There are three strands of recently introduced, or impending, compliance and guidance measures that our Development and Alumni (D&A) team needed to incorporate into their current business processes and this project was concerned with identifying, analysing and implementing the modifications that need to be made to the D&A systems that these updated measures will ultimately impact upon.
The three components behind this need to make changes are:
- The Privacy and Electronic Communications Regulations (PECR)
- The Etherington review of how charities are regulated
- The General Data Protection Regulation (GDPR)
The University needs to ensure compliance with any new rules that the above introduce, and be able to demonstrate this, in order to continue to be able to contact alumni and supporters. This project was established to enable that compliance.
The primary focus of this project was to determine, in collaboration with our colleagues in Development and Alumni, the exact changes that needed to be made to D & A systems and procedures to ensure that the University complies with the modifications introduced by the three initiatives listed above. Once these were identified, the project could then pinpoint who would make the necessary adjustments to the relevant systems and make the arrangements to ensure that the associated development work was carried out. These changes were executed by the external vendors (the Access Group). The scope therefore also encompassed the testing of the software changes, any rework that this might have engendered, and the final acceptance of the modifications before these were deployed into the live environment. The project scope also included updating the system and user documentation or support material that is related to the D & A systems.
Analysis of Resource Usage:
Staff Usage Estimate: 70 days
Staff Usage Actual: 32 days
Staff Usage Variance: 54.3%
Other Resource Estimate: £0
Other Resource Actual: £0
Other Resource Variance: 0%
|O1||To analyse the changes that need to be made to the D & A processes and systems by the introduction of the updated legal & compliance directives||Must have|
|D1||Requirements documentation that identifies the modifications that must be effected.||Must have||Achieved|
|D2||Systems analysis documentation that details the software changes required.||Must have||Done - prepared by vendor|
|O2||To update the appropriate systems in line with the identified requirements||Must have|
|D3||Updated versions of the in-house software or applications that are impacted by the above measures.||Must have||Delivered by vendor|
|D4||Updated versions of the third party software used by D & A||Must have||Delivered by vendor|
|O3||To test the software updates with business users to ensure they match the set of requirements||Must have|
|User test scripts, test plans and completed test reports||Must have||Testing by vendor & business area|
|O4||To deploy the agreed changes into the live business environment||Must have|
|D6||An implementation plan agreed with our business partners to deploy any required changes||Must have||Delivered by vendor|
|O5||To update all relevant support and maintenance arrangements||Must have|
|D7||Updated user and system support documentation||Must have||Achieved|
Explanation for variance
As can be seen from the above figures, the original estimate of 70 days was, in the end, reduced to a total of 32 days, and this was the final figure expended on this project. The main reason for this sizeable change was simply that the external vendor - the Access Group Ltd - undertook the development work required for the changes to the MyEd channels and Development & Alumni web pages. This obviously removed a large chunk of effort that was originally thought to be the responsibility of Development Services and associated teams in-house. There were further reductions in the time required for user acceptance testing as this was undertaken by the D & A team, and then again, with the deployment of the changes into Live by the Access Group.
The effort used by IS Applications was largely taken up with project management, business analysis and support and advice to Development and Alumni.
There was a series of milestone changes in January, February and April as the final delivery of the changes to be made by the vendor were pushed back. These changes were to allow the vendors more time to finalise the modifications in case any further changes emanated from the Information Commissioner's Office (ICO). This would allow any eleventh-hour adjustments by the ICO to be incorporated into the redevelopment being carried out, although it was recognised that the likelihood of this happening was gradually reducing. The revised dates still allowed enough time to have the updated deliverables in place in time for the May 2018 introduction of GDPR. In the end, the changes were delivered on time, and, although some further adjustments were required before going fully live, these were in place very close to the deadline.
There were no changes to the scope of the project.
Key Learning Points
One important point for any future projects covering this area is to check how much the vendor is responsible for when it comes to D & A web pages and MyEd content. This would save estimating work for the Applications Directorate and planning workloads.
Feedback from the project team includes the following: "in terms of lessons learned, there are a few on the ThankQ side which we've raised with them around the delays we experienced with the portal changes." And also "on the IS side I think it all went well. In particular, the flexibility of changing dates that had to be accommodated because we didn't know a number of things until quite late on because of having to wait for ICO guidance...having a flexible methodology and processes that can handle this is a good lesson learned." This highlights the benefits of working closely with our business partners and being flexible around dates and getting work done.
There are no outstanding issues.