Case Scenario: Walton is an online retailer which has built up a loyal base of nearly one million customers through its website, Walton.

Walton requires all users to provide an email address, which is used both to access Walton.com and to receive communications, including special offers and discounts, from Walton. As Walton has been operating since the early days of the internet and easy access to email, many of its customers did not already have an email address, so Walton offered its customers a free email service as well as online shopping. The email service is extraordinarily popular with Walton's customers. Indeed, about half of the customers still use Walton.com as their only email provider, and for many, the email service is seen as a major benefit provided by Walton. While many customers have provided a non-Walton email address for routine communications, those for whom Walton is their sole provider obviously cannot do so.

Unfortunately, like all online providers, Walton has suffered its share of cyber-attacks, most of which it has fended off successfully. However, following the most recent attack, which happened during one of Walton's busiest periods of the year, Walton has realised that they must enhance the security of their email service. In fact, the need to upgrade the security is so urgent that it cannot wait until after their imminent annual two-week office closure, especially as this is normally a peak time for the use of the mail service.

Analysis of the vulnerabilities of Walton's email system reveal that the most important change to be implemented immediately is a set of stronger requirements for email passwords. (Anonymised) evidence from the service desk, when users contact them asking for their password to be reset to what they thought it was, shows that too many users still use extremely simple or predictable passwords. And it is those with predictable passwords who are usually the victims of hacking.

Having agreed to enhance the minimum password requirements, the discussion then turns to how to persuade its users to update their passwords accordingly. It is pointed out that users have been "encouraged", "asked" or "advised" to upgrade their passwords many times, but - from the service desk evidence - too many of them have never done so. Therefore, it is agreed that some form of coercion will be necessary.

The approach that is agreed is that the password requirements will be upgraded, and simultaneously all current passwords will be invalidated. This will render the corresponding email addresses "invalid", so that, when users try to log in to Walton.com with their Walton.com email, it will be rejected because the website automatically validates the email used to log in. This should force all those who use Walton.com to change their email passwords.

Walton's management decides to go ahead with the changes. An email is sent to the "preferred" contact email address for each customer telling them that the password for their Walton email has been disabled, and must be reset, using a link in the email, to meet new enhanced password requirements; and that they will have to reset their email password before they can log in to Walton.com again, as their email address will be flagged as "invalid" until the email password has been reset.

Unfortunately, as the arguments about how to proceed have taken longer than expected, the new password requirements are imposed at the end of the working day before Walton's offices - including the service desk - shut for their annual closure. The explanatory emails are then sent out overnight after Walton's offices have already closed down.

To make matters worse, during the annual closure a "housekeeping" program has run automatically against the list of email addresses provided by Walton, and deleted all those, together with their account details, which were flagged as "invalid" - without keeping any copy of either the deleted email addresses or the corresponding account details. So, virtually all of the email addresses belonging to customers who had used only Walton's email service have been deleted, together with all their contact details, so there is no way of contacting them with the link to update their passwords to reinstate their accounts.

When Walton reopens its offices after the break, they return to a mountain of angry telephone messages from upset users whose email has been turned off without explanation, or who can no longer log in either to Walton.com or to other websites using their Walton.com email address. Many of the messages state - in not very polite terms - that the affected users have swapped to another (free) email supplier, and will no longer use either their Walton email or its online retail website.

Q1. Describe briefly how Walton's customers gain value from the services they provide, as described in the scenario.

Q2. Identify the service failures arising from Walton's attempts to improve the security of their email service.

Q3. Explain why a service management approach should have avoided the service failures you identified in part (b).

Q4. Describe briefly the kinds of issues that should have been considered by the (emergency) Change Advisory Board (eCAB) with regard to Walton's email security changes. Explain why the eCAB's deliberations should have prevented the unwanted consequences of the change.

Q5. Describe briefly the role of the service desk following a change such as that implemented by Walton. Hence, comment on the wisdom of implementing this change immediately prior to a period of closure for the service desk.