Post Office
Account Services
FUJ00002010
FUJ00002010
Closure of Associated NBX Circuits Ref: CS/PRO/163
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Distribution:
External Distribution:
Approval Authorities:
Closure of Associated NBX Circuits
Procedure
Network Banking
Procedure to close down the NBX links (Capo, Link & Alliance
& Leicester lings), in a controlled manner, or in an emergency
situation.
Controlled — For the purposes of maintenance, support,
upgrade, repair or replacement of any equipment used to
provide support for those links
Emergency - Should the service be under a threat that would
put the POL services or service infrastructure for End to End
Banking at risk of being materially impaired or degraded.
APPROVED
John Holman-Dine. Customer Services Post Office Account
John Holman-Dine, Dave Haywood, Colin Johnson, Liz
Melrose, Tony Wicks, Martin Odell
Dave Tanner, Peter Burden, Mik Peach, James Stinchcombe,
Brian Pinder, Andrew Gibson, Dave Jackson, lan Cooley, Tony
Wicks, Hilary Forrest, Janet Reynolds, Pete Thompson, Carl
Marx, Mike Stewart, Mike Woolgar.
Gary Blackburn, Adam Martin,, Dave Hulbert, Tim Vause
(See PA/PRO/010 for Approval roles)
Name Position Signature Date
Carl Marx POA Head of Service
Management
Gary Blackburn POL Live Systems Service
Manager
COMMERCIAL IN CONFIDENCE, Page: I of 11
© Copyright Fujitsu Services Limited 2006
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
0.0 Document Control
0.1 Document History
Version No. I Date Reason for Issue Associated
CP/PinICL
0.1 01/12/04 Initial Draft
0.2 01/06/06 Revised Draft
1.0 18/07/06 Comments from Tony Wicks included in document.
Submitted for Approval
0.2 Review Details
Review Comments by :
Review Comments to :
Mandatory Review Authority Name
POA Head of Service Management Carl Marx
POL Systems Live Service Manager Gary Blackburnp
Optional Review / Issued for Information
POL Business Continuity Manager
Tim Vause
POA Business Continuity Manager
Tony Wicks*
Post Office Account CS Director
Naomi Elliott
POL Service Improvement Manager Adam Martin
(* ) = Reviewers that returned comments
0.3. Associated Documents
Reference Version I Date Title Source
CON/MGM/005 Business Continuity Interface I PVCS
Agreement between Post Office
Ltd and Post Office Account
Services
CS/PRD/074 POA Incident Management I pycs
COMMERCIAL IN CONFIDENCE, Page: 2 of 11
© Copyright Fujitsu Services Limited 2006
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
Process
Unless a specific version is referred to above, reference should be made to the current
approved versions of the documents.
0.4 Abbreviations/Definitions
Abbreviation Definition
cs Customer Service (Post Office Account)
DR Disaster Recovery
HSD Horizon Service Desk
FI Financial Institution
MBCI Major Business Continuity Incident
MI Major Incident
NBX Network Banking (Capo, Link & Alliance & Leicester)
OcP Operational Change Process
POABCM Post Office Account Business Continuity Manager
PIR Post Incident Review
POA Post Office Account
POANST Post Office Account Network Support Team
POL Post Office Ltd
POLBCM Post Office Business Continuity Manager
POL SCT Post Office Service Continuity Team
POLPM Post Office Problem Manager
SMC Systems Management Centre
SDM Service Delivery Manager
0.5 Changes in this Version
Version Changes
0.2 Roles / responsibilities & organisational changes updated
NBS updated to NBX, to reflect change in infrastructure.
Reference to Major Incident Process added.
COMMERCIAL IN CONFIDENCE, Page: 3 of 11
© Copyright Fujitsu Services Limited 2006
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
0.6 Changes Expected
Changes
COMMERCIAL IN CONFIDENCE Page: 4 of 11
© Copyright Fujitsu Services Limited 2006
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Post Office Closure of Associated NBX Circuits
Account Services
COMMERCIAL IN CONFIDENCE
Ref:
Version:
Date:
CS/PRO/163
1.0
18-JUL-2006
FUJ00002010
FUJ00002010
TABLE OF CONTENTS
1.0 INTRODUCTION
2.0 SCOPE
3.0 CONTROLLED CLOSE DOWN
3.1 NOTIFICATION PROCEDURE (CONTROLLED)
4.0 EMERGENCY CLOSE DOWN (CAUSES/PROBLEMS)
4.1 NOTIFICATION PROCEDURE (EMERGENCY)
5.0 TECHNICAL CLOSE DOWN PROCEDURE
6.0 ESCALATION ROUTES
7.0 REINSTATEMENT OF THE NBX LINK
8.0 REPORTING
COMMERCIAL IN CONFIDENCE,
© Copyright Fujitsu Services Limited 2006
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Page: 5 of 11
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
1.0 Introduction
This document describes the procedure to be adopted should there be a requirement by Post
Office Account to close down one or more of the NBX links to end points (FI) (Capo, Link &
Alliance & Leicester) from the Data Centres, either in a controlled or an emergency situation.
Controlled — For the purposes of maintenance, support, upgrade, repair or replacement of any
equipment used to provide support for those links.
Emergency - Should the service be under a threat that would put the POL services or service
infrastructure for End to End Banking at risk of being materially impaired or degraded.
The closure in any circumstances would be at both Data Centres.
2.0 Scope
The scope of this document is
¢ Detail examples of the causes/problems that would initiate either a controlled or
emergency close down of the NBX Links.
e The processes (identification, notification, informing) surrounding the close down of the
link for either situation controlled or emergency
e The technical procedure of how Post Office Account would close down the link.
e The management, escalation and reporting of the close down within Post Office Account
and POL.
e The circumstances under which communications would be restricted or prevented (in
respect of all or certain types of data).
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 6 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
3.0 Controlled Close Down
Controlled — Close down of an NBX link from one of the Data Centres (Wigan or Bootle, not
both) for the purposes of, maintenance, support, upgrade, repair or replacement of any
equipment used to provide support for those Links
(NB. Scheduled maintenance to any component of the Data Centres, which provide on-line
service, will not be allowed during Network Banking core hours (0800 to 1730 Monday to
Friday (inclusive) and 0800 to 1300 Saturday, excluding English Bank holidays). The time for
the close down will also take into account times of bulk file transfers, and allocate a time in
agreement with all parties. This will be scheduled via OCP (Operational Change Process).
3.1 Notification Procedure (Controlled)
* OCP to close down the NBX link (Wigan or Bootle) will be raised
e¢ The POA On-line Service Delivery Managers will be made aware of the OCP and the
planned close down of the NBX link (Wigan or Bootle) and are mandatory approvers on
the OCP.
e POA OCP Manager will notify Post Office Ltd Change Management of the OCP. Post
Office Change Management will be asked to communicate to the impacted FI and within
Post Office Ltd and to approve the OCP.
e Wherever possible, POA will endeavour to meet the discussed non-contractual target of 7
working days notice, however a minimum notice period of 24 hours for controlled close
down will be given.
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 7 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
4.0 Emergency Close Down (Causes/Problems)
Emergency — Close down of the NBX link from both Data Centres (Bootle & Wigan) should
the service be under a threat that would put the POL services or service infrastructure for End
to End Banking at risk of being materially impaired or degraded.
Circumstances that would trigger such a close down can be summarised as follows:
e A threat to the Security of the POL Services or POL Service Infrastructure
¢ Data originating from any FI on the NBX could cause impairment or degradation.
e Data originating from the POL Service Infrastructure could cause impairment or
degradation.
e Banking transactions could be incorrectly authorised, due to actual or suspected failure in
End to End Banking
4.1 Notification Procedure (Emergency)
e The POA On-line Services SDM is alerted (via the normal route of HSD/SMC) to an “A”
priority call giving evidence of the problem - Primarily, the “A” priority call will have been
raised by the Post Office Account support teams, or by an FI logging call at the SMC. The
POA On-line SDM will consult as appropriate within Post Office Account Services to
make the decision to call Major Incident.
e PO On-line SDM informs the POABCM (Post Office Account Business Continuity
Manager) who in turn contacts the POLBCM (Post Office Business Continuity Manager)
to register a MBCTI. This is in accordance with the agreed procedure for an MBCI [DN:
“Business Continuity Interface Agreement between Post Office Ltd and Post Office
Account Services (CON/MGM/005)"].
e The Major Incident Process (POA Major Incident Process, CS/PRD/074) will be initiated,
and Major Incident Conference Call held to discuss the close down the link / links. The
Major Incident Conference Call will include impacted parties, including representatives
from Post Office Ltd.
© Following agreement on the MI Conference Call, the Network Support team will close
down the impacted NBX link/s.
e Via the Major Incident process (MI Conference Call), all impacted parties informed that
the links have been closed down.
¢ Major Incident Process continues until the links are restored.
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 8 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
5.0 Technical Close Down Procedure
The technical closing down of the Link or Links will be controlled and actioned by the
POANST (Post Office Account Network Support Team) based in both Bootle and Wigan.
Wigan Outside Firewalls Names Bootle Outside Firewall Names
wegn01-fw-26 btl01-fw-26
wgn01-fw-27 btlO1-fw-27
Financial Institution Port assignments common on all Outside Firewalls
LiNK e2
Alliance and Leicester 3
CAPO e4
DMZ el
Controlled and Emergency Close Down: For the controlled close down of one or more of
the links to the Financial institutions, shut down the relevant firewall port across all Wigan and
Bootle Outside firewalls, refer to table 1 for names and port assignments.
For example to close down access to and from Link, close port e2 on btl01-fw-26/27 and
wgn01-fw-26/27.
If Financial Institution have cause to be isolated due to a threat or otherwise, and the internal
port into the DMZ on all outside firewalls is shut down, management of the firewalls will still
be possible, as this is performed “out of band” for these firewalls. Therefore, although no
application traffic flow will be possible, management of firewalls to re-enable the DMZ
interface will be possible.
The topology deployed for NBX is depicted in figure 1, See Figure 1.
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 9 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
cao va ne Ee O eo90 ue na. UfITSU
‘Shared OMZ
Figure 1
6.0 Escalation Routes
Within the context of an emergency close down the escalation routes will follow the agreed
MBCI procedures & Major Incident Process [DN: See earlier note re CON/MGM/005]
7.0 Reinstatement of the NBX Link
Within the context of an emergency close down the link will be reinstated when the resolution
of the problem/cause for the close down has been identified and resolved. This will be in line
with the MBCTI / Major Incident procedure to complete the action plan.
Prior to the reinstatement of the link, Post Office Account may restrict or prevent
communications (in respect of all or certain types of data) to undertake, for example,
diagnostic or communications management functions.
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 10 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00002010
FUJ00002010
Post Office Closure of Associated NBX Circuits Ref: CS/PRO/163
Account Services
Version: 1.0
COMMERCIAL IN CONFIDENCE Date: 18-JUL-2006
8.0 Reporting
Within 1 working day of Post Office Account closing down the link between the Data Centres
and the NBX under the emergency process, a Major Incident report will be sent to the POL
BCM & POL SCT stating:
.
Overview of the Incident, including why the action was necessary.
Service, Estate and Business impact during the Incident.
Incident Timeline
Current Root Cause Analysis
Current state of the link
Tf still closed, the further actions required by all parties to get the link back to an
operational state.
The further actions being undertaken to identify proposals that will prevent recurrence of
the need to close the interface in such an emergency situation.
As part of the Major Incident Process a PIR (Post Incident Review) will be held at an
appropriate time after the closure of the Incident & a report containing full action plan will be
generated and distributed.
© 2004 Post Office Account ServicesCOMMERCIAL IN CONFIDENCE Page: 11 of 9
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)