT system [
25]. In this study case, both companies do not have enough information for that. For instance, the time customers stay on the platform, and records/history of failed transaction claims, among others. Concerning “8.2 evaluation of performance of the B2C ECT system”, neither company performs internal audits.
In relation to the final results of this study,
Figure 3 presents a radial graph of the analysis of compliance with the 58 controls established in chapters 4 to 8 in the ISO 10008 standard.
4.2. Stage 2: Proposal to Improve the E-Commerce Platform Development Process
As explained before, the e-commerce platform development process in this study is composed of three sub-process: planning, development, and delivery. Therefore, to present a proposal to improve the process, it was necessary to work in these mentioned sub-processes.
In the sub-processes of planning, development, and delivery of e-commerce platforms, new process diagrams were proposed to achieve the guidelines of the ISO 10008 standard. The mapping technique [
37] was used to identify the requirement or guidelines to comply with for each activity. The activities that have been incorporated or improved are highlighted in red.
In general, the sub-process with more modifications was the planning process, which is shown in
Figure 4 and
Figure 5.
The main change in the planning sub-process was the generation of a complaint follow-up channel, which allows the company to respond to the needs of consumers, thus achieving follow-up. This change was proposed to respond to “4.9 responsiveness” [
25].
To develop the complaint follow-up channel, form 02, named “claims, complaints and their handling”, was created. It includes the objectives of the system related to claims and complaints, scope and purpose, and personnel in charge, among others; see
Figure 4.
Furthermore, a new activity was included for defining the objectives of B2C ETC by the client of the computer microenterprise, shown in
Figure 4, regarding the “5.2 objectives” guideline [
25]. In addition, an activity with the use of forms to evaluate the owner of the e-commerce platform’s capacity to have sufficient resources for managing the system, according to the “4.3 capacity” guiding principle.
For the planning sub-process, shown in
Figure 5, a new activity was to create the system and design proposal considering the “6. single-phase processes” and “7. multiphase processes”, taking into account “6.1.2 content creation”, since it affects the development of the e-commerce platform. Furthermore, the “5.1 framework” should be considered for managing the B2C ECT system of the client by analyzing the market to understand how they have approached similar issues.
In the development sub-process, one of the main changes was to consider a test plan for its implementation, using form 05, named “design of test plan for single-phase and multiphase processes”. This test considers how the e-commerce platform performs sales, detects possible failures, and incorporates new products, to see that they are correctly shown. In other words, this phase considers performing simulations of consumer electronic commerce transactions, for a better comprenhension to see
Figure 6.
In the delivery sub-process, one of the most significant changes proposed was to create a support module in the web page of the computer microenterprise for keeping a claims registry, achieving better follow-up of solving these issues in a timely fashion on the e-commerce platform developed; for a better understanding, see
Figure 7.
4.2.1. Improvement Proposal Forms
The improvement proposal considers 12 forms related to the gaps detected. In the present study, eight forms have been adapted from Vargas-Villarroel’s research [
34]. These adaptations focused on the differences and particularities of this investigation. Forms 03 to 06 and 09 to 12 were adapted. In addition to this, four new forms were prepared for the e-commerce platform development processes, which are the following: 01 company capacity form, 02 claim, complaints and their handling, 07 evaluation of supplier, and 08 payment methods, based on Monsalve Obreque’s research [
6]. Presented below is a summary of the 12 forms.
Form 01. Company capacity
Find out if the company will have the ability to take over your e-commerce platform. This will help to make a better decision for the clients and their responsibility with the guidelines.
Form 02. Claims, complaints, and their handling
Define the tasks of who will be in charge of helping if there is a problem, the response times, and the appropriate solution times when someone needs help with a problem.
Form 03. Collection and evaluation of electronic commerce platform information
Structuring information collection of the guidelines, both new and those after implementing an electronic commerce platform.
Form 04. Objectives and indicators of the electronic commerce platform
Take note of the system’s objectives and consider the indicators, goals, and how often these indicators will be measured.
Form 05. Design of the test plan for single-phase and multiphase processes
Establish what tests will be carried out and their details. This will allow an order to be established in the trials and their acceptance criteria to analyze the system’s stability.
Form 06. Resources needed
Evaluate all the resources and costs effectively involved in developing the e-commerce platform.
Form 07. Evaluation of supplier
Assist in evaluating or re-evaluating a supplier based on information from their supplier.
Form 08. Payment methods
Suggest having at least two payment providers so that end users have more than one alternative when paying online. The provider can be evaluated more objectively since the cost of the means of payment is analyzed, as is how long it takes to transfer to the owner of the electronic commerce platform, and ease of use, among other things. In other words, this form makes it easy to obtain information about which payment methods will be included in the e-commerce platform, in
Table 4 is exposed an example of application of this form in Comp 2.
Form 09. Declaration and preparation of code of conduct
The declaration and preparation of a code of conduct regarding the relevant aspects of B2C ECT; for example, a promise regarding its products, order procedures, product processing, the privacy of personal information, information security, delivery procedures of products, product corrections, exchanges and returns, consumer support, complaint handling, or other. Any promise can be displayed on the platform’s home page. In
Table 5 is shown an practical example of a conduct code using a section of form 09.
Form 10. Privacy and information security
Define privacy and security policies. For all of the existing definitions in the company, define them, work on them, and later make them transparent on the electronic commerce platform.
Form 11. Monitoring and measuring satisfaction
Establish the purpose of monitoring and measuring customer satisfaction. This form is essential to measure the performance of the platform in terms of the number of quarterly complaints, for example, the number of quarterly errors and bounce rate, among other relevant indicators.
Form 12. Continuous system improvement and review
Establish if there are opportunities for improvement in the electronic commerce platform, solve it, and follow up on the case.
4.2.2. Recommendations
The recommendation for the computer microenterprise is to pay special attention to compliance with the guidelines in chapters 5, 7, and 8 of the ISO 10008 standard, because compliance was lower than for the guidelines in chapters 4 and 6.
For chapter 5, the organizations should determine the system’s measurable objectives associated with indicators that are monitored periodically. It is suggested to include the handling of complaints on the platform.
Concerning chapter 7, the owner of the e-commerce platform should prepare a complaint management strategy and privacy policies accepted by the client and informing them how their information could be retained and used.
Regarding chapter 8, it is recommended that the microenterprise advises its clients so that it systematically collects information on the performance of the platform to verify the achievement of its objectives. In addition, the company that owns the platform should make use of some method to evaluate the satisfaction of their customers and be able to improve their system over time. For this, they must evaluate improvements occasionally and/or avoid problems with preventive actions.
It is concluded that there is a need to evaluate improvement strategies in the developments carried out for Comp 1 and Comp 2 in guideline 5, BTC ECT systems, in guideline 7, multiphase processes, and principle 8 of maintenance and improvement, which present the lowest percentages of compliance in both companies. In general, there are several aspects to improve; however, there are also many positive aspects in each platform, for example, in “Comp 2”, there being two possible payment methods, and in “Comp 1”, the information privacy policies that are transparent in the e-commerce platform.
Moreover, developing a microenterprise support system on its web page is proposed, as recommended in guideline 7.1.3, “consumer support”. This is because, having a module in the same e-commerce platform for complaints management, it will be possible to monitor these complaints better, and there will be a record of the problems, which will allow a better measurement of the effective reduction in those claims.
Finally, establishing the improvement proposal, training in the ISO 10008 standard for the microenterprise staff (architect and developer) is considered, providing recommendations for using the 12 forms delivered to improve the development process of electronic commerce platforms.