CRM guidance document on policies, procedures and principles of
CRM Guidance Document v1.0
Customer Relationship Management
Microsoft Dynamics Guidance Document:
Policies, Procedures and Principles of Engagement
Version
Document Owner
Version
0.1
0.2
1.0
1.0
Document Information
Last Updated
Natalie Snodgrass Tan
October 2014
Date
3 September
2014
6 September
2014
Status
Draft
Draft
Document History
27 October 2014 Approved in principle by steering group
Notes
Initial draft completed
Name
NST
Feedback received from project team and incorporated into document. v0.2 considered and approved in principle at steering group meeting on 10/09/14.
Document further developed as per comments on version circulated to steering group and in light of comment at the steering group meeting on 10/09.
NST
NST
CRM Guidance Document v1.0
Table of Contents
CRM Guidance Document v1.0
1.0 Purpose of Document
This document details the policies, procedures and principles of engagement that govern the use of
Microsoft Dynamics Online, including the creation and maintenance of user accounts and the policies surrounding user access, data input and data management, with the end objective of ensuring that all information held in the CRM is accurate and has value, that the database is able to maintain its structure and integrity, and that the University’s obligations and responsibilities with regard to data protection and information security are met.
2.0 System and Licensing Information
Microsoft Dynamics Online is the cloud-based customer relationship management (CRM) system that the University has selected to be its institutional CRM system 1 . It will hold shared and centralised information on the University’s relationships with external customers and contacts, from University alumni through to SMEs, community organisations, research funders, large corporates etc.
The University currently has five separate environments commissioned for Dynamics Online – a production (live) instance, three development instances and one UAT (user acceptance testing) instance.
The University has a pre-purchased batch of user subscription licences (USLs) for Dynamics CRM which are assigned on a named individual user basis, meaning that each user requires a separate USL; USLs cannot be shared.
3.0 CRM User Accounts
This section covers the policies and procedures regarding user account creation and system access, changes of permission on existing user accounts, and disabling of user accounts. Data held within the
CRM system should be treated as confidential, with any information on individuals also coming under the provisions of the Data Protection Act 1998. Due to the University’s obligations with regard to data protection, as well as licensing arrangements, access to the system is controlled and monitored.
The policies and procedures set out in this section are applicable in the first instance to the pilot implementation of Dynamics Online, which will take place across the following departments over the course of 2014 to 2016:
Jobs.ac.uk
Corporate Relations
Warwick Business School
Warwick Conferences
Student Careers and Skills
Development and Alumni Relations
Processes for system rollout to departments and authorisation of users beyond the initial pilot phase will be developed and agreed as part of the pilot project deliverables.
1 The scope of Dynamics CRM currently excludes CRM for student recruitment purposes – this is currently handled through a separate system, Azorus CRM, which is managed through University Marketing, External Affairs.
CRM Guidance Document v1.0
3.1 Gaining Access to the Dynamics Online CRM System
Access to Microsoft Dynamics Online will initially be granted to individuals within departments participating in the CRM pilot project, following receipt of a completed and signed access request form
(see Annex A, attached) 2 . This form will be issued to staff in each department in line with planned system rollout and will be available for download on the CRM service pages in due course, once the development of these pages is complete.
The CRM application management team in IT Services ( crm@warwick.ac.uk
) is responsible for the creation and maintenance of CRM user accounts. Upon receipt of the completed and signed access request form, consideration will be given to the appropriate nature and level of access. When a user is granted an account, the CRM application management team will assign a USL to the user, log this appropriately and inform the user of account creation. The user will also be contacted regarding an introductory training session. If access is denied for any reason the CRM application management team will write to the user explaining the decision.
Following account creation, access to the CRM system will be possible using a variety of devices (PC,
Mac, tablet and smartphone). Multiple concurrent logins on different devices by the same user will be supported. Users will be able to gain access via a number of routes:
(a) Through Office 365, using their normal IT Services login and password. Users can access Office
365 through their normal webmail screen ( http://webmail.warwick.ac.uk/ ) or by going to http://office365.warwick.ac.uk
; once users have been assigned CRM access, a new ‘CRM’ tab will appear on the top navigational bar on these screens.
(b) Via the Outlook client, using their normal desktop computer. This route of access will require an additional plug-in (Microsoft Dynamics CRM 2013 for Outlook) to be installed on a user’s computer, which may require assistance from ITS if a user does not have local administration rights for their computer. Instructions on downloading, installing and configuring this additional software will be available on the CRM service webpages in due course.
(c) Via iPhones or iPads, for which a specific application will need to be downloaded. Instructions for this will be available on the CRM service webpages in due course.
3.2 Changes of Permission on Existing Dynamics User Accounts
Should a user or department identify a need for additional access in a user’s Dynamics Online account, a request should be made via email to the CRM application management team. Should the additional access be deemed acceptable, the change will be made to the account and confirmed to the user. The
CRM application management team will note the change on the user’s access request form and update the user’s access permissions. If the request is denied for any reason the CRM application management team will write to the user explaining the decision.
2 It is intended that the University move in due course to a built-in workflow for access requests and authorization; hard-copy forms will therefore be used as an interim measure while this workflow is being developed.
CRM Guidance Document v1.0
3.3 Disabling and Closure of Dynamics Online User Accounts
The disabling of Dynamics Online user access is prompted by 5 means: the Leavers List, account dormancy, notification from the user, notification from the department, and suspected misuse of the system.
3.3.1 Leavers List
The CRM application management team receives a copy of the HR leaver list at the end of each month from the Payroll Office within HR. When leavers’ ITS accounts are closed, this will automatically remove CRM access for users. In order that the user subscription licence can be re-assigned, the CRM application team will remove leavers’ names from the list of authorised
CRM users.
3.3.2 Account Dormancy
The CRM application management team will routinely review dormant Dynamics Online accounts and disable those believed to be no longer required.
3.3.3 Notification from the User
When requesting access to Microsoft Dynamics Online, users are asked to sign a declaration that also stipulates that they will inform the CRM application management team if they no longer require access to the system. When such a notification is received the user account is duly disabled and closed.
3.3.4 Notification from the Department
A user’s access to the CRM system may be removed following notification from their department that they have moved internally within the University or should no longer be authorised for CRM use (see for example section 3.3.5 below).
3.3.5 Suspected Misuse of the System
If misuse or unacceptable use of the system is suspected or detected the system administrator may disable the user’s account, pending further investigation. In such an instance the user and their line manager will be informed of this along with an explanation. If appropriate, resumption of access may be considered after any investigation has concluded. Misuse of the system may be dealt with in line with the University’s regulations governing the use of computing facilities
( http://www2.warwick.ac.uk/services/gov/calendar/section2/regulations/computing/ ).
Examples of unacceptable use of the system are also outlined in section 4.0, CRM Principles of
Engagement, below.
4.0 CRM Principles of Engagement
4.1 User Declaration
On the Dynamics CRM access request form, all users are asked to sign up to the following user declaration:
CRM Guidance Document v1.0
Declaration
Please read the following declaration, then sign and date the form to indicate your acceptance of these conditions.
I agree to abide by the University’s regulations governing the use of computing facilities (University Calendar
Section 2.3, Regulation 31). http://www2.warwick.ac.uk/services/gov/calendar/section2/regulations/computing/
I agree to abide by the current codes of practice relating to the use of administrative data and my responsibility to comply with the Data Protection Act 1998. http://www2.warwick.ac.uk/services/legalservices/dataprotection
I agree to follow and regularly review the best practice guidelines produced by the University’s Information
Security section. http://www2.warwick.ac.uk/services/gov/informationsecurity
I agree to abide by the University’s Acceptable Use Policy for the CRM system
(NB: The CRM Acceptable Use
Policy will be published on the University CRM website in Autumn 2014 and you will be notified when this document becomes available.) . In particular
I understand that no ‘read-only’ access to the CRM system will be granted and that in signing up for access, I am committing to share with other University departments the customer data, intelligence and relationships that I hold or manage, and to actively and regularly update data held on the system so that customer information is kept current. I also understand that data held on the CRM system may be commercially sensitive and/or confidential and that in signing up for access, I am committing to ensuring that this data is kept confidential.
I understand that the access I will be assigned is for my personal use only and that I should not allow anyone else to access the CRM system using my credentials. (You are reminded that infringement of this condition constitutes a breach of University regulations and may render you liable to disciplinary action. You are also reminded that you are responsible for any processing carried out under your user name.)
I will inform IT Services if I no longer require access to the CRM system.
4.2 User Access Rights
There are a number of major benefits associated with effective CRM use, which include improved internal communication and cooperation, increased business intelligence, improved business continuity, development of enhanced relationships and better relationship management. The introduction of CRM also presents the opportunity for departments to evaluate and improve their business processes and efficiency. For these benefits to be maximised, however, departments will need to be open with their data, so that the centralisation and sharing of external contact information and relationships across the
University, allowing a holistic picture of the University’s engagement with its stakeholders and facilitating collaborative working, can be achieved.
The University’s approach to information access is therefore to start from a position of trust. As a general principle, all licence holders will be able to view all information held on the CRM system, with a limited number of specific exceptions. This right of access is balanced against a range of responsibilities, which all users will be expected to fulfil. In particular, information that the University manages needs to be appropriately secured to protect against consequences of breaches of confidentiality, failures of integrity, interruption to availability and failure to comply with legal, statutory or regulatory requirements. There are also specific institutional and individual staff obligations in relation to the Data
Protection Act 1998. These responsibilities are set out in the University’s CRM Acceptable Use Policy below.
4.3 Acceptable Use Policy
The content contained within this section is a copy of the University’s Acceptable Use Policy for the
Dynamics Online CRM system. It relates to the permissions and access available to Dynamics Online licence holders as well as the principles and parameters of acceptable use of the system.
CRM Guidance Document v1.0
4.3.1 Introduction
The University’s Dynamics Online CRM system is governed by the CRM Acceptable Use Policy and access to the system is conditional upon adherence to this policy.
The Dynamics Online CRM system contains personal data 3 relating to the University’s business and industry contacts, alumni, friends and donors. In signing up for access to Dynamics Online, users agree to abide by their responsibility to comply with the Data Protection Act 1998. The University’s
Data Protection Policy, which describes the Data Protection Principles and how personal data should be handled and processed by University members, is available to consult at http://www2.warwick.ac.uk/services/legalservices/dataprotection .
Data held on the CRM system may also be commercially sensitive and/or confidential. In signing up for access to Dynamics Online, users also agree to follow and regularly review the University’s best practice guidelines on information security, which can be viewed at the University’s Information
Security pages at http://www2.warwick.ac.uk/services/gov/informationsecurity . The three core principles of information security are:
Confidentiality: ensuring that only those individuals who have a valid and authorised reason to access the information can do so.
Integrity: ensuring that information is not altered, deleted or otherwise modified by individuals or processes unauthorised to do so.
Availability: ensuring that the information can be accessed when it is required.
The purpose of this document is to help University members understand their responsibilities with regard to data input and data editing, in the context of their obligations with regard to data protection and information security.
4.3.2 Acceptable Use of the System
All Dynamics Online licence holders are expected to abide by the following principles and parameters of acceptable use of the CRM system.
4.3.2.1 User Access Credentials
Following account creation, users will be able to gain access to the CRM system using their normal
IT Services login and password 4 . The University’s Information Security webpages contain guidance on the creation and management of passwords (see http://www2.warwick.ac.uk/services/gov/informationsecurity/working_practices/passwords ).
Users should note that they should not divulge their password to anyone for any purpose and that it is their responsibility to create a strong password which meets the University’s minimum password standards.
3 As defined by the Data Protection Act 1998.
4
Users will be able to gain access via a number of routes: through Office 365, a plugin for the Outlook client, or via a mobile/tablet app. Full instructions for each of these routes will be available to consult on the CRM service webpages in due course.
CRM Guidance Document v1.0
Users are expected to ensure that their login credentials are kept secure and are not used to give access to non-authorised users.
4.3.2.2 Data Access Principles
In signing up for access, all users commit to share with other University departments the customer data, intelligence and relationships that they hold or manage.
As a general rule, all users will be able to access all data held on the CRM system, except under certain specified exceptions (e.g. sensitive personal data such as financial details; details of IP which are commercial in confidence; where confidentiality agreements may require restrictions to data access, etc.). These exceptions will be handled by security settings and access permissions within the system. The system design that will be undertaken for each department will, however, incorporate specific form design and personalisation such that only relevant data is displayed to each department.
All users will be able to enter new and amend existing records, and be able to create and edit all data held in standard entity fields.
Only system administrators will be able to delete records.
All users must have received full training on the CRM system before full access will be given.
All users must maintain the confidentiality of data and information stored on the CRM system. No data should be disclosed to individuals without a valid and authorised reason to have this data. Dynamics Online licence holders have a responsibility to ensure that any individuals or organisations which are given access to data held on the CRM system are aware of their obligations to protect the information and, if applicable, to process it in line with any University policies or stipulated conditions of access (see also section 4.3.2.5 below on disclosure of personal data).
No untargeted and/or unauthorised mass mails, either postal or electronic, should be made from the CRM system.
4.3.2.3 Relationship Management
Organisational and individual contact records are as a general rule owned by the University, although individual relationships with contacts will continue to be managed and stewarded by individual members of staff.
The CRM system holds data on a number of organisations which the University or departments have identified as being of strategic importance. These strategic accounts are flagged on the system and any communication with the contacts associated with these accounts must be routed through the relevant strategic account manager so that a coordinated approach to engagement can be taken.
Users will endeavour to engage with contacts on the CRM system in a consistent way and in coordination with other users. This applies to all accounts, not just the strategic accounts described above.
4.3.2.4 Data Input, Editing and Extracting
A number of processes are being implemented to ensure the integrity of master data (e.g. organisational records) within the CRM system. These will incorporate both proactive measures to reduce the occurrence of master data issues at the point of data creation (e.g. duplicate detection rules which will, for example, present users with drop-down lists of
CRM Guidance Document v1.0 master data values and display a warning if they are likely to be creating a duplicate value), as well as reactive measures to cleanse data after it has been entered into the system, which will include the daily review of new and existing data. Notwithstanding these measures, all users will have a role to play in ensuring data integrity within the system.
In order to ensure that the CRM system is able to fulfil its purpose, all users will: o Actively and regularly input and update data so that information relating to the organisations and individuals held within the CRM system is kept current. o Ensure that all activities/opportunities/projects undertaken with an individual/organisation are entered onto the system. o Complete all mandatory fields and as many fields as possible. o Enable the tracking of emails, tasks and appointments in Dynamics CRM.
5
All data entered on the system must be from a reliable source, relevant to the individual or organisation with whom the data is associated, timely and entered correctly to the best ability of the user.
Processes for querying, extracting and analysing data held within Dynamics CRM will be developed in consultation with departments as part of the CRM project.
4.3.2.5 Personal Data
Personal data on the CRM system should only be used for the purposes to which the individual has consented. All data held on the system relating to the University’s alumni and friends (as currently held on the Raiser’s Edge database) is covered by the DARO data protection statement available at: http://www2.warwick.ac.uk/alumni/contacts/daroteam/dataprotection
Personal data should only be disclosed to individuals or organisations with a valid and authorised reason to have this data. Licence holders have a responsibility to ensure that any individuals or organisations which are given such access are aware of their obligations to protect the information and to process it in line with University policies. This includes any third parties who may provide consultancy, system support or data processing services on behalf of the University, for whom a legal data sharing agreement or other contract with appropriate confidentiality and indemnity clauses should be in place.
All users should note that under the Data Protection Act, individuals are able to make requests to the University to gain access to their personal data. This includes any information held on the CRM system that may relate to “any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual”
( http://ico.org.uk/for_organisations/data_protection/the_guide/key_definitions#para32 ).
Whilst it is recognised that this kind of information can be invaluable in the context of CRM, care should be taken to record any such information in an objective, neutral and factual manner.
5 All emails, tasks and appointments are tracked by default when accessing the CRM via Office 365 or the Dynamics mobile app. Users opting to use the plugin for the Outlook client will need to track these manually and the CRM project/application team will work with users in departments to ensure that appropriate standard operating procedures are established in order to achieve consistent tracking.
CRM Guidance Document v1.0
5.0 Support
A CRM service board and user group/forum will be established in due course, which will provide a structure and framework for raising support, development and training queries or requests. Currently any queries should be directed as set out below.
5.1 Data
Dynamics Online licence holders should raise any data queries with their departmental CRM contacts in the first instance. These are as follows:
Jobs.ac.uk: David Colliver
Corporate Relations: Sam Hardy
Warwick Business School: Oliver Walmsley, Simon Harper or Ian Swann
Warwick Conferences: Rachael Bartlett
Student Careers and Skills: Sue Bennett or Deirdre Sheridan
Development Office and Alumni Relations: Andrea Crowley, Sally Taylor or Martin Porcas
The above members of staff are also the first point of contact for data queries from other departments
(e.g. in relation to shared contacts).
5.2 Training and System Development
Dynamics Online licence holders should raise any requests for system development or training with their departmental CRM contacts in the first instance. These are as follows:
Jobs.ac.uk: David Colliver
Corporate Relations: Sam Hardy
Warwick Business School: Oliver Walmsley, Simon Harper or Ian Swann
Warwick Conferences: Rachael Bartlett
Student Careers and Skills: Sue Bennett or Deirdre Sheridan
Development Office and Alumni Relations: Andrea Crowley, Sally Taylor or Martin Porcas
5.3 Technical
During the pilot implementation period, any technical support queries should be directed to the CRM application support team at crm@warwick.ac.uk
. Once the CRM becomes established as a standard ITSmanaged service, technical support requests will need to be submitted via the ITS Helpdesk.
5.4 General
During the pilot implementation period, general queries regarding the CRM system, including any requests by departments to use the system, can be directed to the CRM Project Manager, Natalie
Snodgrass Tan, in the Strategy and Change office. The procedure for raising general queries or service requests beyond the initial pilot phase will be developed and agreed as part of the pilot project deliverables.
