Overview | Project Management

Background

There is a legal requirement for the University to be able to effectively manage and monitor the University’s responses to information requests made under information legislation (the Data Protection Act 1998 until May 2018, General Data Protection Regulation (GDPR) from May 2018, (Freedom of Information (Scotland) Act 2002 and Environmental Information (Scotland) Regulations 2005).

Due to an increase in requests the University is currently not managing to respond to a number of requests on time. Given that FOI requests have statutory deadlines that must be met it is critical that this project recommends a solution that introduces efficiencies in managing request. Additionally, the GDPR will mean that there are shortened deadlines for most subject access requests (1 month), more complexity in the way we are required to respond and potential requirements to provide responses in specific “portable” formats.

Problems:

The team are currently using a number of tools to monitor requests including:

Request handling monitor (Coldfusion application developed in late 2004) – to track requests and collect statistics
Spreadsheet file – also to track requests in ways the Coldfusion application does not allow
Shared drive – to store records of the request
Outlook - email
Paper files (when applicable)
BI reporting
Wiki for templates for standard paragraphs and email templates
Outlook – diary (to track deadlines, give reminders for when information/replies from colleagues are expected, to ‘book time’ in the diary of the ‘Request Manager’ to review responses)
Word templates (for correspondence with applicants) which uses ‘building blocks’ for standard text, and is ‘managed’ using a spreadsheet.
Individual case officers also use additional tools to manage their case load, such as OneNote, paper notebooks, spreadsheets.

This is inefficient, leading to duplication of effort and unnecessary manual calculations resulting in a significant administrative burden on the staff.

The team started using the spreadsheet in addition to the Coldfusion application a few years ago as the application did not provide adequate information on the status of requests. However, this workaround is not viable as due to increases in number of requests the team working on them has grown. This, combined with other inefficiencies will lead to errors in tracking and responding to requests and, incorrect information being provided to managers/senior staff.

Due to the GDPR the University expects the number of subject access requests received to increase (due to removal of £10 fee and increased awareness). The number of Freedom of Information requests received has also risen recently. In 2017 a 40% increase in the number of FOI requests received each month was noted when compared to the average number per month in 2016.

The current estimate is around 600 requests per year.

Without adequate tools that can be used by more than one staff member at once, the team will be unable to manage requests. For example the team will not be able to manage an increase in requests by recruiting more staff because the tools will not allow the team to scale their processes.

The team are also unable to produce accurate statistical and management information without significant manual intervention and checking, including statistics that are required to be provided to the regulator, the Scottish Information Commissioner (OSIC).

The aims underlying this project and the subsequent phase 2 project:

To leverage the functionality / productivity improvements in a replacement tool suitable to meet the business need
To improve processes, support future improvements and understanding of the impact of information requests across the University by having better management information.
To improve processes and lessen the burden on departments dealing with information requests across the University.
To move away from a paper based processing system to an electronic one
To improve the way that information is shared internally and therefore lower the information security risk
To see an overall reduction in the number of request deadlines that are missed
(Where possible) to automate actions that are currently done manually.
To reduce the administrative burden of maintaining and managing multiple tools.

The move to a new tool for information requests will be undertaken via two phases. Phase 1 will conduct thorough analysis and document the business requirements. The requirements will then be used to analyse the different options available and provide a recommendation for the most appropriate approach. Once the business have selected an option to pursue, the Phase 2 project will be initiated to implement the chosen solution.

In Scope

The following is in scope for this Phase 1 project:

Business analysis to identify the as-is processes and document and prioritise the business requirements
Appraisal of existing in-house solutions that may be suitable
Market research to assist in considering potential procurement approaches
Production of options appraisal detailing:
- costs
- timescales for implementation
- resource requirements
- requirements traceability matrix

Out of Scope

Development/procurement or implementation of recommended solution
Production of any tender documentation.
Vendor demonstrations

Objectives & Deliverables

O1	To understand the compliance processes and requirements to enable the Records Management Team to effectively manage and monitor the University’s responses to information requests.	Priority	Owner
D1.1	Agreed set of prioritised business requirements.	MUST	Senior User
D1.2	Agreed set of security requirements	MUST	IS Applications CISO Office
O2	To evaluate the options available that could meet the defined business requirements and make recommendation on way forward.
D2.1	Options paper that considers both internal and external solutions and presents the findings in terms of requirements fitness, cost and timescales for implementation.	MUST	IS Applications
D2.2	Requirements Traceability Matrix	SHOULD	IS Applications

Benefits

Project benefits:

Recommendation for new solution provided based on detailed analysis of requirements and in depth appraisal of the options.

Possible Future benefits (after implementation):

Benefit Category	Benefit
Productivity Gain	The new solution may remove the need for the team to perform manual workarounds resulting in an increase in the number of requests processed by the team.
Process Improvements	Reduction in time taken to process individual requests resulting in meeting more deadlines on time. (Excluding Subject Access Requests)
Process Improvements	More efficient processes for dealing with requests resulting in less burden on individual departments
Increased Compliance	Increased confidence in meeting the new (GDPR instigated) shortened deadlines for Subject Access Requests.
Increased Quality	Improved management information will be available resulting in the distribution of reports to managers that are useful and accurate.
Increased Quality	Better identification of information that should be routinely published
Increased Compliance Increased Quality	Increased confidence in the accuracy of the legally required statistics provided to the OSIC
Contributes to the Organisational Strategy	Impact on society – “maintain a fair, inclusive and diverse community of students and staff…demonstrating our commitment to social justice”. Responding to information requests demonstrates the University’s commitment
Contributes to the Organisational Strategy	Digital transformation – how the University deals with data
Increased Compliance	The new solution will allow the University to dispose of applicant personal data once it is no longer necessary to retain it.
Process Improvements	Reduction in the number of steps needed to manage a request

Success Criteria

Deliverable Reference	Description	Measure
D1.1	Agreed set of prioritised business requirements	Signed off by Project Sponsor and Senior User
D1.2	Agreed set of technical, security and accessibility requirements	Signed off by IS Applications and CISO Office
D2.1	Options paper that considers both internal and external solutions and presents the findings in terms of requirements fitness, cost and timescales for implementation.	Signed off by: Project Sponsor Procurement Development Services Enterprise Architecture Production Management Service Management
D2.2	Requirements Traceability Matrix	Completed and agreed by Senior User

Project Milestones

Target Date	Previous Date	Title	Stage	Complete
04-Jun-2018	28-May-2018	End of Planning	Plan	Yes
24-Aug-2018	No date available	BRD Document Released for Review	Analyse	No
21-Sep-2018	No date available	Analysis of Requirements - Signoff Complete	Analyse	No
28-Sep-2018	No date available	Draft Options Appraisal Circulated for Review	Deliver	No
05-Oct-2018	No date available	Options Appraisal Signed Off	Deliver	No
22-Oct-2018	No date available	Project Closed	Close	No

This article was published on Apr 26, 2019

Project Info

Project: Options Appraisal for Replacement of Information Request Planning Monitor Tool
Code: STU263
Programme: Student Services (STU)
Management Office: ISG PMO
Project Manager: Ken Miller
Project Sponsor: Tracey Slaven
Current Stage: Close
Status: Closed
Project Classification: Run
Start Date: 21-Mar-2018
Planning Date: 04-Jun-2018
Delivery Date: 21-Feb-2019
Close Date: 05-Apr-2019
Programme Priority: 3
Overall Priority: Normal
Category: Compliance

More project information

Documentation

Initiate

No documents

Plan

Execute

Deliver

No documents

Other