FAQs

AXLR8 configure Information Request Types for you. We make sure they have the correct “clock” settings, privacy flags and auto-deletion parameters for your Retention Policy. We have templates ready for most jurisdictions.

Here are three examples from our Demo system. Please also see Request Status which works with Request Types to enable events (e.g. “clarification” or “quotation” or “checking proof of ID” or closure) to stop, pause or reset the “clock” as appropriate.

FOI Request Type

The clock is set to ignore bank holidays. Privacy is not flagged (although, see below for “Sensitive FOI”)

Extended FOI

For those FOI requests that require more time – say 40 days, you can create a variant of the FOI Request Type. The only difference is that it has a 40 day “clock”. If you change from and FOI to an FOI – Extended, the deadline will automatically change. Thus, for example, if you realise, on day 9, that an FOI will be much more work, then you have 11 working days to go. If you simply change the Request Type in the drop down box, then you will automatically see the deadline date change to 31 working days hence. The set up ALR8 apply to this is shown below. Some clients have also asked us for other extensions on Request Types.

SAR Request Type

The clock runs including weekends and bank/public holidays. I.e. it works on Calendar days. It is also “Private“.

Sensitive FOI

This is a Request Type for FOIs that include personal, private content. The clock can still run as an FOI but the “Private” flag is set both internally and externally. The “Public” flag is not set. Some organisations ask AXLR8 to set the DPA flag and treat them fully as if they were SARs. They may be Sensitive FOIs for other reasons.

How configuring a Request Type changes IR lifecycle

How else to these parameters change the way the AXLR8 system manages IRs?

1. Length of time to deadline for response progress tracking
2. Appearance or not on the Public Disclosure Log
3. Colours to distinguish them on reports built with AXLR8 Report Builder
4. Privacy settings for users (most of whom will not see “private” flagged request types.
5. Working days (exclude weekends and public holidays set by your organisation in Bank Holiday Admin) or Calendar days.
6. Whether it is in DPA or FOI or EIR reports and screens
7. How retention automation works
8. …………………..and many more.

It is critical to get the Request Types configured correctly. You can see the implications from the list above. We need to consider every dependency.

If you need any changes to your request types, please contact AXLR8 Support. We will be happy to help. You can read the Request Type Admin area but not make any changes yourself. Your AXLR8 Support consultant will ask you for details and configure and test it across business rules with a programmer.

Simple! It comes as standard. It needs to be checked and then it can be made public.

Obviously, good practice will mean it does not take long to check. However, some public bodies may have used their system for ten years before deciding to publish their PDL. In this case, it may be wise to institute those practices immediately and make sure the data is public ready. Once that process is started, the business can ask AXLR8 not to publish any IRs before a chosen date. For example, you might check back to 01/01/2023 and ask that none raised before that date are published.

Check list for Launching your PDL

1. Check all SARs, sensitive FOI and other private Request Types are not marked as “Public” in Request Type Admin. Make sure all FOI and EIR “Request Types” are Public.
2. Make sure there are only FOI and EIR requests and any others that are OK to publish.
3. Check no documents or notes have been marked as public which should not have been.
4. Ask us for the URL to check the Disclosure Log internally.
5. Make sure that the responses do not contain any files or text mistakenly added in which should not be available externally.
6. Adjust the stylesheet options available to you with AXLR8 Support so that the PDL complies with your branding requirements and accessibility.
7. Ask AXLR8 to “release it into the wild”.
8. Link it on your website.

Please contact us if you need any assistance.

This is accomplished in Document Template Admin.
To find Document Template Admin, please select Admin menu (cog on LHS menu in the old system or Super User menu in the new UX). Then select Document Template Admin.
There you will see a list of documents already available. They will be of different:

• Media
  • Letter
  • Email
  • Text Message
  • Other
• File types
  • .RTF
  • .HTML for formatted emails with colours and different highlights, fonts, embedded hyperlinks
  • .TXT for plain text emails
  • other
• Contexts
  • Contact person only (name address, etc.)
  • Information Request where the dates (including due date), short descriptions, subject, exemptions, department, owners and applicants and much more information may be merged in specific to that IR.
  • Activity (task within an activity with a specific owner or team to respond in a department
  • Breach
  • Reviews and appeals
• subject lines

The scope for automation of tasks is enormous with smart mail merged correspondence available in a couple of clicks.

The documents created are also auto-attached to the Information Request. If you have AXLR8 Messagestore then incoming and outgoing emails will be stored agains the Information Request as well.

Trigaware

There are also fully automated emails. These are in addition to the mail merged documents. They are launched by the AXLR8 Trigaware system which are preprogrammed on events. Examples include:

• auto acknowledgement to applicants including details of their request and the due date
• alert to the team handling responses
• reminders at 10 ad 5 days befofre the due date for those esponsible
• alert when a department officer has added a File or Note to an Information Request.

Some clients have a two dozen of these set up containing information that changes with conditions.

Trigaware auto emails are explained at length elsewhere.

Information Request Workflow Automation was introduced here as a way to improve productivity for public sector IG Teams. Some Use cases are listed. We show how one of them might be automated and how the User Permissions work to make sure only the correct people design and deploy the robots.

Proof of Identity Workflow Automation

The example below is a abridged schematic of SAR workflow. Obviously, there is much more to it and more detailed workflow charts can be found elsewhere on this site.

Automation steps

Typically, the process building this in to your AXLR8 IRMS starts with your requirements.

1. In Document Template Admin, build the messages for each stage in the medium desired.  Usually these will be emails, SMS Messages or Word documents. For example reminders using Trigaware™ after waiting for a PoID for a SAR.  The messaging can be simple or intelligent with personalisation and very specific conditional contents. (see smart messaging).
2. We set up a “custom event definition” (i.e. the point in your workflow at which you need the document to go to the client).
3. Define the Status Life Cycle: the next section describes how to define a time limit for a status and any status change that follows completion of that life cycle. The life (cycle) of a status is the time it runs for or period before it closes itself and kicks off the new status.

Stage 1 Messaging to match your status change requirement

These examples match the work flow above.

• Inform the applicant that the IG team need this from the applicant when the IR is set to “Clarification Requested”
• Then alert them that 20 days has passed and there are 20 days remaining before they will have to resubmit their request. This would happen when the Clarification Second Request auto launched itself.
• The IR will close when the 40 days end and there has been no Clarification (or PoID). A third Trigger email can be programmed to go out. It would inform the applicant that their IR is now closed. They will have to resubmit it if they still need the information.

Stage 2: Create Automated Information Request

The best way to accomplish your objectives for Information Request automations is to create new IR Statuses. The reason for this is that all existing IRs that are running with that status will suddenly automate. If that is OK with you, go for it. We will describe how you do that below but you should consider the safer route of creating and applying a new one.

Please refer to the screenshots below which show the update of an IR Status and the creation of a new one.
The existing IR Status called “SAR ID Requested” for this client could be upgraded by:

• adding the tick for Time limited Status
• adding a duration of 20 days
• selecting a carry on status (in this case it will “Final SAR Request”)
• ticking the box for Special User Access. (see “User Permissions” below)

So after 20 days from the initial request, the IR is automatically sent to the next status of a final 20 days where they are on notice that the IR will be closed after that period. This is a total of 40 days. Very reasonable if you automate some reminders for the applicant as well.

In the above example, we updated and existing IR Status for our first 20 day SAR Request for PoID. Below we have created a new Information Request Status, also 20 days in duration and the last 20 day period they have in which to prove they are who they say they are before work starts finding their requested information. In the green box, to confirm the process above, we did the same ticks and duration. The difference is that the end of the 20 days automatically changes the status to Cancelled by Requester. Again, your organisation may have different vocabulary. You might call that “Failed to supply PoID” or some other label. In any case, it would close the IR because this final status would be a “finished” status.

So, we now have a “chain” of three actions that will hand over like a relay race with no human intervention necessary until PoID is received and agreed as valid, one day. Then the automated process is stopped and work begins with that request.

NB in the above example, you will see that this IR Status is disabled (tick box at the top). That is because We have not yet applied user permissions (or tested it).

Note. It is best not to apply the time limited status settings to existing IR statuses unless you are confident you know the outcome.  The next time it runs, it would run on all the existing IR records that have that existing status. Do you want that?  If you do make a status time limited, it would be best to search to see how many IR’s have that status, and understand that if they were given it more than the duration number of “valid” days ago, that “it will” change the status next time it runs.

Stage 3. Review User Permissions

Not all users should have the authority or expertise to apply a timed status. They may launch a wrong workflow automation. For example, without knowing the next steps, they could create an infinite loop. Users need to have the new user permission to apply one of these time limited statuses when they are first created. Later, when ta few runs through have proven the automations, you can remove the restriction from the IR status. This is done by removing the “Special User Access” shown in the screenshots in the previous stage. Below is how we can set up a knowledgeable pilot user to be able to use the new timed IR Statuses.

There is a new User Permission. It is called “Can apply Special User Access Statuses”, on user admin. Here is an example from a real client showing where it is on the User Admin screen.

If a User tries to apply a Time Limited IR Status to an Information Request, they may not be able to do so. If they do not have permission, they will get the following message.

For someone with this permission, the above alert message (example from City of Edinburgh) will not appear. That User can save their chosen status.

Systems Admin Permissions

As described above, your Super Users may decide which Users may apply these IR Statuses with timings built in. I.e. the “special User Access” IR statuses.

We have disabled update rights for clients but you have complete visibility of information Request Statuses. You can request an AXLR8 consultant to make the change.  Thus in your office, similar to the Dropdowns admin for Request Type, the Dropdowns Admin for Information Request Status only has a Save function when one of our consultants is using it. 
It is not available from client offices. AXLR8 have retained some of the administrative privileges for our support specialists for Request Status Admin.

The “Save” function in Information Request Status “Dropdowns Admin” was always available for Super Users at our clients. However, the ability to save changes in Request Type was reserved for AXLR8 consultants. The reason was the cost to us of fixing mistakes. With the power of this new Workflow automation we need to work with a few clients to take responsibility and shoulder the expense of any errors before handing back the ability to save changes. We also assume most client Super Users would wish to work over a Teams meeting screenshare with an AXLR8 support consultant when building these IR Automations. The reason is that mistakes can be costly to fix.

Audit Log

In the audit log view we can see the Cancelled status is a “Close” status, the save object has also set the “Date Closed” date (same as if you set the IR to cancelled in the IR details screen).

Why must we update Bank Holiday dates? Some information requests have a response deadline in Calendar Days, e.g. SARs. Others like FOI and EIR must be completed in Working days. These “Request Types” are configured in Request Type Admin.

The AXLR8 system must exclude weekends and bank holidays for those Request Types. The latter change from jurisdiction to jurisdiction and in some countries local areas may differ. So, AXLR8 have a simple solution. We provide a Bank Holiday Admin area. There, you can manage your organisation’s public holiday dates.

Bank Holiday Admin

The Bank Holiday Admin function is to be found in the Super User menu. It is down at the bottom. The reason is that it is not used very often. You can add a few years in ahead if you wish. Don’t for get a diary date to review them

You can add (or remove) dates for public holidays. This is shown below.

These days are excluded from the day-count up to the response deadline.

Responsibility for updating Bank Holidays

You, the client, are responsible for keeping the bank holidays updated. We put in a year with you as part of the Super User Systems Admin training when we implement your system.

We sometimes ask clients if they would like one of our interns to help. It is a good “work experience” job. Occasionally, we find a client who has forgotten to update them. This might be whilst working on their system on another support job. In that case, we inform the client. Please do not rely upon it. Set a date in your diary. Once a year should do it. There are too many clients and local variations for AXLR8 to manage it centrally.

There are several approaches you can take. Here are the three most popular.

Make it a Sensitive FOI

This is an FOI request (or FOISA) that requires personal data in the answer which you feel should be protected as if it were a SAR.

Let’s say there are 5 parts to the question which is generally about compensation and part 3 asks you about the applicant’s specific compensation but the rest are about general rules and amounts over the last couple of years.

Make it a SAR

It may be that the request is so peculiar to a person that it is really a SAR. This happens occasionally and is a natural solution which immediately covers you for any possibility that the data will be published outside your organisation. It will also not be seen by those without “Private” Request Type access.

Make two IRs: a SAR and and EIR

There may be a number of questions in the IR and you can create two IRs. Part 3 could be a SAR and parts 1,2,4&5 could be sent out in a second IR which was classified as an FOI request.

Which to choose?

Obviously, the first is the simplest. The advantages of a “sensitive” FOI (FOISA, EIR, etc.) are that they are excluded from the public disclosure log and are not seen by any staff whose access excludes Private request types.

The automated emails will have been set up so that they do not expose PII in the wrong places. Policies and workflow procedures would need to be in place so that the information management team know to make the subject line “Bill Smith’s Compensation” (in the above example). Rather they might make the correspondence subject “Potholes Compensation”.

The only other thing to consider is triage speed. Once you have set an IR as FOI, some automated triggers may have been launched. That needs to be taken into account before changing the request to a Sensitive FOI or SAR after a week of activity. Occasionally, however, it is not obvious up front or senior staff are not present an a mistake is made.

What are Private Request Types?

Generally these would be SARs, Sensitive FOIs and some that are specific to different jurisdictions. Examples include: CAFCAS in UK and Procurator Fiscal in Scotland. See the FAQ article about how their behaviour differs in the AXLR8 system.

Generally these would be SARs, Sensitive FOIs and some that are specific to different jurisdictions. Examples include: CAFCAS in UK and Procurator Fiscal in Scotland.

The Request Types in the AXLR8 system are completely customisable for any jurisdiction (or just because your organisation needs to). This means setting it up with the “Private” parameter set to “Yes”. It may also be that there are Request Types that are not private but may not be shown on the Public Disclosure Log. That can be set separately as you can see in the orange box below.

How does the AXLR8 system treat Private Request Types?

1. Only those with Private IR access may see them. This is different to the Application Blind parameter in User Admin which prevents a user seeing any applicant details, regardless of the type of request.
2. The automated emails can be set up differently. For example, the Subject line of email correspondence and file names of documents may say the Request Type and the unique reference number. For example the subject line might say “SAR- ACCESS demoshireIR:12345” but not the name of the applicant for who you are collecting the information. Compare this with the subject line for an FOI request which would say “Potholes vehicle damage compensation FY2023-4 DemoshireIR:12346“.
3. The Request will not show on the PDL (Public Disclosure Log) for your organisation.

Response Times

The response times are unaffected by the “Private” flag shown above. How these timings work as well as how they change with clarifications and proof of identity and other events is described elsewhere.

The time for completion is set elsewhere. A Sensitive FOI (assuming not extended) still runs to a deadline of 20 working days. A SAR still has a month regardless of bank holidays and weekends.

Short answer, anything you want during any timescale you can afford.

However, this is a standard AXLR8 demo of 48 minutes plus questions.

Subject	mins
Workflow AXLR8 support for different types or request	4
Demonstration of relevant functions and discussion based upon the above.	18
Entering the new IRs (variety of origination journeys) – Manual (e.g. from letter or email without email2IR function) – Email2IR – Feedback form (self service)
Categorisation
The “Clock” how the response deadlines are calculated for different request types.  Inc/exclusion of weekends and bank holidays.
Status and lifecycle of an IR depending upon the category and the allowed times for that jurisdiction
Reviews and Appeals
Administrating user access, status, IR types, bank holidays, document templates, portal views, reports, etc.
Different portals for different officers (e.g. department reps different from IG in the HQ)	8
Allowed access
Applicant blind
Intelligent automated messaging (Trigaware™) and email archiving (MessageStore™) Showing some examples	5
Audit trail	1
Public Disclosure Log – We show some live PDLs. You can explore them afterwards	2
Admin features*	10
Reports Building User rights and access Portals – Creating Menus, pages, grids, widgets, kanbans, dashboards – Editing – user rights Request types – Private/Public – SAR vs FOI/EIR and other “clocks” – Request Status – Request sub-tasks Maintaining the diary of public holidays Document template admin * NB any of the Super User / Systems Administration features can be explored in multiple video courses online and so we just skim over the fact that they are built in.

Items such as migration from legacy systems and security and other areas of compliance required in the public sector will be dealt with in depth if required at a later stage.

Other tools

If of interest, we can always look at other IG tools later Data Breach, DPIA, Information Asset Register, Data Sharing Policy Register, etc.  Also, Complaints Processing and other workflows.

Just click here.

It evolves and we are happy to receive additions and corrections at AXLR8!