OneSchool - Department of Education

Appendix A

Glossary of terms

dadempster

Typewriter

Glossary of terms

ADG Assistant Director-General

API Application Programming Interfaces

BAU Business As Usual

BVT Build Verification Testing

CAB Change Advisory Board

Call centre DET Application Support Centre

Carmody Report July 2012 Queensland Child Protection Commission of Inquiry report titled ‘Taking

Responsibility: A Roadmap for Queensland Child Protection’

CIO Chief Information Officer

CPIU Child Protection Investigation Units

CR Change request

DBA Database Administration

DCCSDS Department of Communities, Child Safety & Disability Services

DDG Deputy Director-General

DET Department of Education and Training

Director General Director General of Department of Education and Training

FTS Failure-To-Send notifications

FTS Failure-To-Send notification(s)

ICT PMF ICT Project Management Framework

IISC Innovation & Information Steering Committee

IT Branch IT branch team

KBA Knowledge Based Article

Logs Email logs

NDR Non-Delivery-Reports

NDR Non-delivery-report(s)

NTSAF Network Transmission Security Assurance Framework

NTSAF Queensland Government Network Transmission Security Assurance Framework

OneSchool The ‘OneSchool’ system used by DET

OneSchool ASC OneSchool Application Support Centre

QA Quality Assurance

QGCIO Queensland Government Chief Information Office

QGISCF Queensland Government Information Security Classification Framework

QGISCF Queensland Government information security classification framework

QPS Queensland Police Service

SDLC Software Development Lifecycle

SME Subject Matter Experts

SMG Semantic Messaging Gateway

SPM Student Protection Module

SPR Student Protection Report

TFS Team Foundation Server

The incident Collectively the failure of the OneSchool SPM to send ‘QPS only’ reports to intended recipients.

The matrix OneSchool SPM decision matrix

TRIM Total Records and Information Management

UAT User Acceptance Testing

Appendix B

DET internal audit review

Client Response/Action Plan

Update 3rd August 2009

Student Management including Student Protection

COMPONENT RECOMMENDATION DECISION

(Agree/Disagr

ee etc)

NAME OF OFFICER

RESPONSIBLE FOR

IMPLEMENTATION

APPROXIMATE

DATE

OF IMPLEMENTATION

ADDITIONAL

COMMENTS (if any)

UPDATE 03/08/09

3.1 Provisions relating to Mature Age Students

Principals of State High Schools and Colleges should be advised to review the requirements of policy SMS-PR-019-Mature Age Students, and to ensure all requirements relating to the issuance of Positive Notices are implemented.

Agree Nov 2008/ January 2009 Student Services Update

Completed January 2009

3.2 Religious Instruction in School Hours

All schools should be directed to review the requirements of policy SCM-PR-021 - Religious Instruction in School Hours, with particular emphasis on following the required processes for screening and approving visiting religious educators, and issuing appropriate parent notices.

Agree Semester 1 2009 Policy currently under review.

Policy review completed with LALB for feedback prior to approval and publish.


(Agree/Disagr

ee etc)

NAME OF OFFICER

RESPONSIBLE FOR

IMPLEMENTATION

APPROXIMATE

DATE

OF IMPLEMENTATION

ADDITIONAL

COMMENTS (if any)

UPDATE 03/08/09

3.3 Enrolment at State Schools

The wording of Policy SMS-PR-027- Enrolment in State Primary, Secondary and Special Schools should be changed to require mandatory completion of the approved Departmental Application for Student Enrolment Form.

Agree Early 2009 Enrolment Policy currently under review.

Included with current review of policy. Policy review is scheduled for ADG sign off by 10 August 2009.


All schools should be directed to review the requirements of policy SCM-PR-027, and ensure all requirements are adhered to.


Completed in School’s Update in January/February 2009


Policy SMS-PR-027 should be reviewed with regard to Principals being the only delegate authorised to sign enrolment agreements.


Completed in School’s Update in January/February 2009

3.4 Compulsory Schooling and Compulsory Participation in Education and Training

A collaborative review of policy SMS-PR-017-Enforcement of Compulsory Schooling and Compulsory Participation Phase and all related policies should be considered. Following this review, all schools should then to be directed to the revised requirements of SCM-PR-017, and required to comply.

No decision about these recommendations was made in 2008.

This policy is scheduled for review in conjunction with policy review for Role Marking. To commence in late 2009.


(Agree/Disagr

ee etc)

NAME OF OFFICER

RESPONSIBLE FOR

IMPLEMENTATION

APPROXIMATE

DATE

OF IMPLEMENTATION

ADDITIONAL

COMMENTS (if any)

UPDATE 03/08/09

3.5 Behaviour Plans for State Schools

All schools to be directed to review Education policy and procedure register SCM-PR-017 and related policies to ensure all requirements are implemented, with particular emphasis and priority on the audit findings presented in this report.

No decision about these recommendations was made in 2008.

This policy is currently being reviewed and is scheduled for completion by the end of term 4 2009.

3.6 Transfer Notes

All schools should be directed to review policy SCM-PR-028 – Student Transfer Note, and related policies, and ensure all requirements are being complied with.

Agree August 2008 Statement drafted to be incorporated under the Student Services Division Update to clarify the requirements under policy SMS-PR-028.

Policy review is scheduled for completion early August 2009. Statement incorporated under Student Services Update has been completed.

3.7 Student Protection -Reporting of Harm

A collaborative review should be undertaken of policy SMS-PR-012 and all related policies, to ensure that the concerns identified from this audit are addressed. This review should cover the content of the policy itself, staff training, resourcing, design of reporting forms, and also any other concerns staff may have.

Disagree Policy was revised in 2007 and published online in January 2008.

Since audit a suite of student protection training materials and associated resources have been made available to schools.

More time required before implementing further policy review.

No Action has been taken consistent with decision as outlined by

Appendix C

DET SPM business case

Project Approach

For

Student Protection Reporting

September 2010

Version 1.0

Owner:

Contact Details:

Program Name: N/A

Division/Unit: Student Services Division

Document Status: Final

TRIM Reference: 10/257778

[Sec: UNCLASSIFIED-GOVERNMENT-INTERNAL-USE-ONLY]

Project Approach Student Protection Reporting

Last Saved Filename Page

12-Oct-2015 10:16 AM \\aumel0800\common$\Nationals\RS\Forensic\Engagements\QLD Government\Dept of Education, Training & the Arts Qld\Project Auburn 350099\Output\Draft Reports\Appendices\Appendix (Temp 3).doc

2 of 18

Printed copies of this document should not be regarded as the current version. ALWAYS refer to the electronic copy for the latest version.


Revision History Revision

Date Version No. Author Description of Change/Revision

28/09/2010 0.1 Initial Draft

29/09/2010 0.2 Updated based upon Business Analyst feedback

05/10/2010 0.3 Incorporated PMO feedback

02/11/10 1.0 Incorporated business feedback and converted

Approvals

Name Title Signature Date

Assistant Director-eneral, Information and Technologies

Endorsement

Name Title Signature Date

Assistant Director General, Student Services

Director, Enterprise Architecture,

Information and Technologies

Key Stakeholders

Name Title

Principal Advisor, Student Services

Senior Advisor, Student Services

Senior Advisor, Student Services

Senior Business Analyst, Information and Technologies

Principal Technology Architect, Information and Technologies

Principal Advisor, Program Management Office

OneSchool Executive Director, Information and Technologies

OneSchool Program Manager, Information and Technologies

Manager, Project, Operations and Service Delivery




3 of 18



Contents

1 Executive Summary .................................................................................................... 4

2 Environmental Analysis .............................................................................................. 5

2.1 Current Environment ..................................................................................................... 6

2.2 Constraints and Dependencies .................................................................................... 6

2.3 Drivers ............................................................................................................................ 7

2.4 Opportunities ................................................................................................................. 7

3 Key Implementation Requirements ........................................................................... 8

4 Approach Option Analysis ......................................................................................... 9

4.1 Option 1 .......................................................................................................................... 9

4.2 Option 2 ........................................................................................................................ 11

4.3 Option 3 ........................................................................................................................ 13

4.4 Options Comparison ................................................................................................... 15

5 Option Selection ........................................................................................................ 17

5.1 Recommended Approach ........................................................................................... 17

5.2 Reasons for this Approach ......................................................................................... 18




4 of 18



1 Executive Summary

The Student Protection Policy requires the confidential reporting of vital student protection information to the Department of Communities (Child Safety Services) and the Queensland Police Service.

A recent Ethical Standards Investigation into the handling of student behaviour, requested by the Director-General, made a number of recommendations. It was recommended that consideration be given to enabling all student protection reporting forms to be completed and sent electronically via OneSchool.

The current process surrounding student protection reporting is manual, time intensive and lacks safeguards surrounding privacy, security and confidentiality.

The purpose of this project approach document is to outline possible approaches to address the manner in which the end to end process of Student Protection Reporting is handled.

This document facilitates a decision on the approach so that funding can be sought to commence the project. Cost estimates are contained in the accompanying Project Brief.

The recommended approach is to leverage OneSchool single point of truth student data and have relevant functionality built into OneSchool so that all student protection reports are entered and lodged from this one single application. The result is that we have a single point of truth in OneSchool where all core student information is retained. This solution also leverages OneSchool’s exposure, plus ensures organisational change is minimal as all teachers and principals are already familiar with OneSchool.

This option has the additional benefit that there are no significant ongoing costs associated as we are leveraging an existing DET supported application.

This benefits the organisation by:

1. Strategically aligning the solution to leverage OneSchool and retain all core student information in the single corporate application.

2. Leveraging OneSchool’s exposure and support (schools are already familiar with it), plus ensures all student data is held in a single point of truth.

3. Removing the risk and issues surrounding the current manual processes.

4. Reducing the risk on privacy, security and confidentiality concerns.

5. Addressing all the key implementation requirements.

It is recommended that the project be undertaken in two phases:

Phase 1: Commence documentation of business requirements and design of changes to OneSchool.

Phase 2: Build and implement as per phase 1 design.




5 of 18



2 Environmental Analysis

The Student Protection Policy requires the confidential reporting of vital student protection information to the Department of Communities (Child Safety Services) and the Queensland Police Service. During the 12 month period to 31 March 2010, 12,339 student protection reports were sent from state and non-state schools to Child Safety Services.

Schools currently complete reports using a Microsoft Word template provided with the policy. Details are either written by hand or typed into the template which is then sent by facsimile to the respective agencies and regional office. The original paper report is then filed at the school.

A recent Ethical Standards Investigation into the handling of student behaviour, requested by the Director-General, made a number of recommendations. It was recommended that consideration be given to enabling all student protection reporting forms to be completed and sent electronically via OneSchool.

In performing analysis of the current Student Protection Report process and its improvement or replacement, there is a need to consider the long term strategic IT needs while maintaining alignment to various IT and business policies and legislation.

Information within the key areas requiring consideration are:

DET Enterprise Architecture Security Principles:

Information within the department must be protected by levels of physical and environmental security matched to their business importance, sensitivity and confidentiality. Due to the unprotected nature of a fax transmission and the likelihood of hard copies being viewed by non-authorised personnel, the current harm reporting system may not be meeting the security requirements of the Department.

Logical control mechanisms must be in place for determining access to information, information systems and applications. Access control, monitoring and logging of information networks and systems access must be in place to minimise risks to the confidentiality, integrity and availability of information. The current reporting process is primarily paper-based and may not provide a level of tracking, logging and monitoring that meets Department requirements.

Queensland Information Privacy Act 2009

School staff are required under the act to uphold the privacy of a student and parent/guardian at all times. This is a requirement of the Queensland Information Privacy Act 2009 and the Education (General Provisions) Act 2006. Student information in the Student Protection Report may not have a sufficient level of sensitivity and privacy safeguards in place.




6 of 18



2.1 Current Environment The current SP-4 form template (Report of Suspected Harm or Risk of Harm) is downloaded for use by school staff and filled out manually. A number of issues result from using an offline MS Word version of the form, these include:

A lack of standardisation – schools may edit or customise the Word form to suit their purposes.

No common strategy for archiving and storage of the printed paper-version of the form – schools may use TRIM, email storage, or paper based filing folders.

Privacy concerns exist for the handling of the printed form. In the current business process, the form must be faxed to outside agencies and the DET central office – this presents the potential for mishandling of the report by clerical and other staff using the fax machine.

Due to the form being faxed, only a simple receipt indicating successful transmission is possible. There is no indication that the correct number was used or other recipient details.

Multiple paper copies of the same form generated by the recipient fax machines increase the security risk and the potential number of personnel handling the paperwork.

The current form template indicates which agencies must receive a copy of the completed form but does not provide local fax numbers. Potential exists for faxing the form to the wrong number or confusion around finding the correct number.

As the Word form is a generic template, there is no unique ID or tracking number associated with the form to assist with referring to the report without using identifying particulars of the individuals involved.

2.2 Constraints and Dependencies The following have been identified as constraints and dependencies that may affect this project:

Different versions of the form exist and storage of the completed form is handled differently from school to school (TRIM, hard copy, email storage). If an online system is adopted, there will need to be a process to manage the existing reports, or a decision not to track reports that were filed previous to the new implementation.

Completed forms are currently faxed to regional office and external agencies (Police, DoCS) – data from the form is then input manually into external systems (QPrime, ICMS) – any new system will need to ensure that the same data reaches these external agencies.

There is no single state wide practice for management of form processing, each school has different, local fax numbers that the form may need to be sent to- a centralised system will need to manage the distribution of the data to regional offices.

The DG requested an Ethical Standards Unit Report into the department’s handling of a student protection matters in late 2009. One of the recommendations in the report was that “consideration be given to enabling all student protection reporting forms to be completed and sent electronically via OneSchool”. If OneSchool is chosen as the preferred solution platform, the project may be subject to OneSchool development scheduling constraints and delays.

Due to security and privacy concerns, the form may not be emailable – further analysis required on electronic transmission of data stored in current form and legal requirements for email dissemination of confidential data.




7 of 18



2.3 Drivers The following key drivers for Student Protection Reporting from the Office's business perspective are:

Conform to the Ethical Standards Unit recommendation for student protection reporting to be completed and sent securely electronically.

A need to decrease ad hoc filing and handling processes with the current paper based form.

A need to increase the sensitivity handling of the data by decreasing the number of staff members who potentially have access to the report.

A streamlining of business processes to create higher efficiency, improved data quality and consistent state wide business practices.

2.4 Opportunities The following have been identified as opportunities for this project:

Create a single state wide business and IT process for reporting student harm.

Provide a centralised location for recording student harm incidents that may be accessible if students change schools.

Improve data quality by adopting an online form with field validation and electronic workflow.

Improve state wide reporting capability by providing operational reports on the number and nature of harm incidents.

The ability to track and store receipt confirmation from other agencies in a secure manner.




8 of 18



3 Key Implementation Requirements

A risk managed, efficient and workflow driven supported solution that addresses current privacy and tracking concerns for Student Services operations is the desired solution.

An initial high level review identified the following requirements which will be further validated and refined through a detailed business requirements analysis.

Key implementation requirements identified include:

KR 1 Security – Solution will keep all student protection reports secure and confidential.

KR 2 Electronic Solution - Implementation of an electronic reporting process, streamlining

the current paper based reports which are filed at the school and also regional offices.

KR 3 Single Point of Truth – A single source to identify all student protection reports.

KR 4 Impact on business operation – Provide a positive and consistent user experience.

KR 5 Solution – Re-use and leverage current systems that schools use.




9 of 18



4 Approach Option Analysis

The options identified in this project approach may be summarised as:

Option 1 – Continue with manual reporting and faxing student protection reports to the respective agencies and regional office – Do Nothing (maintain status quo).

Option 2 – Leverage OneSchool single point of truth student data and have relevant functionality built into OneSchool so that all student protection reports are entered and lodged from this one single application.

Option 3 – Build new solution that handles student protection reporting requirement solely (COTS or In-house) that is fully compliant with the DET ICT architecture. This solution would require student information to be fed from OneSchool to ensure a Single Point of Information of student data.

4.1 Option 1 Continue with manual reporting and faxing student protection reports to the respective agencies and regional office – Do Nothing (maintain status quo).

This option keeps the total process manual and does not address any of the current issues being faced by the business.

The strengths, weaknesses, opportunities and threats (SWOT) analysis are outlined below.




10 of 18



SWOT Analysis – Option 1

Strengths Weaknesses Opportunities Threats

Lowest direct cost of all options

No change to business’ process for student protection reporting

No change to current support agreement

No organisational change

Current business issues have not been addressed

Security and privacy issues have not been addressed

No single source of truth for protection reporting

Risks and issues surrounding the faxing of protection reports remain

Current system for protection reporting remains manual and paper intensive allowing inconsistencies and opening potential issues due to a break in the process

Lacks a manner in which to track the status of a student protection report

None Media exposure of failure to manage evident process issues

Potential for DET to fail in its duty to appropriately manage the welfare of students via not tracking and confirming the receipt of protection reports with other agencies

Strong potential for DET to breach current privacy and confidentiality regulations

As the office of Student Services and requirement needs continue to grow in size and complexity, additional resources may be required to cope with the additional needs that cannot be supported by manual processing




11 of 18



4.2 Option 2 Leverage OneSchool single point of truth student data and have relevant functionality built into OneSchool so that all student protection reports are entered and lodged from this one single application.

This option strategically aligns the solution to leverage OneSchool and retain all core student information in the one application. This solution also leverages OneSchool’s exposure, plus ensures all student data is held in a single point of truth.

This option is the most cost effective that meets all of the key requirements as outlined in this document, being:

KR 1 Security.

KR 2 Electronic Solution.

KR 3 Single Point of Truth.

KR 4 Impact on business operation.

KR 5 Re-use and leverage current systems that schools use.

At a high level this option would involve:

Identifying business requirements for OneSchool system enhancements.

Enhancing the OneSchool application to meet functionality required by the business.

Training all affected staff to use new system.

Establishing DET resources and support agreements to fully support the new product (Application support and Helpdesk support).





12 of 18





All student protection reports secure and confidential

Implementation of an electronic reporting process, streamlining the current paper based reports which are filed at the school and also regional offices

A single source to identify all student protection reports

Conforms to DETs Enterprise Architecture

Process will be workflow driven

Student protection reports transmitted securely making the current process and risk of faxing redundant

Leverages a current system that schools use

A system that DET currently support

Process change and training will be required due to the enhancements increasing the impact to the business users

Provides a foundation where enhancements may be built on

Allows OneSchool to remain the Single Point of Truth for all student data

Availability of DET resources to develop and support new solution

With the size and nature of OneSchool, the time needed to make any amendments to functionality surrounding protection reporting could be lengthy and costly




13 of 18



4.3 Option 3 This final option proposes to build a new standalone solution that handles student protection reporting requirements (COTS or In-house) that is fully compliant with the DET ICT architecture. This solution would require student information to be fed from OneSchool.

This is a fully electronic option that resolves the current business issues of security and privacy as well as ensures a Single Point of Truth for student data.

At a high level this option would involve:

Identifying business requirements for system build.

Defining a method and protocol for securely transmitting student information between OneSchool and the new solution (EIP).

Integrating user log-ins via IAM (Identity Access Management) for authentication purposes.

Training all affected staff to use the new system.

Establishing DET resources and support agreements to fully support the new product (Application support and Helpdesk support).





14 of 18





All student protection reports secure and confidential

Implementation of an electronic reporting process, streamlining the current paper based reports which are filed at the school and also regional offices

A single source to identify all student protection reports

Conforms to DETs Enterprise Architecture

Process will be workflow driven

Student protection reports transmitted securely making the current process and risk of faxing redundant

Most costly of all options

Process change and training will be required due to the introduction of a new system

Most time and resource consuming solution of all options

Large amount of testing and largest organisational change impact of all options

Does not leverage current systems that schools use

Another system that DET would need to support

Provides a foundation where enhancements may be built on

Availability of DET resources to develop and support new solution

Another product requiring DET support




15 of 18



4.4 Options Comparison

Option 1 Option 2 Option 3

Level of Alignment with Requirements

KR 1. Security R G G

KR 2. Electronic Solution R G G

KR 3. Single Point of Truth R G A

KR 4. Impact on business operation R G G

KR 5. Re-use and leverage current systems that schools use R G R

Level of Impacts

Legislation, Policies and Procedures R G G

Enterprise Architecture G G G

Technology R G A

Security R G G

Legal A G G

Interdependencies/relationships with other DET/Govt Initiatives G A A

Ongoing Support requirements A G A

Business system impacts G A A

Business workflows and process impacts R A A

People Impact – job impact, skills-sets, T&D G A A

Cost G A R

Complexity G G A




16 of 18



Option 1 Option 2 Option 3

Scheduling and resourcing G A R

Risks R G G

Key

G Positive Impact A Moderate Impact R Negative Impact N/A Not Applicable




17 of 18



5 Option Selection

5.1 Recommended Approach

The recommended approach is to adopt:

Option 2 – leverage OneSchool single point of truth student data and have relevant functionality built into OneSchool so that all student protection reports are entered and lodged from this one single application.

The result is that we have a single point of truth in OneSchool where all core student information is retained in the single application. This solution also leverages OneSchools exposure, plus ensures organisational change is minimal as all teachers and principals are already familiar with OneSchool.

This option also has the additional benefit in that there are no significant ongoing costs associated as we are leveraging an existing DET supported application.

Taking this approach will break this project into the following stages of works:

Phase 1: Commence documentation of business requirements and design of changes to OneSchool.

Phase 2: Build and implement as per phase 1 design.

This can be shown as:

Please note: timeframes are indicative, based upon mid year project approval and will be

confirmed as part of the Project Initiation document.

Qtr 2, 2011 Qtr 4, 2011

Phase 1

Phase 2

Document business requirements and design of changes to OneSchool

Build and implement as per phase 1 design




18 of 18



5.2 Reasons for this Approach The rationale in recommending option 2:

1. Strategically align the solution to leverage OneSchool and retain all core student information in the single corporate application.

2. Leverages OneSchool’s exposure and support (schools are already familiar with it), plus ensures all student data is held in a single point of truth.

3. Removes the risk and issues surrounding the current manual processes.

4. Reduces the risk of privacy, security and confidentiality concerns.

5. Addresses all the key implementation requirements.

Summary of the remaining options are as follows:

Option 1 – While this option is the quickest, cheapest and has the least impact to the

business, the Do Nothing option is not viable due to the issue of privacy, security and confidentiality issues.

In addition to this, it is highly manual and inefficient.

Option 3 – This option has been rejected due to the time and cost factor of building a whole new standalone system, and the level of organisation change and training that would be required.

Appendix D

January 2015 SPM update: approval

processes

5

Department of Education

OneSchool Internal Release Approvals Process (January Release)

Director, Child Safety

Senior Advisor, Child Safety

OneSchool Training Manager Business Reporting Officer -

SPM

Test Team Manager

Test Team Member 1

Application Development Team Member 1

Assistant Director General IT

Acting Executive Director IT Solutions & Operations

Director Education Business Systems

Director Education Business Support

OneSchool Program Director

OneSchool Application Board

Approval Step

• Release Preparation Procedure.docx • TFS Iteration Cycle.vsd • Email records

Start

Requested OneSchool to Provide Additional

Functionality

Obtained Effort Estimate from Development Team

14/08/2014

OneSchool Change Request Meeting

Agreed Functionality to be Added to January

Release as CR66557

Passed Request and Estimate to OneSchool

Change Meeting

30/09/2015 Approved January 2015

Release Scope

Compiled January Release Scope for Application Board

Approval

Provided Effort Estimate

12/01/2015 Confirmed CR66557 Test Passed

Successfully

16/01/2015 Confirmed January 2015 Release

Successfully Tested

Developed Software Code for CR65577

16/01/2015

Approved Test Summary Report for January 2015

Release

Deploy

Role

Developed Test Scripts for CR65577

Assigns Senior Advisor, Child Safety to Manage

Modifications to the SPM

2


OneSchool & DET Deployment Approvals Process (January Release)

Change Stakeholder Committee

Assistant Director General IT

Acting Executive Director IT Solutions & Operations


Change Requester

Application Operations Database Administration

Team

Approval Step

Sources • ICT Change Management Process Specification v4.4.Doc • Service Now Record for Jan 15 Release

“CHG0043641.pdf” • “20150119 – Change Meeting Minutes.PDF”

Raised ServiceNow Change 0043641 for Release

(Level 2)

Prepared Production Readiness Certificate

15/01/2015

Approved Production Readiness Certificate for

Change 0043641

Change Stakeholder Committee Representatives • Manager, Change Management • Manager, Enterprise Platform Development • Manager, Platfrom Operations • Manager, Network and Communications • Manager, Operational Security • Manager, Application Operations • Manager, Infrastructure Planning • Manager, ICT Support • Director, Platform Operations

19/01/2015

Approved Change 0043641.

Deployed Oneshool January Release into Live

Environment

Change Stakeholder Committee Attendees (Jan 19th 2015) • Manager, Change Management • Manager, Enterprise Platform Development • Manager, Platfrom Operations • Manager, Network and Communications • Manager, Operational Security • Manager, Application Operations • Manager, Infrastructure Planning • Manager, ICT Support • Director, Platform Operations

09/01/2015

Approved Change 0043641

Role

3


Change Stakeholder Committee

Assistant Director General

IT

Executive Director IT Solutions & Operations


Change Requester

OneSchool Deployment Approvals Process (July Bug Fix)

Raise ServiceNow Change for Bug Fix

(Level 4)

30/07/2015

Approved Change

Deploy into Production

Role Approval Step

Appendix E

January 2015 SPM update: design and

build

July – Sept 2013

Oct – Dec 2013

Jan - March 2014

April - June 2014

July – Sept 2014

Oct – Dec 2014

Jan – March 2015

Development &

Build of SPM

Testing of

SPM

Development & Build of

OneSchool SPM Jan update

Testing of

OneSchool SPM

1 July 2013

Issue of Carmody

Report – leading

to changes to the

OneSchool SPM.

Deployment of an

earlier version of the

OneSchool SPM.

25 October 2013

9 December 2013

Government

releases its official

response to the

Carmody Inquiry.

30 September 2014

OneSchool Application

Board finalises

approval of the

proposed changes to

the OneSchool SPM

for the January 2015

release.

3 December 2014

Director General

and QPS finalise

approval of the

proposed changes

to the OneSchool

SPM for the

January 2015

release.

19 January 2015

Deployment of the

updated

OneSchool SPM

in all QLD state

schools.

15 August 2014 –

6 January 2015

51 Day

Overlap

17 November 2014 –

15 January 2015

TIMELINE OF KEY EVENTS PRIOR TO JANUARY SPM 2015 UPDATE

Consultation period between Qld

Government Agencies and within DET.

Appendix F

January 2015 SPM update: developing and

refining requirements

Appendix G

Changes to OneSchool SPM

Changes to OneSchool Student Protection Reporting Module

1

Across all screens

Change ‘Concern’ to ‘Report’ in all references to Student Protection Concern

Student Protection Concern Search (page 2 of the OneSchool Guide)

Change the text in the message box - identified with

The new text should read –

A Student Protection Report is created when a staff member reasonably suspects the sexual

abuse or likely sexual abuse of a student or suspects a student may have been significantly

harmed or may be at risk of significant harm as outlined in the Student Protection Procedure. (this

would be a hyperlink to the procedure)

Prior to commencing a Student Protection Report you should, wherever possible, discuss your

concerns with the Principal, Deputy Principal or Guidance Officer and consider the actions

recommended following consulting the Qld Child Protection Guide(CPG) about the suspected

significant harm or risk of significant harm – the CPG is located on the Department of

Communities, Child Safety and Disability Services website at XXXXXXXX.

Student details screen (page 3 of the OneSchool Guide)

Change the first sub heading to Details of student significantly harmed or at risk of significant harm.

Concern details screen (pages 4 - 6 of the OneSchool Guide)

Change ‘Concern’ to ‘Report’ in the screen heading and the title in the left hand navigation bar

Change the first sub heading to Details of any alleged significant harm or risk of significant harm

Change the title at to Provide details of the alleged significant harm or risk of significant harm

Change the text in the box Provide details of the alleged harm or risk of harm* at to the following -

Provide information about the suspected significant harm or risk of significant harm, including specific

dates, times and locations, when known. The following are details to be included: information the

student disclosed; relevant observations of the student or parents; concerns about the student’s

physical presentation, including injuries; concerns about changes in the student’s behaviour or

appearance; medical investigations/treatment required; and information provided by other sources.

Add a new question after question Details of any harm and/or risk of harm -

Was the CPG consulted in relation to the suspected significant harm or risk of significant harm?*

Yes No (If the user selects Yes then Option 1 below appears. If the user selects No then Option 2 below appears)


2

Options 1

Recommended action/s following completion of one or more decision trees -

Report to Child Safety Referral to CBIR Referral to IFS

Direct referral to support service Report not required (the user should be able to select one or more boxes)

Provide details of reasons why the CPG was not consulted

Change the question at to Person suspected of causing significant harm.

Change the question at to Is there anyone else who may have information about the significant

harm or risk of significant harm?

Change the question at to Has the suspected significant harm or risk of significant harm been

discussed with the parents?

Change the question at to Do you suspect that an unborn child may be at significant risk of harm

after birth?

Other relevant details screen (pages 7 - 8 of the OneSchool Guide)

Add a new question after question Details of parent’s circumstances -

Based on the available information, do you suspect a parent may be able and willing to protect the

child from harm?*

Yes No (the user must be required to add further text whether the response is yes or no)

Provide details the information contributing to this suspicion

Include information about why the CPG was not consulted. For example, a staff member may not consult the CPG

when they believe there is sufficient information to indicate the reporting threshold has clearly been reached.

Include information about any facts or observations which have contributed to the staff member’s suspicion. For

further guidance on identifying and articulating a suspicion about whether a parent may be able and willing to

protect the child from harm refer to the Student Protection Guideline on the Student Protection page in OnePortal.


3

Change/add the following new items to question Details of supports or contact with other

agencies-

Add - CBIR IFS

Change - Other to Other support service

Summary screen (page 9 of the OneSchool Guide)

Change ‘Concern’ to ‘Report’ in the Action to be taken button at the bottom of the screen at .

Principal approval screen (pages 10 - 13 of the OneSchool Guide)

Change the question at Action to be taken* (Can we make this mandatory) to the following -

Question Principal response

Is this report in relation to suspected sexual abuse or likely sexual abuse? Yes No

Does the information indicate that the student has been significantly harmed or is at risk of significant harm?

Yes No

Based on the available information, do you suspect a parent may be able and willing to protect the child from harm?

Yes No

Add the new pop-up box below when the Principal has checked any of the following combinations of

responses –

Question Combination 1

Combination 2

Combination 3

Is this report in relation to suspected sexual abuse or likely sexual abuse?

Yes Yes Yes


Yes No No


Yes No Yes

New pop-up box -

Send Student Protection Report to QPS

This information will be sent to the QPS

Select email

Police contact*

Send and finalise Cancel


4

Add the new pop-up box below when the Principal has checked the following combination of

responses –


Is this report in relation to suspected sexual abuse or likely sexual abuse? Yes


Yes


No

New pop-up box -

Send Student Protection Report to Child Safety and QPS

This information will be sent to Child Safety and QPS

Select email

Police contact*

Child Safety contact*


Add the new pop-up box below when the Principal has checked the following combination of

responses –


Is this report in relation to suspected sexual abuse or likely sexual abuse? No


Yes


No

New pop-up box -

Send Student Protection Report to Child Safety

This information will be sent to Child Safety

Select email

Child Safety contact*



5

Add the new pop-up box below when the Principal has checked any of the following combinations of

responses –


Combination 2

Combination 3

Is this report in relation to suspected sexual abuse or likely sexual abuse?

No No No


Yes No No


Yes No Yes

New pop-up box -

Follow up actions

Follow up actions that could be considered when the concerns do not meet the reporting threshold

Contact parents

Referral to Community Based Intake and Referral (CBIR)

Referral to Intensive Family Support (IFS)

Referral to external support service

Referral to internal support service

Class teacher to monitor

Other

Comments

Include details about actions taken to assist the student and family. Actions should be based upon the concerns identified and the availability of relevant supports within the school and/or local community.

Save and finalise Cancel

Student Protection Report (pages 19 - 21 of the OneSchool Guide)

Change the header on the Report

o from ‘In accordance with s.22 of the Child Protection Act 1999 or s.365/365A of the Education

(General Provisions) Act 2006’

o to ‘In accordance with s.13A / 13E and 197A of the Child Protection Act 1999 or s.365 / 365A of

the Education (General Provisions) Act 2006’

Ensure that information is included in the Report sent to Child Safety and/or QPS from the questions -

o Was the CPG consulted in relation to the suspected significant harm or risk of significant harm?

o Based on the available information, do you suspect a parent may be able and willing to protect

the child from harm?

o referrals to CBIR and IFS in the question Details of supports or contact with other agencies


6

Reports (page22 of the OneSchool Guide)

Ensure that information is included in the Reports generated from the OneSchool module from the

questions -

o Was the CPG consulted in relation to the suspected harm or risk of harm?

o Based on the available information, do you suspect there may be a parent who is willing and able

to protect the child?

o Actions to be taken in the Principal approval screen

Other changes

Provide the ability to add a notifier who isn’t on the OneSchool staff dropdown list including the

person’s name, position and contact details.

Appendix H

January 2015 SPM update: test plan

2015 January Release Test Plan

Version Release Date: 23/01/2014

Version: 1.0

TRIM #:

TBA

Commercial-In-Confidence

OneSchool – 2015 January Release – Test Plan

\\aumel0800\common$\Nationals\RS\Forensic\Engagements\QLD Government\Dept of Education, Training & the Arts Qld\Project Auburn 350099\Output\Draft Reports\Appendices\Appendix (Temp 8).docx

Page 2 of 31

COMMERCIAL-IN-CONFIDENCE

Document Control

Owner: OneSchool Test Team

Contact Name

Program Name: OneSchool

Division/Unit: Education Business Systems

Author

File Name: G:\5678_OneSchool EBS\OSEB_Systems\Test\Releases to PROD\2015\2015 R1 January\Test Management\2015 R1 Test Plan v1.0.docx

Document Status: Active Controlled Copy #:

Revision History

Version Revision Date

Author Description of Change/Revision Ref No.

0.1 18/11/2014

Initial Draft

0.2 23/12/2014 Update with items

1.0 23/12/2014 Released version



Page 3 of 31


Approvals

Gate 0 Review (Project Team Review)

Name Title Signature Date Signed

Glossary of Terms / Acronyms / Abbreviations

Term Description

ACT Access Control Testing

BVT Build Verification Testing

BSA Business Subject Area

C2C Curriculum into the Classroom

DETE Department of Education, Training and Employment

DETE/OneSchool Glossary

http://team.oneportal.deta.qld.gov.au/sites/OneschoolR3/Lists/Glossaries/AllItems.aspx

ITSO IT Solutions and Operations

OLTP Online Transaction Processing

ROCS R3 Overview and Common Systems Requirements

RVT Requirements Verification Testing

SFT System Functional Testing

SIT System Integration Testing

SI Systems Integration

SRS System Requirements Specifications

UAT User Acceptance Testing





Page 4 of 31


Contents

1. Introduction .......................................................................................................................... 6

1.1. Objectives ................................................................................................................ 6

1.2. Scope ....................................................................................................................... 7

2. Features to Be Tested ......................................................................................................... 9

3. Features Not to Be Tested ................................................................................................. 13

4. Approach ............................................................................................................................ 14

4.1. Testing Overview ................................................................................................... 14

4.1.1. Key Dates in Environments .................................................................... 15

4.1.2. Entry Criteria .......................................................................................... 15

4.1.3. Exit Criteria............................................................................................. 15

5. Test Pass / Fail Criteria...................................................................................................... 16

5.1. OneSchool Defect Lifecycle ................................................................................... 16

6. Suspension and Resumption Criteria .............................................................................. 19

6.1. Overview ................................................................................................................ 19

6.2. Regression Testing ................................................................................................ 19

6.2.1. Regression Test Method ........................................................................ 19

7. Test Deliverables ............................................................................................................... 21

8. Test Items ........................................................................................................................... 22

8.1. Hardware Components .......................................................................................... 22

8.2. Software Components ............................................................................................ 22

9. Testing Tasks ..................................................................................................................... 23

10. Test Environmental Needs ................................................................................................ 24

10.1. Premises ................................................................................................................ 24

10.2. Test Item Installation and Configuration ................................................................. 24

10.3. Special Test Tools and Equipment ......................................................................... 24

10.4. Security and Licensing ........................................................................................... 24

11. Roles and Responsibilities ............................................................................................... 25

12. Testing Responsibilities .................................................................................................... 27

13. Risks and Mitigations ........................................................................................................ 31



Page 5 of 31


List of Figures

Figure 1: Defect Lifecycle ............................................................................................................. 16

List of Tables

Table 1: Deliverables to be produced and storage location. ......................................................... 21

Table 2: Software Components/Versions of Test System ............................................................. 22

Table 3: Testing Tasks ................................................................................................................. 23

Table 4: Recognized Risks and Proposed Contingencies ............................................................ 31

Table 5: Risk Matrix ..................................................................................................................... 31


Filename (Printed copies of this document should not be regarded as the current version. ALWAYS refer to the electronic copy for the latest version.)

Page


Page 6 of 31


1. Introduction

The 2015 January release has a number of enhancements and bug fixes for the application that benefits all OneSchool centres. This document will outline the products, testing effort and strategy around testing this release.

The primary items for this release include the Mature Age Student process into OneSchool, Academic Reporting (Australian Curriculmn, ICP Integration, P6 and Special Template) changes, Child Protection process changes, Behaviour enhancments (Charge Related) and Q Parent enhancements. The board level items are listed in 1.2 Scope.

This release has a number of business units testing their business requirements. OneSchool testing will support these units and system test the enhancement but the testing signoff will ultimately come from the business unit. These include:

OAMPS

Q Parents

SAP

This document is prepared in accordance with the industry standard for test plans as defined by ANSI/IEEE 829-1983, IEEE Standard for Software Test Documentation [IEEE83a] and its Australian Standard equivalent AS 4006-1992.

1.1. Objectives

The key objective is to ensure that all listed products work correctly and that schools using the OneSchool application function seamlessly with the 2015 Release 1 build.

The Test Plan addresses the following key points:

Details of activities required to prepare and conduct the System Functional Testing including Integration.

o System Function Testing of Build software will ensure the following:

Business Requirements defined in the SRS and Design are delivered correctly.

Application is relatively free of defects (testing is never exhaustive and cannot guarantee a defect free application).

Provide confidence to management that appropriate diligence has been taken in identifying and removing defects prior to release.

Regression testing will be performed across the OneSchool application

Communicates to all responsible parties the tasks which are to be performed and the schedule to be followed.

All external testing and business units are required to provide written testing signoff.

Defines the test tools and environment needed to conduct the system test.



Page


Page 7 of 31


1.2. Scope

The scope of testing proposed for OneSchool 2015 Release 1 in this plan has been based on interviews with key stakeholders and team leads.

The main items (enhancements and bug fixes) for 2015 Release 1 are as follows:

Module Proposed Development

Student Management

Student Plan

o ICP integration with Academic Reporting

Academic Reporting o Australian curriculum update for primary template o Special schools template o Achievement scales o ICP integration

Australian Curriculum Phase 2 Subjects Integrate subjects with reporting

Mature Age Students o Move MAS into OneSchool o New tab in student enrolment screen o Validation rules

QPS checks

Student Protection Update

Workflow and enhancements

USI o Store USI, text o Validate USI

Validation for printing of VET certificates

Q Parents Q Parents update for Pilot

Behaviour Increased sensitivity for charge related suspensions and incidents

Update templates

OAMPS Ongoing Updates

Technical Updates

OneSchool Technical Refactoring

Curriculum and Assessment

CARAs - phase 1 o Principal approvals for extreme/high risk o Copy functionality



Page


Page 8 of 31


o Database design for pdf integration for phase 2 o Prototypes of high and extreme risk wizards

Finance

BPoint Integration (Note: Finance Team to develop Business Requirements ahead of BIF funding application)

Agresso update – Address outstanding bugs and CRs

Other

Day 8 – Admin Screen update

Various reports and bug fixes



Page


Page 9 of 31


2. Features to Be Tested

Estimates of the effort required to test each of the items in scope are all ‘best’ case and do not make any allowance for multiple test iterations. These items are sourced from Board documents and TFS. Through the course of testing new items maybe included. The total days is based on one person testing. This document will be updated with those changes. (TBA)

TFS Description Days to test

56115 Cancel Unpaid Invoices view should ignore any receipts with a Receipt Status of C (Cancelled) 1

63267 Student Protection - Current and Future Address field showing old addresses 1

64618 Student Protection Concern - Student search on Add New popup is only searching on Legal Names 1

64961 Agresso 571 - Requisition entry screen - Contact drop down 1

65308 After Hours Contact details - board approved for June/July 2014 1

65350 Timetable >> PGD Roster screen freezes on first entry 1

65466 OAMPS data fix: Add aquisition cost to data fix report 1

65733 Exam Timetable - error if attempting to publish exam with staff member already marked absent on the day 1

65762 Allow Guidance Officer role to edit all disability categories 1

65873 New Data Fix report - OAMPS - two user accounts pointing to same staff record 1

66024 CARA September changes 10

66121 MVC PILOT - Secondary Main Timetable Access for non-teaching levels 1

66213 Facilities - BAS Quote Number character issue 1

66361 Agresso 571 - Type ahead functionality 1

66467 Auth Helper - Error on Stop Impersonating - 404 - File or directory not found 1

66474 2015 Jan - Academic Changes 10

66475 MAS Integration with OneSchool 3

66480 VET USI 1

66489 AIMS - Verification screen - error after multiple operations 1

66513 Agresso - Apply Update 3 and 4 to all environments 5



Page


Page 10 of 31


66525 School Disciplinary Absence Details report - Needs updating due to fields no longer in OneSchool and fields being renamed 1

66554 Transport - Distance Check - View icon does not open Distance Check in view mode when logged in at COTO 1

66555

Reduce network and server traffic by changing return link on framework error page so that it goes directly to the appropriate home page of the application as opposed to the default page and redirecting 1

66557 Student Protection Changes 2015 January 2

66572 PreEnrolment changes 2

66583

Parent/Student Relationship details should not be editable for future school is student is an active enrolment at another school 1

66586 Student App: Allow OneSchoolAdmin user to impersonate a student 1

66600 Report - AchievementStatsBySubject - is not returning results in PROD when no optional parameter is set 1

66604 Agresso - Standardised Logic for applying user IDs to server processes 1

66609 Facilities - Special Character error in Extra Details for Work Request 1

66620 Increase Batch Job Run Results result list from 50 to 100 so that all results are on the same page. 1

66632 UAT Environment : Update configuration Settings for new UAT environment 1

66639 New report: SAP interfaces summary 1

66661

Student Protection - update required to Report of Suspected Harm or Risk of Harm due to changes in functionality (for Jan 2015) 1

66664 Student Management : Session handling improvement needed when session is lost 1

66668 OneSchool Environment : Remove tsstransfer$ share from all environments 1

66683 AIMS - Changes in display elements 1

66687 AIMS - Change status of the verification request on the action when verification becomes "Ready to review" 1

66699 OAMPS - Able to open details of device replacement from school A even if you login in school B 1

66700 update ACARA Austrailian Curriculum to Version 7.1 and include all available subjects for P-10 1

66708 AIMS - Students awaiting verification review report - does not include students who only need review on C2 1



Page


Page 11 of 31


66717

Behaviour: Restrict access to Charge Suspension to be available to ExecutivePrincipal and COChargeSuspensionOfficer only 1

66718 AIMS - SLI verification : date not showing in the screen 1

66744 Report - Expression of Interest (Enrolment) - List the EOIs , parent, student details, date received 1

66749 Behaviour - add level 6 to 'restricted to ' in recording an incident ( requested by schools) 1

66750 AIMS SLI Verification Report - SSRS rendering error was generated when printing report for one student 1

66752 Add new Australian curriculum subjects assessment criteria to unit planning 1

66756 OneSchool Server Configuration - Removed symbolic links and replace with inline folder for DETA framework 1

66757 Transport - Distance Check form - Student Name, DOB and Gender not populating if run for region (ie non school location) 1

66758 Removal of obsolete proc - In relation to Transport 1

66761 Report change - Student Plan - Add option for other centre target areas to criteria when including support provisions 1

66764 Bug relating to NAMS 3G Batches Incomplete defaulting a parameter for Nbr of Days Passed 1

66766 Primary Timetable Should not allow roleclass to be added 1

66767 Main Timetable MVC (Disable add class button if not timetable) 1

66773 ICP - Spelling mistake on endorsement error message 1

66776 Expression of Interest - Correspondence- school email incorrect 1

66777 Report - Add/remove columns to Student EAL/D Bandscales Export 1

66778 Report - Student EAL/D Bandscales Export available to schools 1

66787 Positive Behaviour Certificates - new certificate does not display long names properly 1

66788 Report - ICP and ICP in Student Plan - Speech marks in Content Descriptions displaying incorrectly 1

66795 Transport - SWD Amendment to Transport Application report - generating blank if student is not Active 1

66797

Attachments added to reports may fail if the file cannot be written to the file system as it may contain \ or other invalid characters 1

66798 Exclude subjects marked as in-active from the rollover process 1



Page


Page 12 of 31


66799 Timetable Reports not including future staff - Staff List, Staff Load, Staff IR Availability 1

66804 Early Start Assessment Results exports to be updated 1

66805 Timetable - unable to delete/remove the activate the date from a future version once set 1

66810 Student Dashboard Student Note report - include option for previous centres 1

66811 Student Dashboard Class Groups report to include option of previous centres 1

66817

Certificate of Recognition Reports - Principal signature needs to be centred, School logo needs to be centred in the new Certificate of Recognition reports 1

66826 OAMPS - New Device Type for School purchased Laptops 1

66827

Student Address - Unable to Add a new address - causing issues as cannot enrol a new student - java script error due to ' in School name 1

66830 Exam Timetable: Publishing exam timetables for future dates causes activation of timetables for those dates to fail. 1

66831 Out of Home Care reports - Region - handling of dual enrolment students 1

66833 New Agresso license to be deployed for new uat server 1

66834 2014 SOS Reports load Host reports only and reload 2013 SOS Reports 1

Total days for 1 resource 101



Page


Page 13 of 31


3. Features Not to Be Tested

The following activities are not within the scope of this plan. Please refer to their respective plans:

Unit Testing – this is the responsibility of the Development Team.

Security Testing.

Requirements Review – this is the responsibility of the Business Team.

Design / Code Reviews – this is the responsibility of the Development Team.



Page


Page 14 of 31


4. Approach

This section defines the approach and process to be followed for this build.

4.1. Testing Overview

All listed products in Section 2 and any associated fixes will be tested in the User Acceptance Testing (UAT) environment by OneSchool business and test users. SAP, Parent Portal, AIMS, and OAMPS items will require business testing and signoff. These items will be in UAT and system tested by the OneSchool Test Team.

All items that have been successfully tested will then be deployed to the TRAIN environment and then to PROD.

Q Parent items will be tested in PPTEST and later tested in the UAT environment.

This is to allow the Q Parent team to test in isolation with OneSchool to check integration.

Data Migration

The Jan 2015 OneSchool release involves the following migration activities

Other Learning Areas will be corporatized and maintained in Timetabling

Primary schools and Special schools will now manage subjects in the same fashion as high schools.

This means a common corporatized subject list will be shared by all schools in Queensland.

Previously entered academic and curriculum plan data will be converted to the consolidated subject list

This migration will been run and tested in the TEST environment. It will further be executed in the TRAIN environment to test the processing speed of a PROD like environment

Testing will comprise of:

Target (Scripted)Testing

Adhoc Testing

Regression Testing

The Test Manager will maintain overall responsibility for the preparation and execution of the entire test scope.

This Release is estimated to have 5 weeks of testing. There will be one round of scripted and adhoc target testing for all subsequent builds and one round of general regression on the candidate build.

Any tests performed by OneSchool Team members will be supported by the Test Manager. The execution needs to be completed within the given timeframes. All products need to be tested and meet acceptable business standards.



Page


Page 15 of 31


4.1.1. Key Dates in Environments

25th of November 2014 – Initial Build in UAT

05th of December 2014 – 2nd Build in UAT

19th of December 2014 – 3rd Build in UAT

06th of January 2015 – 4th Build (Candidate) in UAT

12th of January 2015 – 5th Build (Candidate) in UAT

14th of January 2015 – Candidate Build in TRAIN

18th of January 2015 – Candidate Build in PRODUCTION

4.1.2. Entry Criteria

Entry Criteria defines the minimum conditions that must be met before starting test activities. Listed below are a set of entry criteria for this Build.

An appropriate Test Environment is available with relevant interfaces and software and hardware components.

Availability of the application after passing Unit Testing and other Quality Criteria set by SE team, including Release notes.

All test designs and test procedures have been documented and reviewed.

The Build Verification Tests have passed.

4.1.3. Exit Criteria

Exit Criteria ensures that all test requirements have been satisfied before exiting signing testing off. The exit criteria are as follows:

No Priority ‘Urgent’ or ‘High’ outstanding defects.

Outstanding defects (other than severity Urgent or High) are accepted by the OneSchool Director and other stakeholders as appropriate.

All test results have been documented and reports produced.

Any business team testing is confirmed by the business person as ‘passed’ via email or in TFS.

Test Summary Report has been approved and signed off.

External testing needs to be signed off by external business units

NOTE: Severity Level definitions are detailed in section 5.1.



Page


Page 16 of 31


5. Test Pass / Fail Criteria

The pass/fail criteria of each test case / procedure will be based on an assessment of test reports generated during the testing activities defined in this plan. The assessment will consider the severity of the defect and whether it constitutes unacceptable behaviour. This assessment will be recorded on each defect report.

The pass/fail criteria will be reported in the test summary report generated at completion of the testing activities. For this release, there should be no Urgent or High defects (definitions of these can be found in section 6.1), and any Normal defects will have to be agreed upon and approved by the OneSchool Director and Business Program Manager.

The test summary report will list all test defect generated during testing based on this test plan.

5.1. OneSchool Defect Lifecycle

OneSchool R3 Defect Life Cycle

De

ve

lop

me

nt T

ea

mB

usin

ess T

ea

mT

estin

g T

ea

m

Raise Defect

(New)

Test Gatekeeper

Review

Retest DefectPass Retest

(Y/N)

Comment & Close

Defect

Development

Gatekeeper

Review

Fix/In progress

Defect scheduled

for release

Business

Gatekeeper

Review

Accept

Reject

Need

Clarification

Assign,

Monitor, Need

Clarification,

Close

Assign

Assign

Close

Accept

Clarify

Reject

(Ready for Testing)

Build version assigned for FIX

Yes

No

Re-assign

Re-assign

Clarify Documentation

Re-assign for Fix

Change

Management

Process / Change

Request

Raise Change Request

Re-assign for Fix

Update Document

Reject

Need Clarification

Figure 1: Defect Lifecycle

The above diagram is a depiction of the Defect Management Process to be followed for the application system function testing and implemented in Team Foundation Server. The Defect Lifecycle defines what states (or statuses) our defects can reach, and how they move from one state to another. This procqless has been incorporated and customized into the Defect Tracking Tool.



Page


Page 17 of 31


All of the defects found will be raised against the relevant modules they have been found in for traceability. Listed below is a typical process that a new defect will go through:

1. A new defect is raised by a tester and assigned to the Test Gatekeeper for review.

2. Test Gatekeeper assesses the defect and if valid, then assigns it to the Development Gatekeeper for review.

3. If the Development Gatekeeper accepts the defect, it is then further assigned to one of the developers for fixing.

4. Once the defect is fixed, the fix is incorporated into a new build.

5. The new build is promoted to the test environment for retesting.

6. If retest is successful, the defect is closed.

If there is an issue with the requirements and clarification is required, then the Test Gatekeeper or the Development Gatekeeper assigns the defect to the Business Gatekeeper. Should the defect be accepted, then the relevant document goes through a change management process.

Below are the severity definitions for defects:

1. Urgent – The failure causes a system crash or unrecoverable data loss or causes impairment of critical system functions. The user cannot continue using the software. No acceptable work-around exists. Business risk is high. Testing cannot continue or the majority of test cases would be invalidated if testing continued.

2. High – The failure causes impairment of system function. The user can still use the software but cannot perform a critical task and no workaround solution exists for that task. Business risk is moderate. Testing can continue. Testing of impaired function and related functions/areas are impacted.

3. Normal – The failure causes impairment of system function or component. The user can use the software (an acceptable workaround exists) but the defect is very annoying. Business risk is low. Testing can continue but the failure may invalidate a localized group of test cases.

4. Low – The failure causes inconvenience or mild annoyance. Long-term workaround for use in production is acceptable to the business owner. Business risk is negligible. All testing can continue. Only test cases specifically testing the problem affected.

5. Suggestion – The defect is the result of non-conformance to a standard, is related to the aesthetics of the system, or is a request for an enhancement. Defects at this level may be deferred or even ignored.

The priority levels to be assigned by the development team for defect fixes are 1 = Urgent, 2 = High, 3 = Normal, 4 = Low.

Defect Type basically defines to the user in which context the defect has been raised and to which module the defect relates. Defect Types will be specified as below:

Usability defects

This includes the look and feel of the application, cosmetics, and layout of the application, shortcuts, headers and footers, actual contents.

Environmental defects



Page


Page 18 of 31


These are related to any build issues, actual setup of the environment, etc.

Documentation defects

Defects relating to the requirements documents and to be assigned to the Business or Requirements Team will fall under this category.

Database defects

Defects related to the database will fall under this category.

Application defects

All defects pertaining to the actual flow of the application and business scenarios, functionality will fall under this category

Enhancement defects

Suggestions on improving any feature, adding some content or change of colour which are not really defects but will add value to the application fall under this category.



Page


Page 19 of 31


6. Suspension and Resumption Criteria

6.1. Overview

Testing may be suspended at the discretion of the Test Manager and with the approval of the OneSchool Director if a sufficiently serious issue is discovered and proceeding with the test activities would not be effective.

The Test Manager may decide to suspend testing of only some parts of the overall test activities if required. Such decisions should consider:

Whether tests not suspended are independent of the test case / procedure being rectified and changing the test case / procedure would not influence the results of the test.

Whether future tests that involve modifying the system state would create problems in returning to the previous tests to complete suspended test cases.

If testing is suspended and test items rectified then the test manager must assess resumption requirements. This assessment should take into consideration:

What test results are no longer consistent given that there is a change in the test case / procedure?

What tests already completed must be repeated?

If testing is suspended and/or resumed at any time during the testing process, this event must be reported in the test status report and justification for the above considerations recorded.

6.2. Regression Testing

The objectives of regression testing are:

To ensure that the ‘production release’ contains all previously released fixes and functionality.

To ensure that the solution will function in a production like environment.

To ascertain the robustness of the product.

To determine whether the systems documentation remains current.

To determine that system test data and test conditions remain current.

To determine that previously tested system functions perform properly after changes or new functionality is introduced into the R3 application.

To ensure that the solution is fit for production deployment. The regression test will be most effective if executed against the build which is to be deployed into production, that is, on a stable and relatively defect free build.

6.2.1. Regression Test Method

Regression is always preferred to be executed against the final version of the product.

The following approach to managing regression testing is recommended:

1. Baseline the software product at the beginning of all iterations.

2. Ensure no additional code is integrated into functionality undergoing regression testing. Modifications to the system are tracked in a configuration/version



Page


Page 20 of 31


management system and changes made between releases to be tested are assessed to determine impact of change

3. Modifications to the system are tracked in a configuration / version management system and changes made are assessed to determine the impact of a change.

4. Tests are selected and incorporated into a Build Verification Test (BVT Test Suite).

5. Document results of regression testing. Ensure test documentation is kept inline with any changes in application functionality.

6. Undertaken in a production-like environment.



Page


Page 21 of 31


7. Test Deliverables

This section identifies requirements for Test Documents, Supporting Software, and Test Data that are produced for testing activities applied as a part of this Test Plan. Documents are to be uniquely identified, have consistent structure, and where indicated conform to standards.

The following table identifies deliverables to be produced and locations where test deliverables are to be stored.

Order Deliverable Location

1 Test Strategy G:\OneSchool\R3\Test\Test Strategy\S3.3.1 R3 Test Strategy V0.6.doc

2 Test Plan (this document) TRIM:

3 Test Summary Report TRIM: 15/9676

Table 1: Deliverables to be produced and storage location.



Page


Page 22 of 31


8. Test Items

8.1. Hardware Components

OneSchool is a web based application consisting of multiple tiers as in PoC. The hardware components required for the test are listed below:

1. Client PC

2. Application Server(s) – OLTP and Reporting

3. SQL Server(s) – OLTP and Reporting

4. Laser Printer(s) for report runs

8.2. Software Components

The following software components/versions comprise the system that will be under test. The versions of developed software are not included, as they are recorded at the time of testing. This is subject to change with further input from ITSO.

Server Software Version

SQL Server Instance

Microsoft Windows Server (64 bit) Windows 2008 R2 Enterprise SP1

SQL Server 2012 (64 bit) SQL 2012 Enterprise SP1

SQL Server Stored Procedures (developed)

N/A

Application Server Instance

VMWare ESXi Server 5.0.0

Microsoft Windows Server (64 bit) Windows 2008 R2 Enterprise SP1

.NET Framework Version 4 (Enterprise Library version 4.1)

DET .NET Framework 3.06.0014.1

IIS 7.5

Developed Software Modules N/A

MOE Client MOE Desktop Education Queensland Windows 7

MOE IE 8, 10 and IE 11 (Enterprise Mode) Browser

Various

Firefox 31.0 (Various)

Adobe Acrobat Reader 9.0

Table 2: Software Components/Versions of Test System



Page


Page 23 of 31


9. Testing Tasks

The testing tasks to be undertaken are described in the following table:

Task Description

1 Produce detailed Test Design and Procedures

The features to be tested and test approach described in this plan are refined to define specific test cases and test procedures. This involves specifying the actual values to be used, setup required, etc. The detailed test cases are recorded in test design and derived from the Requirements and Design documents.

2 Review of Test Design and Test Procedures

All of the documentation goes through a Review process to validate that the test cases and procedures cover all of the requirements in the SRS, Design and UI documents, ruling out any gaps that might be there otherwise.

3 Verify Configuration of Test Environment

Verify configuration of test environment and test artefacts required to test the application.

4 Implement Tests and compile Test Data

Develop test procedures and compile test data required to conduct testing.

5 System Function Testing System Function Testing will be performed using positive and negative tests on the Build software and end to end application testing to ensure its stability.

6 System Integration

Testing

System Integration Testing will be performed on COTS software to verify correctness of all integration points between build and buy software.

7 Exploratory Testing Allows the experience of the testers to guide the scope and continually optimize the quality of their work by treating test-related learning, test design, test execution and test result interpretation as mutually supportive activities.

8 Build Verification Testing Build Verification Testing is a structured set of tests performed in the test environment on a newly deployed build to confirm its stability before formal testing on it can commence.

9 Review Test Defects or defect triaging

Defects are evaluated to determine the extent of the incident, and whether it impacts pass / fail criteria. Test Defects are selected for entry and generation of defect reports in the Defect Management Tool.

10 Retest Fixes and Regression Test

When a new build is released with fixes to identified defects, all failed procedures will be rerun to retest resolved defects. This will be followed by a regression test cycle.

11 Compile Test Summary Reports

Logs of the test activities are compiled as test execution reports to record the outcome of tests. A test summary report collates the execution reports and presents overall results.

Table 3: Testing Tasks



Page


Page 24 of 31


10. Test Environmental Needs

The existing UAT environment will be used to test this release. All stages of the Production release need to be simulated in this environment. The initial build will be applied and testing can commence. Agresso, OAMPS and normal linked production applications need to be available in UAT.

10.1. Premises

Testing will occur at the DETE OneSchool facility in Eight Mile Plains in Brisbane.

Database and application servers will be hosted remotely at DETE’s Data Centres.

10.2. Test Item Installation and Configuration

The test machines (virtual and physical) running the web application server and the database will be setup by ITSO following their installation/configuration processes. Any issues with the environment or configuration changes that arise will be referred back to ITSO for resolution.

10.3. Special Test Tools and Equipment

Microsoft Office is required to manage detailed test documentation for SFT.

IBM/Telelogic DOORS for requirements management, development and storage of testing artefacts.

Compuware QA Load as a framework for running Load/Performance tests, typically at the protocol level, to place load upon server. Also can be used for Stress and Stability tests.

Microsoft Team Foundation Server as a Defect Tracking tool for managing and reporting on change requests, defect reports, etc.

Remote Desktop for restarting servers, reloading databases etc.

SQL Server Management Studio (MS SQL Query Analyser) to access the database.

10.4. Security and Licensing

The test servers will be remotely located within the network at DETE. Security of the network and its various components are the responsibility of DETE.



Page


Page 25 of 31


11. Roles and Responsibilities

Group Role Responsibilities

DETE PMO Quality Management of testing deliverables in line with Prince 2 methodology.

DETE Test Manager /

Business Owner of Test Environment

Overall responsibility for 2014 Release 4 Testing.

Prepare Test Plans.

Work allocation of Test Design, Test Procedures and Test Execution

Liaise with SMEs, System Integration, Systems Engineering teams to manage issues and clarifications identified.

Review Strategy, Test Documentation and Reports.

Review test designs prior to DETE signoff.

Review test procedures for SRS and Change Requests.

Manage Test Execution cycles.

Manage and Implement exploratory tests.

Develop schedule and review progress against project schedule for all testing activities.

Prepare Test Summary Reports.

Support UAT plan and activities.

Participate in Design Walkthroughs

Provide testing progress update to OneSchool Management.

Manage testing risks and issues; escalate to OneSchool Director if required.

Operational management of the OneSchool testing team.

Defect Management (Testing)

Liaise with other Team Leads and PMO

Liase with external test/business teams to get sign off

DETE Test Analyst /

Test Engineer

Develop test designs and procedures.

Peer Reviews of Test Designs.

Develop BVT Checklists.

Implement build verification tests.

Create Test Data.

Implement exploratory tests.

Implement manual system functional tests.

Assist with summary reports.

Execute tests, analyse and raise defect reports.

Dev Team

Solutions Architect Explain expected behaviour of system; provide system design specifications and related documentation.

Define SE processes and its interaction with other teams.

Provide builds and fixes, review defects raised and technical support of the OneSchool application.



Page


Page 26 of 31


Group Role Responsibilities

ITSO Technical Owner of Test Environment

Establish and Maintain test environment hardware and software configurations.

Load new releases into test environment when requested by the Test Manager as part of ITSO Change Management process.



Page


Page 27 of 31


12. Testing Responsibilities

The below items require the following teams to test.

TFS Description Test Unit

56115 Cancel Unpaid Invoices view should ignore any receipts with a Receipt Status of C (Cancelled) Test Team

63267 Student Protection - Current and Future Address field showing old addresses Test Team

64618 Student Protection Concern - Student search on Add New popup is only searching on Legal Names Test Team

64961 Agresso 571 - Requisition entry screen - Contact drop down Test Team

65308 After Hours Contact details - board approved for June/July 2014

Business Team

65350 Timetable >> PGD Roster screen freezes on first entry Test Team

65466 OAMPS data fix: Add aquisition cost to data fix report Test Team

65733 Exam Timetable - error if attempting to publish exam with staff member already marked absent on the day

Business Team

65762 Allow Guidance Officer role to edit all disability categories Test Team

65873 New Data Fix report - OAMPS - two user accounts pointing to same staff record

Business Team

66024 CARA September changes Business Team

66121 MVC PILOT - Secondary Main Timetable Access for non-teaching levels

Business Team

66213 Facilities - BAS Quote Number character issue Test Team

66361 Agresso 571 - Type ahead functionality Test Team

66467 Auth Helper - Error on Stop Impersonating - 404 - File or directory not found Test Team

66474 2015 Jan - Academic Changes Business Team

66475 MAS Integration with OneSchool Test Team

66480 VET USI Business Team

66489 AIMS - Verification screen - error after multiple operations Test Team

66513 Agresso - Apply Update 3 and 4 to all environments Business Team

66525 School Disciplinary Absence Details report - Needs updating due to fields no longer in OneSchool and fields being renamed Test Team

66554 Transport - Distance Check - View icon does not open Distance Check in view mode when logged in at COTO

Business Team

66555

Reduce network and server traffic by changing return link on framework error page so that it goes directly to the appropriate home page of the application as opposed to the default page and redirecting Test Team

66557 Student Protection Changes 2015 January Test Team



Page


Page 28 of 31


66572 PreEnrolment changes Test Team

66583

Parent/Student Relationship details should not be editable for future school is student is an active enrolment at another school

Business Team

66586 Student App: Allow OneSchoolAdmin user to impersonate a student Test Team

66600 Report - AchievementStatsBySubject - is not returning results in PROD when no optional parameter is set Test Team

66604 Agresso - Standardised Logic for applying user IDs to server processes Test Team

66609 Facilities - Special Character error in Extra Details for Work Request Test Team

66620 Increase Batch Job Run Results result list from 50 to 100 so that all results are on the same page. Test Team

66632 UAT Environment : Update configuration Settings for new UAT environment Test Team

66639 New report: SAP interfaces summary SAP

66661

Student Protection - update required to Report of Suspected Harm or Risk of Harm due to changes in functionality (for Jan 2015) Test Team

66664 Student Management : Session handling improvement needed when session is lost Test Team

66668 OneSchool Environment : Remove tsstransfer$ share from all environments Test Team

66683 AIMS - Changes in display elements Test Team

66687 AIMS - Change status of the verification request on the action when verification becomes "Ready to review" Test Team

66699 OAMPS - Able to open details of device replacement from school A even if you login in school B Test Team

66700 update ACARA Austrailian Curriculum to Version 7.1 and include all available subjects for P-10

Business Team

66708 AIMS - Students awaiting verification review report - does not include students who only need review on C2

Business Team

66717

Behaviour: Restrict access to Charge Suspension to be available to ExecutivePrincipal and COChargeSuspensionOfficer only Test Team

66718 AIMS - SLI verification : date not showing in the screen Test Team

66744 Report - Expression of Interest (Enrolment) - List the EOIs , parent, student details, date received Test Team

66749 Behaviour - add level 6 to 'restricted to ' in recording an incident ( requested by schools)

Business Team

66750 AIMS SLI Verification Report - SSRS rendering error was generated when printing report for one student Test Team

66752 Add new Australian curriculum subjects assessment criteria to unit planning

Business Team



Page


Page 29 of 31


66756 OneSchool Server Configuration - Removed symbolic links and replace with inline folder for DETA framework Test Team

66757 Transport - Distance Check form - Student Name, DOB and Gender not populating if run for region (ie non school location)

Business Team

66758 Removal of obsolete proc - In relation to Transport Test Team

66761 Report change - Student Plan - Add option for other centre target areas to criteria when including support provisions

Business Team

66764 Bug relating to NAMS 3G Batches Incomplete defaulting a parameter for Nbr of Days Passed Test Team

66766 Primary Timetable Should not allow roleclass to be added

66767 Main Timetable MVC (Disable add class button if not timetable) Test Team

66773 ICP - Spelling mistake on endorsement error message

66776 Expression of Interest - Correspondence- school email incorrect Test Team

66777 Report - Add/remove columns to Student EAL/D Bandscales Export Test Team

66778 Report - Student EAL/D Bandscales Export available to schools

Business Team

66787 Positive Behaviour Certificates - new certificate does not display long names properly Test Team

66788 Report - ICP and ICP in Student Plan - Speech marks in Content Descriptions displaying incorrectly

Business Team

66795 Transport - SWD Amendment to Transport Application report - generating blank if student is not Active

Business Team

66797

Attachments added to reports may fail if the file cannot be written to the file system as it may contain \ or other invalid characters Test Team

66798 Exclude subjects marked as in-active from the rollover process

Business Team

66799 Timetable Reports not including future staff - Staff List, Staff Load, Staff IR Availability

Business Team

66804 Early Start Assessment Results exports to be updated Business Team

66805 Timetable - unable to delete/remove the activate the date from a future version once set

Business Team

66810 Student Dashboard Student Note report - include option for previous centres

66811 Student Dashboard Class Groups report to include option of previous centres

66817

Certificate of Recognition Reports - Principal signature needs to be centred, School logo needs to be centred in the new Certificate of Recognition reports

Business Team

66826 OAMPS - New Device Type for School purchased Laptops Test Team



Page


Page 30 of 31


66827

Student Address - Unable to Add a new address - causing issues as cannot enrol a new student - java script error due to ' in School name Test Team

66830 Exam Timetable: Publishing exam timetables for future dates causes activation of timetables for those dates to fail.

Business Team

66831 Out of Home Care reports - Region - handling of dual enrolment students

Business Team

66833 New Agresso license to be deployed for new uat server Test Team

66834 2014 SOS Reports load Host reports only and reload 2013 SOS Reports PMR

Total days for 1 resource



Page


Page 31 of 31


13. Risks and Mitigations

Table 4 below identifies recognised risks and contingencies proposed to avoid or mitigate the risk. The risk level is based on the product of severity and likelihood of each risk, and is calculated using the matrix shown in Table 5.

Risk Severity x Likelihood = Risk Level

Mitigations

1. Not all products are ready for initial build

3 x 5 = H Move Regression to the end of the testing period. Any untested material should be moved to a later release.

2. Reliance on External Testing from other business units

3 x 5 = H Keep in communication with them and receive written sign off.

3. Christmas Period (Staffing) 3 x 5 = H Ask for other business users to test items if the primary business tester is on leave

Table 4: Recognized Risks and Proposed Contingencies

SEVERITY > Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5

LIKELIHOOD

5 - Almost Certain Medium High High Extreme Extreme

4 - Likely Medium Medium High High Extreme

3 - Possible Low Medium High High High

2 - Unlikely Low Low Medium Medium High

1 - Rare Low Low Medium Medium High

Table 5: Risk Matrix

Appendix I

January 2015 SPM update: test summary

report

2015 R1 Build

2015 Release 1 January Test Summary Report

Version Release Date: 16/01/2015

Version: 1.0

TRIM #: 15/9676

OneSchool – 2015 Release 1 – Test Summary Report

Page 2 of 13

Document Control

Owner: OneSchool

Contact Name

Program Name:

OneSchool

Division/Unit: Strategic Information and Technologies Branch

Author

File Name: X:\TopDrwr\Offline Records (TP)\2015 R1 Test Summary.DOCX

Document Status:

Active (Final) Controlled Copy #:

Revision History

Version Revision Date

Author Description of Change/Revision

Ref No.

0.1 09/01/2014

Initial Draft

0.2 15/01/2015

Updated – latest results included

1.0 16/01/2015

Updated with final results


Page 3 of 13

Approvals

Gate 0 Review (Project Review)

Name Title Signature Due Date

Director, Education Business Systems

Director, OneSchool Education Business Support

Gate 1 Review (Executive Review)

Name Title Signature Date Signed

Assistant Director-General, Information and Technologies Branch

Publication Approval Approver: Date:

Distribution List

Yes No

Name Role Director – Education Business Systems

Director – Education Business Support


Page 4 of 13

Table of Contents

1. PURPOSE 5

2. SCOPE 5

3. EXECUTIVE SUMMARY 5

4. SUMMARY OF TESTING 7

4.1 Scope of Testing 7

4.2 Items in the Release 7

4.3 Issues during testing 12

5. SUMMARY OF TEST RESULTS 12

5.1 Summary of Testing Issues 12

5.2 Outstanding defects 13

5.3 Associated Documents 13


Page 5 of 13

1. Purpose

The purpose of this document is to outline the testing methods and the results of testing during this release. This report details the release items, number of bugs raised and gives details of issues experienced and list any bugs carried over into production (if applicable). It also provides assurance for the business that this release is ready for Production and that each work unit has signed off their items.

2. Scope

To list items that are part of this release

To outline the tests which were executed

To document the issues identified during testing and to highlight outstanding problems

To give confidence and assurance around the bug fixes for this release.

3. Executive Summary

This Test Summary is based on the testing effort from OneSchool business and testing teams as well as OAMPS, AIMS and SAP users. The conclusion of their efforts is that this build is low risk and ready for production.

As described in the Test Plan the main enhancements for this release includes:

Module Proposed Development

Student Management

Student Plan

o ICP integration with Academic Reporting

Academic Reporting o Australian curriculum update for primary template o Special schools template o Achievement scales o ICP integration

Australian Curriculum Phase 2 Subjects Integrate subjects with reporting

Mature Age Students o Move MAS into OneSchool o New tab in student enrolment screen o Validation rules

QPS checks

Student Protection Update

Workflow and enhancements

USI o Store USI, text o Validate USI

Validation for printing of VET certificates


Page 6 of 13

Q Parents Q Parents update for Pilot


Update templates

OAMPS Ongoing Updates

Technical Updates

OneSchool Technical Refactoring


CARAs - phase 1 o Principal approvals for extreme/high risk o Copy functionality

o Database design for pdf integration for phase 2 o Prototypes of high and extreme risk wizards

Finance

BPoint Integration (Note: Finance Team to develop Business Requirements ahead of BIF funding application)

Agresso update – Address outstanding bugs and CRs

Other

Day 8 – Admin Screen update

Various reports and bug fixes

Items listed in Section 4.3 “Items in the Release” have been successfully tested.

Testing this release commenced on the 25th of November 2014 and concluded on the 16th of January 2015. The teams that tested all items comprised of OneSchool Business and Test teams as well as OAMPS, AIMS and SAP business teams. All testing occurred in the OneSchool UAT, and TEST environments.

The testing effort comprised of 1 round of target testing (includes scripted testing) and 1 round regression testing. Build verification testing was also performed on each build in the TEST, UAT, TRAIN and PROD environments.

Currently the severity and number of outstanding issues are:

Urgent Issues: 0

High Issues: 0

Normal Issues: 5

Low Issues: 0

All outstanding issues were discussed with the business on Wednesday 14th and Friday 16th of January 2015. As stated in the Test Plan there can be no ‘Urgent’ or ‘High’ and only accepted ‘Normal’ bugs can remain for the build to progress to


Page 7 of 13

Production. Current outstanding issues are documented in Section 5.2 “Outstanding Defects.”

Build deploy dates into environments:

25th of November 2014 – Initial Build in UAT

05th of December 2014 – 2

nd Build in UAT

19th of December 2014 – 3

rd Build in UAT

06th of January 2015 – 4

th Build (Candidate) in UAT



14th of January 2015 – Candidate Build in TRAIN



15th of January 2015 - Candidate Build in TRAIN

18th of January 2015 – Candidate Build in PRODUCTION

Testing concluded that:

Release items listed in Section 4 Items have been successfully tested

Items listed function correctly

The Release build is stable

No ‘Urgent’ or ‘High’ bugs discovered remain open

All ‘Medium’ bugs have been discussed with the business

Other considerations:

The Jan 2015 OneSchool release involves the following migration activities

Other Learning Areas will be corporatized and maintained in Timetabling

Primary schools and Special schools will now manage subjects in the same fashion as high schools. This means

o A common corporatized subject list will be shared by all schools in Queensland.

o Previously entered academic and curriculum plan data will be converted to the consolidated subject list

This migration has been run and tested in the TEST environment. It will further be executed in the TRAIN environment to test the processing speed of a PROD like environment. This activity was successful in TRAIN.

4. Summary of Testing

4.1 Scope of Testing

The scope of testing for this build was a combination of scripted tests, target and adhoc testing. All tests were performed by both the OneSchool Testing and Business teams. Other business units involved in this releases testing include: MSSWD, SSOS, OSCR and SAP.

4.2 Items in the Release

Products successfully tested in UAT were:


Page 8 of 13

TFS No. Description

66513 Agresso - Apply Update 3 and 4 to all environments

66557 Student Protection Changes 2015 January

66572 PreEnrolment changes

66661 Student Protection - update required to Report of Suspected Harm or Risk of Harm due to changes in functionality (for Jan 2015)

66683 AIMS - Changes in display elements

66489 AIMS - Verification screen - error after multiple operations

66475 MAS Integration with OneSchool

64618 Student Protection Concern - Student search on Add New popup is only searching on Legal Names

66718 AIMS - SLI verification : date not showing in the screen

66750 AIMS SLI Verification Report - SSRS rendering error was generated when printing report for one student

66767 Main Timetable MVC (Disable add class button if not timetable)

66776 Expression of Interest - Correspondence- school email incorrect

66847

AIMS - Students Assigned to Verifiers Download - records are being shown twice, once with assigned to verifier date and verifier name, and the other with a blank in the assigned to verifier date, and verifier name column

66849 OneSchool Services and Scheduled Tasks updated to .NET Framework 4.5.2

66862 Student Protection - Deleting an incomplete report

66868 Student Protection - Report - Report generating with no data

66873 Class Picker: Type drop down should include "Non Curriculum" as an option

66874 Transport - distance check - Address not predicting text

66884 MAS- Bulk Status update- bulk changing to active error message

66888 MAS-Redemption Report- Search filter is not inclusive

66893 MAS-Enrolment status - Incorrect error message wording

66921 Allow profile to be approved with no time restrictions

66942 MAS-Enrolment options-Enrolment confirmation wording

66978 MAS - Enrolment Options - not enough options available

66990 Timetable - Roll Class - Unhandled error in Silverlight application

66992 Student Protection - Report- Family details not appearing on the report

66999 Logged in as level 7,8 & 9 and clicked on Replace button in TT, getting application error message

67008 Student Protection: sent email to notifiers once a student protection is finalised

66975 Student Protection - update required to Report of Suspected Harm or Risk of Harm due to further changes in functionality (for Jan 2015)

66976 Class dashboard – student notes report - Title Rename

67017 Facility Maintenance - popup style - background and font style changes

67035 Reports effected by Curriculum Domain schema changes - for Jan release (round 2)

67056 Technical changes involving the tt.Class table regression testing required

67067 Text change from "Subjects" to "Reporting Plan" in Configuration and hints

67071 Address Prediction : Turn off functionality

67098 Timetable - Main Timetable - Set Specialist Teacher multiple entries

67014 Disable student timetable report form menu in student app until Tuesday 27th January

66749 Behaviour - add level 6 to 'restricted to ' in recording an incident ( requested by schools)

67015 OneSchool Menu access for budget adjustments

66845 Start of Day : Review of Daily Tasks

67028 Manage Academic Reporting Configuration - Edit Year Level and Save, system keeps processing


Page 9 of 13

66764 Bug relating to NAMS 3G Batches Incomplete defaulting a parameter for Nbr of Days Passed

66756 OneSchool Server Configuration - Removed symbolic links and replace with inline folder for DETA framework

66717 Behaviour: Restrict access to Charge Suspension to be available to ExecutivePrincipal and COChargeSuspensionOfficer only

66555

Reduce network and server traffic by changing return link on framework error page so that it goes directly to the appropriate home page of the application as opposed to the default page and redirecting

66668 OneSchool Environment : Remove tsstransfer$ share from all environments

66632 UAT Environment : Update configuration Settings for new UAT environment

66586 Student App: Allow OneSchoolAdmin user to impersonate a student

66600 Report - AchievementStatsBySubject - is not returning results in PROD when no optional parameter is set

63267 Student Protection - Current and Future Address field showing old addresses

66833 New Agresso license to be deployed for new uat server

66827 Student Address - Unable to Add a new address - causing issues as cannot enrol a new student - java script error due to ' in School name

66744 Report - Expression of Interest (Enrolment) - List the EOIs , parent, student details, date received

66777 Report - Add/remove columns to Student EAL/D Band scales Export

66787 Positive Behaviour Certificates - new certificate does not display long names properly

66525 School Disciplinary Absence Details report - Needs updating due to fields no longer in OneSchool and fields being renamed

65350 Timetable >> PGD Roster screen freezes on first entry

65466 OAMPS data fix: Add acquisition cost to data fix report

66664 Student Management : Session handling improvement needed when session is lost

66699 OAMPS - Able to open details of device replacement from school A even if you login in school B

67024 Reporting Period - Show/Hide Add New button on List Reporting Period grid.

67062 Report Cards Post 2012 - changes to cater with new academic reporting structure

67063 Application Error occurs in Excursion Planner - Step 3 of Wizard

67095 Timetabling: Running a report from the Main Timetable causes an application error.

67078 Report Cards 2012 and prior - changes to cater with new academic reporting structure

66859 Record of Contact report - Application error when running record of contact report from future school for the currently active school

66854 Day 8 collection - change dates on the information tab to the 2015 collection dates.

66856 Behaviour Report changes - wording changes as per attachment (Jan 2015)

66857 OAMPS - School Purchased Devices - Agresso Asset transformed to WS Name and Project Id updated OAMPS and Agresso

66886 Student App: Opening About page shows error "Access Resource Denied"

66872

Student Card report - when running for Future students appears to only include Future students that are starting in the current year (ie appears to exclude future students starting in the following year)

66955 OAMPS - Modify Search Devices display grid to show extra field Serial Number

66858 Transport - SWD Transport Assessment report - duplicating Part A (first page) for

in production

66853

Transport - Assessment - Address lookup not picking up completed distance checks when attached to

67033 Student Protection - additional update required to Report of Suspected Harm or Risk of Harm due to changes in functionality (for Jan 2015)


Page 10 of 13

66708 AIMS - Students awaiting verification review report - does not include students who only need review on C2

66583 Parent/Student Relationship details should not be editable for future school is student is an active enrolment at another school

66554 Transport - Distance Check - View icon does not open Distance Check in view mode when logged in at COTO

65873 New Data Fix report - OAMPS - two user accounts pointing to same staff record

66757 Transport - Distance Check form - Student Name, DOB and Gender not populating if run for region (ie non school location)

66831 Out of Home Care reports - Region - handling of dual enrolment students

66795 Transport - SWD Amendment to Transport Application report - generating blank if student is not Active

66797 Attachments added to reports may fail if the file cannot be written to the file system as it may contain \ or other invalid characters

66758 Removal of obsolete proc - In relation to Transport

64961 Agresso 571 - Requisition entry screen - Contact drop down

66213 Facilities - BAS Quote Number character issue

66361 Agresso 571 - Type ahead functionality

66467 Auth Helper - Error on Stop Impersonating - 404 - File or directory not found

66604 Agresso - Standardised Logic for applying user IDs to server processes

66609 Facilities - Special Character error in Extra Details for Work Request

66620 Increase Batch Job Run Results result list from 50 to 100 so that all results are on the same page.

67019 Asset Stocktake : Grid editing is vulnerable to DOM based XSS and HTML Injection

67055 Disable "Add New" and "Copy" for Staff Preference and Subject Selection

67065 Curriculum Plan: Search Criteria should allow Learning Areas to be selected if a year level has been selected

67066 Course Planner: Topic drop down list for each term week is not showing C2C topics

66700 update ACARA Australian Curriculum to Version 7.1 and include all available subjects for P-10

66761 Report change - Student Plan - Add option for other centre target areas to criteria when including support provisions

66788 Report - ICP and ICP in Student Plan - Speech marks in Content Descriptions displaying incorrectly

66778 Report - Student EAL/D Band scales Export available to schools

66773 ICP - Spelling mistake on endorsement error message

66804 Early Start Assessment Results exports to be updated

66810 Student Dashboard Student Note report - include option for previous centres

66817 Certificate of Recognition Reports - Principal signature needs to be centred, School logo needs to be centred in the new Certificate of Recognition reports

66945 Student Profile Report - sub-reports failing in dev due to parameters not being passed down by main report

66977 Change of report title for Student Summary Profile Export - Region

66948 OLA Subject Configuration - make subject selector filters

67025 Reports effected by Curriculum Domain schema changes - for Jan release

67027 Student ICP report - Learning Expectation/Content Description/Strategy not appearing

67076 Curriculum decision achievement standard is not filtering on activity. Patch fix

67089 Unit Planning - Learning area cleared if year level is not selected

67092 Curriculum Decisions: Achievement Standard is not saved

67097 Hide Reporting option tab

66811 Student Dashboard Class Groups report to include option of previous centres

66752 Add new Australian curriculum subjects assessment criteria to unit planning


Page 11 of 13

66474 2015 Jan - Academic Changes

66024 CARA September changes

66826 OAMPS - New Device Type for School purchased Laptops

67073 Yr_Lvl_Config_Activity sync/trigger proc is incorrectly treating Other-KLA (Activity 99) as corporate EDSUB

67054 yr_lvl_config_activity trigger performance improvement

67051 MAS: Update to data output in MAS export

67087 Activity guidelines link is no longer displaying activity specific information

66480 VET USI

66834 2014 SOS Reports load Host reports only and reload 2013 SOS Reports

67032 Day 8 screen - Information tab 2015 update

66956 Reports > School Data Profile - Expand access for school users to level 4 BSM's

66946 OAMPS - Remove Year Level restrictions for student devices

66639 New report: SAP interfaces summary

66121 MVC PILOT - Secondary Main Timetable Access for non-teaching levels

65733 Exam Timetable - error if attempting to publish exam with staff member already marked absent on the day

66830 Exam Timetable: Publishing exam timetables for future dates causes activation of timetables for those dates to fail.

66805 Timetable - unable to delete/remove the activate the date from a future version once set

66798 Exclude subjects marked as in-active from the rollover process

66799 Timetable Reports not including future staff - Staff List, Staff Load, Staff IR Availability

66766 Primary Timetable Should not allow role class to be added

66957 MVC Timetable - Make Active - Mandatory PGD won't enable save if no PGD exists

66966 Primary Timetable MVC - adding subject to composite roll class not populating the other composite year levels

66971 Timetable - MVC - Link Staff - Lists are not displaying teacher timetable code next to name

66877 Timetable: Timeout issue when migrating to main timetable.

66890 MVC Timetable - Timetable version setting staff access levels not working

67064 Creation of Curriculum Domain records from start of day and addition of activity to year level on timetabling configuration

67085 Order of Subject Categories in MVC

67099 Specialist Teacher Assigned to multiple subjects - can only timetable first subject

66687 AIMS - Change status of the verification request on the action when verification becomes "Ready to review"

67090 Reports - PrepYearELR and Student Assessment Summary have been updated to deal with the new academic changes

Testing was conducted by the OSCR, OAMPS, SAP, OneSchool Test Team and Business teams. Activities included:

Build Verification Testing

Scripted Test Cases

Regression

Target Testing

Adhoc Testing of the application

Regression Testing includes:


Page 12 of 13

Manage Student, Manage Student Enrolment and Manage Student Departures Scripted Test Cases

Manage Excursion

Manage Staff Details

Manage School Details

Manage Calendar

OAMPS

Financial Regression

4.3 Issues during testing

Issues occurred in this build. Issues included:

No one overall environment where all testing occurred. This was due to the need to test the migration process against the latest PROD data (in TEST).

Limited time for regression testing on final build.

5. Summary of Test Results

Team Foundation Server (TFS) was used to record all defects that were identified during the test period. Below are the statistics of defects that were raised during the testing period.

5.1 Summary of Testing Issues

Category Total Raised Total Outstanding

Severity 1/ Urgent problems 4 0

Severity 2 / High problems 36 0

Severity 3 / Normal problems 16 5

Severity 4 / Low problems 3 0

Total problems 59 5

Definitions of severity

Urgent – The failure causes a system crash or unrecoverable data loss or causes

impairment of critical system functions. The user cannot continue using the software. No acceptable work-around exists. Business risk is high. Testing cannot continue or the majority of test cases would be invalidated if testing continued.

High – The failure causes impairment of system function. The user can still use the

software but cannot perform a critical task and no workaround solution exists for that task. Business risk is moderate. Testing can continue. Testing of impaired function and related functions/areas are impacted.

Normal – The failure causes impairment of system function or component. The user

can use the software (an acceptable workaround exists) but the defect is very annoying. Business risk is low to medium. Testing can continue but the failure may invalidate a localised group of test cases.


Page 13 of 13

Low – The failure causes inconvenience or mild annoyance. Long-term workaround for

use in production is acceptable to the business owner. Business risk is negligible. All testing can continue. Only test cases specifically testing the problem affected.

5.2 Outstanding defects

At the end of the testing period there were no known Urgent or High bugs and all the Normal bugs were discussed with the business and it was agreed that these bugs would be addressed in future builds. The below items are ‘Active’ and remain outstanding.

Issue ID (TFS_ID)

Severity Short Description

66898

Normal Timetable Supervisions reports now timing out.

To be fixed and deployed to PROD in the next Reporting patch

66895

Normal Complex Case Support - Adjustments grid: Record does not filter based on the Senior Responsible Officer Only role

To be fixed and deployed to PROD in the next build (23/01/2015)

67016

Normal Student Protection - Report - Previous school not appearing in report


67077

Normal Curriculum decision achievement standard is not filtering on activity. Build fix.

To be fixed in a future build

67100

Normal Reports effected by Curriculum Domain schema changes - Achievement Summary Reports


5.3 Associated Documents

Business sign off: 2015 Release 1 Sign off

file://///corp.qed.qld.gov.au/DFSCoredata/5678_OneSchool%20EBS/OSEB_Systems/Test/Releases%20to%20PROD/2015/2015%20R1%20January/Test%20Management/Testing%20Sign%20off/Agresso%20Sign%20off.msg

Appendix J

January 2015 OneSchool release: meeting

minutes and emails

OneSchool Application Board TRIM: 14/366044

Date/Time: 19 September 2014, Time: 10.00am

Location: Boardroom, Level 22 Education House

Attendees:

Observer (Non Board member):

Apologies:

Secretariat:

Item

No.

Agenda Item

1. Welcome and Apologies: The Chair welcomed members to the meeting and apologies were noted.

2.

Confirmation of Minutes from Previous Meeting:

Decision 2.1 The minutes from the previous meeting were accepted (14/215120).

3.

Actions from previous meetings: The members noted the status of actions from the previous meeting (12/333955):

5.1 (25.06.14) Timetabling Demonstration to be presented with status report – Closed

5.2 (25.06.14) Work Area Access Permissions: Initial discussion between ISB and OneSchool – Proposed as two-stage project. Discussions to continue between ISB and OneSchool to progress this work. Idea definition for BIFF funding to be progressed when design is finalised and approved – Closed

6.1 (25.06.14) OSAB TOR updated 26.06.14 - Closed

4. OneSchool Status Report: Program Director, OneSchool Education Business Support presented the status report which was noted by the members (14/317681).

Decisions

A summary of decisions is provided below

Ref Decision

2.1 The minutes from the previous meeting were accepted (TRIM 14/215120).

Actions

A summary of actions is provided below

Ref Actions Responsible Officer

Due Date

4.1 Class Dashboard data to be reported by region and then further by teacher experience. To be presented at next meeting.

Program Director OneSchool

11.12.2014

Carryover items not delivered in release 2014.3 (BPoint integration and Early Start integration to student dashboard) were noted. These will be delivered in a later release.

Action 4.1: Class Dashboard data to be reported by region and then further by teacher experience. To be presented at next meeting.

5.

Proposed Program of work: Program Director, OneSchool Education Business Support explained the content of the Proposed Program of Work 2015.1 (TRIM 14/317696).

Due to budget and time constraints not all items listed will be able to be delivered in the next release. Possible deferral items are marked ^.

Action Item 5.1: Program Director OneSchool to amend Proposed Program of Work 2015.1 (TRIM 14/317696) to split work items into Mandatory and Desirable categories and also indicate if work can be split over two or more releases. The amended paper is to be circulated to all Board members via out-of-session email. Board members will be asked to vote on the amended paper and approve the Proposed Program of Work 2015.1 for January 2015 release.

6.

Other Business:

Qld State Schooling Resourcing Review underway. ADG Finance and CFO gave an overview of what is involved.

7.

Next Meeting: 1.00 pm

Thursday 11 December 2014

Floor 22 Boardroom Education House

5.1 OneSchool to amend Proposed Program of Work 2015.1 (TRIM 14/317696) to split work items into Mandatory and Desirable categories and also indicate if work can be split over two or more releases. The amended paper is to be circulated to all Board members via out-of-session email. Board members will be asked to vote on the amended paper and approve the Proposed Program of Work 2015.1 for January 2015 release.

Program Director OneSchool

26.09.2014

Meeting closed: 11.28am

2

Department of Education, Training and EmploymentQueensland Government

Please consider the environment before printing this email.

Proposed OneSchool Release 2015.1 January 2015 Release

Approval: ADGs State Schools

Module Proposed Development Funding Source

Days #Funding Future

Build

Student Management

Student Plan o ICP integration with

Academic Reporting

MSSWD 25 $30,900

Academic Reporting o Australian curriculum

update for primary template

o Special schools template o Achievement scales o ICP integration

Australian Curriculum Phase 2 Subjects

o Integrate subjects with reporting

SS 300 $370,800

Mature Age Students o Move MAS into OneSchool o New tab in student

enrolment screen o Validation rules o QPS checks

SS 70 $86,520

Student Protection Update o Workflow and

enhancements

SS 20 $24,720

USI o Store USI, text

o Validate USI o Validation for printing of

VET certificates

SS 5 $6,180

˄15

$18,540

Total State Schooling 420 $519,120

Approval: ADG ITB


Days #Funding Future Build

Q Parents Q Parents update for pilot BIF 20 $24,720

Proposed OneSchool Release 2015.1 January 2015 Release

OAMPS Ongoing Updates ITSO 15 $18,540

Technical Updates

OneSchool Technical Refactoring BIF 50 $61,800

Total ADG ITB 85 $105,060

Approval: OneSchool


Days #Funding Future Build


CARAs - phase 1 o Principal approvals for

extreme/high risk o Copy functionality

o Database design for pdf integration for phase 2

o Prototypes of high and extreme risk wizards

SS 25 $30,900

˄30

$37,080

Finance BPoint Integration (Note: Finance Team to develop Business Requirements ahead of BIF funding application)

Pending BIF

Funding

20

ᶺ $24,720


Update templates

OS

381

20 $24,720

Day 8 Admin Screen update OS

381

˄10

$12,360

Total OneSchool 65 $80,340

Release 2015.1 Grand Total 570 $704,520

Module Other Work

Prototypes and Analysis

Timetable Dashboard Prototype

WAAP

Updates to the Student Application

# Funding included – development, testing, deployment, training and support materials

ᶺ May be deferred to later build

Appendix K

January 2015 OneSchool release:

Production Readiness Certificate and

approvals from DET staff


The purpose of this Gate is to gain CIO approval that the ICT solution/s created by your Project / Program

are ready to be accepted into the production ICT environment with acceptable risk to existing systems’ performance.

A TRIM reference is to be recorded against each line item for Audit purposes as per DET recordkeeping standards.

Project / Program Details

Project Title OneSchool –Deployment 2015.1

Readiness

√ TRIM Ref

OneSchool Application board approval was given. √ 14/366044

14/ 334262

14/317696

The project has conducted System Testing. There are no Critical, High

or Normal bugs in this release. √ 15/9676

The deployment process has been documented and agreed to by all

participating officers (Migration Notes)

√ This has been

documented

and approved

in

CHG0043461

and is in

15/9676

Resources with appropriate skills and experience are available to

undertake the deployment.

√ 15/7851

15/9676

All risks have been identified or resolved. (If there are any unresolved

risks, please detail under ‘Residual Risks’)

√ There are no

unresolved

risks

The Release time and date has been approved and conflicts /

dependencies with other releases have been managed.

√ In Release

Calendar

since

January 2014

CHG0043461

Application users have been notified of proposed outage √ Message in

Application

Quality Gate Checklist - Production Readiness


since 22-Nov-

2014

A Rollback plan has been developed √ As per run

sheet and in

Change

CHG0043461

OneSchool has in place trained Service Support Staff level 1, 2 and 3,

on site Development Team and Testing Teams to deal with any

issues/bugs that may arrise from the deployment

√

Residual Risks

Are there any remaining risks? If yes please provide details including business impact, affected

stakeholders, costs:

Declaration

Signature Name and Position Date

I agree that this solution is / is not ready for Release and that

the risk to the Production ICT is /is not acceptable

I approve the Release of this solution into Production

Department of Education and Training

Director-General - Detailed

Number of Records 1

Page 1Date 8/10/2015Time 3:01:22 PM

Record Number 15/7809Title Production Readiness checklist OneSchool release2015.1 deployment

Current Location since 16/1/2015 at 8:49 AMRecord Type Memo or Minute

AuthorOrganisation Education Business Systems ITS&O I&TAll Contacts

Executive Director IT Solutions and Operations I&T (Representative)Date Created 8/1/2015 at 2:22 PMDue to ESU

Electronic Details In HP TRIM Store, Microsoft Word 97 - 2003 Document, 300 KBMovement History

Additional ReferenceNotes ''Thursday, 10 September 2015 at 4:26:57 PM (GMT+10:00) :''

''Friday, 16 January 2015 at 8:49:17 AM (GMT+10:00) 'Approved b Returned to

''Thursday, 15 January 2015 at 5:02:22 PM (GMT+10:00) Approved

''Thursday, 15 January 2015 at 12:06:34 PM (GMT+10:00) :''To for approval

''Wednesday, 14 January 2015 at 2:46:20 PM (GMT+10:00) ''Approved

''Monday, 12 January 2015 at 10:47:28 AM (GMT+10:00) ''Endorsed

''Friday, 9 January 2015 at 1:21:50 PM (GMT+10:00) ''I approve

When printed this is an uncontrolled HP TRIM report and security restrictions apply

End of Report

Appendix L

January 2015 OneSchool release: meeting

minutes of Change Stakeholder Committee

approval

Purpose: ITB Change Meeting

Date\Time: 19/01/2015 - 8:30 am

Chair:

Venue: 30 Mary Street, Level 11, Room 11.12 [

Attendees:

Change Stakeholder Committee IT Branch Business Units

Manager, Change Management MyHR

Manager, Platform Development Learning Technologies

Manager, Platform Operations Network Operations Centre

Manager, Network and Communications OneSchool

Manager, Operational Security Platform Development

Manager, Application Operations Operational Security

Manager, Infrastructure Planning Platform Operations

Manager, ICT Support Project Delivery Office

Director, Platform Operations Web Services

TAFE Information Services Group

IT Branch Business Units Project

Application Operations O365

Information Management Services IAM Refresh

Identity & Access Management Vendors

ICT Support CITEC

Infrastructure Strategy Melbourne IT (Web Central)

IT Solutions and Operations Microsoft

Note: Changes reviewed at the change meeting are highlighted. All other change requests have been previously reviewed and are provided as an FYI of change scheduled between the previous business day and the next change meeting.

Number Scheduled start Classification Subject Change owner Type Status Internal work notes

CHG0042528 2014/10/01 16:51:05

2 - Significant Office 365 Migration - Cutover activities

Urgent Closed

CHG0044342 2014/12/15 10:50:41

3 - Minor Expanded QoS Implementation Normal Approved

CHG0044416 2014/12/27 08:00:00

3 - Minor Migration of Budget and School Based Salaries from fin_dat to 7766-FSA

Normal Approved

CHG0043281 2015/01/12 10:30:00

2 - Significant Migration of SCHOOL CORE domain controller services

Normal Closed

CHG0043641 2015/01/14 08:00:00

2 - Significant OneSchool Release 2015.1 (Training and Production)

Normal Approved

CHG0044244 2015/01/15 16:00:00

3 - Minor Office 365: Schools for cutover 16/01/2015

Standard Change

Completed

CHG0044111 2015/01/16 08:00:00

3 - Minor QParents: Migrate Prod environment to Australia East Azure region

Normal Approved

CHG0044278 2015/01/16 12:00:00

3 - Minor SAP - Apply SAP Support Package Stacks 6 to 12

Normal Approved

CHG0044618 2015/01/16 13:00:00

3 - Minor IAM Refresh: AD Bind Redirection - Production Cutover

Normal Approved 16-01-2015 12:54:55 - (Internal work notes)

Change on hold; pending Ping Federate configuration verification. Re-schedule time/date tbc.

CHG0044814 2015/01/16 14:00:00

3 - Minor CITEC - configuration

Urgent Approved

CHG0044635 2015/01/16 14:15:00

3 - Minor Brightmail: Upgrade of TAFE virtual appliances

Normal Completed

CHG0044670 2015/01/16 15:00:00

1 - Major Deploy Internet Explorer 11 to Corporate Workstations

Normal Approved

CHG0044239 2015/01/16 16:00:00

3 - Minor NOC - implement replacement Cisco router at Kingaroy DO

Normal Approved

CHG0042874 2015/01/16 17:00:00

3 - Minor Business Critical Activity: Payroll Run

Normal Approved

CHG0044476 2015/01/16

18:00:00 3 - Minor DVAS - Vulnerability Scanning -

MPE - Jan 16/01/15 Standard

Change Approved

CHG0044478 2015/01/16 18:00:00

3 - Minor DVAS - Vulnerability Scanning - PROD - Jan 16/01/15

Standard Change

Approved

CHG0044796 2015/01/17 09:00:00

3 - Minor Replace EDCHST-DS1 Unit 4 Normal Approved

CHG0044353 2015/01/18 16:00:00


Standard Change

Approved

CHG0044732 2015/01/19 09:00:00

3 - Minor CHG0044732 - CITEC - Enable X-Forwarded-4 on 2 Virtual Servers

Normal Approved

CHG0044791 2015/01/19 10:00:00

3 - Minor Standard Deployment of EIP Interface into Production - PMR and ECEC

Standard Change

Approved

CHG0044591 2015/01/19 12:00:00

3 - Minor CITEC - Core DNA rules for eqldf0012

Normal Approved

CHG0044616 2015/01/19 14:00:58

3 - Minor CHG0044616 CITEC Remove Servers from FW rules

Normal Completed

CHG0044770 2015/01/19 15:30:00

3 - Minor CITEC - Access to new Sql 2012 instance

Urgent Approved 19-01-2015 07:30:43 - (Internal work notes) Test task for Application Operations required to confirm success.

CHG0044355 2015/01/19 16:00:00


Standard Change

Approved

CHG0044568 2015/01/19 20:00:00

3 - Minor MIT: Modify Proxy DNS Servers for Internal Domains

Normal Approved

CHG0044778 2015/01/20 09:00:00

3 - Minor Production - MyHR Recruitment Release 2015.1 deployment - PR Damian

Normal Approved

CHG0044704 2015/01/20 09:30:00

3 - Minor Update internal name space for Websites for Schools for go-live on 20/01/2015 at 10.00am

Standard Change

Approved

CHG0044701 2015/01/20 09:30:00

3 - Minor GTM config to enable DNS Resolution for WFS – 20/01/2015 at 10.00am

Standard Change

Approved

CHG0044698 2015/01/20 11:00:00

3 - Minor MIT - F5 Config - Websites for Schools

Normal Approved

CHG0044815 2015/01/20

11:00:00 3 - Minor mis - date Standard

Change Approved

CHG0044805 2015/01/20 12:30:00

3 - Minor GAPS production database update for year 7 change. pr by Tom.

Normal Approved

CHG0044784 2015/01/20 15:00:00

3 - Minor CITEC - Add routes to allow CITEC ASR access to DETE core proxies

Normal Approved 19-01-2015 09:57:50 - Internal work notes)

will conduct additional testing as per attached. 19-01-2015 08:42:35 - (Internal work notes) Approved subject to following

testing recommendations.

CHG0044777 2015/01/20 16:00:00

3 - Minor CHG0044777 - CITEC - SkillsGateway Firewall Rule addition

Normal Approved 19-01-2015 09:07:39 - (Internal work notes) Have advised of requirement to arrange testing with

.

CHG0044404 2015/01/20 16:00:00


Standard Change

Approved

CHG0044405 2015/01/21 16:00:00


Standard Change

Approved

CHG0039631 2015/01/21 23:59:59

3 - Minor Change Freeze: Return to School (Term 1 / Day 8)

Normal Approved

CHG0044406 2015/01/22 16:00:00


Standard Change

Approved

CHG0044686 2015/01/24 06:00:00

3 - Minor Service-Now - Scheduled maintenance in the Sydney datacenter 24/01. PROD instance affected

Normal Approved 19-01-2015 09:56:03 -Internal work notes)

was last in the BNE1 data centre in December of 2014 (see CHG0044488), scheduled: 17-12-2014 03:00:00

CHG0044562 2015/01/30 08:00:00

3 - Minor CITEC - Implement F5 load balanced availability to the Govnet mailer

Normal Awaiting change management

19-01-2015 10:36:25 - (Internal work notes) full impact yet to be determined.

CHG0042876 2015/01/30

17:00:00 3 - Minor Business Critical Activity: Payroll

Run Normal Approved

Appendix M

Identification and fix of ‘the incident’

13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 24:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00

15:00 16:00

Timeline

Notification

Escalation

Technological

Fix

18:00 19:00

09:30 - 14:00

Director of Education Business Systems (OneSchool)

further discusses BUG69118 with Education Business

Support Director and Program Director (OneSchool)07:00 - 08:30

Director of Education Business Systems

(OneSchool) had a discussion with

Application Development Team

Member (OneSchool) 1 and Business

Reporting Officer in the office to

address the full extent of BUG69118

14:00 - 15:00

Program Director (OneSchool) phoned Acting Deputy Director-General

Corporate Services and then Assistant Director-General State-School

Operations who take over the handling of the incident.

29 July 2015 30 July 2015

TIMELINE OF BUG

AND FIX

14:00Application Development Team

Member (OneSchool) 1 commenced

fix for BUG69120 and BUG69118

09:07

Application Development Team Member

(OneSchool) 1 emailed Test Team

Member (OneSchool) 1 details for testing.

16:30

Education Business Support Director phoned and

informed Director of Education Business Systems (OneSchool)

14:13


(OneSchool) 1 sets both bugs* to

'resolved' in TFS

14:00

Business Reporting Officer approached


(OneSchool) 1 who found BUG69120

15:09

Application Development Team Member 2

deployed code to test

15:00

Business Reporting Officer

informed Education Business

Support Director

19:39

Director of Education Business Systems

(OneSchool) approves to go to production

19:49

BVT in production

successful

19:30

BVT testing complete17:45

Test Team Member

(OneSchool) 1

completes testing

14:20


Member (OneSchool) 1

subsequently found BUG69118

14:29


(OneSchool) 1 alerted Business

Reporting Officer of BUG69118

18:19

Code deployed to

training

14:00


Member (OneSchool) 1 commenced

fix for BUG69120 and BUG69118

Appendix N

Director General message to Principals –

31 July 3015

From: Sent: Friday, 31 July 2015 6:52 PM Subject: A special message from the Director-General: system failure with child protection reporting mechanisms

Dear principals, You may be aware of media reports in circulation about a system failure with child protection reporting mechanisms within OneSchool. An initial investigation by OneSchool technical staff identified an issue with the software code used to generate emails to Queensland Police Service and/or Child Safety. I want to assure you that this has been rectified. While the email generation to “Child Safety only” was working, as was the email process to report to both “QPS and Child Safety”, the email generation to “QPS only” was not working as designed. This failure was discovered late yesterday and relates to changes made to the OneSchool system on 22 January 2015. While I am deeply disappointed that this failure occurred, it was not the result of any lack of diligence on your part in using the OneSchool system to submit reports of suspected abuse. This was a system malfunction. The department has engaged Deloitte Australia to conduct an external investigation into the system failure. The Minister, the Acting Assistant Commissioner of Police and I today outlined our concerns and the actions we have taken, during a press conference at Parliament House. The Minister and I today reiterated our unwavering commitment to child safety and student protection in this state and I have directed that a full external investigation be carried out into software development practices within OneSchool, and the testing of those processes. Your students are your highest priority. In this case, our systems let you and our students down. I will continue to keep you updated on the investigation. Yours sincerely,

Director-General

Appendix O

Deputy Director General message to

affected Principals – 31 July 2015

CABINET-IN-CONFIDENCE

This document is the property of the Government that created it and is held in trust by the Public Service. It may not be copied or reproduced. For further information contact the Cabinet Secretariat.

From: Sent: Friday, 31 July 2015 7:00 PM ToSubject: Student Protection Reporting failure

Dear

You will have received advice early this evening from the Director-General that there has been a

system failure with student protection reporting mechanisms within OneSchool. Please refer to that

email for more detail. I am writing to you as your school has been identified as one whereby these

reports at the time you submitted were not automatically forwarded to QPS.

The Department is working around the clock with QPS and they have advised there is no need for

you to re-submit reports that you submitted during the above timeframe. As this is a high priority I

have established a dedicated team within the State Schools Division and officers from this team will

follow up with you personally on Monday.

Should you have any further enquiries please contact the team by emailing

Regards


Queensland Government

Inspiring minds. Creating opportunities. Shaping Queensland’s future.

Please consider the environment before printing this email.

Appendix P

January 2015 SPM update: code

amendments

Appendix Q

Earlier indicator of ‘the incident’:

16 February 2015

Extract from Service Now Records

Service Now Incident No. Problem / Question Internal work notes (Service Now records) 3513931 I submitted two Student Protection Reports on

OneSchool to on 6/2/15. The end of both reports says - The student protection report was sent to Queensland Police Service QPS. didn't receive them.

16-02-2015 14:41:15 - Person D (Internal work notes)

Contacted client and advised audit shows the email was sent If the email address no longer exists OneSchool receives a Mail Notificationof Non Delivery

Confirmed with client she could run the report and save, attach to an email and sent to Client advised she has done this but was trying to confirm if the email was sent. Client advised in future she will be contacting the Police to confirm.


There is NO way to resend a Student Protection Concern. The user with the role of 'Is Principal' is copied icon the original email sent to Child Safety/Police. If they still have this email, they can simply forward it onto the correct Police CPIU or Child Safety Office.

If Principal is unable to find the email, they can generate the Student Protection Report by locating the Student Protection Concern in OneSchool, viewing the record, going to the last step in the Wizard (Summary) and from the Available Reports dropdown select Student Protection Report. They can then attach this to an email and send to the correct Police CPIU / Child Safety Office.

Please note: The Subject line of the email should have 'CONFIDENTIAL STUDENT PROTECTION REPORT'.

Contacted and advised client in meeting and unavailable until 2.15

16-02-2015 12:52:00 -

Attached Email notification and logging to Business Support

16-02-2015 12:50:52 -I submitted two Student Protection Reports on OneSchool t 6/2/15. The end of both reports says -

The student protection report was sent to Queensland Police Service QPS. didn't receive them.

Please contact the client she is currently in a Parent meeting so they did not want to interrupt.

I said would they please advise her that I had rung and was logging her jobto Business Support for further assistance and they would ring her back about her issue.

16-02-2015 12:27:36 - Person F (Internal work notes) [code] --- Customer SCO Activity --- Incident title/search term: Student Protection Report on OneSchool did not go to Police Suggested forms and KBAs when logging incident <a href="sco/detaildo?sysparm_document kersc_cat_item,ade56c9f3c97910023a8df82853cb5d0" target="_blank">Online form : Report faulty network equipment</a> <a href="sco/detail.do?sysparm_document_key=sc_cat item b6fcb6cfe4062000838eb494ae761363" target="_blank">Online form : Request a new, or change an existing OneSchool school administrator.</a> <a href="sco/detaildo?sysparm_document kersc_cat_item,19a9a39a88566000838ef1764b80f697" target="_blank">Online form : Report a lost or stolen NSSCF laptop</a> <a href="sco/detaildo?sysparm_document_kersc_cat item,07b6ae678486050023a88683a4cc1864" target="_blank">Online form : Report an incident to the Operational Security team for investigation</a> <br /s(/code]

Appendix R


26 February 2015

Service Now Incident No Problem / Question Internal work notes (Service Now records) 3549560 <p026/02/15 I had a call from QPS – Child

Protection Investigation Unit asking when a school was going to submit a One School Student Protection Concern they were waiting on they had the statements

that had been emailed directly but had not received the

school’s Student Protection notification. I took a

screen shot of the advice that displayed in One School that the concern had been 'finalised and sent to police' attached and emailed it to them to show that One School is displaying that the report was finalised 24/02/15 and

sent to Police. The Police state they have not received it.


Contacted client and confirmed our audit result shows the Student Protection concern Report was sent to:

Client asked o be emailed the address as Police adamant they did not receive.

From:

Sent: Friday, 27 February 2015 3:31 PM To: Subject:

Following up from our conversation, I can confirm our audit result shows the Student Protection Concern ( was sent to:

Regards,

Person D

Person D

OneSchool I Information and Technologies Branch Department of Education, Training and Employment I

27-02-2015 08:29:09 -

Confirm via audit the Student Protection Concern would have been submitted to:

26-02-2015 16:35:29 - 26/02/15 I had a call from QPS — Child Protection Investigation Unit asking when a school was going to submit a One School Student Protection Concern they were waiting on they had the

statements that had been emailed directly but had not received the school's Student Protection notification. I took a screen shot of the advice that displayed in One School that the concern had been 'finalised and sent to police' attached and emailed it to them to show that One School is displaying that the report was finalised 24/02/15 and sent to Police. The Poke

state they have not received it

Escalation email sent - Attached

logged to L2

26-02-2015 16:15:22 - Person H (Internal work notes) [code] -- Customer SCO Activity --- Incident title/search term: Student Protection Concern submission acNice Suggested forms and KBAs when logging incident <a

href="sco/detail.do ?sysparm_document key=sc_cat item,d747a37ee1cbb0000fb27f82696cc406" target="_blank">Online form : Router infrastructure project

submission</a> <a href="sco/detail.do ?sysparm_document kerkb_knowledge,0d5454a77d1b2c482b3e22958a0f8541" target="_blank" 5KBA0015960 : OneSchool -

How to add staff accreditations</a> KBA0013612 : OneSchool - Managing Residential Siblings</a> <a

href="sco/detaildo?sysparm_document_kerkb_knowiedge,77aa20b07d04fc0c2b3e22958a0f852d" target="_blank">KBA0016268 : OneSchool - Entering Student

Absences in OneSchool</a> [/code]

2

To ensure that a copy of all documents associated with a student protection matter are stored together,an electronic copy of each document can also be scanned and attached to the relevant Student ProtectionRecord once it’s been commenced in OneSchool.

2. Senior Guidance Officers do not have the facility to enter a Student Protection Concern. As SGO’s are oftencase managers for exclusions/vulnerable students they will sometimes receive information that warrants aStudent Protection Concern being submitted.Regional staff who have OneSchool access are able to enter Student Protection matters if the relevantprincipal gives them access to their school. However, if the principal doesn’t approve this access the SGOwill need to speak with the principal about their concerns and the Principal, Deputy or GO will then enterthe concerns on their behalf and add the regional staff member as a notifier (this is the process outlinedin the Student Protection procedure and guidelines and it’s been developed this way to ensure that thePrincipal is aware of any student protection concerns for a student to whom they have a duty of care)

3. This week a school Principal submitted a Student Protection Concern. One School displayed the entry as“Finalised and report sent to Police” (see attached) however QPS CPIU have still not received it – thedocument had to be emailed directly two days later. I have logged this fault via One School –Service CentreOnline (Reference Number: INC3549560 Affected Contact -

We’ve spoken with OneSchool about this case and they’ve confirmed that OneSchool did send the reportto QPS and didn’t receive a message saying that the email had bounced back. In cases where the QPSmailbox is full or the address is no longer working and the email bounces back, OneSchool willimmediately send a message to the Principal who created the report to inform them that the reportwasn’t received.

4. In the past when a SP4 was emailed the time/date stamp was a useful tracking device. I notice that there isno such functionality in One School.The date when the report was created / finalised can be viewed in the following ways –· at the time when the Student Protection Report is sent, the Principal receives a cc’ed copy of the

email with the report attached. This email contains the details of the date and time sent· at the time when the Student Protection Report is sent, the staf f member who commenced the report

receives an email with the final status of the report and the date and time sent· in OneSchool, the Principal and the staff member who commenced the report can access the student

protection report from the student’s profile. The date when the matter was finalised is listed in thetable displayed when Protection Concern is selected

· the date will also be displayed on the Summary of the report which is displayed when the View optionis selected (this is a change we have flagged with OneSchool which should be completed in the nextcouple of weeks)

· details of when every report is commenced, modified and finalised can also be provided by OneSchoolstaff if requested.

Thanks for your consideration of these concerns, I am aware that One School is continually evolving and thought itbest to bring these matters to your attention.

Kind Regards

Our Vision | Inspiring minds. Creating opportunities. Shaping Queensland’s future.Please consider the environment before printing this emailThis message (including attachments) is intended for the addressee named above. It may also be confidential, privileged and/or subject to copyright. If youwish to forward this message to others, you must first obtain the permission of the author. If you are not the addressee named above, you must notdisseminate, copy, communicate or otherwise use or take any action in reliance on this message. You understand that any privilege or confidentialityattached to this message is not waived, lost or destroyed because you have received this message in error. If you have received this message in errorplease notify the sender and delete from any computer. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent theofficial position or opinions of the State of Queensland or the Department of Education, Training and Employment. Whilst all care has been taken, the

3

Department of Education, Training and Employment disclaims all liability for loss or damage to person or property arising from this message being infectedby computer virus or other contamination.

***************************************************************************************************

IMPORTANT: This email (including any attachments) may contain legally privileged, confidential orprivate information and may be protected by copyright. You may only use it if you are the person(s) towhom it was intended to be sent and if you use it in an authorised way. No one is allowed to use, review,alter, transmit, disclose, distribute, print or copy this email without appropriate authority.

If the email was not intended for you and was sent to you by mistake, please telephone or email meimmediately, destroy any hard copies of this email, and delete it and any copies of it from your computersystem. Any legal privilege and confidentiality attached to the email is not waived or destroyed by thatmistake.

It is your responsibility to ensure that this email does not contain and is not affected by computer viruses,defects or interference by third parties or replication problems (including incompatibility with yourcomputer system).

***************************************************************************************************

Appendix S


11 March 2015

2

Department of Education and TrainingLevel 9 | Education House | 30 Mary Street | Brisbane Qld 4000

Inspiring minds. Creating opportunities. Shaping Queensland’s future .Please consider the environment before printing this email.

***************************************************************************************************




***************************************************************************************************

Appendix T


19 March 2015

Appendix U


20 May 2015

Service Now Incident No. Problem / Question Internal work notes (Service Now records) 3749720

Audit results show email would have been sent to Confirmed with client we have no way to determine what happens to the email once it is sent. Client confirmed this is the correct email address. Client asked if they should also email a copy of the Report. I advised this would be at the discretion of their Principal.

21-05-2015 14:19:22 - Person E (Internal work notes) Call transferred to Person D


Contacted client unavailable.

21-05-2015 12:18:47 - Person D (Internal work notes) Contacted client still unavailable. Email client (see CC)

21-05-2015 10:11:39 - Person D (Internal work notes) Contacted at 9.00 client unavailable in meeting. Advised to contact again at 11.00

From: Person C Sent: Thursday, 21 May 2015 9:22 AM To: Person D Subject: RE: INC3749720 - Student Protection

Database indicates that an email would have been sent to

20-05-2015 15:12:07 - Person B (Internal work notes) Will contact client in the morning.

20-05-2015 15:07:21 - Person A (Internal work notes) Client has called to make us aware that student protection records are not being finalised.

the record in question says status Finalised - Report sent to Police

but client claims that the record has not been sent, as the police do not have the data.

Logging to L2 for investigation.

Template sent.

client in meetings for the rest of the afternoon.

would like call back tomorrow

Client has called to make us aware that student protection records are not being finalised. the record in question says status Finalised - Report sent to Police but client claims that the record has not been sent, as the police do not have the data. Logging to 1.2 for investigation. Template sent. client in meetings for the rest of the afternoon. would like call back tomorrow


Confirmed with client which student the issue relates to. Performed another audit once confirmation received this was for an old Concern not the one raised on 20/5/2015.

* This is an extract from the Service Now records provided by DET, and not a full database. The information included in this extract is related to topics discussed within the body of the report.

Appendix V


29 May 2015

2

HiHave just spoken to about concerns raised by the

about a report finalised on 11 May that QPS are saying they never received. Is there any way you cancheck on the system to confirm what happened with this report.Thanks


Inspiring minds. Creating opportunities. Shaping Queensland’s future .Please consider the environment before printing this email.

***************************************************************************************************




***************************************************************************************************

Appendix W


DET staff meeting

Additional changes to the Student Protection Reporting module Comments

Inclusion of the following text in the information box on the right of the Student Protection Report Search screen -"When the suspicions relate to an employee, refer to the procedure Allegations Against Employees in the Area ofStudent Protection (http://ppr.det.qld.gov.au/corp/hr/management/Pages/Allegations-Against-Employees-in-the-Area-of-Student-Protection.aspx) for guidance on processes to report concerns or to the Ethical Standards Unit OnePortal page(https://oneportal.deta.qld.gov.au/Services/strategymanagement/Ethicalstandards/InfoFlyers/Pages/StudentProtection.aspx)

This is to ensure that staff reporting matters thatrelate to departmental employees do not incorrectlyreport these matters in the OneSchool module. Thishas been requested by the Manager ESU.

On the Concern details screen add the following hyperlink to the CPG(http://www.communities.qld.gov.au/childsafety/partners/our-government-partners/queensland-child-protection-guide/online-child-protection-guide) in the question "Was the Child Protection Guide consulted in relation to thesuspected significant harm or risk of significant harm?*

This will highlight availability of the CPG as a decisionsupport tool and facilitate staff access to the guidewhen making reporting decisions.

On the Concern details screen add a Learn more item to the question "Was the Child Protection Guide consulted inrelation to the suspected significant harm or risk of significant harm?" and provide the following text - "The CPG, which isaccessible on the Child Safety website at http://www.communities.qld.gov.au/childsafety/partners/our-government-partners/queensland-child-protection-guide/online-child-protection-guide, is an online decision support tool that hasbeen designed for professionals who hold concerns about children and their families. The aim of the CPG is to assistprofessionals with their decisions to report their concerns to Child Safety or refer families directly to a support service orto a FCC service.The decision to make a student protection report is often not an easy or clear one. The CPG supports professionals intheir decision making by:• focusing on the critical factors for decision making• clearly identifying the threshold for concerns that require a report to Child Safety• operationalising the legislation to ensure reporting obligations are met• identifying other avenues for supporting a family where the concerns do not meet the reporting threshold• providing details of available local support services• providing a consistent and objective framework for analysing concerns• promoting shared principles, language and thresholds.Use of the CPG by professionals is not mandatory. It has been developed to complement professional judgement anddoes not preclude or replace any course of action a professional believes is appropriate or required by legislation or theiragency’s policy or procedures."

This will highlight availability of the CPG as a decisionsupport tool and facilitate staff access to the guidewhen making reporting decisions.

1


On the Other relevant details screen add a link to a fact sheet Parent Able and Willing from the question - "Based on theavailable information, do you suspect a parent may be able and willing to protect the child from harm?*"

This will help to ensure that staff have a goodunderstanding of the new element of the mandatoryreporting threshold specified in the Child ProtectionAct 1999

Change the title from ‘Principal approval' screen to 'Principal action screen'

On the Principal approval screen add a link to a fact sheet Parent Able and Willing from the question - "Based on theavailable information, do you suspect a parent may be able and willing to protect the child from harm?*"

This will help to ensure that Principals have a goodunderstanding of the new element of the mandatoryreporting threshold specified in the Child ProtectionAct 1999

On the Principal approval screen add an alert that pops up when the Principal has checked any of the combinations ofresponses that will result in an outcome of Finalised: No report sent - monitor at school level and prior to the Follow upactions box appearing and the matter being finalised. The alert should have the following text - " ALERT - Based on yourresponses to the three questions, this matter will not result in a report to Child Safety or QPS. If you believe this mattershould be reported, please review and modify your responses to each of the questions prior to finalising.”

This is a safeguard to ensure that all matters whichmeet the threshold for a report to Child Safety orQPS are reported.

Include the following additional information in the Student Protection Summary Report generated from the OneSchoolmodule. Include the yes/no response plus any free text associated with the following questions - "Was the CPGconsulted in relation to the suspected harm or risk of harm?", "Based on the available information, do you suspect aparent may be able and willing to protect the child from harm?" and "Actions to be taken in the Principal action screen".

This will facilitate reporting and analysis of data inrelation to the new mandatory reportingrequirements enacted as a result of the Qld ChildProtection Commission of Inquiry recommendations.

Develop an email sent to a regional email box (that we would get set up) when a student protection matter is finalised inOneSchool notifying that the record has been finalised, the final status and a link to the actual report in OneSchool.

To facilitate more timely review of details within astudent protection report by relevant senior officerswithin each region.

2


Changes the way the email and attached student protection report are forwarded from OneSchool to QPS and ChildSafety. Currently the email is generated in the OneSchool system and sent from a generic OneSchool email box. Becauseit is generated from OneSchool the Principal is not able to attach other supporting documents, the Principal does notknow when the email and report are received/read and QPS/Child Safety cannot reply directly to the Principal via theemail in relation to the report. We want to change this so that after the Principal selects the relevant QPS/Child Safetyemail address and hits finalise, an new email box opens in Outlook. The email would already include the addressesselected for QPS/Child Safety, the Student Protection report and the standard text in the email message. The Principalcan review the information and attached other documents that may be required to support the statutory report. Wealso want the email to go from the Principal's EQ email address and have a read/received receipt function set into theemail - this ensures the Principal is informed when the report is received/read by QPS/Child Safety.

By sending the email from the Principal's emailaccount in Outlook it allows the Principal to attachother documents to support the report rather thanhaving to send a second separate email. Thereceived/read functionality will also ensure thePrincipal is made aware when QPS/Child Safetyreceive/read their report and they can save thisrecord of the successful transmission of the report.It will also enable QPS and Child Safety to replydirectly to the relevant Principal when they receive areport and need to seek further information orcommence and investigation.

Create a new report that can be run by authorised officers in schools, regions or CO which allows the user to select fromone or more of the following status options -- Incomplete- Submitted to principal- Finalised no report sentThe fields that would be included when the report was generated in an excel spreadsheet would be the same as theexisting export report.

This will provide easy access to data in relation tomatters that have not been reported to Child Safetyor QPS, are incomplete or are awaiting action by thePrincipal.

Whether we can include a link to the relevant individual student protection report in the export report so it’s easier tocheck further details in a specific report.

To facilitate more timely review of details within astudent protection report.

Create a new report that can be run by authorised officers in regions or CO which allows the user to identify where theremay be duplicates of student protection reports on the system. Eg where a matter has a status of Finalised: No reportsent and the employee has then created a second version of the report because it should have been reported to QPS orChild Safety.

Provide a tool to help relevant officers ensure thatincorrect data isn't captured on OneSchool andreported.

Ensure that the Summary Report generated in OneSchool when you access matters with the final status of ‘Finalised –Report sent to Police’ displays the Finalised details section. This section isn't showing currently.

Ensure that, when an authorised user searches for a student from the Student Protection Search function the table thatappears showing historical student protection reports includes the paperclip function to allow the user to attach otherdocuments to the record.

3


Ensure that the Summary Report generated in OneSchool when you access prior student protection reports includes thedate when the matter was finalised, the Principal's yes/no responses to the three question and the final status of thereport.

Enables review of all the information in relation tothe report after it has been finalised in the system.

4

Appendix X


Timeline of events

January 2015 August 2015

February March April May June July August

26 February 2015Service Now Incident 3549560

20 May 2015Service Now Incident 3749720

29 May 2015Email

16 February 2015Service Now Incident 3513931

11 March 2015

Email

18 March 2015

OneSchool Meeting

Mar Mar

EARLIER INDICATORS

19 March 2015

Email

OF THE

ISSUE

22 January 2015SPM Go-Live Date

29 July 2015Issue Identification

dadempster

Rectangle

Appendix Y

Customer contract: Third Party

Development Company

I •

QueenslandGovernment

Department of Education, Training and Employment

DETE-101518-1

Education BusinessSystems Development

CUSTOMER CONTRACT

State of Queensland acting through the Department of Education, Training andEmployment (ABN: 76337613647)(Customer)

(Contractor)

GITC VERSION 5.02

DETE-I01518 Education Business Systems Page 1 of 14

GITC - VERSION 5.02 - GENERAL ORDER - DETE-101518

Parties

Between: State of Queensland acting through the Department of Education, Training andEmployment ("Customer")

and

Overview

A. The Customer wishes to engage a Contractor to supply Education Business Systems Development.

B. The Contractor issued a proposal dated 9 August 2013 in response to the Customer's requirements.

C. This Customer Contract sets out the terms and conditions applying to the provision of the Products and Servicesby the Contractor and is to be read in conjunction with the Deed of Agreement DETESOA-101349 executed on 3June 2013.

GITC

This is a General Order placed under Queensland Government Information Technology Contracting C'GITC")FrameworkQ_. The GITC modules applicable to this General Order are:

Module Order MOB-ICT Contracting Services

DETE-101518Education BusinessSystems Page2 of 14

CUSTOMER CONTRACT GITC GENERAL ORDER

No. ReferenceClause No.

Customer Contract DetailsGITC Reference Clause Number andTitle

1. DETESOA-l01349leT Arrangement Number2.

3. 1.1of SOA CustomercrConditions

Contractor's GITCNumber

Agreement.

Name State of Queensland (acting through theDepartmentof Education, Training andEmployment)

ABN/ACN: 76337613647Address: PO Box 15033

City East, QLD, 4002

4. Customer's Project Manager

5. Officer Receiving the Invoice

1-----1-------+-----------------_6. 1.1of!CT- Contractor

7.

8.

Delivery Address

1.1 of GITC Business DayPar! 2

I 7:30am and 5:30 pm Queensland time on a weekday otherthan a Saturday,Sunday or Public Holiday at the offices'delive address.

9. 1.1of GITC Contract PeriodPar! 2

10.

The contract commences on the date the parties sign thisCustomer Contract, if signed on different dates, the latter ofthose dates. The contract will continue for a period of two (2)years.At the sole discretion of the Customer, the contract may beextendedfor a furtherperiodof twelve(12)months.

1.1 of GITC Contract PricePart 2

The Contract Price is as follows:Senior Technical Specialist - _.

•••

Senior Technical Specialist -_

••

Page3 of 14DETE-101518Education BusinessSystems

......... _ .._ .._._ ..._ ..-

11. 1.1ofGITCPart 2

12. 1.1 of GITCPart 2



Contract Specifications

Deliverable

Site

Specified Personnel

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

Refer to Attachments A and as further specified by Module OrderMOB.

Refer to Attachments A and as further specified by Module OrderMOB.

r-----t-----+-------------.--- ----.

This address is subject I

to change by notice within the Brisbane Metropolitan region.

15. 1.1 of GITC SystemPart 2

16. 1.3 of GITC Time of the EssencePart 2

17. 5.4 of GITC Confidentiality

DETE-101518 Education Business Systems

Senior Technical Specialist -







Refer to Attachments A and as further specified by Module OrderM08.Time is not of the essence.

------- Tai The Customer rriay disclose the Contractor's

Page 4 of 14

Part 2 Confidential Information to other persons for the purposeof the Customer's operations, provided that theCustomer imposes similar obligations of confidentialityon those persons,

(b) No additional disclosures by the Contractor areI permitted, without prior written consent.(~) Refer also Item 17 of Schedule 1,---.__ .__._._--~-- ...- ..........- .......-.-......The Customer reserves the right to request the Contractor18, 1,1 of ICT Privacy and Disclosure of Personal

SOA Information and/or its officers, employee, agents and sub-contractors, to

Conditions execute Schedule S10 - Deed of Privacy of this Customer

& 5,5 of Contract.

GITe Part 2

19, 5,6 of GITC Secrecy and Security The Contractor will, when on Site, comply with all the rules,

Part 2 directions and procedures including those relating to security;

in effect at the Site,

20, 7,1 of GITC Liability Liability for indirect or consequential loss is excluded,

Part 2 Liability is capped to the amount of $20,000,000,00 for anyoneclaim and in the annual aggregate,

21, 7,2 of GITC Indemnity Indemnity is uncapped,Part 2

22, 8,1 of GITC Customer Supplied Items (CSI) ! Refer to Attachments A and as further specified by Module OrderPart 2 MOB,

----23, 8,2 of GITC Customer's Data and Processing Refer to Attachments A and as further specified by Module Order

Part 2 Environment M08,

24, 8,3 of GITC Customer's Personnel Not applicable,Part 2

25, 10.3 of Approved Parties Approved Parties to be associated with the Customer Contract,GITe Part 2 as chosen by the Customer from those specified in item 36 of

Schedule 1.

26, 11.4 of Project, Implementation and Refer to Schedule S2, if applicable, and Module Order M08.GITC Part 2 Payment Plan

27, 11.5 of Staged Implementation Refer to Module Order M08, as applicable,GITe Part 2

28. 11,6 of Liquidated Damages Liquidated Damages are not applicable.GITC Part 2

29. 1.1ofiCT Delivery and Installation Refer to Attachments A and as further specified by Module OrderSOA MOB,Conditions I&12,1ofGITC Part 2

30. 12.6 of Documentation (a) The Contractor must record actual hours on a timesheet in

GITC Part 2 an approved form by the Customer.(b) The Contractor must supply further the reports and

documentation relating to this Customer Contract asreasonably requested throughout the Contract Period.

31. 12.7 of Training Refer to Module Order M08, if further than requirements underGITC Part 2 Deed of Arrangement Schedule 3 Additional Provisions.

32. 13,2 of Time for Invoicing and Payment The Contractor will invoice the Customer on a fortnightly basisGITC Part 2 aligned with Alloc8 for hours/services rendered in that fortnight.

33. 13,4 of Credit/Debit Card or Electronic Credit card or electronic funds transfer may be used by theGITC Part 2 Facility Customer to pay the Customer Contract.

,,----""34. 1,1 of ICT Additional Expenses Not applicable,

SOA

DETE-l01518 Education Business Systems Page 5 of 14

Conditions& 13.5 ofGITC Part 2

35. 43 of ICT Notice Relating to the CustomerSOA Contract - Customer's address forConditions Notices

.._ .._---36. 43 of ICT Notice Relating to the Customer

SOA Contract - Contractor's Address forConditions Notices

37. 44 of ICT Complaint ManagementSOAConditions

I-- ..........

Privacy Statement - The Principal is collecting Persona! lnformation from the Connaetor for the purpose of administering the ICT Arrangement and any CustomerContract. This Personallniormation may be shared with Queensland Government departments or agencies, Queensland Government Bodies, Non-GovernmentOrganisations andior Commonwealth, States or Territories for the purpose of administering the ICT Arrangement and any Customer Contract, or made public!y availablein accordance with the requirements of the State Procurement Policy. Personal Information will not be othelwise disclosed to any other third party without consent oftile Contractor, except where authorised or required by law.

DETE-101518 Education Business Systems Page 6 of 14

The Parties to this Customer Contract have executed the Customer Contract on the dates set out below.EXECUTED AS A CUSTOMER CONTRACT

EXECUTION BY GOVERNMENT PARTY:

Signed for and on behalf of the State of Queensland (actingthrough the Department of Education, Training andEmployment)

····

EXECUTION BY CONTRACTOR:

Signed for and on behalf of

accordancewiths.127oflhe CorporationsAcl 2001 (Clh)

Where an attorney or other agent executes this Customer Contract on behalf of a Contractor, the form of execution must indicate the source of thisauthority and such authority must be in the form of a Customer Contract and a certified copy thereof provided to the Customer.


SCHEDULE S13 - Service Levels

1. Purpose of Schedule1.1. Service Levels are the performance indicators of the Parties and define a benchmark for measuring the performance of the

Service1.2. The Service Levels, targets, measurement methodologies, reports and rebates available are set out in this Schedule.

2. Measurement2.1. The measurement and calculation of all Service level achievements for the month are to be determined by the

measurement of the service KPls using the reporting period.

3. KPI's3.1. Table 1 - KPI Service Delivery (performance of resources)

KPI Services What is measured How it is to be measured Performance targetNumberKPI #C1 Function point Number of function points created Work estimate has to by FP count 1 FP per hour of

in a workinq week Hours recorded in Alloc8 development workKPI #C2 Defects % Number of defects opened and Lodge defects in Service Now <2% rework

closed against code over time Number of defects opened and closed_ ...- ...__ ._._._._-------- aqainst code per release ......._ ......__ ....-

KPI #C3 Lines of code Number of failures recorded from Peer review <2%Quality of code peer review / code review

Number of fail~9_lI0it/system tes!~__ _ .._-- - ._-KPI#C4 Fix time %of work completed on time Alloc8 <10% lateness

(Estimate vs) Actual time Service NowKPI #C5 Unit tests Number of failed unit/system tests Peer review 100% coverage

(measure of quality of work)Test coverage and completenessof tests (not writing weak tests thatdon't fully test the code)

KP I#C6 Frameworks and Adherence to DETE coding Coding policies based on published 100% compliedpolicies frameworks, policies and SDLC Microsoft best practices and

---_._. DETAlOne Framework practices ...__ ...- -----KP I#C7 Incident and change Adherence to Incident and Periodic auditing 100% adherence

management ----- _9_~e management ~rocessesKPI #C8 Documentation Hours of work documented Alloc8 timesheet Timesheet completed on

time and correct 100%--_..__._-_..- --_ .._-

If the Contractor fails to achieve the specified KPI's in the KPI table the following actions will occur:

(1) Upon one fai/ure to reach a KPI in a single Measurement The Contractor must provide the Customer with a list of rectificationPeriod actions and a timeline for implementing these rectification actions

(2) Failure to reach the same KPI twice in any three month The matter is escalated to senior management of both Customer andperiod andlor failure to meet two or more KPI's within allY the Contractor for resolution.one month Financial penalties and rebates payable as a result of KPI/SLA breach

will be agreed between the parties before execution of the CustomerContract.

(3) Fai/ure to reach the same KPI for three consecutive months The Contractor is considered to be in material breach of the Customerandlor failure to meet two or more KP/'s for two consecutive Contract for the purposes of GITC Version 5.02 Part 2 clause 16.2.months andlor failure to actio~ preventative requirements -_-_-_ .._-------_ ..._ .._-_ ..._- ............._ .._ .....__ .._ ..........._-_._- --_ ..

%,,;~ '" " r, 'm iP " *' » -~.' W hflh - W' ~ mw ~RefereneE! Details to be in mMQdule8

"

No,Ctau'Se No. - ICT Contracting SelVices

Module 0 etails}f

MS.1 1,1 Client Site

Specify the Client Site in which the As per General Order Item 13 of this Customer Contract.Contractor shall be working.

MS.2 1.1 Commencement Date

Specify the Commencement Date of As per General Order Item 9 of this Customer Contract.the ICT Contracting Services.

MS.3 1.1 Expiry Date

Specify the conclusion date of the ICT As per General Order Item 9 of this Customer Contract.Contracting Services.

MS.4 1.1 Contractor's Manager

Specify the entity responsible for As per General Order Item 4 of this Customer Contract.project managing the provision of leTContracting Services.

MS.S 1.1 Contracting servlces

Specify the services required by the As per Attachment A.Customer to be performed.

MS.S 6 Project, Implementation andPayment Plan (PIPP)

Specify if a PIPP is required to be YES D NO ~completed.

M8.7 7 Contractor SelVices

Specify the specific Personnel to As per General Order Item 14 of this Customer Contract.perform the Contracting Services

Specify the number of hours to be Further specified in Attachment A.worked by the Contractor's Personnel.

M8.S 10 Completion

Specify the number of hours in which Further specified in Attachment A.Contracting Services shall becompleted.

Specify the Project Material (if any) to Further specified in Attachment A.be delivered to the Customer by theContractor upon completion.

M8.9 11 Payment

Specify the Price or fee applicable for As per General Order Item 10 of this Customer Contract.time actually expended on theContracting Services and all the periodof time i.e. hourly.


{'i

No. Reference Details to be incluEte from Module 8 Module Order Details"

H'i

i0'% "CI~useNo. - leT Contracting ServicesiO* Wi ,~ ~ ,

11.2 Specify the maximum amount of fees As per General Order Item 10 of this Customer Contract.payable by the Customer (ifapplicable) .

11.3 Specify the frequency of invoicing - if As per General Order Item 32 of this Customer Contract.other than thirty (30) days.

MS.10 13.10f Part 2 Price

Specify the complete "firm" Price N/Adetails for the Contracting Services.

Specify the complete "fixed" Price As per General Order Item 10 of this Customer Contract.details if variable (including any pricingadjustment regime) for the ContractingServices.

Specify the timing of payments (or, if As per General Order Item 32 of this Customer Contract.applicable, reference the Project,Implementation and Payment Plan inthe Project, Implementation andPayment Plan of Schedule S2 of Part4).


DETE-101518

Education Business Systems Development

Request for Quote under DETSOA - 101349Provision of .NET Application Maintenance and

Development Services

CLOSINGDATEAND TIME: 2 August 2013 at 4pm

LODGEMENTDETAILS:

Contractor Name:


1 EngagementOverviewThe purpose of this Customer Contract is to improve the delivery of .NETapplication maintenance anddevelopment services to enable continuity, accountability and achieve high quality support services. TheDETECorporate Applications team provides application maintenance and enhancement to corporateapplications that support back-office type functions in schools and the department's central and districtoffices. The application portfolio is complex and consists of a set of bespoke applications, mainly developedin .NET using departmental customised .NETframeworks, and a number of applications developed withother technologies, in particular Oracle and MS Access.

The Departments Education Systems are based on a range of technologies including:

• Oracle, SQLServer (2003-2012) • Active Reports

• Microsoft .NET (V1.1-4.0) • SharePoint 2010

• Microsoft Access database • Cruise Control .NET that Utilises ActiveDirectory

• Windows Servicer 2000-2008 • IBM Tivoli Directory Services

• Team Foundation Server (2008/2010) • ADAM as its Identity Management

• Reporting Services (2000-2008)

These systems are mainly web based applications developed using the Microsoft .NETframeworks withlanguages such as:

• VB.NET • PLSQL

• TSQL • NAnt

• C# • XML

• Javascript • ASP.NET

• JQuery • MVC

A number of Education systems are built and maintained within DETE.Support for Education systemsadheres to the corporate .NETapplication frameworks, standards and guidelines. As part of quality control,changes to Education systems are managed and follow the SDLCprocess defined within the organisation.This includes migration of changes through application labs where testing is conducted and follows DETEChange Management Process.

Education systems change request and incidents are managed through the Departments instance of "ServiceNow". "Service Now" is used to assist with the maintenance and deployment processes as part of DETEChange Management Processes.

..?__ Scop~_andObjectivesThe engagement is for a period of 2+1 years with the commitment of .NET resource for up to the followinghours:

• At senior level: 320 hours per week (8 FTEs)• At Solution Architect level: 40 hours per week (1 FTEs)

The engagement is for the delivery a service that supplements the existing services by providing suitablequalified .NET specialist resource hours, primarily in the Corporate Applications Team within the ApplicationOperations unit. There may be additional project requirements from other sections of the Department. TheDepartment may elect to engage one or multiple panel providers to provide the above services.

The primary responsibilities are as defined in the attached SOAspecification.


3 Requirements I DeliverablesThe Contractor will be required to provide a quote for the services as defined in the attached SOAspecificationand set out below. The quote is required to use the Firm pricing as defined in Schedule 2 of the Deed ofArrangement.

3.1 SkillSetRequired

3.1.1 The Contractor will be required to provide resources with appropriate levels of .NET skills andknowledge for application maintenance and development services. The supplied resources will berequired to meet the minimum skill set criteria as defined in the attached SOAspecification:

3.1.2 This engagement is initially for

3.1.2.1.1.1 8 FTE'sat a Senior Technical Specialist level; and

3.1.2.1.1.2 1 FTEat a level of Solution Architect.

3.1.3 EachSenior Technical Specialist must be screened and deemed to meet the skill set contained in Section4.4.3 of DETESOA-101349Deed of Agreement.

3.1.4 The Solution Architect must be screened and deemed to meet the following skill set:

3.1.4.1.1.1 Ability to provide advice and direction on software development techniques andpractices to be adopted within OneSchool with respect to systems development within thesystems development life cycle;

3.1.4.1.1.2 Ability to evaluate new technology and its impact on the OneSchool delivery schedulesand plans. Help develop implementation strategies for incorporation in the OneSchoolProgram work program including the skills development or enhancement of projectpersonnel. Provide input to and ensure alignment of technology products across all workstreams within the OneSchool Program;

3.1.4.1.1.3 Ability to direct Development teams work efforts and provide and presentcomprehensive progress reports to Director Education BusinessSystems;

3.1.4.1.1.4 Ability to create and maintain design documents and perform application developmentas necessary to meet project timelines.

3.1.4.1.2 Please note you may only put forth a Solution Architect if your Deed of Agreement included theadditional resources of a Solution Architect or similar.

3.1.5 Commencement Date: ASAP,start dates negotiable

3.1.6 Expiry Date Tuesday 30/6/2015

3.1.7 Extensions 1 Year extension if offered Thursday 30/6/2016

3.1.8 Office Location Brisbane, exact address will be at the convenience of the State Government and issubject to change

3.1.9 Business Hours (if different to Deed) - as per Deed

3.1.10 Basedon 8 hours per day 5 days per week.

3.2 Transition

3.2.1 The Contractor is required provide a transition plan as defined in the SOAspecification and Schedule 3:Additional Provisions.

3.2.2 Detail how the proposed resources for this engagement will be transitioned.

3.3 Reporting

3.3.1 Individual Customer reports

3.3.1.1 The Contractors' resources will be required to use DETE's trouble ticket system (JlServiceNow") andAlloc8 time/job allocation resource management system


, ,

3.4 Performance Measures & Targets

3.4.1 The Contractor will be required to comply with the Service Level and KPls in Schedule S13 of the SOADeed of Arrangement.

3.4.2 KPlsrequired for this Customer Contract is attached in Schedule 6 - Service Level Arrangement.

3.4.3 All Performances measures are defined in the SOASpecification (Attached).

3.5 Role of the Customer

3.5.1 Provide the Contractor and/or the Contractors resources, with the following to assist with servicemanagement

3.5.1.1 A list of Contact persons

3.5.1.2 Desk/Work space

3.5.1.3 Computer and all required software licenses required to support applications

3.5.2 Communicate regularly with the Contractor to ensure that the Contractor is adequately informed aboutthe Customer's ICTneeds and requirements and business directions.

3.5.3 Provide accessto sites as required, accessmay be provided by way of the provision of appropriate swipecards and/or security passwords and numbers.

3.5.4 Prior to engagement or as mutually agreed, any supplied resource who will have access to theCustomers ICT environment will be required to undertake criminal history check conducted by theCustomer, at the Customers expense.

3.5.5 The Contractor's resources will report to Manager Corporate Applications

3.6 Security Requirements, Criminal History Checks and 10Authentication

3.6.1 The ICTResourceswill be required, when on a Customer Site, to carry a Customer supplied security cardand ID card. For short term engagements that may be a security and a temporary ID card, for anextended engagement a photo ID card may have to be obtained. The Customer will be responsible fororganising the photo ID card.

3.6.2 At the expiry of the engagement the ICTResourceswill return the supplied security card and temporaryor photo ID card to the Customer's Project Manager.

3.6.3 Eachsuccessful candidate may be required to undergo a Criminal History Check.

3.6.4 Before obtaining access to the Customer's ICT network, resources will be required to undergo anauthentication process to verify identity in accordance with the department's policy ManagingElectronic Identities and Identity Management. Any personal information provided to the Customer willbe in handled in accordance with the Information Privacy Act 2009.

3.7 Previous Employees of Queensland Government

3.7.1 Previous employees of Queensland Government need to be aware of the directives for "Earlyretirement, redundancy and retrenchment - Directive 4/12" and "Retrenchment of temporaryemployees engaged on a full time or part time basis - Directive 3/11" when submitting an applicationforthis Contract.

3.8 Billing

3.8.1 Contractors will invoice the Customer on a monthly basis for service / hours delivered or as specified inthe individual engagement:

3.8.2 Prices are firm for the term of the Customer Contract.


,-, ...., .QueenslandGovernment

Department of Education, Training and Employment

DETE-l01518-1

Education BusinessSystems Development

CUSTOMER CONTRACT

State of Queensland acting through the Department of Education, Training andEmployment (ABN: 76337613647)(Customer)

(Contractor)

GITC VERSION 5.02


GITC - VERSION 5.02 - GENERAL ORDER - DETE-101518

Parties

Between: State of Queensland acting through the Department of Education, Training andEmployment ("Customer")

and

Overview

A. The Customer wishes to engage a Contractor to supply Education Business Systems Development.

B. The Contractor issued a proposal dated 9 August 2013 in response to the Customer's requirements.

C. This Customer Contract sets out the terms and conditions applying to the provision of the Products and Servicesby the Contractor and is to be read in conjunction with the Deed of Agreement DETESOA-101349 executed on 3June 2013.

GITC

This is a General Order placed under Queensland Government Information Technology Contracting C'GITC")FrameworkQ_. The GITC modules applicable to this General Order are:

Module Order MOB-ICT Contracting Services

DETE-101518Education BusinessSystems Page2 of 14

CUSTOMER CONTRACT GITC GENERAL ORDER

No. ReferenceClause No.

Customer Contract DetailsGITC Reference Clause Number andTitle

1. DETESOA-l01349leT Arrangement Number2.

3. 1.1of SOA CustomercrConditions

Contractor's GITCNumber

Agreement.

Name State of Queensland (acting through theDepartmentof Education, Training andEmployment)

ABN/ACN: 76337613647Address: PO Box 15033

City East, QLD, 4002

4. Customer's Project Manager

5. Officer Receiving the Invoice

1-----1-------+-----------------_6. 1.1of!CT- Contractor

7.

8.

Delivery Address

1.1 of GITC Business DayPar! 2

I 7:30am and 5:30 pm Queensland time on a weekday otherthan a Saturday,Sunday or Public Holiday at the offices'delive address.

9. 1.1of GITC Contract PeriodPar! 2

10.

The contract commences on the date the parties sign thisCustomer Contract, if signed on different dates, the latter ofthose dates. The contract will continue for a period of two (2)years.At the sole discretion of the Customer, the contract may beextendedfor a furtherperiodof twelve(12)months.

1.1 of GITC Contract PricePart 2

The Contract Price is as follows:Senior Technical Specialist - _.

•••

Senior Technical Specialist -_

••

Page3 of 14DETE-101518Education BusinessSystems

~------------- -. --- .. --------.- - - - ······

M08. i11. 1.1 of GITC Contract Specifications

Part 212. 1.10fGITC Deliverable

Part 2

13. 1.10fGITC SitePart 2

14. 1.1 of GITC Specified PersonnelPart 2

..

Senior Technical Specialist-

..

..

..


..

..

..


..

..

..


I ..

..

..Senior Technical Specialist-

..

..

..

Refer to Attachments A and as further specified by Module Order iM08. I

. This address is subject Ito change by notice within the Brisbane Metropolitan region. iSenior Technical Specialist -







15. 1.1 of G1TC System Refer to Attachments A and as further specified by Module OrderPart 2 M08. I1.3 of GITC Time of the Essence Time is not of the essence. I

>-17~--+-;-.:-:-~-G-IT-C - -C~-nf-id-en-t-i~-lit-y---'-- ----- (aj-'Th-e--C-u-s-to-m-er--m-ay-'-d-is-clos-e-t-he--C-ontractor's I

16.


Part 2 Confidential Information to other persons for the purposeof the Customer's operations, provided that theCustomer imposes similar obligations of confidentialityon those persons.

(b) No additional disclosures by the Contractor arepermitted, without prior written consent.

.__ .- (c) Refer also Item 17 of Schedule 1.18. 1.1 of ICT Privacy and Disclosure of Personal The Customer reserves the right to request the Contractor I

SOA Information and/or its officers, employee, agents and sub-contractors, to

Conditions execute Schedule S10 - Deed of Privacy of this Customer

& 5.5 of Contract.

GITC Part 2

19. 5.6 of GITC Secrecy and Security The Contractor will, when on Site, comply with all the rules,

Part 2 I directions and procedures including those relating to securityin effect at the Site.

20. 7.1 of GITC Liability Liability for indirect or consequential loss is excluded.

Part 2 Liability is capped to the amount of $20,000,000.00 for anyoneclaim and in the annual aggregate.

21. 7.2 of GITC Indemnity Indemnity is uncapped.Part 2

22. S.1oF': - tomer Supplied Items (CSI) Refer to Attachments A and as further specified by Module OrderPart 2 MOS.

23. 8.2 of GITC Customer's Data and Processing Refer to Attachments A and as further specified by Module Order I

Part 2 Environment M08.

24. 8.3 of GITC Customer's Personnel Not applicable.Part 2

25. 10.3 of Approved Parties Approved Parties to be associated with the Customer Contract,GITC Part 2 as chosen by the Customer from those specified in item 36 of

Schedule 1.

26. 11.4 of Project, Implementation and Refer to Schedule S2, if applicable, and Module Order M08.GITC Part 2 Payment Plan

27. 11.5 of Staged Implementation Refer to Module Order M08, as applicable.GITC Part 2

2S. 11.6 of Liquidated Damages Liquidated Damages are not applicable.GITC Part 2

29. 1.1 of ICT Delivery and Installation Refer to Attachments A and as further specified by Module OrderSOA M08.Conditions&12.10fGITC Part 2

---

3~. 12.6 of Documentation (a) The Contractor must record actual hours on a timesheet in

GITC Part 2 an approved form by the Customer.(b) The Contractor must supply further the reports and

documentation relating to this Customer Contract asreasonably requested throughout the Contract Period.

31. 12.7 of Training Refer to Module Order M08, if further than requirements underGITC Part 2 Deed of Arrangement Schedule 3 Additional Provisions.

32. 13.2 of Time for Invoicing and Payment The Contractor will invoice the Customer on a fortnightly basisGITC Part 2 aligned with AlioeS for hours/services rendered in that fortnight.

33. 13.4 of Credit/Debit Card or Electronic Credit card or electronic funds transfer may be used by theGITC Part 2 Facility Customer to pay the Customer Contract.

34. 1.1 of ICT Additional Expenses Not applicable.

SOA


Conditions& 13.5 ofGITC Part 2

35. 43 of ICT Notice Relating to the CustomerSOA Contract - Customers address forConditions Notices

36. 43 of ICT Notice Relating to the CustomerSOA Contract - Contractor's Address forConditions Notices

37. 44 of ICT Complaint Management I

SOA

IConditionsII....._ ..

Privacy Statement - The Principal is collecting Personal lntormadonfrom the Contractor for the purposeof administeringthe ICT Arrangement and any CustomerContract. This Personal Informationmay be sharedwith QueenslandGovernmentdepartmentsor agencies, QueenslandGovernmentBodies, Non-GovernmentOrganisationsand/or Commonwealth, States or Territories for the purpose of administering the ICT Arrangementand any CustomerContract. or made publicly availablein accordancewith the requirementsof the State ProcurementPolicy. Personallnfonnation will not be othelWisedisclosed to any other third party without consent oftile Contractor, except where authorised 01' required by law.


The Parties to this Customer Contract have executed the Customer Contract on the dates set out below.EXECUTED AS A CUSTOMER CONTRACT

EXECUTION BY GOVERNMENT PARTY:

Signed for and on behalf of the State of Queensland (actingthrough the Department of Education, Training andEmployment)

EXECUTION BY CONTRACTOR:

Signed for and on behalf of

accordance with s.127 of the CorporationsAct 2001 (Cth)

Where an attorney or other agent executes this CustomerContract on behalf of a Contractor, the form of execution must indicate the source of thisauthorityand such authoritymust be in the form of a CustomerContract and a certified copy thereof providedto the Customer.


SCHEDULE S13 - Service Levels

1. Purpose of Schedule1.1. Service Levels are the performance indicators of the Parties and define a benchmark for measuring the performance of the

Service1.2. The Service Levels, targets, measurement methodologies, reports and rebates available are set out in this Schedule.

2. Measurement2.1. The measurement and calculation of all Service level achievements for the month are to be determined by the

measurement of the service KPls using the reporting period.

3. KPI's3.1. Table 1 - KPI Service Delivery (performance. of resources)

KPI Services What is measured How it is to be measured Performance targetNumberKPI # C1 Function point Number of function points created Work estimate has to by FP count 1 FP per hour of

in a workinq week Hours recorded in Alloc8 development workKPI #C2 Defects % Number of defects opened and Lodge defects in Service Now <2% rework

closed against code over time Number of defects opened and closedagainst code per release

KPI #C3 Unesofcode Number of failures recorded from Peer review <2%Quality of code peer review / code review

Number of failed unit/system tests ._.KPI#C4 Fix lime %of work completed on time Alloc8 <10% lateness

(Estimate vs) Actual time Service NowKPI#C5 Unit tests Number of failed unit/system tests Peer review 100% coverage

(measure of quality of work)Test coverage and completenessof tests (not writing weak tests thatdon't fullv test the code)

KP I#C6 Frameworks and Adherence to DETE coding Coding policies based on published 100% compliedpolicies frameworks, policies and SOLC Microsoft best practices and

._.__ .._ .._. OETAlOne Framework practicesf- .

KP I#C7 Incident and change Adherence to Incident and Periodic auditing 100% adherencemanagement Change management processes

KPI #C8 Documentation Hours of work documented Alloc8 timesheet Timesheet completed ontime and correct 100%

If the Contractor fails to achieve the specified KPl's in the KPI table the following actions will occur:

(1) Upon one failure to reach a KPI in a single Measurement The Contractor must provide the Customer with a list of rectificationPeriod actions and a timeline for implementing these rectification actions

(2) Failure to reach the same KPI twice in any three month The matter is escalated to senior management of both Customer andpetiod and/or failure to meet two or more KPI's within allY the Contractor for resolution.one month Financial penalties and rebates payable as a result of KPI/SLA breach

will be agreed between the parties before execution of the CustomerContract.

(3) Failure to reach the same KPI for three consecutive months The Contractor is considered to be in material breach of the Customerand/or failure to meet two or more KP/'s for two consecutive Contract for the purposes of GITC Version 5 02 Part 2 clause 16.2.

..__. months and/or faHure to act!q_n_preventative reqL~C(}_fT!.?'Q!.I'._ _ _ _ .__ ........... _.__ .._ ...._._ ..__ ._._.._ ..._---_ .._ ...-_.__ ._-_..._

M8.1 1.1 Client Site

Specify the Client Site in which the As per General Order Item 13 of this Customer Contract.Contractor shall be working.

M8.2 1.1 Commencement Date

Specify the Commencement Date of As per General Order Item 9 of this Customer Contract.the ICT Contracting Services.

M8.3 1.1 Expiry Date

Specify the conclusion date of the ICT As per General Order Item 9 of this Customer Contract.Contracting Services.

M8.4 1.1 Contractors Manager

Specify the entity responsible for As per General Order Item 4 of this Customer Contract.project managing the provision of ICTContracting Services.

M8.5 1.1 Contracting Services

Specify the services required by the As per Attachment A.Customer to be performed.

M8.6 6 Project, Implementation andPayment Plan (PIPP)

Specify if a PIPP is required to be YES J NO ~completed.

M8.7 7 Contractor Services

Specify the specific Personnel to As per General Order Item 14 of this Customer Contract.perform the Contracting Services.

Specify the number of hours to be Further specified in Attachment A.worked by the Contractor's Personnel.

M8.8 10 Completion

Specify the number of hours in which Further specified in Attachment A.Contracting Services shall becompleted.

Specify the Project Material (if any) to Further specified in Attachment Abe delivered to the Customer by theContractor upon completion.

M8.9 11 Payment

Specify the Price or fee applicable for As per General Order Item 10 of this Customer Contract.time actually expended on theContracting Services and all the periodof time i.e. hourly.


11.2 Specify the maximum amount of feespayable by the Customer (ifapplicable).

As per General Order Item 10 of this Customer Contract.

11.3 Specify the frequency of invoicing - ifother than thirty (30) days.

As per General Order Item 32 of this Customer Contract.

MS.10 13.1of Part 2 Price

Specify the complete "firm" Price N/Adetails for the Contracting Services.

Specify the complete "fixed" Price As per General Order Item 10 of this Customer Contract.details if variable (including any pricingadjustment regime) for the ContractingServices.

Specify the timing of payments (or, if As per General Order Item 32 of this Customer Contract.applicable, reference the Project,Implementation and Payment Plan inthe Project, Implementation andPayment Plan of Schedule S2 of Part4).

liB


DETE-101518

Education Business Systems Development

Request for Quote under DETSOA - 101349Provision of .NET Application Maintenance and

Development Services

CLOSINGDATEAND TIME: 2 August 2013 at 4pm

LODGEMENTDETAILS

Contractor Name:


1 Engagement OverviewThe purpose of this Customer Contract is to improve the delivery of .NETapplication maintenance anddevelopment services to enable continuity, accountability and achieve high quality support services. TheDETECorporate Applications team provides application maintenance and enhancement to corporateapplications that support back-office type functions in schools and the department's central and districtoffices. The application portfolio is complex and consists of a set of bespoke applications, mainly developedin .NETusing departmental customised .NETframeworks, and a number of applications developed withother technologies, in particular Oracle and MS Access.

The Departments Education Systems are based on a range of technologies including:

• Oracle, SQl Server (2003-2012) • Active Reports

• Microsoft .NET (V1.1-4.0) • SharePoint 2010

• Microsoft Access database • Cruise Control .NET that Utilises ActiveDirectory

• Windows Servicer 2000-2008 • IBM Tivoli Directory Services

• Team Foundation Server (2008/2010) • ADAM as its Identity Management

• Reporting Services (2000-2008)

These systems are mainly web based applications developed using the Microsoft .NETframeworks withlanguages such as:

• VB.NET • PLSQl

• TSQL • NAnt

• C# • XMl

• Javascript • ASP.NET

• JQuery • MVC

A number of Education systems are built and maintained within DETE.Support for Education systemsadheres to the corporate .NETapplication frameworks, standards and guidelines. As part of quality control,changes to Education systems are managed and follow the SDLCprocess defined within the organisation.This includes migration of changes through application labs where testing is conducted and follows DETEChange Management Process.

Education systems change request and incidents are managed through the Departments instance of "ServiceNow". "Service Now" is used to assist with the maintenance and deployment processes as part of DETEChange Management Processes.

2 Scope and ObjectivesThe engagement is for a period of 2+1 years with the commitment of .NET resource for up to the followinghours:

• At senior level: 320 hours per week (8 FTEs)• At Solution Architect level: 40 hours per week (1 FTEs)

The engagement is for the delivery a service that supplements the existing services by providing suitablequalified .NET specialist resource hours, primarily in the Corporate Applications Team within the ApplicationOperations unit. There may be additional project requirements from other sections of the Department. TheDepartment may elect to engage one or multiple panel providers to provide the above services.

The primary responsibilities are as defined in the attached SOAspecification.


3 Requirements I DeliverablesThe Contractor will be required to provide a quote for the services as defined in the attached SOAspecificationand set out below. The quote is required to use the Firm pricing as defined in Schedule 2 of the Deed ofArrangement.

3.1 Skill Set Required

3.1.1 The Contractor will be required to provide resources with appropriate levels of .NET skills andknowledge for application maintenance and development services. The supplied resources will berequired to meet the minimum skill set criteria as defined in the attached SOAspecification:

3.1.2 This engagement is initially for

3.1.2.1.1.1 8 FTE'sat a Senior Technical Specialist level; and

3.1.2.1.1.2 1 FTEat a level of Solution Architect.

3.1.3 EachSenior Technical Specialist must be screened and deemed to meet the skill set contained in Section4.4.3 of DETESOA-101349Deed of Agreement.

3.1.4 The Solution Architect must be screened and deemed to meet the following skill set:

3.1.4.1.1.1 Ability to provide advice and direction on software development techniques andpractices to be adopted within OneSchool with respect to systems development within thesystems development life cycle;

3.1.4.1.1.2 Ability to evaluate new technology and its impact on the OneSchool delivery schedulesand plans. Help develop implementation strategies for incorporation in the OneSchoolProgram work program including the skills development or enhancement of projectpersonnel. Provide input to and ensure alignment of technology products across all workstreams within the OneSchool Program;

3.1.4.1.1.3 Ability to direct Development teams work efforts and provide and presentcomprehensive progress reports to Director Education BusinessSystems;

3.1.4.1.1.4 Ability to create and maintain design documents and perform application developmentas necessary to meet project timelines.

3.1.4.1.2 Please note you may only put forth a Solution Architect if your Deed of Agreement included theadditional resources of a Solution Architect or similar.

3.1.5 Commencement Date: ASAP,start dates negotiable

3.1.6 Expiry Date Tuesday 30/6/2015

3.1.7 Extensions 1 Year extension if offered Thursday 30/6/2016

3.1.8 Office Location Brisbane, exact address will be at the convenience of the State Government and issubject to change

3.1.9 Business Hours (if different to Deed) - as per Deed

3.1.10 Basedon 8 hours per day 5 days per week.

3.2 Transition

3.2.1 The Contractor is required provide a transition plan as defined in the SOAspecification and Schedule 3:Additional Provisions.

3.2.2 Detail how the proposed resources for this engagement will be transitioned.

3.3 Reporting

3.3.1 Individual Customer reports

3.3.1.1 The Contractors' resources will be required to use DETE's trouble ticket system ("Service Now") andAlIoc8 time/job allocation resource management system


3.4 Performance Measures & Targets

3.4.1 The Contractor will be required to comply with the Service Level and KPls in Schedule S13 of the SOADeed of Arrangement.

3.4.2 KPlsrequired for this Customer Contract is attached in Schedule 6 - Service Level Arrangement.

3.4.3 All Performances measures are defined in the SOASpecification (Attached).

3.5 Role of the Customer

3.5.1 Provide the Contractor and/or the Contractors resources, with the following to assist with servicemanagement

3.5.1.1 A list of Contact persons

3.5.1.2 Desk/Work space

3.5.1.3 Computer and all required software licenses required to support applications

3.5.2 Communicate regularly with the Contractor to ensure that the Contractor is adequately informed aboutthe Customer's ICTneeds and requirements and business directions.

3.5.3 Provide accessto sites as required, accessmay be provided by way of the provision of appropriate swipecards and/or security passwords and numbers.

3.5.4 Prior to engagement or as mutually agreed, any supplied resource who will have access to theCustomers ICT environment will be required to undertake criminal history check conducted by theCustomer, at the Customers expense.

3.5.5 The Contractor's resources will report to Manager Corporate Applications

3.6 Security Requirements, Criminal History Checksand ID Authentication

3.6.1 The ICTResourceswill be required, when on a Customer Site, to carry a Customer supplied security cardand 10 card. For short term engagements that may be a security and a temporary 10 card, for anextended engagement a photo 10 card may have to be obtained. The Customer will be responsible fororganising the photo 10card.

3.6.2 At the expiry of the engagement the ICTResourceswill return the supplied security card and temporaryor photo 10card to the Customer's Project Manager.

3.6.3 Eachsuccessful candidate may be required to undergo a Criminal History Check.

3.6.4 Before obtaining access to the Customer's ICT network, resources will be required to undergo anauthentication process to verify identity in accordance with the department's policy ManagingElectronic Identities and Identity Management. Any personal information provided to the Customer willbe in handled in accordance with the Information Privacy Act 2009..

3.7 Previous Employees of Queensland Government

3.7.1 Previous employees of Queensland Government need to be aware of the directives for "Earlyretirement, redundancy and retrenchment - Directive 4/12" and "Retrenchment of temporaryemployees engaged on a full time or part time basis - Directive 3/11" when submitting an applicationfor this Contract.

3.8 Billing

3.8.1 Contractors will invoice the Customer on a monthly basis for service / hours delivered or as specified inthe individual engagement:

3.8.2 Pricesare firm for the term of the Customer Contract.


OneSchool - Department of Education

Documents

Transcript of OneSchool - Department of Education