Closure Report | Project Management

Project Summary

The Fire Safety Unit (FSU) have the responsibility of managing and monitoring activities associated with Fire risk assessments

There was a requirement for an integrated system(s) to manage the Fire Safety Unit’s key activities so that data visibility, availability, accuracy, and reliability can be improved. These key activities are all driven by fire safety legislations, namely the Fire (Scotland) Act 2005 and Fire Safety (Scotland) Regulations 2006 as well as government statistics reporting (HESA) and relate to;

Fire risk assessments
Fire risk assessment action plans
Fire drills
Fire alarm tests
Fires, incidents and fire alarm activations

Management of all this data is time consuming to collate, using a combination of MS Word documents, MS Excel spreadsheets and MS Access databases with multiple owners, and there are known data gaps in all the key fire safety areas being collected and recorded.

This project was a follow on to the CSG013 Fire Management System and was intended to finalise Business Requirements, identify a best fit solution, procure and implement it.

Executive Summary

Please note that the Project followed the formal Procurement Protocol up until the point of performing an Invitation to Tender (ITT) and successfully delivered fully documented and prioritised requirements / processes that were agreed with the Business. However as a result of the ITT, being unable to identify / deliver a suitable solution (the only bid received was deemed totally unsuitable by the Project Team) the Business chose to embark on a Non-Competitive Agreement (NCA) with a single Supplier of their choice, alone / without the Project Team, based on a reduced scope to one listed above, to deliver Fire Risk Assessment and Fire Risk Assessment Action Plans only, which resulted in the successful selection of the Supplier Riskbase, which met both the Legislative and functional requirements of the Business in relation to the reduced scope. The NCA was one, of several options, that Procurement / IS suggested at the point that the ITT was unable to source an appropriate Supplier. The 'Outcome' section below outlines the course the Project took in more detail.

Objectives, Deliverables, Success Criteria

Ref - O = Objective; D = Deliverable

Priority – M = Must Have; S = Should Have; C = Could Have; W = Won't Have

M = has to be satisfied for the final solution to be acceptable in terms of delivery dates, compliance, viability etc.
S = high-priority requirement that should be included if possible -workarounds may be available
C = a nice-to-have requirement
W = will not be part of this project

Ref.	Objectives / Deliverables	Priority	Owner	Achieved?
O1	Phase One - Procurement Assess Third Party Solutions that would enable the University to satisfy the statutory requirements associated with the current fire safety legislation and operational HESA reporting, whilst enabling continuous improvement to achieve best practice.
D1	Understand / identify potential solutions within the Marketplace	M	Project Sponsor / Project Team / Procurement	Yes - It should be noted that the previous Project CSG013 Fire Management System had already identified and ruled out a number of potential solutions within the market place ahead of this Project. Many of these findings were above the threshold or had been determined not to be cost effective. HAS005 continued these works and utilised a Public Information Notification (PIN) to identify further potential solutions (4 PINS were received).
D2	Understand and document the business requirements that will input into the procurement question sets	M	Business Lead / Business Analyst	Yes - A full set of Business Requirements for the Project were documented through a series of workshops that were attended by both the FSU and other parties within the UoE, including H&S, ACE and Estates. The documentation is located within the secure Project Folder.
D3	Determine the procurement strategy	M	Project Team / Procurement	Yes - The Procurement route taken was to go to Market via PIN and then Open Procedure, based on the number of results received from PIN (4). The decision to move to the NCA was as a direct response of the ITT not identifying a suitable Partner / system, having followed the procurement process.
D4	Fire Risk Assessments and Action Plans - solution enables the scheduling, recording, scoring, tracking and sharing of Fire Risk Assessments including resultant outcomes, actions and action plans	M	Project Sponsor / Project Team	Not within the Project Team and as such this was reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, however having selected Riskbase as part of the NCA the Business have confirmed that: RiskBase does indeed fulfill the requirement for online risk assessment and action plan production, with the capability of automatically emailing these to those identified as having a role in the remedial actions identified. This was the reason the Business, in the end, choose RiskBase after they received no useful applications to the tender.
D5	Fire Drills and Tests - solution enables the scheduling and recording of fire drills and tests as well as the generation and sharing of operational reports	M	Project Sponsor / Project Team	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail. The Business have confirmed that Riskbase potentially delivers this functionality and it could be utilised at no additional cost, but if so this would be researched / adopted at a later stage.
D6	Fires, Incidents and Alarm Activations - solution enables the recording and tracking of fire, incident and alarm activations as well as the generation and sharing of operational reports (to be agreed with Security)	S	Project Sponsor / Project Team	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail.
D7	Fire Safety Equipment and Servicing - solution enables the scheduling / automating, recording and tracking of fire safety equipment and service records as well as generation and sharing of operational reports	C	Project Sponsor / Project Team	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail.
D8	Personal Emergency Evacuation Plans (PEEP) - solution enables the recording, tracking and sharing of Personal Emergency Evacuation Plans. It is worth noting that The Fire Safety Unit are contributors to this process as opposed to owners, ownership lies with the business unit to which the student/staff member that has the requirement for a PEEP belongs	C	Project Sponsor / Project Team	No - Reduced / withdrawn from scope 01-Mar-2019 as part of PICCL #2: Reduce Scope After Business Requirements Gathering at the Request of the Project Sponsor / Business Lead at the request of the Project Sponsor / Business Lead after initial Business Requirements workshops.
D9	Analyse and agree the operational reporting requirements (MI) that any solution would need to deliver	M	Project Sponsor / Project Team	Yes, partly - this was analysed / documented as part of the Business Requirements workshops (D2 above), however not finalised as a consequence of an actual solution not being chosen or implemented as part of the Project, by the Project Team, however the Business have confirmed that RiskBase has such a flexible reporting tool that they can report on any criteria that they wish, as well as having a very flexible dashboard which can be filtered down using any criteria from which risk assessments are overdue to individual actions still requiring attention from one risk assessment.
D10	Analyse and agree the required licensing model / User profiling that is required	M	Business Lead / Business Analyst	Yes, partly - this was analysed / documented as part of the Business Requirements workshops (D2 above), however not finalised as a consequence of an actual solution not being chosen or implemented as part of the Project, by the Project Team. The Business have confirmed that RiskBase has a site license model.
D11	After analysis / scoring of solutions make an informed decision of the Third Party Solution to Procure / Implement	M	Project Sponsor / Project Team / Procurement	This did not occur as part of the formal Project, with engagement with the Project Team due to only one response being received to the ITT. Therefore this deliverable was reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail.
02	Phase Two - Implementation (of a Third Party Solution)
D12	Configure / implement the chosen Third Party Solution	M	Technical / Project Team	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail. The Business are implementing the chosen RiskBase solution. The agreed implementation plan between RiskBase and the Business is contained within the Procurement Checklist recorded in Issue #4: Business Chose to Complete a Non-Competitive Agreement (NCA) with a Supplier Without Fully Engaging IS / Procurement
D13	Make any required Business process changes that would be required in order to work with the agreed solution, while still maintaining all statutory requirements	M	Project Sponsor / Business Lead	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail. The Business have made it clear that at all stages they were open to making any possible process changes that might be required to adopt any agreed / appropriate solution
D14	Investigate and apply Single Sign On (SSO) if possible with any chosen solution / system	S	Technical / Project Team	No - Reduced / withdrawn from scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail.

Scope

No. Description	Project stayed within scope? (Yes/No); Reason if not.
It was agreed that the project scope should cover the review of business requirements associated with;
1 The Fire Risk Assessment, the resultant action plan, the allocation of tasks and the confirmation of tasks completed 2 The Fire Logs incorporating the process flow to allocate annual fire drills and weekly fire tests and the subsequent results 3 The process to record Fires, incidents and fire alarm activations 4 The process to manage fire related assets such as fire extinguishers and blankets 5 Management information 6 User access throughout the University	Yes - Items 1 - 6 were analysed, prioritised, agreed and documented during a series of Business Requirements workshops with the results formulating the final Procurement Question set for the Invitation To Tender (ITT). A subset of these Business Requirements (Fire Risk assessment and Fire Risk Assessment Action Plans) were also utilised by the Business during their NCA in the consideration and selection of the RiskBase solution.
Determine possible solution(s) that will deliver the specified business requirements by;
7 Review potential market-based solutions and make a best fit decision for implementation	Partly - The ITT only received one bid that was deemed totally unsuitable by the project team) the business then embarked on a Non-Competitive Agreement (NCA) with a single supplier (Riskbase) of their choice, which resulted in the selection of the Supplier, this was not endorsed by IS / Procurement representatives of the Project team
8 Make recommendations / apply any change of process that might be required in order to adapt to a third party solution implementation 9 Implement the chosen solution 10 Investigate Single Sign On	No - Items 8, 9 and 10 - were reduced / withdrawn from the Projects scope 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, this was not endorsed by IS / Procurement representatives of the Project team as it had not been possible to complete the appropriate checks and balances, please see the 'Outcome' below for further detail

Benefits

Please note: Benefits only apply against Fire Risk Assessments and Fire Risk Assessment Action Plans as per the reduced scope of the NCA.

No.	Benefit	Achieved?
1	To enable the University of Edinburgh to meet their statutory obligations with regard to the Fire (Scotland) Act 2005 and the Fire Safety (Scotland) Regulations 2006 any supplier/solution must meet the criteria described in this RFI and will preferably hold appropriate fire management accreditation	This has been achieved by the Riskbase solution that was selected by the Business through their NCA. FSU have stated that the solution meets all legislative requirements
2	Moving to a system will unify and improve the management of all the data, that is currently time consuming to collate and should close the known data gaps in all the key fire safety areas being collected and recorded	This has been achieved by the Riskbase solution that was selected by the Business through their NCA
3	Storing the data in a system will enable the University to have an easy to access, backed up and fully auditable record for Fire Risk Assessments, drills, tests and action plans	This has been achieved by the Riskbase solution that was selected by the Business through their NCA for Fire Risk Assessments and Fire Risk Assessment Action Plans. Additionally the Business store a PDF locally (on UoE) Servers of the latest Fire Risk Assessment.

The Business have confirmed the following additional benefits that they have achieved via their choice / implementation of RiskBase:

No.

Benefit

Although the Business do not have the fire drills etc. part of this, they will have the risk assessment and action plan element. So far the Business can see the benefits will include:

Quicker risk assessment process as the form can be filed in electrically on the go by the risk assessors using an app which does not require internet connection as the system will merge/download from the ipad once back in range
Images can be added to each question and/or action on the go as well as generally, which will enable users to quickly identify the areas which require remedial actions
Previous risk assessments are available to the assessor whilst undertaking the assessment, meaning they can comment on issues which may have been picked up on, and not actioned, from a previous assessment
Standard actions can easily be added by assessors on the go if they find that similar actions are coming up again and again, therefore reducing time manually adding them each time
Actions can be automatically assigned – either by role or by type of action. For example, a School action can be assigned to a specific building manager and an Estate action to the Estates generic role in the system

Once an assessment is complete, the system will email a report (which is automatically generated) to the named individuals with clearly identified responsibilities for remedial actions using clear colour coding and risk levels, as assigned by the Fire Safety Unit

As an observation - there may be a piece of work to integrate with UoE email system if the system generated emails are to be sent from a ‘UoE account’ as opposed to being sent by the supplier RiskBase (if this is a Business Requirement at a later stage)

Dashboard and MI reporting

Admin have an overall view of the status of all risk assessments as well as all actions – both completed and outstanding. These can be easily filtered down with graphical displayed produced automatically
This data can also be downloaded to be further manipulated if desired in CSV format
Individual risk assessors can see their own workload on their dashboard
In time, once we add school users, their own dashboards will also be personalised to show their risk assessments and actions

Copies of all risk assessments can be downloaded by Admin at any point in CSV file if required as an extra record or if we choose to end our contract with RiskBase. As an added data security measure, all risk assessment reports are being manually saved to a University server by the Fire Safety Unit, once the report is complete, meaning we will always have the most recent risk assessment on our servers

Success Criteria

No.	Success Criteria	Achieved?
Phase One - Procurement
1	The Project utilises a Public Information Notice (PIN) / Request For Information (RFI) to determine potential solutions within the marketplace	Yes - 4 responses were received
2	A Procurement strategy is chosen / utilised	Yes - The Procurement route taken was to go to Market via PIN and then Open Procedure, based on the number of results received from PIN (4). The decision to move to the NCA was as a direct response of the ITT not identifying a suitable Partner / system, having followed the procurement process.
3	Business requirements are understood / documented to allow a detailed / consistent question set to undertake procurement / evaluation	Yes
4	Successful identification and procurement of an appropriate / best fit solution that: Enables the scheduling, recording, scoring, tracking and sharing of Fire Risk Assessments including resultant outcomes, actions and action plans Enables the scheduling and recording of fire drills and tests as well as the generation and sharing of operational reports Enables the recording and tracking of fire, incident and alarm activations as well as the generation and sharing of operational reports (to be agreed with Security) if selected for implementation during the procurement phase	Partly - The Riskbase solution that was selected by the Business through their NCA meets the functional and legislative requirements for Fire Risk Assessments and Fire Risk Assessment Action Plans (only).
5	H&S / Fire Safety Unit have access to key reports / MI that will be identified during analysis	Yes - The Riskbase solution that was selected by the Business through their NCA meets the functional and legislative requirements for Fire Risk Assessments and Fire Risk Assessment Action Plans, please see Benefit #5 above.
6	All Users of any chosen solution / system are correctly identified and provided with appropriate, licensed, access	Yes - RiskBase has a site license model and all Members of FSU / H&S have been correctly provisioned / set up. There is also scope to roll this out to other Business Users (eg ACE or Estates) in a future phase, planned by the Business.
Phase Two - Implementation (of a Third Party Solution)
7	Successful implementation of the appropriate / best fit solution	Yes - The Business took the decision to implement their chosen solution their self, the agreed implementation plan between RiskBase and the Business is contained within the Procurement Checklist recorded in Issue #4: Business Chose to Complete a Non-Competitive Agreement (NCA) with a Supplier Without Fully Engaging IS / Procurement. Therefore this was not as part of the Project and this was reduced / withdrawn from scope of the Project, 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail.
8	Successful application of the appropriate / best fit solution and agreeing / making any required Business Process Changes if / where necessary	Yes - The Business are satisfied that the RiskBase solution meets these criteria and they made it clear that at all stages they were open to making any possible process changes that might be required to adopt any agreed / appropriate solution, however again this was not as part of the Project as this was reduced / withdrawn from scope of the Project, 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, please see the 'Outcome' below for further detail
9	Successful application of EASE (or other) SSO if possible	No - Reduced / withdrawn from scope of the Project, 28-Aug-2019 as part of PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier, the Business did not require EASE (or other) SSO application.

Analysis of Resource Usage:

Staff Usage Estimate: 284 days

Staff Usage Actual: 95 (Estimated) days

Staff Usage Variance: -66.5%

Outcome

The Project followed the formal Procurement Protocol up until the point of the ITT and successfully delivered fully documented and prioritised requirements / processes that were agreed with the Business. However as a result of the ITT, being unable to identify / deliver a suitable solution (the only bid received was deemed totally unsuitable by the Project Team) the Business chose to embark on a NCA with a single Supplier of their choice, alone / without the Project Team, based on a reduced scope to deliver Fire Risk Assessment and Fire Risk Assessment Action Plans only, which resulted in their selection of the Supplier Riskbase.

The NCA was one of several options that Procurement / IS suggested were open to the Business at a Project Team meeting held 17-Jun-2019 which was intended to present options / agree next steps with the Business, after the ITT had not delivered the required response. The Project Team (Procurement / IS) had expected to jointly agree next steps at a follow up meeting, held 3-Jul-2019, however at that meeting the Project Team were informed that the Business, due to the restriction of only having budget available to procure a solution in the 2018/19 financial year, had taken a decision to go ahead and start to conduct a NCA their selves.

The Business, as part of the NCA, conducted a number of demonstrations with the Supplier in order to assess functionality and based on those demonstrations made the decision to procure, based on the reduced scope of delivery of the Fire Risk Assessment and Fire Risk Assessment Action Plans alone. The RiskBase solution the Business chose is SaaS based and will be entirely standalone with no integrations required. The Business decided to complete procurement and have began to implement the solution their selves, maintaining all relationships (including Support) with the Supplier. Issue #4: Business Chose to Complete a Non-Competitive Agreement (NCA) with a Supplier Without Fully Engaging IS / Procurement records the interaction between the Business & the IS / Procurement representatives in the Project team, who did not endorse the engagement with Riskbase. Issue #4 also contains the Procurement Checklist, which was jointly reviewed by the Business and IS at a meeting held 31-Jul-2019 (documented here: HAS005 - Project Meeting - Agree Next Steps) and the Business confirmed that they are satisfied that they have considered all factors. The Procurement Checklist was updated with further information regarding implementation plan, contract and accessibilty after the Project Closure meeting.

It was identified during Project Planning that there was always the risk that a solution / application might not be discovered during the Procurement Phase, risk #3: After the Procurement Phase it is Possible that an Appropriate Solution / System is not Discovered tracked this and a number of Milestones were built into the project to factor for this eventuality if it occurred as follows and was recorded against the Brief (extract below):

----------------------------------------

_{There is also the chance that the Project itself could be subject to reappraisal or even closure if suitable responses / solutions cannot be found, the following exit points have been identified to track / help facilitate this:}

_{Exit Point - No Interest Received From Third Party Suppliers 29-Mar-2019}
_{Exit Point - No Supplier Chosen 23-Aug-2019}

-----------------------------------------

Application Management have also added an entry to the Support Wiki to cover any queries that might be received for information only and to make it clear that H&S manage the relationship, licences, access and any other issues with the Supplier.

The final outcome is that the Business have successfully chosen, procured and implemented a solution that meets their functional and legislative requirements for Fire Risk Assessments and Fire Risk Assessment Action Plans.

Explanation for variance

The project was originally a 284 day project, an explanation of the decrease to budget to 95 days over the life cycle of the project follows.

The reduction in budget was 189 days, of which 129 days are from the 2019/20 Budget, below is a break down of the total IS / Compliance budget for this Project, split across the 2018/19 and 2019/20 financial years:

Year	Estimate after Planning	Actual Spend (for that year)
2018/19 Budget Estimate:	144	84
2019/20 Budget Estimate:	140	8

PICCL #3: PICCL #3: Reduce Scope and Move Towards Closure After Business Completed a Non-Competitive Agreement with a Supplier recorded the decrease in Scope at the point that the ITT did not deliver a suitable Supplier and the Business chose to undertake the NCA, implementing their chosen solution their selves.

Key Learning Points

Ref:	Description
1	When working towards a Revenue Budget, being funded by the Business, that has a hard deadline of being withdrawn, at the end of the financial year, then ideally any such procurement based Project would be engaged / started with plenty of time to complete the procurement process before the risk of losing the funding. HAS005 did complete an initial run of the procurement process, but unfortunately did not have enough time / contingency in order to attempt to reduce scope further / agree and conduct fully an alternate approach. This could have been full Project Team engagement and support for the NCA, or with a reduction in scope, this could have included reducing the size of the question sets and potentially conducted a further, reduced ITT exercise. This was further compounded by the hard deadline of the financial year end / end of Project activities falling into the period when key staff had annual leave, making meeting, communications and joint (Project) decisions difficult.
2	Small Scale Budget / Budget Banding. Budget / associated works need to be better identified and handled. The budget for this Project ended below the £50,000 threshold. It was following on, utilising the findings of the previous project (CSG013 Fire Management System) that choice to engage with and follow the full procurement route (including PIN and ITT was chosen), as that project identified that there could be solutions on the market which could breach the procurement threshold. As the ITT received no suitable applications and as a result the scope of what the system could do was reduced to try and still get something which would enable us to get some benefits within the constraint of the financial year, this inevitably reduced the cost of any system. Feedback on the ITT from Suppliers was that there were too many questions (both Functional and IT combined) to respond to for the potential award of winning the tender. Suggestions have been made that where smaller budgets and suppliers are known to be the most likely route for successful procurement then a more streamlined / banded procurement processes and associated question sets could be put in place that could be applied based on Budget available. Another suggestion was that questions for smaller scale procurement be kept to a bullet type approach.
3	It would have been beneficial at the point that the budget was finalised that expectations / scope for the project potentially be reduced earlier. The issue was that, after the PIN, where responses were received, that it needed to be gauged as to what solutions were available. The scope was reduced once possible, firstly with the removal of PEEPS and then it was not until the tender deadline had passed that anything else could be changed. It was still hoped that a system could be found to fulfill all of the requirements.
4	The Project achieved great support from Business Stakeholders as part of the requirements workshops and in willingness to engage in the selection process
5	The requirements workshops were very thorough and the question sets / processes were accurately and fully recorded
6	Similarly to the Question sets the UoE SaaS contract was far too onerous for such a small system. The Business understand requiring this for a system which costs upwards of £50k, but this one is £8k a year. RiskBase have a massive portfolio of clients including multi-national companies and other Universities, who have worked with them for a number of years satisfactorily. It was questioned if reference sites were obtained / reviewed, FSU confirmed that Peer level references had been received. Again should there be a shorter version suitable for a smaller value contract? Another thing to consider is that none of the information being held on RiskBase is sensitive in nature or commercially confidential.
7	It should also be noted that this is a niche set of requirements (though broad in scope) for a piece of Scottish only legislation and it has been discovered / is agreed that at the time of both (CSG013 Fire Management System) and this Project (HAS005) that there is no solution available on the market to meet all of FSU's requirements. FSU have, in the adoption of RiskBase, met the legislative requirements that are associated with Fire Risk Assessments.

Outstanding Issues

None

This article was published on Sep 25, 2019

Project Info

Project: Fire Safety Management System Procurement
Code: HAS005
Programme: Health & Safety (HAS)
Management Office: ISG PMO
Project Manager: Richard Bailey
Project Sponsor: Candice Schmid
Current Stage: Close
Status: Closed
Project Classification: Grow
Start Date: 03-Dec-2018
Planning Date: 11-Jan-2019
Delivery Date: 27-Sep-2019
Close Date: 20-Sep-2019
Programme Priority: 1
Overall Priority: Normal
Category: Compliance

More project information

Documentation

Initiate

No documents

Plan

Execute

No documents

Deliver

No documents

Other

No documents