FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Document Title Security Acceptance Test
Document Type = Acceptance Specification
Abstract This document describes the Acceptance Test for Security
Status Issued
Author DJ JONES/J C C DICKS
Approval By APPROVED
Distribution Pathway Management Team
Test & Integration Manager
Pathway Library
POCL/DSS Gareth Lewis
PDA Mary Reade
Recommended ICL Pathway Test Authority(ies) Test Manager
for Approval Manager
Signature
Name D J JONES
Date
Approved For and behalf of ICL For and behalf of Authority(ies)
Pathway
Signature
Name
Date
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page I of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
0. DOCUMENT CONTROL
0.1 DOCUMENT HISTORY
Version Date Reason
1.0 TITI9ST Release 1e Version for approval
11 30/3/97 New Release 2 Version for review
1.2 30/07/98 Incorporating comments from Horizon Quality Review
and changes to some of the High Level Test Plans.
1.3 14/08/98 Changes to incorporate final comments from Horizon
1.4 20/08/98 New Release 2 Version for approval by Horizon
2.0 16/10/98 Issued (for baselining)
0.2 ASSOCIATED DOCUMENTS
Reference Version Date Title Source
(1)
(2) Acceptance 0.1 13/09/96 Standard for Raising and Pathway
Standard Progressing Acceptance
Incidents.
(3) Acceptance 0.1 17/09/96 Standard for Pathway
Standard documenting Acceptance
Specification
(4) Authorities’ 8.0 14/11/97 Acceptance Procedures DSS/POCL
Agreement Schedule (A)AO7
(5) POCL 8.0 13/11/97 Acceptance Procedures POCL
Agreement Schedule (P)A11
(6) DSS 8.0 14/11/97 Acceptance Procedures DSS
Agreement Schedule (D)A11
(7) Authorities’ 8.1 9/3/98 Requirements Schedule DSS/POCL
Agreement (A)B04
(8) Authorities’ 8.1 9/3/98 Solutions Schedule Pathway
Agreement (A)BO5
(9) DSS 8.1 9/3/98 Requirements Schedule DSS
Agreement (D)A15
(10) DSS 8.1 9/3/98 Solutions Schedule Pathway
Agreement (D)A16
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE
Printed on: 4/25/2022
Page 2 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
(11) POCL 8.0 13/11/97 Requirements Schedule POCL
Agreement (P)A15
(12) POCL 8.1 9/3/98 Solutions Schedule Pathway
Agreement (P)A16
(13) CR/FSP/004 5.1 23/7/98 Service Architecture Pathway
Design Document
(14) PA/STR/O09 = 2.0 24/2/98 Release Contents Pathway
Definition for Pathway
New Release 2
(15) RS/FSP/001 3.2 5/8/98 Security Functional Pathway
Specification
(16) RS/POL/003 2.0 24/2/98 I Access Control Policy Pathway
(17) VVUSTR/008 2.0 28/1/98 Release 2 Security Test Pathway
Strategy
(18) VI/PLA/005 4.0 20/8/98 Pathway Corporate Pathway
Services (MIS) Domain -
Security HLTP
(19) VI/PLA/O06 4.0 20/8/98 DeLa Rue Domain - Pathway
Security HLTP
(20) VI/PLA/O07 3.0 20/8/98 Systems Management Pathway
Domain - Security HLTP
(21) VI/PLA/008 2.0 29/1/98 DSS Service Pathway
Environment Domain -
Security HLTP
(22) VI/PLA/009 3.0 6/3/98 Central Services Domain- Pathway
Security HLTP
(23) VI/PLA/010 4.0 20/8/98 POCL & POCL Clients Pathway
Domain - Security HLTP
(24) VI/PLA/O11 2.0 20/08/98 Post Office Platform Pathway
Domain - Security HLTP
(25) VI/PLA/012 4.0 20/8/98 I PAS/CMS Service Pathway
Domain - Security HLTP
(26) VI/TSC/105 =. 3.0 31/07/98 Technical Integrity Test I Pathway
Plan
(27) RS/POL/002 3.3 23/2/98 Pathway Security Policy Pathway
(28) RS/PRO/028 0.1 27/4/98 ICL Pathway Security Pathway
Management Procedures
(29) RS/PRP/002 1.0 21/12/95 BPS - Security Proposal Pathway
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE
CONTRACT CONTROLLED
Printed on: 4/25/2022
Page 3 of 41
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref. RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
(30) 6.0 6/97 Benefit Payment Card: DSS
Card Technical
Specification
(31) RS/SPE/003 2.0 8/4/98 Extended Verification Pathway
Process Requirement
(32) RS/SPE/001 4.0 12/12/97 Fraud Risk Management Pathway
Service Design
Specification
(33) RS/SPE/002 0.9 1/7197 Forwarding, Disposal of Pathway
Impounded Cards, PUNs
and Temporary Tokens
(34) SU/STD/001 0.1 20/71/94 DSS Business Data DSS
Standards (Referenced)
(35) CAP/IFS/002 6.04 10/10/97 CAPS to PAS/CMS Data DSS
Interface Definitions &
Validation Rules (R3)
(Release 2)
(36) RS/PRO/O30 0.2 4/8/98 Evidential Information- I Pathway
Production, Certification
& Retention (PACE)
(37) CR/FSP/006 2.2 8/9/97 Audit Trail Functional Pathway
Specification
(38) CR/FSP/008 7.0 20/4/98 Post Office Not Available Pathway
for Benefit Encashment
(39) BP/PRO/003 2.0 27/9/96 Post Office Site Failure POCL
Contingency Procedures
(40) PA/PLA/OO3 0.6 17/4/97 Disaster Recovery Plan Pathway
(in course of update)
(41) BP/PLA/013 1.0 22/2/97 Contingency Map Pathway
(42) BS/DOC/001 01 30/11/95 BPS Security Statement DSS/POCL
(43) RS/REQ/0001 2.0 12/12/96 ICL Pathway Security Pathway
Objectives
(44) TD/DES/031 1.3 03/4/98 Release 2 Resilience Pathway
and Recovery Strategy
(45) RS/PRO/O31 0.1 17/8/98 I Security Awareness Pathway
Training
(46) RS/PRO/O32 0.1 17/8/98 Security Event Pathway
Management Process
(47) RS/PRO/O13 1.0 25/6/98 Horizon Security Passes Pathway
Procedure
(48) RS/PRO/O02 1.0 28/7/98 Security Vetting Process Pathway
(49) IA/PLA/O01 0.1 28/4/98 Audit Plan Pathway
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE
Printed on: 4/25/2022
Page 4 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
(50) IM/ACS/001 2.0 23/6/98 Training Acceptance Pathway
Test Specification
(51) tba Security HLTP Girobank
(52) t.b.a Security HLTP ge
(53) t.b.a Security HLTP ee
0.3 ABBREVIATIONS
BT Business Thread
DSS Department of Social Security
HLTP High Level Test Plan
PDA Programme Delivery Authority
POCL Post Office Counters Ltd
0.4 CHANGES IN THIS VERSION
This Version is issued for approval by Horizon.
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 5 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway Security
Acceptance Test Specification
FUJ00001527
FUJ00001527
Ref: RS/ACS/002
Version: 2.0
Date: 16/10/98
TABLE OF CONTENT
0. DOCUMENT CONTROL
0.1 DOCUMENT HISTORY
0.2 ASSOCIATED DOCUMENTS
0.3 ABBREVIATIONS
0.4 CHANGES IN THIS VERSION
1, PURPOSE & SCOPE
2. ACCEPTANCE INCIDENTS
3. ACCEPTANCE PERIOD
4, DELIVERABLES & SERVICE
5. ACCEPTANCE CRITERIA
5.
.1 ACCEPTANCE CRITERIA AND TEST CONDITIONS
5.1.1 Description of tests conducted by Acceptance Trial
5.1.2 Description of tests conducted by Acceptance Review
5.2 CRITERIA FOR LATER ACCEPTANCE,
5.3 CRITERIA SUMMARY
6. ACCEPTANCE INCIDENT SEVERITY
6.1 HIGH SEVERITY INCIDENTS
6.2 MEDIUM SEVERITY INCIDENTS
6.3 LOW SEVERITY INCIDENTS
7. TEST DATA
8. AUTHORITY RESPONSIBILITIES
8.1 APPOINT TEST MANAGER
8.2 ACCEPTANCE INCIDENT REPORTS
8.3 ACCEPTANCE INCIDENT ANALYSIS REPORTS
8.4 ATTENDANCE AT TRIALS AND REVIEWS.
8.5 MANAGEMENT AND CO-ORDINATION
8.6 PROGRESS REVIEWS
9. CONTRACTOR RESPONSIBILITIES
10. ACCEPTANCE TRIAL TEST CONDITIONS
10.1 SECURITY NON-FUNCTIONAL TESTS (REQ 828/1)
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE
CONTRACT CONTROLLED
Printed on: 4/25/2022
Page 6 of 41
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
1. PURPOSE & SCOPE
This document describes the Acceptance Test for Security in accordance with
the Acceptance Procedures that are set out in the Schedules referred to in
section 0.2 and also in the Pathway document “Standard for Documenting
Acceptance Specifications”. This Test will determine that Security meets all the
Acceptance Criteria that are agreed in the Acceptance Specification and that are
within the scope of the “Pathway Release Contents Specification” document for
New Release 2, if applicable.
Schedule C3
Policies & Standards
Customer Service
Education Levels
POCLIDSS POCLIDSS POCLDSS
Implementation Implementation Implementation
Training Service Rollout
2 pes ee ‘TIP Interface MIS Interface
S
2 pee es bet
z PAS cos
Help Desks 2
Reference
Data
POCL
Infrastructure
APS
BES OBCS as
EPOSS
Figure1-1: This Acceptance Test in relation to others
2. ACCEPTANCE INCIDENTS
The standard and method for originating, progressing and resolving Acceptance
Incidents shall be as described in the associated Document “Standard for
Raising and Progressing Acceptance Incidents”.
3. ACCEPTANCE PERIOD
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 7 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
The Acceptance Period for the Acceptance Tests which comprise the Operational
Trial is as determined by schedule BO7 of the AUTHORITIES’ Agreement.
The Pathway programme plan details the schedule for the Security Acceptance
Test.
4, DELIVERABLES & SERVICE
This section details the Deliverables and Services that are the subject of this
Acceptance Test and as defined by the related Agreements.
Deliverable or Contract Method
Service. Reference
Non-functional Requirements Schedule (A)B04 Acceptance Trial
requirements Requirements Schedule (D)A15 Acceptance Review
Requirements Schedule (P)A15
Table of Deliverables and Services.
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 8 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
5. ACCEPTANCE CRITERIA
This section lists the identifier of each Acceptance Criterion that will be
demonstrated by the Acceptance Test. It also lists the Acceptance Test
Conditions that are used to determine whether (or not) the Acceptance Criterion
has been met together with the applicable test Phase, Technical Test, or Live
Trial.
Acceptance Criteria are split into three sets of tables according to the nature of
the acceptance method, one set for those tested by Acceptance Trial, a second
for those tested by Acceptance Review and a third which lists those criteria which
are for Acceptance at a later release. The Release on which Acceptance is to be
conducted is defined by reference to the Release Contents Description included
in the Associated Documents section of the Acceptance Specification.
Exceptionally, it may be necessary for one particular Acceptance Criterion to be
tested by a combination of trial and review in which case there are entries for
Trial and Review.
5.1 ACCEPTANCE CRITERIA AND TEST CONDITIONS
Conformance of the Security Acceptance Criteria will be demonstrated through
Acceptance Trials and/or Acceptance Reviews.
Tests conducted by Acceptance Trials comprise practical tests using prepared
test scripts. If applicable the Test Condition(s) appropriate to a criterion are
specified in section 5.1.1 together with a description of the test. Detailed
composition of the test in terms of sequences of Test Conditions is contained in
Section 10. In the tables in section 5.1.1 the rows labelled Function Run entry
will be populated immediately prior to the running of the Acceptance Trials ina
working version of the Acceptance Test Specification. These will provide
invigilators with references to the checklists used to monitor the progress of the
testing. The order of running of Test Conditions will not necessarily correspond
to the order presented in HLTPs because of the “physicalisation” of the testing.
The Function Run entry will allow the invigilator to read across from the criterion
to the checklist.
Tests conducted by Acceptance Review comprise typically document reviews,
site visits or presentations. If applicable the Test Condition(s) are described in
section 5.1.2.
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 9 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
5.1.1 Description of tests conducted by Acceptance Trial
The table below shows which acceptance criteria will be met by Acceptance Trial.
All of the tests in this section will be performed during the Technical Test phase.
Requirement ID 828
Criterion Number I 1
Derivation Requirement
Criterion The confidentiality, integrity, validity and completeness of
Description data shall be maintained throughout all storage, processes
and transmissions, including during periods of Service
Failure and recovery from Service Failure.
HLTP/Business I (18) through (25) ; (51); (52); (53)
Thread Scenario
Requirement entry 828/1 is used to reference all the relevant
Acceptance Trial provisions of (15) and (16).
Scenario Test Scripts as shown in Section 10.1
Description
Function Run Non-functional tests
Entry
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 10 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 830
Criterion Number _I 1
Derivation Requirement
Criterion The CONTRACTOR shall ensure that all Services are
Description supported by contingency plans including fallback
Transactions that minimise or negate the impact of failure in
any of the Services.
HLTP/ Business I (26) ; (44)
Thread Scenario
Requirement entry 830/1 is used to reference all related
Acceptance Trial provisions. These are described in sub-
referenced documents: Pathway Release 2 Resilience and
Recovery Strategy, (TD/DES/031), Issue 1.0; Pathway
Network Infrastructure Resilience Validation (TD/DES/0029),
Issue 1.0.
Note that Requirement entry 830/1 is also included in the list
of criteria to be met by Acceptance Review.
Scenario Test Scripts are as shown in the Technical Integrity Test Plan
Description (26).
Function Run Non-functional tests
Entry
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 11 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
5.1.2 Description of tests conducted by Acceptance Review
The table below shows which Acceptance criteria are to be met by Acceptance
Review. Acceptance Tests will use the versions of any relevant documents (as
referenced from section 0.2) contained in the approved version of the
Acceptance Specification.
Requirement ID 698
Criterion Number 1
Derivation Requirement
Criterion The contractor shall minimise and control liabilities to
Description itself and the AUTHORITIES.
Test Condition Appropriate policy and standards are in place.
Method Document Inspection
References (27); (28); (15) ; (16)
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 12 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 698
Criterion Number 2 (a) and (c to 0)
Derivation Requirement
Criterion The CONTRACTOR shall, by a date consistent with the
Description project plan agreed by the parties, such that the date
does not adversely impact contractual milestones as
defined in Clause 605.1 of the Authorities Agreement, set
up an organised security infrastructure covering:
(a) the agreement of a security policy;
(b) (See next page)
(c) security education and training;
(a) reporting security incidents;
(e) physical security control;
(£) virus control;
(g) business continuity;
(h) control of Software;
(i) Safeguarding DSS and POCL records;
(5) information classification;
(x) compliance with data protection and other legislation;
(1) information exchange control;
(m) CONTRACTOR's sub-contractors and suppliers;
(n) compliance with security policy;
(o) the management of fraud and risk during Service
operation.
Test Condition An organised security infrastructure is in place.
Method Document Inspection ; Site Visits
References Review of (27):
(a) (27) is approved by the Authorities
(b) (see next page)
(©) Section 5.3 ; and (45)
(d) Section 3.8 ; and (46) ; (47)
(e) Section 6.3
(f)) Section 7.4
(g) Section 8; and (28) Section 9. See also 830/1
(h) Section 7.6; and (28) Section 8
() Section 6.2 . See also 828/1
@) Section 6.1; and (28) Section 3.2. see also 830/1
(k) Section 9.2; and (28) Section 10.1.3. See also 830/1
() Section 7.5. See also 828/1
(m) Section 7.7; and (48)
(n) Section 9.1; and (49)
(0) Section 4. See also 897/1
908 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 472572022
Page 13 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
[Phase [Operational Trial
Requirement ID 698
Criterion Number 2 (b)
Derivation Requirement
Criterion Allocation of security responsibilities;.
Description
Test Condition An organised security infrastructure is in place.
Method Demonstration or Presentation
References (27) Section 3
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 14 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security RS/ACS/002
Acceptance Test Specification 2.0
16/10/98
Requirement ID 698
Criterion Number 3
Derivation Requirement
Criterion The CONTRACTOR shall be compliant with BS7799.
Description
Test Condition Pathway complies with BS7799
Method Document inspection
References (27) Section 9.3 ; See also 828/1
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 15 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 722
Criterion Number
1
Derivation
Requirement
Criterion
Description
Card Authentication Methods shall be positive rather than
negative, resistant to forgery or other unauthorised
manipulation and shall include the mechanism set out in
the solution to this requirement for identifying the
attempted use of non genuine and / or invalid Cards and
Temporary Tokens.
Test Condition
Card Authentication Methods are as described.
Method
Document Inspection
References
((8) $722
Pathway Response
Pathway confirms that the card authentication
method will be positive rather than negative,
resistant to forgery or other unauthorised
manipulation and will include an agreed mechanism
for identifying the attempted use of counterfeit or
invalid cards and temporary tokens. Please see also
the document entitled “The Pathway Benefit
Payment Service - Security Proposal”, dated
21/12/95 [(29)].
Pathway Comment
None);
(29) Section 3 as updated by (30) and (13) 3.1.1.4
See also 828/1 and 830/1
Phase
Operational Trial
© 1998 ICL Pathway Ltd
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 16 of 41
CONTRACT CONTROLLED
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 723
Criterion Number
1
Derivation Requirement
Criterion Cardholder Verification Methods shall be resistant to
Description impersonation and shall include the mechanism specified
in the solution to this requirement for identifying the
attempted use of a Card or Temporary Token by a person
other than an Authorised Person.
Test Condition 1. Cardholder Verification Methods are as specified.
Method Document Inspection
References 1. ((8) $723
2. Reference No 723
3.
4, Pathway Response
5. Pathway confirms that cardholder verification methods
will be resistant to impersonation and will include an
agreed mechanism for identifying the attempted use of a
card or temporary token by unauthorised persons. Please
see also the document entitled “The Pathway Benefit
Payment Service - Security Proposal”, dated
21/12/95[(29)].
6.
7. Pathway Comment
8. None);
9.
10.(29) Section 5.3, 6 as updated by (13) 4.1.1.5; (31)
11.See also 828/1 and 830/1
12.
Phase Operational Trial
© 1998 ICL Pathway Ltd
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 17 of 41
CONTRACT CONTROLLED
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
Acceptance Test Specification Version:
FUJ00001527
FUJ00001527
Security Ref: RS/ACS/002
2.0
Date: 16/10/98
Requirement ID
747
Criterion Number
1
Derivation Requirement
Criterion All aspects of Card Management including production,
Description storage, delivery and destruction of Cards shall be
secure, auditable and allow the production of audit trails
of all Cards and collateral material.
Test Condition The following are secure, auditable and allow the
production of audit trails:
(a) Card and Temporary Token production and storage
(vb) Card delivery
(c) Card and Temporary Token impounding / destruction
/ forwarding at the post office; Card destruction at the
ERM centre
Method (m) (a) Site visits
( (b) Document inspection; Live Trial Report review
(0) (c) Document inspection
(p)
References (a) to be scheduled
(vb) (13) 4.1.1.2, 4.1.1.3 [Note: Change Proposal
pending]
(©) (13) 4.1.1.6, 4.1.1.7; (33);(32) ; PPD ; (50)
Phase Operational Trial
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 18 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
Acceptance Test Specification Version:
FUJ00001527
FUJ00001527
Security Ref: RS/ACS/002
2.0
Date: 16/10/98
Requirement ID 747
Criterion Number 2
Derivation Requirement
Criterion The CONTRACTOR shall use all reasonable endeavours to assist
Description with the investigation of the repudiation claim, including, but not
limited to, timely provision of relevant data and documents from
the CONTRACTOR’s systems or services in a format suitable for
detailed analysis by the AUTHORITIES.
Test Condition Processes provide for data to be so retained
Method Document Inspection
References (32)
Phase Operational Trial
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 19 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
FUJ00001527
FUJ00001527
Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 828
Criterion Number 2
Derivation Requirement
Criterion The CONTRACTOR shall ensure that all data passed
Description from PAS and CMS to CAPS adhere to the current DSS
Business Data Standards Document and any future
amendments.
Test Condition The agreed Test Reports from CAPS DIT and E2E
contain no non conforming entries relating to PAS/CMS
to CAPS transfers.
Method Document inspection. New Release 2 KPR has no non-
conforming entries relating to PAS/CMS to CAPS
transfers.
References (34), (35) ; E2E Test Report
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 20 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 829
Criterion Number 1
Derivation Requirement
Criterion The CONTRACTOR shall ensure that all relevant
Description information produced by the Service Infrastructure at the
request of the AUTHORITIES shall be evidentially
admissible and capable of certification in accordance with
the Police and Criminal Evidence Act (PACE) 1984, the
Police and Criminal Evidence (Northern Ireland) Order
1989 and equivalent legislation covering Scotland.
Test Condition Such information is evidentially admissible and
certifiable.
Method Document Inspection
References (27) Section 9.2; CFM data centre logs and Powerhelp
Call Management System logs; (36) ; (28). See also
828/1 & 830/1
Phase Operational Trial
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 21 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
FUJ00001527
FUJ00001527
Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 829
Criterion Number 2
Derivation Requirement
Criterion At the direction of the AUTHORITIES, audit trail and
Description other information necessary to support live investigations
and prosecutions shall be retained for the duration of the
investigation and prosecution irrespective of the normal
retention period of that information.
Test Condition Processes provide for information to be so retained at the
direction of the Authorities
Method Document Inspection
References (32); (37); (36)
Phase Operational Trial
© 1998 ICL Pathway Ltd
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 22 of 41
CONTRACT CONTROLLED
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 830
Criterion Number 1 through 8
Derivation Requirement
Criterion (1) The CONTRACTOR shall ensure that all Services are
Description supported by contingency plans including fallback
Transactions that minimise or negate the impact of
failure in any of the Services.
(2) The CONTRACTOR shall ensure that the
contingency plans for each Service are compatible
with an overall service continuity framework.
@) The contingency plans shall be based on impact and
risk assessments and agreed between the
CONTRACTOR and the AUTHORITIES by a date
consistent with the project plan agreed by the parties,
such that the date does not adversely impact
contractual milestones as defined in Clause 605.1 of
the Authorities Agreement.
(4) Ownership of all contingency actions shall be
identified in the contingency plans.
(5) The contingency plans shall include activation
procedures and time periods within which the
contingency measures shall be activated.
(6) The contingency plans shall include a testing strategy
with two distinct parts:
(a) Initial testing before commencement of Roll Out
of Services;
(v) Regular testing.
The contingency plan shall include without
limitation the following:
(a) Prevention measures.
(b) Preparedness measures.
(©) Contingency measures.
(d) Recovery of normal Service.
(ec) Contact lists.
(8) The contingency plans shall be subject to joint periodic
review by the CONTRACTOR and AUTHORITIES by a
process to be agreed by a date consistent with the project
plan agreed by the parties, such that the date does not
adversely impact contractual milestones as defined in
Clause 605.1 of the Authorities Agreement, to ensure that
they meet the AUTHORITIES’ aims.
Test Condition Appropriate agreed contingency plans are in place and
are subject to review
Suitable Contingency plans are in place.
(7
Note that Requirement entry 830/1 is also included in the
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 23 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
criteria to be met by Acceptance Trial to cover
operational facilities for Resilience, Recovery and Error
Handling.
Method Document inspection ; Demonstration; Test Report
Review
References (41); (38); (39); (13) Section 4.1.6; (40)
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 24 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 830
Criterion Number 9
Derivation Requirement
Criterion When contingency operation is invoked as a result of a
Description fault of the Services provided by the CONTRACTOR,
then the provisions of Schedule B03 [Service Level
Agreement Schedules] of the AUTHORITIES’ Agreement
shall continue to apply.
Test Condition None
Method
References
Phase
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 25 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
Acceptance Test Specification
FU,
Security Ref: RS/ACS/002
Version: 2.0
Date: 16/10/98
FUJ00001527
}J00001527
Requirement ID
872
Criterion Number
1
Derivation Requirement (DSS only)
Criterion Information marked as Nationally Sensitive shall be
Description handled in accordance with the Departmental IT Security
Standards (reference DITSG/ITSS/0001.04, version 6.2
dated March 1996)
Test Condition Processes for handling such information are in
accordance with the applicable standard
Method Document inspection
References (13) 3.1.1.8.4, 3.1.2.11, 3.1.3.4
Phase Operational Trial
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 26 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
Acceptance Test Specification
FUJ00001527
FUJ00001527
Security Ref: RS/ACS/002
Version: 2.0
Date: 16/10/98
Requirement ID 897
Criterion Number 1
Derivation Requirement
Criterion The security policies of the CONTRACTOR in providing
Description the Services shall be consistent with the security
objectives and policies stated in the BPS Security
Statement.
Test Condition The security policies are consistent with the objectives
and policies of the BPS Security Statement
Method Document Inspection
References (27); (42)
Phase Operational Trial
© 1998 ICL Pathway Ltd
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 27 of 41
CONTRACT CONTROLLED
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref. RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Requirement ID 897
Criterion Number 2
Derivation Requirement
Criterion The CONTRACTOR shall provide an appropriate
Description countermeasure to each threat identified in the BPS
Security Statement.
Test Condition An appropriate countermeasure is provided to each
threat.
Method Document inspection
References (42); (29) as updated by (43) and (15); (27)
Phase Operational Trial
© 1998 ICL Pathway Ltd © COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 28 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
ICL Pathway
Security
Acceptance Test Specification
FUJ00001527
FUJ00001527
Ref.: RS/ACS/002
Version: 2.0
Date: 16/10/98
5.2 CRITERIA FOR LATER ACCEPTANCE
n/a
5.3 CRITERIA SUMMARY
Req ID
Criterion
Trial
Review
Later
Acceptance
698
698
698
722
723
747
ND NDS
147
828
828
829
829
830
830
830
830
830
830
830
830
830
872
897
897
Ny] 3]3]o]a@]N]o}on] A}oo}ro]]no]] ro] Ir] ] 3} oo]
AISISISINI SISSIES SIS SSS
© 1998 ICL Pathway Ltd
COMMERCIAL IN CONFIDENCE
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
Printed on: 4/25/2022
Page 29 of 41
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
6. ACCEPTANCE INCIDENT SEVERITY
This section identifies the guidelines to be applied during the analysis of
Acceptance Incidents, in order to establish the severity of such Acceptance
Incidents.
6.1. HIGH SEVERITY INCIDENTS
Failure to meet an Acceptance Criterion which would have a substantive impact
on the service received by the Customer, e.g. failure to pay benefits to the right
person, at the right place, at the right time.
Failure to meet an Acceptance Criterion which would have a major impact on the
ability of the AUTHORITY or AUTHORITIES to perform their business, or where
there was a major impact on the resources of the AUTHORITY or AUTHORITIES
necessary to overcome that impact on their business, e.g. failure to support
accurate POCL accounting.
Failure to meet an Acceptance Criterion which would impact the security of the
service where there is no acceptable procedural workaround.
Consistent failure to meet Minimum Acceptable Thresholds for Service Levels,
e.g. where particular transactions do not meet the minimum Acceptable
Threshold under normal loading.
6.2 MEDIUM SEVERITY INCIDENTS
Failure to meet an Acceptance Criterion which is visible to the Customer and is
likely to give rise to an adverse public perception of the service, but does not
substantively impact the service received by the Customer, e.g. incorrect spelling
on a receipt.
Failure to meet an Acceptance Criterion which would have a medium impact on
the ability of the AUTHORITY or AUTHORITIES to perform their business, or
where there was a medium impact on the resources of the AUTHORITY or
AUTHORITIES necessary to overcome that impact on their business, e.g. non-
production of a weekly report, resulting in its manual transcription, which causes
additional resource or effort at every outlet of the average duration of one hour
per week per outlet.
Occasional failure to meet Minimum Acceptable Thresholds for Service Levels,
e.g. at peak loading, some transactions fail to meet Minimum Acceptable
Thresholds, but on average all transactions within the service do achieve
Minimum Acceptable Thresholds.
6.3 LOW SEVERITY INCIDENTS
Failure to meet an Acceptance Criterion that is neither visible to nor has
substantive impact on the service received by the Customer e.g. presentational,
style and other cosmetic faults that are only visible to the user.
Failure to meet an Acceptance Criterion which would have a minor impact on the
ability of the AUTHORITY or AUTHORITIES to perform their business, or where
there was a minor impact on the resources of the AUTHORITY or AUTHORITIES
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 30 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security RS/ACS/002
Acceptance Test Specification Te 1008
6,
necessary to overcome that impact on their business, e.g. non-production of a
weekly report, resulting in its manual transcription, which causes additional
resource or effort at ten or fewer outlets of the average duration of one hour per
week per outlet.
Failure to meet an Acceptance Criterion which would impact the security of the
service but where the workaround is as secure as the original solution (i.e. the
only impact on risk is in ensuring that the workaround is performed, but where
procedures have been agreed and are in place).
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 31 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
7. TEST DATA
Test data including any operator entered scripts that are required to run the
Acceptance Test are defined below.
Business TestThread:
None
High Level Test Plan(s):
Pathway Corporate Services (MIS) Domain - Security HLTP
De La Rue Domain - Security HLTP
Systems Management Domain - Security HLTP
DSS Service Environment Domain - Security HLTP
Central Services Domain- Security HLTP
POCL & POCL Clients Domain - Security HLTP
Post Office Platform Domain - Security HLTP
PAS/CMS Service Domain - Security HLTP
Technical Integrity Test Plan
THIRD PARTY TEST DETAILS
Girobank - Security HLTP
ICL Outsourcing(Systems management) - Security HLTP
ICL Outsourcing(Support Services) - Security HLTP.
Organisations:
Solutions Engineering, The Solution Centre, ICL
ICL Outsourcing -
Girobank
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 32 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
8. AUTHORITY RESPONSIBILITIES
This section describes the AUTHORITY’s or AUTHORITIES’ Responsibilities in
relation to this Acceptance Test. Particular Acceptance Tests may also require
additional participation and responsibility by the AUTHORITY or AUTHORITIES.
8.1 APPOINT TEST MANAGER
The AUTHORITY or AUTHORITIES shall nominate a Test Manager and other
representatives to review the tests prior to commencement of the test.
8.2 ACCEPTANCE INCIDENT REPORTS
The nominated representatives and Test Manager shall be diligent in raising
complete, accurate and timely Acceptance Incident Reports as set out within this
Acceptance Test specification.
8.3. ACCEPTANCE INCIDENT ANALYSIS REPORTS
The Test Manager shall be diligent in returning signed Acceptance Incident
Analysis Reports with their decision (e.g. Accept, Reject, Discuss) normally
within five working days, or when urgency is requested by Pathway, within two
working days of receipt from Pathway. A copy of all correspondence will be
faxed to reduce delay.
8.4 ATTENDANCE AT TRIALS AND REVIEWS
The nominated representatives shall at their discretion attend Acceptance Test
Trials and Reviews including repeat Tests at reasonable times and reasonable
locations and with reasonable advance notice by Pathway.
8.5 MANAGEMENT AND CO-ORDINATION
The Test Manager shall be the single point of communication and co-ordination
with Pathway’s nominated Test Manager for all matters concerning this
Acceptance Test from its initial planning through to Acceptance.
8.6 PROGRESS REVIEWS
Unless otherwise waived by both parties, Pathway’s Test Manager and the
AUTHORITY’s or AUTHORITIES’ Test Manager shall meet each week to review
the progress and actions of both parties until Acceptance of the Acceptance Test
is achieved. The time and location of review meetings will be scheduled with at
least two week’s advance notice by Pathway.
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 33 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security _ Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
9. CONTRACTOR RESPONSIBILITIES
The Contractor shall nominate a Test Manager for each Test who shall be the
single point of communication and co-ordination with the AUTHORITY’s or
AUTHORITIES’ Test Manager for all matters concerning this Acceptance Test
from its initial planning through to Acceptance.
Upon receipt of a signed Acceptance Incident Analysis Report from the
AUTHORITY or AUTHORITIES, where correction is required to be re-tested
within the same phase of Acceptance Test, the Contractor will return the
amended component(s), on average, within 4 days. This will include re-testing
necessary as per the agreed test strategies.
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed on: 4/25/2022
Page 34 of 41
CONTRACT CONTROLLED
Nothing contained herein shall be deemed or construed as affecting existing contractual obligations or creating new contractual
obligations between ICL Pathway and the DSS and/or POCL.
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
10. ACCEPTANCE TRIAL TEST CONDITIONS
10.1 SECURITY NON-FUNCTIONAL TESTS (REQ 828/1)
The following represent the eight Security Domains and extracts from the corresponding Solution Centre(TSC) HLTPs.
The Generic group represents tests from one domain but which are common to several of the Domains.
DOMAIN Subdomain User Iden- I Authen- Access Audit Alarms Encryptio
tification I tication Control n/
Integrity
GENERIC Dynix (Sequent) PASO1_1_I PASO1_1_I PASO1_2 I PASO1_3 I PASO1_3
Oracle RDBMS PASO2_1_I PASO2_1_I PASO2_2 I PASO2_3 I PASO2 3
NT Server & Workstation Csbp01_1 I CSD01_1 I CSD01_2 ICSD01_3 I CSD01_3
PATHWAY Dynix (Sequent) PCS01_2
CORPORATE
SERVICES
ORACLE RDBMS (Sequent) PCS02_2
MIS Data Warehouse/SLAM DB
Database - DW
MIS NT Clients Slam Cache DB I PCSO03_1 I PCS03_1 I PCS03_2 I PCS03_3 I PCS03_3
Help Desk FTF Gateway (Local
& Remote) pcsi9_1 I Pcsi9_1 IPCS19_2 IPCS19_3 I PCS19_3
Pathway Clients PCS20_1 I PCS20_1 I PCS20_2 IPCS20_3 I PCS20_3
MIS NT Clients PCS04_1 I PCS04_1 I PCS04_2 I PCS04_3 I PCS04_3
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed:
4/25/2022
Page 35 of 41
ICL Pathway
Security
Acceptance Test Specification
Ref.
Version:
Date:
RS/ACS/002
2.0
16/10/98
FUJ00001527
FUJ00001527
SQL*Forms Interface
CON
MIS NT Clients
SQL*Forms Interface
CCS
PCS13_1
PCS13_1
PCS13_2
PCS13_3
PCS13_3
MIS NT Clients
SQL*Forms Interface
Reference Data
PCS14_1
PCS14_1
PCS14_2
PCS14_3
PCS14_3
MIS NT Clients
SQL*Forms Interface
Fraud Risk Management
PCS15_1
PCS15_1
PCS15_2
PCS15_3
PCS15_3
MIS NT Clients - FTMS
Help Desk FTF Gateway (Local
& Remote)
PCS05_2
PCS05_3
PCS05_3
MIS SLAM cache DB
Oracle Express Administrator
PCS06_2
MIS Client PC Windows
(SQL*Net Interface with Oracle)
Pathway Clients
PCS07_1
PCS07_1
PCS07_2
PCS07_3
PCS07_3
Oracle Express Server (OLAP)
MIS Data Warehouse / SLAM
PCS08_2
PCS08_3
PCS08_3
MIS Client PC
Oracle Express (OLAP)
Pathway Clients
PCS09_1
PCS09_1
PCS09_2
PCS09_3
PCS09_3
MIS Client PC
Business Objects
FRM
Pathway Clients
PCS10_1
PCS10_1
PCS10_2
PCS10_3
PCS10_3
© 1998 ICL Pathway Ltd
4/25/2022
COMMERCIAL IN CONFIDENCE
Printed:
Page 36 of 41
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
ORACLE RDBMS (Sequent) PCS11_1 I PCS11_1 I PCS11_2 IPCS11_3 I PCS11_3
MIS Data Warehouse/SLAM DB
Database - FCDB
ORACLE RDBMS (Sequent) PCS12_1 I PCS12_1 I PCS12_2 IPCS12_3 I PCS12_3
MIS Data Warehouse/SLAM DB
Database - SA
MIS Client PC PCS10_1 I PCS10_1 I PCS16_2 I PCS10_3 I PCS10_3
Business Objects
BO_REP
Pathway Clients
MIS Client PC PCS10_1 I PCS10_1 I PCS17_2 I PCS10_3 I PCS10_3
Business Objects
BPSMIS
Pathway Clients
MIS Client PC PCS10_1 I PCS10_1 I PCS18_2 IPCS10_3 I PCS10_3
Business Objects
BUSDEV
Pathway Clients
DE LA RUE Campus Access Node NT DLRO1_1_ I DLRO1_1 IDLRO1_2 IDLRO1_3 IDLRO1 3 I DLRO1 4
DLRCT Access Node NT DLRO2_1_I DLRO2_1 I DLRO2_2 IDLRO2_3 I DLRO2 3 I DLRO2 4
TDLR Access Node NT DLRO3_1_I DLRO3_1 I DLRO3_2 IDLRO3 3 I DLRO3 3
SYSTEMS Cisco Routers and Lan SMS09_1 I SMSO9_1 I SMSO9_2 I SMS09_3
MANAGEMENT _ I Switches
© 1998 ICL Pathway Ltd
4/25/2022
COMMERCIAL IN CONFIDENCE
Printed:
Page 37 of 41
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Auto Configuration Database SMS20_2 I SMS20_3
Server
Auto Configuration Server - SMS20b_ I SMS20b_ I SMS20b_ I SMS20b_
Database Client 1 1 2 3
Roll Out Database Server SMS21_2 I SMS21_3
Roll Out Database Client SMS21b_ ISMS21b_ ISMS21b_ I SMS21b_
1 1 2 3
Boot Server SMS22_2 I SMS22_3
CM Signing Server SMS23_1_ I SMS23_1 I SMS23_2 I SMS23_3 SMS23_4
Migration Agent Server SMS25_1_ISMS25_1 I SMS25_2 I SMS25_3
Miecco Laptop SMS25b_ I SMS25b_ I SMS25b_ I SMS25b_
1 1 2 3
SecurlD Server SMS26_1_ I SMS26_1_I SMS26_1 I SMS26_3
DSS SERVICE Access to VME DSE01_1 I DSE01_1 I DSE01_2 I DSE01_3 I DSE01_3
ENVIRONMENT
VME Filestore partition DSE01_2 IDSE01_3 I DSE01_3
OBCS data DSE03_3
CAPS data DSE04_3
On-line data DSE05_3
CENTRAL NT Domain Login CSD01_1 I CSD01_1 I CSD01_2 I CSD01_3
SERVICES
PDC
NT Domain Login CsbD02_1 I CSD02_1 I CSD02_2 I CSD02 3
BDC
Correspondence Server Login CSD03_1_ I CSD03_1 I CSD03_2 I CSD03_3 CSD03_4
© 1998 ICL Pathway Ltd
4/25/2022
COMMERCIAL IN CONFIDENCE
Printed:
Page 38 of 41
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
Agent & Signing Server Login CSD04_1 I CSD04_1 I CSD04_2 I CSD04_3 CSD04_4
Archive Server Login CSD05_1 I CSD05_1 I CSDO5 2 I CSD05 3 CSD05_4
Vector (Crypto) Server Login CSD06_1 I CSD06_1 I CSD06_2 I CSD06_3 CSD06_4
Network Time Management CSDO07_2
Server Login
POLO Recovery PRAW CspD08_1 ICSD08_1 I CSD08_2 I CSD08_3 CSD08_4
Workstation Login
POCL AND HAPS Campus Access Node POCLO1_ I POCLO1_ I POCLO1_ I POCLO1_ I POCLO1_ I POCLO1_
POCL CLIENTS I (NT 4.0) 1 1 2 3 3 4
HAPS Remote Access Node POCLO2_ I POCLO2_ I POCLO2_ I POCLO2_ I POCLO2_
(NT 4.0) 1 1 2 3 3
TIP Campus Access Node (NT I POCLO3_ I POCLO3_ I POCLO3_ I POCLO3_ I POCLO3_ I POCLO3_
4.0) 1 1 2 3 3 4
TIP Remote Access Node (NT I POCLO4_ I POCLO4_ I POCLO4_ I POCLO4_ I POCLO4_ I POCLO4_
4.0) 1 1 2 3 3 4
OFFICE Single-Counter Desktop OPS01_1 I OPSO1_1 I OPSO1_2 I OPSO1_3 I OPSO1_3 I OPS01_4
PLATFORM
Multi-Counter Desktop OPS05_1 I OPS05_1 I OPSO5_ 2 I OPSO5 3 I OPSO5_3 I OPS05 4
Riposte Message Store OPS06_1_I OPSO6_1 OPS06_3
Communications - ISDN OPS07_1_ I OPSO7_1 I OPS07_2 I OPS07_3
ISDN Crypto OPS10_1_ I OPS10_1 OPS10_3
ISDN Routers - External OPSO09_1 I OPSO9_1 I OPSO9_2 I OPS09_3
Interface - CLI
ISDN routers and Post Offices - I OPS10_1 I OPS10_1 OPS10_3
© 1998 ICL Pathway Ltd
4/25/2022
COMMERCIAL IN CONFIDENCE
Printed:
Page 39 of 41
FUJ00001527
FUJ00001527
ICL Pathway Security Ref: RS/ACS/002
Acceptance Test Specification Version: 2.0
Date: 16/10/98
External Interface - bidirectional
CHAP Authentication
PAS/CMS Hosts Central Server OS: Dynix I PASO1_01 I PASO1_01 I PASO1_02 I PASO1_03
SERVICE
Hosts Central Server Database: I PASO2_1_ I PASO2_1 I PASO2_2 I PASO2_3
Oracle
SQL Forms (Help Desk & PASO3_1 IPASO3_1 I PAS03_2 I PASO3_3
SASD)
© 1998 ICL Pathway Ltd COMMERCIAL IN CONFIDENCE Printed:
4/25/2022
Page 40 of 41