Fe)
FUJITSU
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
Framework
COMMERCIAL IN CONFIDENCE
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Author & Dept:
Internal Distribution:
External Distribution:
HNG-X BUSINESS CONTINUITY FRAMEWORK
SERVICE PROVISION PLAN
Release Independent
This document provides a Service Continuity Framework as
required by Schedule B2
APPROVED
Adam Parker, Royal Mail Group Account, Customer Service
Business Continuity.
James Davidson, Tony Atkinson, lan Mills, Mike Stewart, Tom
Lillywhite, Pete Thompson, David Wilcox, Mike Woolgar, Dave
Chapman, Dave Tanner, Royal Mail Group Account Library
Dave Hulbert- Post Office Limited, Gary Blackburn — Post Office
Limited, Post Office Limited Library
Security Risk YES See section 0.10
Assessment Confirmed
Approval Authorities:
Name Role Signature Date
James Davidson Operations Director, Royal
Mail Group Account
Dave Hulbert Post Office Limited, Service
Manager
©Copyright Fujitsu Services Ltd 2010 ‘COMMERCIAL IN CONFIDENCE Refi SVMISDMISIP/0001
Version 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2010
STORED Page No: 1 of 31
FUJ00002242
FUJ00002242
(oe) Royal Mail Group Account HNG-X Business Continuity .
FUJITSU Framework E&
COMMERCIAL IN CONFIDENCE
0.
0.1
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
3.1
ounbonrs
41
42
5
6
6.1
6.2
6.2.1 Existing Services.
6.2.2 New Service:
Document Control
Table of Contents
DOCUMENT CONTROL.........cscscsssssessnssssescesssssssesssessseeseasaestecseenenseeesensneseeeesaeaee 2
Table of Contents.
Document History.
Review Details...
Acceptance by Document Review.
Associated Documents (Internal & External)..
Security Risk Assessme!
INTRODUCTION .......ccscssssessessesessssessesessesnsencasensacenseccessncassntsucesesereesseaseeessenseneesees 9
SCOPE......cscsesscsssssescssssssssssssssessescacsearsnevsoceescsssesseeescaeaeaearsncaearacsetseseaeesesasseeeeeasee 10
FRAMEWORK OVERVIEW.........scsccccsesssssessssssssesscecsesesesseseesensnenensenessceseseeeeseeeeee 11
Introduction.......
Business Continuity Plans. 11
Service Framework.... 13
Business Continuity Management Proces: 13
Test strategy and plan:
Review strategy......
Deliverables and Acceptance Methods.
SERVICE FRAMEWORK.
Introductio:
HNG-X Servi i ip
BUSINESS CONTINUITY MANAGEMENT PROCESG..........:c:ccesssssseseseseseeseeee 18
TEST STRATEGY AND PLANG.........csssesessssssssssesssseesecsesessseesensasetsnensateseeasneeneee 19
Requirements.
Initial Testing.
6.3 Ongoing testing.
7 REVIEW STRATEGY.
8 BUSINESS CONTINUITY PLANS.
©Copyright Fujitsu Services Ltd 2010 ‘COMMERCIAL IN CONFIDENCE Ref. SVMISDMISIP/0001
Version 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2010
STORED Page No: 2 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
8.1. Ownership of Plans.
8.2 Plan Activation.
8.3 Impact and Risk Assessmen'
8.4 Other Requirements......
8.4.1 Preventative Measures.
8.4.2 Preparedness Measures.
8.4.3 Contingency Measures...
8.4.4 Recovery of Normal Service.
8.4.5 Contact List...
9 DELIVERABLES AND ACCEPTANCE METHODS.
9.1 Introducti
1 Joint Revie
2 Document Inspection
3 Procedural Walkthrough.
4 Operational Test
9.2 Contract Controlled
9.2.1 Summary...
9.2.2 Deliverables List
9.3 BCF Referenced Documen'
9.3.1 Summary.
9.3.2 Deliverables List
9.4 Technical Design Documentation.
9.4.1 Summary...
9.4.2 Deliverables List.
9.4.3 Review Method........:cseee se sees 31
9.5 Customer Contingency Plans and Royal Mail Group Account Deliverables in Support of
Plans 31
9.5.1 Summary....
9.5.2 Deliverables Lis'
o©ooo
1.
1.
1.
1
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 3 of 31
Fe)
FUJITSU
Royal Mail Group Account HNG-X Business Continuity
Framework
COMMERCIAL IN CONFIDENCE
FUJ00002242
FUJ00002242
0.2 Document History
Version No. Date
Summary of Changes and Reason for Issue
Associated Change -
CP/PEAK/PPRR
Reference
0.1
02/08/07
First draft using HNG-x template. Created using
CS/SIP/002 version 13.0 and focusing upon the
Horizon to HNGX transition phase and HNG-x.
None
0.2
09/12/08
Incorporates minor comments received on
version 0.1. Also revised for changes in the HNG-
X programme over the past year and for
organisational changes.
None
0.3
19/12/2008
Changes were made to the document for
Acceptance by Document Review with the
insertion of the Section containing the table of
cross references for Acceptance by Document
Review.
None
0.4
03/03/2009
Removed ASS, SMgmtS, TPMS, Engineering
Services from Table 1 as whilst these have
Service Descriptions they are not defined as
Applicable Services in Schedule 1. These were
incorrectly added, by Tony Wicks, to version 0.2
of this BCF.
Created a wider review circulation using the list
defined in PGM/DCM/ION/0001 for SIP
documents.
None
01/04/2009
Issued for approval — no comments were received
from the version 0.4 comment cycle.
None
22/02/2010
Updated personnel info.
Chapter 6.3: Removed reference data test as this
is covered under BC1 and BC3. Amended test
coverage in line with sampling strategy agreed
with Gary Blackburn & John Halfacre.
None
1.2
28/07/2010
Updated personnel info as the document now
needs to be made into CCD for HNG-X R1
checkpoint.
None
2.0
03/09/2010
Approval version
None
0.3
Review Comments by
Review Comments to
Review Details
Role
Mandatory Review
Adam Parker & RMGADocumentManagementi
Name
Operations Director, Royal Mail Group Account
James Davidson
©Copyright Fujitsu Services Ltd 2010
‘COMMERCIAL IN CONFIDENCE Ref:
Version:
UNCONTROLLED IF PRINTED OR LOCALLY Date’
STORED Page No’
‘SVMI/SDMISIP/0001
2.0
03-Sep-2010
4of 31
FUJ00002242
FUJ00002242
oO Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
Post Office Limited, Service Manager Dave Hulbert
Head of Service Operations, Royal Mail Group Account Tony Atkinson
CISO Royal Mail Group Account Tom Lillywhite
POL Release Management Team POL Release Management Team
Royal Mail Group Account HNG-X Transition Sarah Bull
Name
Post Office Limited, Business Continuity Manager Gary Blackburn
Royal Mail Group Account HNG-X Programme Director Alan D’Alvarez
Royal Mail Group Account HNG-X Senior Architect TBA
Royal Mail Group Account Infrastructure Design Geof Slocombe
Royal Mail Group Account SSC Manager Pete Thompson
Post Office Limited RV Manager James Brett
Royal Mail Group Account Migration Governance Graham Welsh
Fujitsu Services Infrastructure Services Disaster Recovery and I Ed Ashford
Backup Architect
Network Service Manager, Customer Service, Royal Mail lan Mills
Group Account
Commercial Director Guy Wilkerson
Issued for Information — Please restrict this distribution list to a
minimum
Position/Role Name
Royal Mail Group Account Acceptance Manager David Cooke
Royal Mail Group Account Service Delivery Manager Claire Drake
Royal Mail Group Account Technical Design Authority Dave Chapman
Note. See Royal Mail Group Account HNG-X Reviewers/Approvers Role Matrix (PGM/DCM/ION/0001) for
guidance.
(*) = Reviewers that returned comments
0.4 Acceptance by Document Review
The sections in this document that have been identified to POL as comprising evidence to support
Acceptance by Document review (DR) are listed below for the relevant Requirements:
POL NFR DR_ Internal FS POL Document Document Section Heading
Acceptance Ref NFR Reference Section Number
SER-2156 SER-2156 8.4.1.44 Technical Design
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED PageNo: 5 of 31
FUJ00002242
FUJ00002242
(oe) Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
0.5 Associated Documents (Internal & External)
Reference Ver Date Title Source
SVM/SDM/PLA/0001 HNG-X Support Services Business I Dimensions
Continuity Plan
SVM/SDM/PLA/0002 HNG-X Services Business Continuity I Dimensions
Plan
SVM/SDM/PLA/0003 HNG-X Business Continuity Test I Dimensions
Plan
SVM/SDM/PLA/0031 HNG-X Security Business Continuity I Dimensions
Plan
SVM/SDM/PLA/0030 HNG-X Engineering Service Business I Dimensions
Continuity Plan
CS/CIS/002 (Horizon) Business Continuity I PVCS
Framework
CS/PLA/O79 The Horizon Services Business I PVCS
Continuity Plan
CS/PLA/080 The Horizon Support Services I PVCS
Business Continuity Plan
CS/PLA/O11 (Horizon) Business Continuity Test I PVCS
Plan
CS/PLA/O15, Horizon Service Desk Business I PVCS
Continuity Plan
DES/PER/HLD/0001 HNG-X Resilience And Disaster I Dimensions
Recovery High Level Design
1$027001 Information Security Management I British
System Requirements Standard
SVM/SDM/POL/0032 Information Security Management I Dimensions
Policy Set - Business Continuity
CS/PRD/021 Fujitsu Services (Royal Mail Group I PVCS
Account) Problem Management
Process
SU/MAN/018 Operations Procedures Manual Index I PVCS
CON/MGM/005 Post Office Limited and Fujitsu Post Office
Services Business Continuity Limited
Interface Agreement
SVM/SDM/PRO/0028 Fujitsu Services Royal Mail Group I Dimensions
Account HNG-X Business Continuity
Management Process
PGM/DCM/TEM/0001 Fujitsu Services Royal Mail Group I Dimensions
Account HNG-X Document Template
* Unless a specific version is referred to above, reference should be made to the current
approved versions of the documents.
©Copyright Fujitsu Services Ltd 2010
‘COMMERCIAL IN CONFIDENCE Ref: ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 6 of 31
FUJ00002242
FUJ00002242
(oe) Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
0.6 Abbreviations
Abbreviation Definition
ACS Auto Configuration Service
ADSL Asymmetric Digital Subscriber Line
AP Automated Payments
AP-ADC Automated Payments-Advanced Data Capture
APOP Automated Payments Outpay
APS Automated Payments System
ASS Applications Support Service
BCF Business Continuity Framework
BNS Branch Network Service
BRDB Branch Database
CMTS Communications Management Team Service
CNS Central Network Service
CSR Core System Release
CTF Critical Time Factor
DCOS Data Centre Operations Service (includes POLFS)
bcs Debit Card System
DRDC Disaster Recovery Data-Centre (IRE19)
DVLA POME Department of Vehicle Licensing Authority — Post Office MOT Enquiry
DW. Data Warehouse
EPOS Electronic Point of Sale
ES Engineering Service
ETS Electronic Top-ups Service (also known as ETU)
HNG-X Horizon Next Generation - X
KMS Key Management Service
LFS Logistics Feeder Service
LNS L2TP Network Server
MBCI Major Business Continuity Incident
MBS Message Broadcast Service
MIS Management Information Service
NBS Network Banking Service
OBCS Operational Business Change Service
PAF Postal Address File
POL Post Office Limited
POLFS Post Office Limited Financial Service
RAB Release Authorisation Board
RS Reconciliation Service (Data Reconciliation Service)
RD Reference Data
RDMS Reference Data Management Service
SDS Service Desk Service
©Copyright Fujitsu Services Ltd 2010 ‘COMMERCIAL IN CONFIDENCE Ref: SVMISDMISIP/0001
UNCONTROLLED IF PRINTED OR LOCALLY bet O3-sep-2010
STORED Page No: 7 of 31
FUJ00002242
FUJ00002242
(oe) Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
SIAM Service Impact Assessment Module
sis Service Integration Service
SMgmtS Service Management Service
SMS Systems Management Service (Systems Management Centre)
sos Systems Operate Service
SPOF Single Point Of Failure
TLSS Third Line Support Service (System Support Centre)
TPMS Third Party Management Service
T&T Track and Trace
0.7 Glossary
Term Definition
Business Continuity I This document, which has been generated to satisfy the requirement for a Service
Framework Continuity Framework.
At a working level, Post Office Limited and Fujitsu Services (Royal Mail Group
Account) generally recognise the term Business Continuity as having three closely
related components: resilience, contingency and recovery
Resilience May be defined as the steps taken to avert a loss of service or disaster or reduce
the likelihood of a disaster or loss of service.
Contingency May be defined as the interim processes and procedures adopted during the loss of
service.
Recovery May be defined as the business and technical arrangements to restore a lost
system or service and manage the process of reversion to normal processing and
full resumption of service
0.8 Changes Expected
Changes
Further changes may be identified following the introduction of HNG-X services and testing
It is unclear if SU/MAN/018, the Core Services Horizon Operational Procedures Front End Index, will be revised
for HNG-X documentation or replaced by a new HNG-X Operational Procedures Front End Index.
0.9 Accuracy
Not applicable
0.10 Security Risk Assessment
Security risks have been assessed and it is considered that there are no security risks relating specifically to this
document.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 8 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
1. Introduction
A key requirement in the Royal Mail Group Account solution is that of business continuity i.e.
ensuring there are operational processes and procedures in place to ensure that any component
failure has minimal effect on the services provided.
This will cover failures in the core Fujitsu Services (Royal Mail Group Account) services e.g.
DCOS, BNS and the underlying services e.g., NBS, TPS, APS, etc, support services and client
services where appropriate.
A principle requirement specified within schedule B2 of The Agreement is the provision of
Business Continuity Plans which conform to an overall ‘Service Continuity Framework’.
It is the objective of this document and associated Business Continuity Plans to satisfy that
requirement and Fujitsu Services (Royal Mail Group Account) and Post Office Limited have
agreed that the title of this document should be ‘Business Continuity Framework’.
Specifically this document will cover the following areas.
a) Provide a baseline definition of the Business Continuity Framework and Business Continuity
Plans as specified in Schedule B2.
b) Provide a detailed definition of Fujitsu Services (Royal Mail Group Account) deliverables
associated with business continuity and the methods of review and assurance.
C) Define the contents and format of the Business Continuity Plans.
d) Define the overall test strategy adopted for testing of the Business Continuity Plans.
¢) Define the management processes for the management of Major Business Continuity
Incidents.
©Copyright Fujitsu Services Ltd 2010 ‘COMMERCIAL IN CONFIDENCE Refi SVM/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2010
STORED Page No: 9 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
2. Scope
The scope of this document is targeted towards the Acceptance Review process associated with
schedule B2 and HNG-X.
The general framework defined in this document is release-independent.
This document does not include any details in respect of the results of technical testing of the
recovery processes.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 10 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
3.
Framework Overview
3.1 Introduction
The Business Continuity Framework defines the methodology agreed between Fujitsu Services
(Royal Mail Group Account) and Post Office Limited for handling all aspects of Business
Continuity.
The constituent elements of the Business Continuity Framework may be represented as follows.
Each element will be looked at in more detail below.
BUSINESS CONTINUITY
FRAMEWORK
T 7
SERVICE BUSINESS BUSINESS TEST REVIEW
FRAMEWORKIII CONTINUITY CONTINUITY STRATEGY STRATEGY
MGT PLANS & PLAN
Section 4 PROCESS Section 8 Section 6 Section 7
Section 5
Deliverables
Section 9
Figure 1 Service Elements
3.1.1 Business Continuity Plans
There shall be four Continuity Plans for HNG-X:
HNG-X Services Business Continuity Plan
HNG-X Support Services Business Continuity Plan
HNG-X Security Business Continuity Plan
HNG-X Engineering Service Business Continuity Plan
During the HNG-X counter phase, e.g. where branches are being rolled-out with HNG-X
counters, the HNG-X Business Continuity plans will define the applicable sections of the Horizon
Services Business Continuity Plans that support the services and infrastructure being utilised in
Bootle and Wigan to support Horizon counters.
The contents of the Business Continuity Plans are specified within Schedule B2. All plans must
be of the document type Business Continuity Plan and shall contain Continuity Plan within the
title. Each plan shall have a specified owner. (Further details in section 8)
The Business Continuity Plans shall be based on impact and risk assessments as agreed by
Fujitsu Services and Post Office. Such assessments shall be reviewed when agreed by the
Parties, such agreement not to be unreasonably withheld.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 11 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
The Business Continuity Plans shall include without limitation the following:
prevention measures;
preparedness measures;
contingency measures;
recovery of normal service;
contact lists.
The major elements of the plans are as follows.
3.1.1.1 Risk Analysis and Service Impact
Each Business Continuity Plan will identify all potential risks in terms of likelihood and service
impact.
Once an incident occurs which has a service continuity impact, there must be a mechanism in
place to assess the impact of the incident and the possible effect(s) it will have on the end to end
service. This is fairly complex and will be dependant upon time of day and therefore will be a
real-time process i.e. the impact of the service failure at 2am will be different from the impact at
8pm. However, a high-level impact statement will be included in the relevant Business
Continuity Plan.
3.1.1.2 Escalation Contacts
Each Business Continuity Plan will contain escalation routes in conformance to Cross-Domain
Business Continuity management processes.
3.1.1.3 Resilience Strategy documents
Each Business Continuity Plan will contain, where appropriate, references to the underlying
resilience strategy document and/or technical design documents.
3.1.1.4 Contingency Procedures
Each Business Continuity Plan will contain a section defining contingency actions.
From an operational perspective contingency actions are documented in a number of places,
depending upon the severity of the service element failure.
1, Within operational procedures, subordinate to SU/MAN/018 (NB: this reference is subject to
change). Where appropriate the Business Continuity Plan will make reference to the relevant
operations manual.
2, Where appropriate, contingency actions are documented within the Action column of the Risk
Analysis (and service impact) section of each plan.
3, Where appropriate, for potential MBCIs and MBCI contingency actions are documented in the
contingency section of each plan.
3.1.2 Service Framework
The BCF shall be defined in terms of services rather than components of infrastructure. The
definitions of the services that are a subject of the BCF are defined in this document.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 12 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
Section 4 contains details of the service elements and components together with their
relationship to each of the Business Continuity Plans.
3.1.3 Business Continuity Management Process
The resolution of incidents will be dealt with through the standard Service Desk Incident
Management process.
In the event of a Major Business Continuity Incident there will be a need for controlled and co-
ordinated activity across Royal Mail Group Account and Post Office Limited. (See section 5)
3.1.4 Test strategy and plans
The test schedule and method will be defined as a separate document (REF 3) and will be
referred to within the Business Continuity Plans. The overall high-level strategy will be defined in
this document for agreement. (See section 6)
3.1.5 Review strategy
A review strategy defines the joint review mechanism prior to acceptance and also the review
mechanism of the processes following acceptance. This is defined in a later section for
agreement. (See section 7)
3.1.6 Deliverables and Acceptance Methods
Section 9 defines the deliverables required to satisfy the Business Continuity requirements of
Fujitsu Services (Royal Mail Group Account).
Also included in that section is the method of acceptance planned for each deliverable.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 13 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
4 Service Framework
4.1 Introduction
The core service elements and support services for Horizon are shown in Figure 2 below.
The Horizon Services Business Continuity Plan which documents the contingency measures for
the primary Horizon services
The Horizon Support Services Business Continuity Plan which documents, with the exception of
the HSD services, the contingency measures for the supporting Horizon services
Horizon Service Desk Business Continuity Plan
The HNG-X Services Business Continuity Plan shall document the contingency measures for the
primary HNG-X services
The HNG-X Support Services Business Continuity Plan shall document the contingency
measures for the supporting HNG-X services
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 14 of 31
FUJ00002242
Fuso0002242
Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
Figure 2 -HNG-x Services Overview
@ LNG Applicable Services) __HNG-x Additional Applicable @ HNG- addtional @ BING adationa
as defined after counter roll- Services until Trigger Point Operational sub- Supporting sub-
out complete T6 (counter roll-out is services. services.
complete.)
“Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMISDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 03-Sep-2010
STORED Page No: 15 of 34
FUJ00002242
Fuso0002242
Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
4.2 HNG-X Service to Plan Relationship Table
Table 1 below identifies which Business Continuity Plan addresses each of the service
elements in Figure 2 above:
Table 1
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE a SVM/SDM/SIP/0001
5 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2010
STORED Page No: 16 of 31
FUJ00002242
Fuso0002242
Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
©Copyright Fujitsu Services Ltd 2010. COMMERCIAL IN CONFIDENCE Ref: SVM/SDM/SIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 17 of 34
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
5 Business Continuity Management Process
An incident is an unplanned occurrence that adversely impacts upon the normal service in
some important way. The scale of the event can range from a minor fault to a major outage
e.g.:
Minor incident e.g. HNG-x counter failure affecting service at an individual Branch.
Major incident e.g. loss of the Active HNG-X Data-centre, outage of key back-end system
affecting service at all Branches.
The resolution of minor incidents will be dealt with through the standard Service Desk
Incident Management process.
Major Business Continuity Incidents will have a significant impact upon Post Office Limited.
In such cases there will be a need for controlled and co-ordinated activity across supplier
organisations and Post Office Limited. Consequently all Major Business Continuity Incidents
will be managed via the ‘Fujitsu Services (Royal Mail Group Account) Customer Service
Business Continuity Management’ process (REF 17) and the Post Office Limited and Fujitsu
Services Business Continuity Interface Agreement (REF 16). These documents support the
immediate escalation of major incidents to a Cross Domain Business Continuity Management
Team (BCMT). The BCMT consists of operational managers from each organisation.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 18 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
6 Test Strategy and Plans
6.1 Requirements
6.1.1 Schedule B2 requires that:
‘The Business Continuity Plans shall include a testing strategy with two distinct parts
) Initial testing before commencement of Roll-Out of Services
b) Regular testing’
6.1.2 Unless agreed otherwise in accordance with paragraph 6.1.3 below, the Business Continuity
Services shall in respect of any new service introduced through the Change Control
Procedure:
include the performance of substantially the same business continuity tests as are
described in this Business Continuity Framework prior to the introduction of that new
service; and
include any specific business continuity tests agreed by the Parties.
6.1.3. The tests referred to in paragraph 6.1.2 above shall be conducted with the business continuity
tests conducted for the infrastructure supporting the Applicable Services and scheduled in
accordance with working practice for the Applicable Services. The frequency of and method
used for all business continuity tests shall be documented in the document entitled "Business
Continuity Test Plan" (SVM/SDM/PLA/0003).
Business continuity tests to be carried out under this Business Continuity Framework may be
cancelled or rescheduled and/or the method used for a test may be varied for operational
business reasons by agreement in writing between Post Office and Fujitsu Services (such
agreement not to be unreasonably withheld).
6.2 Initial Testing
6.2.1 Existing Services.
Initial Business Continuity testing was conducted prior to the full operational introduction of
the Horizon Service (Core System Release) and the subsequent release of major services,
e.g. MBS, NBS and ETS services. Test reports have been produced for this testing and are
maintained in PVCS within the CS/REP/nnn documentation work-set.
6.2.2 New Services
Where services are introduced for HNG-X the Test Plan (SVM/SDM/PLA/0003), (REF3) will
be revised to include the Business Continuity testing of those services and define when the
initial testing will be conducted.
For HNG-X SVM/SDM/PLA/003 defines the Test Plan and provides cross reference to the
test scripts which have been produced for the Business Continuity initial testing.
The level and schedule of testing is dependent upon operational constraints and is
accomplished by a mix of operational tests and procedural walk-through. Where involvement
is required from Post Office Limited the test schedule will be agreed in advance.
When services are withdrawn, and infrastructure tests are no longer relevant or are
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 19 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
superseded, the applicable tests shall be removed from Business Continuity Test Plan
(REF3) with the agreement of Post Office Limited. In addition tests may also be withdrawn
from the Business Continuity Test Plan (REF3) where it is agreed by Post Office Limited and
Fujitsu Services that there no or little value in performing the applicable tests.
In addition customer-initiated test activity may be included, with Royal Mail Group Account
agreement, within the Business Continuity Test Plan (REF3).
6.3. Ongoing testing
For ongoing testing, an overall test strategy will be produced defining for each service:
a) name of service
b) ownership of testing plan
C) type of testing i.e. procedural walk-through or operational test
d) frequency of testing and scheduled dates
@) test objectives, conditions, script and expected results
f) other units taking part
Q) criteria for success and failure
h) test reports and follow-up
On-going business continuity tests will be conducted in accordance with the test methodology
and frequency agreed in Schedule B2.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 20 0f 31
FUJ00002242
Fuso0002242
Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
Table 2
Test I Business Services I Test Methodology and Frequency I Owner
No. I Continuity Test i
ing
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE SVM/SDM/SIP/0001
5 2.0
UNCONTROLLED IF PRINTED OR LOCALLY 03-Sep-2010
STORED 21 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
Service
IBC16 I Network Banking I NBX DRDC operational test once per Fujitsu 4
Service year. (See note 1 below) Services
(RMGA)
IBC18 I POLNDC Disaster I DCOS Live operational test once per year. Fujitsu “
Recovery Gateway (POLFS) Services
(RMGA)
IBC22 I Network Banking I NBX DRDC operational test once per Fujitsu 1
Clients & Transit year. (See note 1 below) Services
LANs (RMGA)
IBC20 I External Data DCOS Live operational test once per year. Fujitsu 1
Gateway (See note 1 below) Services
(RMGA)
IBC25 I DCS + ETS DCS +ETS DRDC Operational test once per Fujitsu 1
year. (See note 1 below) Services
(RMGA)
IBC26 I Internal Web DVLA + PAF + DRDC operational test once per Fujitsu 41
Services servers I APOP + year. (See note 1 below) Services
test. Helpdesk + (RMGA)
Training +
MoneyGram
IBC28 I POLFS DCOS (POLFS) I Live operational test once per year. Fujitsu 1
Services
(RMGA)
IBC29 I BladeFrame & DCOS DRDC operational test once per Fujitsu 1
Storage Fail-over year. Services
(RMGA)
Note 1: These operational tests are subject to agreement as performing all of the tests will
result in the breach of the 10 days of operational testing in the IRE19 as defined in
the HNG-X Data-centre Operations Service Description. Intra test plan sampling will
be performed for each of BC16, 22 and 26. Inter-test plan sampling will be performed
across BFS, 8, 12, 19, 20, 22, 25.
Note 2: The HNG-X Data-centre Operations operational testing assumes there is access to
LST counters and client simulators.
All other business continuity test details, e.g., for the transition phase, will be defined within
the Business Continuity Test Plan REF3 where the type of test and frequency of testing shall
be specified. The Fujitsu Services (RMGA) Business Continuity Manager will be responsible
for the planning of the other on-going tests, i.e. those not defined in table 2, and will co-
ordinate and schedule activity as appropriate with the Post Office Limited Business
Continuity Manager and suppliers.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED PageNo: 22 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
7 Review Strategy
A Business Continuity Steering Group has been established between Post Office Limited and
Fujitsu Services (Royal Mail Group Account). This group reviews the progress of each
release against the Fujitsu Services (Royal Mail Group Account) delivery and acceptance
plans. It also facilitates the co-ordination of joint development review and assurance
activities where necessary. This forum also provides an objective feed into the release
authorisation process for new releases.
This team, or subset of the team, reviews all aspects of business continuity on an ongoing
basis, during Live Trials and beyond. The remit of the team is to continually look at ways of
improving cross-domain business continuity processes.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 23 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
8 Business Continuity Plans
8.1
8.2
8.3
Throughout section 8, the use of /talics denotes the actual words in Schedule B2.
‘The Business Continuity Plans shall be based on impact and risk assessments and agreed
by Fujitsu Services and Post Office ..... 7
Ownership of Plans
‘Ownership of all contingency actions shall be identified in the Business Continuity Plans.
Each Business Continuity Plan will clearly state the owner of the plan who is responsible for
the definition, maintenance, testing and review of the plan.
In addition to this, the Fujitsu Services (RMGA) Business Continuity Manager will have
overall responsibility for the development, co-ordination and integration where appropriate of
all Business Continuity Plans and providing Post Office Limited with a single point of contact.
Plan Activation
‘The Business Continuity Plans shall include activation procedures and time periods within
which the contingency measures shall be activated.’
Where appropriate Business Continuity Plans will contain a risk and impact assessment for
both the core post office day (08:00 to 20:00) and the non-core post office day (20:00 to
08:00). (See 8.3). For services where the impact of the service element failure is common
throughout the day, a single risk and impact assessment will be documented.
Alternatively, a single risk statement may be documented throughout the day in the risk table.
The Critical Time Factors (CTF) here shall be determined by the criticality of the service
activity. I.e. for on-line service, e.g. NBS and DCS the CTF is identified against Post Office
Core Day processing, whilst for file transfers, e.g. APS and TPS the CTF is identified against
Post Office Non-Core Day processing. The risk assessment identifies the critical time periods
for activation of contingency measures and identifies the associated contingency actions.
Impact and Risk Assessment
‘The Business Continuity Plans shall be based on impact and risk assessments by Fujitsu
Services and Post Office...’
Contained within each service are a number of critical components, the failure of which
would cause a potential service disruption. Consideration shall also be given to the impact
arising from the loss of building or staff. Each of these critical components and the
associated failure scenarios will be identified and documented within a risk and impact matrix
within the Business Continuity Plan. This matrix is used as a tool to present in a tabular form
all risks identified with a service together with the impact of that risk occurring, the time after
which that impact becomes critical, and the contingency actions to be taken.
Associated with each of the above elements are impact statements, which will define the
likely business impacts of failure of the critical components. To aid in the definition of these,
each Business Continuity Plan, where appropriate, will contain a schematic defining the
operational day for that particular service. SLA liabilities will be used as an aid in determining
business impact. Where the impact triggers either a Potential MBCI or an MBCI, the
appropriate action will be identified from within the matrix.
Associated with the impact statement will be a reference to the specific recovery and
contingency procedures required.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 24 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
8.4
8.4.1
Business impact assessment will be reviewed jointly with Post Office Limited and will be
subject to ongoing review.
The combination of risk and impact will also determine the level of ongoing testing that will
form part of the testing strategy.
Other Requirements
‘The Business Continuity Plan shall include, without limitation, the following
a) Prevention measures
b) Preparedness measures
C) Contingency measures
d) Recovery of normal service
) Contacts list’
In addition to the above the plans shall include details of the individual services, references
to the relevant operations manual and references to the underlying resilience strategy
document and/or technical design documents, where appropriate.
Preventative Measures
Preventative measures are defined as those measures that are in place to prevent service
continuity failures in the first place. There are two aspects that are considered.
8.4.1.1.1 Technical Design
A key element of the design of the service is the elimination of single points of failure and the
ability to fail-over to contingency infrastructure, e.g., an alternative live BladeFrame image,
an alternative network circuit, and thereby recover the service in a timely manner.
This capability is documented in a number of technical design documents, which in turn are
referenced within the relevant Business Continuity Plans.
From an HNG-X service perspective IRE11 is the active data-centre and IRE19 is intended
to be used as a HNG-X disaster recovery data-centre and only invoked for major incidents,
e.g., fire, flooding. Note from a network perspective IRE11 and IRE19 will be used in a
live/live mode of operation.
8.4.1.1.2 Security
Plans and processes will be established to comply with the Business Continuity requirements
of 1SO27001 and SVM/SDM/POL/0032.
Another preventative measure is the denial of access to the service to anyone who may wish
to deliberately cause disruption. Although not mentioned specifically within Business
Continuity Plans, this requirement is met through general conformance to Access Control
Policy and the Security Functional Specification.
The Security Business Continuity plan (SVM/SDM/PLA/0031) has been produced to meet the
requirements of ISO 27001 and should be used in conjunction with the HNG-X Services,
Support Services (SVM/SDM/PLA/0001) and Engineering Services (SVM/SDM/PLA/0030)
business continuity plans.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 25 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
fee)
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
8.1.2 Preparedness Measures
Preparedness measures are implemented in a number of ways:
a) The provision of risk and impact assessments, along with references to
appropriate recovery and contingency procedures will allow appropriate actions
to be carried out in a pre-prepared manner.
b) Initial technical testing and the operational testing of Business Continuity Plans
will ensure all activation of the Business Continuity Plans will have been carefully
rehearsed.
c) Joint process and procedure walk-through will, as above, ensure all Cross-
Domain (multi-party) Business Continuity processes are tested thoroughly.
8.1.3 Contingency Measures
Contingency measures may be defined as the actions to be performed in the event of a
service break to enable business impact to be minimised during the service outage prior to
recovery being completed.
Contingency measures will include the recognition, activation, incident management and
initiation of recovery procedures. These will be documented within the Business Continuity
Plan and also as references to supporting documentation.
An example of contingency measures is failing over the host server in the event of the prime
server experiencing a failure.
8.1.4 Recovery of Normal Service
These procedures will be mainly of a technical operational nature and will mainly refer to
technical procedures defined within the Fujitsu Services (Core Services) Operational
Procedures Manual REF 15. There may be references to other activities that may impact
across service boundaries. Where appropriate these will be referenced within the plan.
8.1.5 Contact List
Each Business Continuity Plan will document the contacts for initial contact and technical
liaison where appropriate, together with details of escalation contacts. This will be in
accordance with the Business Continuity Management process.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 26 of 31
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
oO
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
9 Deliverables and Acceptance Methods
9.1
9.1.1
9.1.2
9.1.3
9.1.4
Introduction
This section defines the deliverables required to satisfy the Business Continuity requirements
of Fujitsu Services (Royal Mail Group Account).
Also included within this section is the method of acceptance planned for each deliverable.
Methodologies used in the acceptance process include those identified below:
Joint Review
Joint review is by circulation of, discussion about and agreement upon the structure and
content of a document by Fujitsu Services (Royal Mail Group Account) and Post Office
Limited.
Document Inspection
Formal inspection of a paper copy, by Post Office Limited, of a commercially sensitive (i.e.
technical design) or Service Provider (i.e. Fujitsu Services Core Services) operational
document, by the appropriate reviewing authorities, whilst under supervision by the document
owner. No paper or electronic copies must be taken. Objective of this process is to verify the
existence of the document; no approval rights are associated with this activity.
Inspection to take place at the premises of the document owner.
Procedural Walkthrough
A paper based technique whereby a scenario is selected and the actions and procedures of
those Service Delivery Units (SDU) impacted followed through to ensure that both individual
service delivery unit procedures, and cross boundary SDU procedures, are both complete
and fully integrated. Where appropriate, i.e. affecting Post Office Limited services, Post
Office Limited will be invited to procedural walkthroughs.
Operational Test
An exercise using live operational service components, or where more appropriate and
agreed by Post Office Limited a test environment, whereby a scenario is selected and the
actions and procedures of those Service Delivery Units (SDU) impacted are followed
through. This is to ensure that both individual service delivery unit procedures, and cross
boundary SDU procedures are both complete and fully integrated, and that the desired
outcome on the operational service components is achieved. This is then followed by the
total regression of any changes made to the live service components.
An example of live operational functionality testing was the Campus Fail-over test that was
conducted during CSR Live Trial. An example of a business continuity operational test in a
test environment is the verification of recovery procedures for the Reference Data RDT Host.
©Copyright Fujitsu Services Ltd 2010 COMMERCIAL IN CONFIDENCE Ref. ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 27 of 31,
FUJ00002242
FUJ00002242
(oe) Royal Mail Group Account HNG-X Business Continuity
FUJITSU Framework
COMMERCIAL IN CONFIDENCE
9.2 Contract Controlled Documents
9.2.1 Summary
This section includes all references to current Contract Controlled Documents relating to,
and/or containing Business Continuity requirements.
9.2.2 Deliverables List
Docu it Rei ‘ks/Acceptance Method
Reference
HNG-X Business Continuity I SVM/SDM/SIP/0001 I Joint Review and sign-off
Framework
Service Desk Service: SVM/SDM/SD/0001 I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Engineering Service: SVM/SDM/SD/0002 I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Data Centre Operations SVM/SDM/SD/0003 I Joint review and approval prior to HNG-X
Service: Service contract sign-off.
Description
Third Line Support Service: I SVM/SDM/SD/0004 I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Applications Support SVM/SDM/SD/0005_ I Joint review and approval prior to HNG-X
Service (Fourth Line contract sign-off.
Support): Service
Description
Systems Management SVM/SDM/SD/0006 I Joint review and approval prior to HNG-X
Service: Service contract sign-off.
Description
Service Management SVM/SDM/SD/0007 I Joint review and approval prior to HNG-X
Service: Service contract sign-off.
Description
Service Integration Service: I SVM/SDM/SD/0010 I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Branch Network Service: SVM/SDM/SD/0011 I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Central Network Service: SVM/SDM/SD/0012_ I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Reference Data SVM/SDM/SD/0013 I Joint review and approval prior to HNG-X
Management Service: contract sign-off.
Service Description
Operational Business SVM/SDM/SD/0014 I Joint review and approval prior to HNG-X
Change (Branch Change) contract sign-off.
Service: Service
Description
©Copyright Fujitsu Services Ltd 2010 ‘COMMERCIAL IN CONFIDENCE Ref: SVM/SDMISIP/0001
Version 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2010
STORED Page No: 28 of 31
Fe)
FUJITSU
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
Framework
COMMERCIAL IN CONFIDENCE
Reconciliation Service: SVM/SDM/SD/0015_ I Joint review and approval prior to HNG-X
Service Description contract sign-off.
Management Information SVM/SDM/SD/0016 I Joint review and approval prior to HNG-X
Service: Service contract sign-off.
Description
Message Broadcast SVM/SDM/SD/0018 I Joint review and approval prior to HNG-X
Service: Service contract sign-off.
Description
Communications SVM/SDM/SD/0019 I Joint review and approval prior to HNG-X
Management Team:
Service Description
contract sign-off.
The following table lists all Service Descriptions which do not specify any Business Continuity
requirements.
Docume! Document Rei ‘ks/Acceptance Method
Reference
Security Management SVM/SDM/SD/0017 I There are no business continuity requirements
Service: Service within this Service Description
Description
End to End Reconciliation SVM/SDM/SD/0020 I There are no business continuity requirements
Reporting : Service within this Service Description
Description
Third Party Management SVM/SDM/SD/0021 I There are no business continuity requirements
Service: Service
Description
within this Service Description
©Copyright Fujitsu Services Ltd 2010
‘COMMERCIAL IN CONFIDENCE Ref: ‘SVMI/SDMISIP/0001
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 03-Sep-2010
STORED Page No: 29 of 31
Fe)
FUJITSU
COMMERCIAL IN CONFIDENCE
Framework
FUJ00002242
FUJ00002242
Royal Mail Group Account HNG-X Business Continuity
9.3 BCF Referenced Documents
9.3.1 Summary
This section summarises all the business continuity deliverables specified within the BCF:
9.3.2 Deliverables List
Plan Document Reference Owner Review m
Fujitsu Services (RMGA) HNG-X. SVM/SDM/PLA/0003_ I Fujitsu Services I Joint review
Business Continuity Operational (RMGA)
Test Plan
Fujitsu Services Royal Mail SVM/SDM/PRO/0028_ I Fujitsu Services I Not Applicable
Group Account HNG-X Business (RMGA)
Continuity Management Process
HNG-X Support Services SVM/SDM/PLA/0001_ I Fujitsu Services I Document inspection to
Business Continuity Plan (RMGA) verify compliance with
BCF
HNG-X Services Business SVM/SDM/PLA/0002_ I Fujitsu Services I Document inspection to
Continuity Plan (RMGA) verify compliance with
BCF
HNG-X Security Business SVM/SDM/PLA/0031_ I Fujitsu Services I Document inspection to
Continuity Plan (RMGA) verify compliance with
BCF
HNG-X Engineering Service SVM/SDM/PLA/0030 I Fujitsu Services I Document inspection to
Business Continuity Plan (RMGA) verify compliance with
BCF
Operations Procedures Manual SU/MAN/018 (or Fujitsu Services I Document inspection to
Index replacement) (Core Services) I verify existence of
procedures
9.4 Technical Desi
9.4.1 Summary
gn Documentation
This section contains all technical design documentation relating to Business
Continuity.
9.4.2 Deliverables List
Docume!
To Be Agreed
Document
Reference
Review
method
©Copyright Fujitsu Services Ltd 2010
‘COMMERCIAL IN CONFIDENCE
UNCONTROLLED IF PRINTED OR LOCALLY
STORED
Ref.
Version:
Date:
Page No:
‘SVMI/SDMISIP/0001
2.0
03-Sep-2010
30 of 314
Fe)
FUJITSU
Royal Mail Group Account HNG-X Business Continuity
Framework
COMMERCIAL IN CONFIDENCE
FUJ00002242
FUJ00002242
9.4.3 Review Method
NOTE
1
METHOD
Document inspection to verify
compliance with BCF if required
by customer.
Confidentiality Restrictions apply.
Inspection on Fujitsu Services
(Royal Mail Group Account) site by
suitable qualified customer staff
with no copying of document
SUCCESS CRITERIA
Not applicable
A review of the technical design
documentation does not form part
of the Network Banking
acceptance process.
Not applicable
9.5 Customer Contingency Plans and Royal Mail Group
Account Deliverables in Support of Plans
9.5.1 Summary
This section summarises the deliverables produced by Fujitsu Services (Royal Mail Group
Account) in support of external contingency plans. It also contains reference to the associated
external Contingency Plan for completeness.
9.5.2 Deliverables List
No documents are required in support of external contingency plans.
©Copyright Fujitsu Services Ltd 2010
UNCONTROLLED IF PRINTED OR LOCALLY
‘COMMERCIAL IN CONFIDENCE
Ref:
Version:
Date:
STORED Page No:
‘SVMI/SDMISIP/0001
2.0
03-Sep-2010
31 of 31