FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Document Title:
Document Type:
Release:
Abstract:
Document Status:
POA HNG-X BUSINESS CONTINUITY FRAMEWORK
SERVICE PROVISION PLAN
Release Independent
This document provides a Service Continuity Framework as
required by Schedule B2
APPROVED
Author & Dept: Changdev Pawashe, Post Office Account, Business Continuity
Manager.
Internal Distribution: As reviewer list
External Distribution: As approver list
Security Risk YES See section 0.10
Assessment Confirmed
Approval Authorities:
Name ‘ole Date
Alex Kemp. Fujitsu Senior Operations
Manager
Anna Schofield For Post Office Limited:
Disaster Recovery Analyst,
Atos
©Copyright Fujitsu Services Ltd 2007-_- FUJITSURESTRICTED (COMMERCIALIN Ref: SVM/SDMISIP0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED PageNo: 1 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0. Document Control
0.1 Table of Contents
0. DOCUMENT CONTROL.
0.1 Table of Contents.
0.2 Document History.
0.3 Review Details.
0.4 Acceptance by Document Revie
0.5 Associated Documents (Internal & External
0.6 Abbreviations.
0.7. Glossary..
0.8 Changes Expected.
0.9
0.10
1.
2.
3. FRAMEWORK OVERVIEW.
3.1 Introduction...
3.1.1 Business Continuity Plan:
3.1.2 Service Framework.
3.1.3. Business Continuity Management Process.
3.1.4 Test strategy and plans.
3.1.5 Review strategy...
3.1.6 Deliverables and Acceptance Method:
4 SERVICE FRAMEWORK
4.1 Introduction...
4.2 HNG-X Service to Plan Relationship Tabi
5 BUSINESS CONTINUITY MANAGEMENT PROCESS.
6 TEST STRATEGY AND PLAN
6.1 Requirements.
6.2 Initial Testing.
6.2.1 Existing Services.
6.2.2 New Services.
6.3. Ongoing testin:
7 REVIEW STRATEGYV...........0000+
8 BUSINESS CONTINUITY PLANS.
8.1. Ownership of Plans.
8.2 Plan Activation...
8.3 Impact and Risk Assessment.
8.4 Other Requirements.....
8.4.1 Preventative Measures.
8.4.2 Preparedness Measures. 29
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIALIN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 2 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
8.4.3 Contingency Measures...
8.4.4 — Recovery of Normal Service.
8.4.5 Contact List...
9 DELIVERABLES AND ACCEPTANCE METHODS
Introduction...
Joint Review
Document Inspectio!
Procedural Walkthrough.
Operational Test......
9.2 Contract Controlled Documents.
9.2.1 Summary...
9.2.2 Deliverables Lis'
9.3 BCF Referenced Documen'
9.3.1 Summary...
9.3.2 Deliverables List
9.4 Technical Design D
9.4.1 Review Method.....
9.5 Customer Contingency Plans and Post Office Account Deliverables in Support of Plan:
9.5.1 Summary...
9.5.2 Deliverables List
Rona
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 3 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0.2 Document History
VersionNo. Date Summary of Changes and Reason for Issue Associated Change -
CP/PEAK/PPRR
Reference
0.1 02/08/07 First draft using HNG-x template. Created I None
using CS/SIP/002 version 13.0 and focusing
upon the Horizon to HNGX transition phase
and HNG-x.
0.2 09/12/08 Incorporates minor comments received on I None
version 0.1. Also revised for changes in the
HNG-X programme over the past year and for
organisational changes.
0.3 19/12/2008 Changes were made to the document for I None
Acceptance by Document Review with the
insertion of the Section containing the table of
cross references for Acceptance by Document
Review.
0.4 03/03/2009 Removed ASS, SMgmtS, TPMS, and I None
Engineering Services from Table 1 as whilst
these have Service Descriptions they are not
defined as Applicable Services in Schedule 1.
These were incorrectly added, by Tony Wicks,
to version 0.2 of this BCF.
Created a wider review circulation using the
list defined in PGM/DCM/ION/0001 for SIP
documents.
1.0 01/04/2009 Issued for approval — no comments were I None
received from the version 0.4 comment cycle.
414 22/02/2010 Updated personnel info. None
Chapter 6.3: Removed reference data test as
this is covered under BC1 and BC3. Amended
test coverage in line with sampling strategy
agreed with Gary Blackburn & John Halfacre.
1.2 28/07/2010 Updated personnel info as the document now I None
needs to be made into CCD for HNG-X R1
checkpoint.
2.0 03/09/2010 Approval version None
24 1/6/2012 Removed refs to Horizon & Hydra None
2.2 31/10/2013 Updated Figure 2, Table 2 i.e. included BC30
& BC31/ removed BC28 (POLFS), BC18 (POL
NDC Disaster Recovery Gateway-POLFS),
BC14 (TLSS) & BC10 (SD-HSD).
2.3 21-Mar-2014 Issued for internal review
24 16-Apr-2014
2.5 14-Oct-2014 Updated section 9.4 & 9.4.1 None
2.6 11- Dec-2014 Updated reviewer comments. POL Approver I None
©Copyright Fujitsu Services Ltd 2007-__- FUJITSURESTRICTED (COMMERCIALIN Ref. SVM/SDMISIP0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED PageNo: 4 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
changed to Anna Schofield, as instructed by
Sue Stewart
27 09-March-2015 I Updated additional comments received from I None
ATOS.
0.3 Review Details
Review Comments by
Review Comments to
Mandatory Review
Role
Changdev Pawashe & Post Office Account Document Management
Name
For Post Office Limited, Atos DR Analyst
Anna Schofield, Atos
Post Office Limited, Senior Commercial Manager
Liz Tuddenham
Fujitsu Operational Change Manager
Alan Flack
CISO Fujitsu POA
Keith Smith
POA Release Management Team
Post Office Account Operational
Change
Fujitsu Service Transition and Change
Tony Atkinson
Fujitsu Commercial Manager
Sarah Guest
Fujitsu Infrastructure Operations Manager
Andrew Hemingway
Fujitsu Service Architect
Phil Boardman
Fujitsu SSC
Steve Parker; SSC Duty Manager
Fujitsu Service Governance Manager
Yannis Symvoulidis
Optional Review
Role Name
Post Office Limited, Senior Service Delivery Manager Steve Beddoe
Post Office Limited Commercial Manager Sue Stewart
Fujitsu Security Architect
Dave Haywood
Fujitsu Application Development Manager
Keith Tarran
Fujitsu Systems Management and Global Cloud
Catherine Obeng
and Backup Architect
Fujitsu Senior Operations Manager Alex Kemp.
Fujitsu Quality and Compliance Manager Bill Membery
Fujitsu Services Infrastructure Services Disaster Recovery I Ed Ashford
Fujitsu Network Operations Manager
Roger Stearn
Fujitsu Commercial Manager
Carol Dunford
Fujitsu Operational Security Manager
Stephen Godfrey
Fujitsu Lead SDM Problem & Major Incident
Steve Bansal
Fujitsu Head of End User Services
Leighton Machin
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref:
2014
CONFIDENCE)
Version:
UNCONTROLLED IF PRINTED OR LOCALLY Date:
STORED
Page No:
SVMISDMISIP/0001
3.0
23-Mar-2015,
5 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Fujitsu Requirements Management Steve Evans
Issued for Information — Please restrict this distribution list to a
minimum
Position/Role Name
Note: See Post Office Account HNG-X Reviewers/Approvers Role Matrix (PGM/DCM/ION/0001) for guidance.
(*) = Reviewers that returned comments
0.4 Acceptance by Document Review
The sections in this document that have been identified to POL as comprising evidence to support
Acceptance by Document review (DR) are listed below for the relevant Requirements:
POL NFR DR _ Internal FS POL Document Document Section Heading
Acceptance Ref NFR Reference Section Number
SER-2156 SER-2156 8.4.1.14 Technical Design
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 23-Mar-2015
STORED PageNo: 6 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0.5 Associated Documents (Internal & External)
Reference Ver Date Title Source
SVM/SDM/PLA/O001_ I 2.0 30-Oct-2014 HNG-X Support Services Business I Dimensions
Continuity Plan
SVM/SDM/PLA/0002 I 2.0 06-Nov-2014 HNG-X Services Business Continuity I Dimensions
Plan
SVM/SDM/PLA/O003 I 2.0 14- Oct-2014 HNG-X Business Continuity Test I Dimensions
schedule Planner
SVM/SDM/PLA/O031_ I 3.0 04-Nov-2014 HNG-X Security Business Continuity I Dimensions
Plan
SVM/SDM/PLA/0030_ I 1.0 13-Oct-2014 HNG-X Engineering Service Business I Dimensions
Continuity Plan
DES/PER/HLD/0001 I 4.0 30-Jan-2014 HNG-X Resilience And Disaster I Dimensions
Recovery High Level Design
1$027001:2005 Information Security Management I ISO
System Requirements Standard
SVM/SEC/MAN/0003 I 5.0 30-Apr-2014 Post Office HNG-X Account ISMS I Dimensions
Manual
SVM/SDM/PRO/0025 I 4.0 17-July-2014 Fujitsu Services (Post Office I Dimensions
Account) Problem Management
Process
CON/MGM/005 NA NA {mentioned in Schedule B2} Post Office
(FUJITSU Ref : Operational Level Agreement for Limited
BP/DOC/021) Business Continuity Between Post
Office Ltd and Fujitsu Services
Replaced by SVM/SDM/PRO/0028
“Business Continuity Management
Procedure”
SVM/SDM/PRO/0028 Fujitsu Services Post Office Account I Dimensions
HNG-X Business —_—_Continuity
Management Process
PGM/DCM/TEM/0001 I 8.0 18-Oct-2013 Fujitsu Services Post Office Account I Dimensions
HNG-X Document Template
* Unless a specific version is referred to above, reference should be made to the current
approved versions of the documents.
0.6 Abbreviations
Abbreviation
Definition
ACS Auto Configuration Service
ADSL Asymmetric Digital Subscriber Line
AP Automated Payments
AP-ADC. Automated Payments-Advanced Data Capture
APOP Automated Payments Outpay
APS Automated Payments System
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 7 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
ASS Applications Support Service
BCF Business Continuity Framework
BNS Branch Network Service
BRDB Branch Database
CMTS Communications Management Team Service
CNS: Central Network Service
CSR Core System Release
CTF Critical Time Factor
DCOS Data Centre Operations Service (includes POLFS)
DCS Debit Card System
DRDC Disaster Recovery Data-Centre (IRE19)
DVLA POME Department of Vehicle Licensing Authority —- Post Office MOT Enquiry
DW Data Warehouse
EPOS Electronic Point of Sale
ES Engineering Service
ETS Electronic Top-ups Service (also known as ETU)
HBS Horizon Business Server
HNG-X Horizon Next Generation - X
KMS Key Management Service
LFS Logistics Feeder Service
LNS L2TP Network Server
MBCI Major Business Continuity Incident
MBS Message Broadcast Service
MDM Master Data Management — POLs central reference data system.
MIS Management Information Service
NBS Network Banking Service
OBCS Operational Business Change Service
PAF Postal Address File
PODG Post Office Data Gateway
POL Post Office Limited
POLFS Post Office Limited Financial Service
POMS Post Office Managed Switch
RAB Release Authorisation Board
RS Reconciliation Service (Data Reconciliation Service)
RD Reference Data
RDMS Reference Data Management Service
SDS Service Desk Service
SIAM Service Impact Assessment Module
sis Service Integration Service
SMgmtS: Service Management Service
SMS Systems Management Service (Systems Management Centre)
sos Systems Operate Service
SPOF Single Point Of Failure
©Copyright Fujitsu Services Ltd 2007-_- FUJITSURESTRICTED (COMMERCIALIN Ref: SVM/SDMISIP0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED PageNo: 8 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
TLSS Third Line Support Service (System Support Centre)
TPMS Third Party Management Service
T&T Track and Trace
0.7 Glossary
Term Definition
Business Continuity I This document, which has been generated to satisfy the requirement for a Service
Framework Continuity Framework.
At a working level, Post Office Limited and Fujitsu Services (Post Office Account)
generally recognise the term Business Continuity as having three closely related
components: resilience, contingency and recovery
Resilience May be defined as the steps taken to avert a loss of service or disaster or reduce
the likelihood of a disaster or loss of service.
Contingency May be defined as the interim processes and procedures adopted during the loss of
service.
Recovery May be defined as the business and technical arrangements to restore a lost
system or service and manage the process of reversion to normal processing and
full resumption of service.
0.8 Changes Expected
None
0.9 Accuracy
Not applicable
0.10 Security Risk Assessment
Security risks have been assessed and it is considered that there are no security risks relating specifically to this
document.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 9 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
1. Introduction
A key requirement in the Post Office Account solution is that of business continuity i.e. ensuring
there are operational processes and procedures in place to ensure that any component failure
has minimal effect on the services provided.
This will cover failures in the core Fujitsu Services (Post Office Account) services e.g. DCOS,
BNS and the underlying services e.g., NBS, TPS, APS, etc, support services and client services
where appropriate.
A principle requirement specified within schedule B2 of The Agreement is the provision of
Business Continuity Plans which conform to an overall ‘Service Continuity Framework’.
It is the objective of this document and associated Business Continuity Plans to satisfy that
requirement and Fujitsu Services (Post Office Account) and Post Office Limited have agreed
that the title of this document should be ‘Business Continuity Framework’.
Specifically this document will cover the following areas.
a) Provide a baseline definition of the Business Continuity Framework and Business Continuity
Plans as specified in Schedule B2.
b) Provide a detailed definition of Fujitsu Services (Post Office Account) deliverables associated
with business continuity and the methods of review and assurance.
C) Define the contents and format of the Business Continuity Plans.
d) Define the overall test strategy adopted for testing of the Business Continuity Plans.
¢) Define the management processes for the management of Major Business Continuity
Incidents.
©Copyright Fujitsu Services Ltd 2007-_- FUJITSURESTRICTED (COMMERCIALIN Ref: SVM/SDMISIP0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED PageNo: 10 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
2. Scope
The scope of this document is targeted towards how Business continuity tests will be conducted
and recorded on the Post Office Account, Horizon infrastructure and related applications.
The general framework defined in this document is release-independent.
This document does not include any details in respect of the results of technical testing of the
recovery processes.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 11 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
3. Framework Overview
3.1 Introduction
The Business Continuity Framework defines the methodology agreed between Fujitsu Services
(Post Office Account) and Post Office Limited for handling all aspects of Business Continuity.
The constituent elements of the Business Continuity Framework may be represented as follows.
Each element will be looked at in more detail below.
Section &
BUSINESS CONTINUITY
RAMEWOR
T
SERVICE BUSINESS BUSINESS TEST REVIEW
FRAMEWORK] I CONTINUITY CONTINUITY STRATEGY STRATEGY
MGT PLANS & PLAN
Section 4 PROCESS Section 8 Section 6 Section 7
Section 9
Deliverables
Figure 1 Service Elements
3.1.1 Business Continuity Plans
There shall be four Continuity Plans for HNG-X:
HNG-X Services Business Continuity Plan - (SVM/SDM/PLA/0002)
HNG-X Support Services Business Continuity Plan — (SVM/SDM/PLA/0001)
HNG-X Security Business Continuity Plan — (SVM/SDM/PLA/0031)
HNG-X Engineering Service Business Continuity Plan — (SVM/SDM/PLA/0030)
The HNG-X Business Continuity plans will define the applicable sections of the Horizon Services
Business Continuity Plans that support the services and infrastructure being utilised in the data
centres to support Horizon counters.
The contents of the Business Continuity Plans are specified within Schedule B2. All plans must
be of the document type Business Continuity Plan and shall contain Continuity Plan within the
title. Each plan shall have a specified owner. (Further details in section 8)
The Business Continuity Plans shall be based on impact and risk assessments as agreed by
Fujitsu Services and Post Office. Such assessments shall be reviewed when agreed by the
Parties, such agreement not to be unreasonably withheld.
The Business Continuity Plans shall include without limitation the following:
Prevention measures;
Preparedness measures;
©Copyright Fujitsu Services Ltd 2007-
2014
CONFIDENCE)
FUJITSU RESTRICTED (COMMERCIAL IN Ref:
Version:
UNCONTROLLED IF PRINTED OR LOCALLY Date:
STORED
Page No:
SVMISDMISIP/0001
3.0
23-Mar-2015,
12 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Contingency measures;
Recovery of normal service;
Contact lists.
The major elements of the plans are as follows.
3.1.1.1 Risk Analysis and Service Impact
Each Business Continuity Plan will identify all potential risks in terms of likelihood and service
impact.
Once an incident occurs which has a service continuity impact, there must be a mechanism in
place to assess the impact of the incident and the possible effect(s) it will have on the end to end
service. This is fairly complex and will be dependent upon time of day and therefore will be a
real-time process i.e. the impact of the service failure at 2am will be different from the impact at
8pm. However, a high-level impact statement will be included in the relevant Business
Continuity Plan.
3.1.1.2 Escalation Contacts
Each Business Continuity Plan will contain escalation routes in conformance to Cross-Domain
Business Continuity management processes.
3.1.1.3 Resilience Strategy documents
Each Business Continuity Plan will contain, where appropriate, references to the underlying
resilience strategy document and/or technical design documents.
3.1.1.4 Contingency Procedures
Each Business Continuity Plan will contain a section defining contingency actions.
From an operational perspective contingency actions are documented in a number of places,
depending upon the severity of the service element failure.
1. Where appropriate, contingency actions are documented within the Action column of the Risk
Analysis (and service impact) section of each plan.
2. Where appropriate, for potential MBCIs and MBCI contingency actions are documented in the
contingency section of each plan.
3.1.2 Service Framework
The BCF shall be defined in terms of services rather than components of infrastructure. The
definitions of the services that are a subject of the BCF are defined in this document.
Section 4 contains details of the service elements and components together with their
relationship to each of the Business Continuity Plans.
3.1.3 Business Continuity Management Process
The resolution of incidents will be dealt with through the standard Service Desk Incident
Management process.
In the event of a Major Business Continuity Incident there will be a need for controlled and co-
ordinated activity across Post Office Account and Post Office Limited. (See section 5)
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 13 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
3.1.4 Test strategy and plans
The test schedule and method will be defined as a separate document (REF 3) and will be
referred to within the Business Continuity Plans. The overall high-level strategy will be defined in
this document for agreement. (See section 6)
3.1.5 Review strategy
A review strategy defines the joint review mechanism prior to acceptance and also the review
mechanism of the processes following acceptance. This is defined in a later section for
agreement. (See section 7)
3.1.6 Deliverables and Acceptance Methods
Section 9 defines the deliverables required to satisfy the Business Continuity requirements of
Fujitsu Services (Post Office Account).
Also included in that section is the method of acceptance planned for each deliverable.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 14 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
4 Service Framework
4.1 Introduction
The core service elements and support services for Horizon are shown in Figure 2 below.
Horizon Service Desk is now moved to ATOS Business Continuity Plan — (2266/FRM/HSD/001)
The HNG-X Services Business Continuity Plan shall document the contingency measures for the
primary HNG-X services
The HNG-X Support Services Business Continuity Plan shall document the contingency
measures for the supporting HNG-X services
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 15 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Figure 2 -HNG-x Services Overview
@ HNG-x Applicable Services. @ _HNG-x additional @ ine. additional
Operational sub- oe
services, upperting sub-
services.
‘©Copyright Fujitsu Services Ltd 2007-___ FUJITSU RESTRICTED (COMMERCIALIN Ref. ‘SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED PageNo: 16 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
4.2 HNG-X Service to Plan Relationship Table
Table 1 below identifies which Business Continuity Plan addresses each of the service
elements in Figure 2 above:
Table 1
‘©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN 7 ‘SVM/SDM/SIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 17 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
‘©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: ‘SVM/SDM/SIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 18 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
5 Business Continuity Management Process
An incident is an unplanned occurrence that adversely impacts upon the normal service in
some important way. The scale of the event can range from a minor fault to a major outage
e.g.:
Minor incident e.g. HNG-x counter failure affecting service at an individual Branch.
Major incident e.g. loss of the Active HNG-X Data-centre, outage of key back-end system
affecting service at all Branches.
The resolution of minor incidents will be dealt with through the standard Service Desk
Incident Management process.
Major Business Continuity Incidents will have a significant impact upon Post Office Limited.
In such cases there will be a need for controlled and co-ordinated activity across supplier
organisations and Post Office Limited. Consequently all Major Business Continuity Incidents
will be managed via the ‘Fujitsu Services (Post Office Account) Business Continuity
Management’ process ( SVM/SDM/PRO/0028) and the Post Office Limited and Fujitsu
Services Business Continuity Interface Agreement (CON/MGM/005). These documents
support the immediate escalation of major incidents to a Cross Domain Business Continuity
Management Team (BCMT). The BCMT consists of operational managers from each
organisation.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 19 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
6 Test Strategy and Plans
6.1
6.1.1
6.2
6.2.1
Requirements
Schedule B2 requires that:
‘The Business Continuity Plans shall include a testing strategy with two distinct parts
) Initial testing before commencement of Roll-Out of Services
b) Regular testing’
Unless agreed otherwise in accordance with paragraph 6.1.3 below, the Business Continuity
Services shall in respect of any new service introduced through the Change Control
Procedure:
include the performance of substantially the same business continuity tests as are
described in this Business Continuity Framework prior to the introduction of that new
service; and
include any specific business continuity tests agreed by the Parties.
The tests referred to in paragraph 6.1.2 above shall be conducted with the business continuity
tests conducted for the infrastructure supporting the Applicable Services and scheduled in
accordance with working practice for the Applicable Services. The frequency of and method
used for all business continuity tests shall be documented in the document entitled "Business
Continuity Test Scheduler Planner” (SVM/SDM/PLA/0003).
Business continuity tests to be carried out under this Business Continuity Framework may be
cancelled or rescheduled and/or the method used for a test may be varied for operational
business reasons by agreement in writing between Post Office and Fujitsu Services (such
agreement not to be unreasonably withheld).
Initial Testing
Existing Services
Initial Business Continuity testing was conducted prior to the full operational introduction of
the Horizon Service (Core System Release) and the subsequent release of major services,
e.g. MBS, NBS and ETS services. Test reports have been produced for this testing and are
maintained in SharePoint within BCP directory, the summary of the test reports will be
formally e-mailed to POL on annual basis.
6.2.2 New Services
Where services are introduced for HNG-X the Test Plan (SVM/SDM/PLA/0003), (REF3) will
be revised to include the Business Continuity testing of those services and define when the
initial testing will be conducted.
For HNG-X SVM/SDM/PLA/003 defines the Test Plan and provides cross reference to the
test scripts which have been produced for the Business Continuity initial testing.
The level and schedule of testing is dependent upon operational constraints and is
accomplished by a mix of operational tests and procedural walk-through. Where involvement
is required from Post Office Limited the test schedule will be agreed in advance.
When services are withdrawn, and infrastructure tests are no longer relevant or are
superseded, the applicable tests shall be removed from Business Continuity Test Scheduler
Planner (REF3) with the agreement of Post Office Limited. In addition tests may also be
withdrawn from the Business Continuity Test Scheduler Planner (REF3) where it is agreed by
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED Page No: 20 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Post Office Limited and Fujitsu Services that there no or little value in performing the
applicable tests.
In addition customer-initiated test activity may be included, with Post Office Account
agreement, within the Business Continuity Test Scheduler Planner (REF3).
6.3. Ongoing testing
For ongoing testing, an overall test strategy will be produced defining for each service:
a) name of service
b) ownership of testing plan
C) type of testing i.e. procedural walk-through or operational test
d) frequency of testing and scheduled dates
@) test objectives, conditions, script and expected results
f) other units taking part
Q) criteria for success and failure
h) test reports and follow-up
On-going business continuity tests will be conducted in accordance with the test methodology
and frequency agreed in Schedule B2.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 21 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Table 2
Test I Business Services Test Methodology and Frequency I Owner
Continuity Test { I
‘©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN ‘SVM/SDM/SIP/0001
2014 CONFIDENCE)
: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY S 23-Mar-2015,
STORED 22 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
(Merged in to BC1) I Support years (POA)
IBC15 I Vodafone NMC DCOS + BNS I One procedural walk-through per Fujitsu 2
TPMS + year. Services
Engineering (POA)
Service
IBC16 I Network Banking NBX DRDC operational test once per Fujitsu 1
Service year. (See note 1 below) Services
(POA)
IBC22 I Network Banking NBX Operational test once per year. (See I Fujitsu 41
Clients & Transit note 1 below) Services
LANs (POA)
IBC25 I DCS+ ETS DCS +ETS DRDC Operational test once per Fujitsu 1
year. (See note 1 below) Services
(POA)
IBC26 I Internal Web DVLA + PAF I DRDC operational test once per Fujitsu 1
Services servers + APOP + year. (See note 1 below) Services
test. Helpdesk + (POA)
Training +
MoneyGram+
GWS + CWS
IBC29 I BladeFrame & DCOS Operational test once per year. Fujitsu A
Storage Fail-over Services
(POA)
IBC30 I Salesforce DR Loss of Operational test once per year. Fujitsu 1
STE10 Services
Fujitsu Global (POA)
Cloud
Platform
IBC31 I Channel Integration I HBS + Operational test once per year Fujitsu a)
Service Bluecoat Services
(POA)
Note 1: These operational tests are subject to agreement as performing all of the tests will
result in the breach of the 10 days of operational testing in the IRE19 as defined in
the HNG-X Data-centre Operations Service Description. Intra test plan sampling will
be performed for each of BC16 (sub test 16.1 only), 22 (sub test 22.3 only) and 26.
Inter-test plan sampling will be performed across BF5 (sub test 5.3 only), 8,19 (sub
test 19.1, 19.4, 19.5), 20, 22 (sub test 22.1 only), 25.
Note 2: The HNG-X Data-centre Operations operational testing assumes there is access to
LST counters and client simulators.
Summary of Test Sampling:
The inter test plan sampling relates to blade frame virtual server resilience tests.
The intra test plan sampling relates to auth agent, web server, handoff router tests.
All other business continuity test details, e.g., for the transition phase, will be defined within
the Business Continuity Test Scheduler Planner [REF3] where the type of test and frequency
of testing shall be specified. The Fujitsu Services (POA) Business Continuity Manager will be
responsible for the planning of the other on-going tests, i.e. those not defined in table 2, and
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date’ 23-Mar-2015
STORED Page No: 23 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
will co-ordinate and schedule activity as appropriate with the Post Office Limited Business
Continuity Manager and suppliers.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIALIN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 24 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
7 Review Strategy
A Business Continuity Steering Group has been established between Post Office Limited and
Fujitsu Services (Post Office Account). This group reviews the progress of each release
against the Fujitsu Services (Post Office Account) delivery and acceptance plans. It also
facilitates the co-ordination of joint development review and assurance activities where
necessary. This forum also provides an objective feed into the release authorisation process
for new releases.
This team, or subset of the team, reviews all aspects of business continuity on an ongoing
basis, during Live Trials and beyond. The remit of the team is to continually look at ways of
improving cross-domain business continuity processes.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED Page No: 25 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
8 Business Continuity Plans
8.1
8.2
8.3
Throughout section 8, the use of /talics denotes the actual words in Schedule B2.
‘The Business Continuity Plans shall be based on impact and risk assessments and agreed
by Fujitsu Services and Post Office .....
Ownership of Plans
‘Ownership of all contingency actions shall be identified in the Business Continuity Plans.”
Each Business Continuity Plan will clearly state the owner of the plan who is responsible for
the definition, maintenance, testing and review of the plan.
In addition to this, the Fujitsu Services (POA) Business Continuity Manager will have overall
responsibility for the development, co-ordination and integration where appropriate of all
Business Continuity Plans and providing Post Office Limited with a single point of contact.
Plan Activation
‘The Business Continuity Plans shall include activation procedures and time periods within
which the contingency measures shall be activated.’
Where appropriate Business Continuity Plans will contain a risk and impact assessment for
both the core post office day (Monday to Friday 08:00 to 18:00 and Saturday 08:00 to 13:00)
and the non-core post office day (18:00 to 08:00) (See 8.3), For services where the impact
of the service element failure is common throughout the day, a single risk and impact
assessment will be documented.
Alternatively, a single risk statement may be documented throughout the day in the risk table.
The Critical Time Factors (CTF) here shall be determined by the criticality of the service
activity. I.e. for on-line service, e.g. NBS and DCS the CTF is identified against Post Office
Core Day processing, whilst for file transfers, e.g. APS and TPS the CTF is identified against
Post Office Non-Core Day processing. The risk assessment identifies the critical time periods
for activation of contingency measures and identifies the associated contingency actions.
Impact and Risk Assessment
‘The Business Continuity Plans shall be based on impact and risk assessments by Fujitsu
Services and Post Office...’
Contained within each service are a number of critical components, the failure of which
would cause a potential service disruption. Consideration shall also be given to the impact
arising from the loss of building or staff. Each of these critical components and the
associated failure scenarios will be identified and documented within a risk and impact matrix
within the Business Continuity Plan. This matrix is used as a tool to present in a tabular form
all risks identified with a service together with the impact of that risk occurring, the time after
which that impact becomes critical, and the contingency actions to be taken.
Associated with each of the above elements are impact statements, which will define the
likely business impacts of failure of the critical components. To aid in the definition of these,
each Business Continuity Plan, where appropriate, will contain a schematic defining the
operational day for that particular service. SLA liabilities will be used as an aid in determining
business impact. Where the impact triggers either a Potential MBCI or an MBCI, the
appropriate action will be identified from within the matrix.
Associated with the impact statement will be a reference to the specific recovery and
contingency procedures required.
Business impact assessment will be reviewed jointly with Post Office Limited and will be
subject to ongoing review.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014
CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED Page No: 26 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
8.4
8.4.1
The combination of risk and impact will also determine the level of ongoing testing that will
form part of the testing strategy.
Other Requirements
‘The Business Continuity Plan shall include, without limitation, the following
a) Prevention measures
b) Preparedness measures
C) Contingency measures
d) Recovery of normal service
@) Contacts list’
In addition to the above the plans shall include details of the individual services, references
to the relevant operations manual and references to the underlying resilience strategy
document and/or technical design documents, where appropriate.
Preventative Measures
Preventative measures are defined as those measures that are in place to prevent service
continuity failures in the first place. There are two aspects that are considered.
8.4.1.1.1 Technical Design
A key element of the design of the service is the elimination of single points of failure and the
ability to fail-over to contingency infrastructure, e.g., an alternative live BladeFrame image,
an alternative network circuit, and thereby recover the service in a timely manner.
This capability is documented in a number of technical design documents, which in turn are
referenced within the relevant Business Continuity Plans.
From an HNG-X service perspective IRE11 is the active data-centre and IRE19 is intended
to be used as a HNG-X disaster recovery data-centre and only invoked for major incidents,
e.g., fire, flooding. Note from a network perspective IRE11 and IRE19 will be used in a
live/live mode of operation.
8.4.1.1.2 Security
8.4.2
Plans and processes will be established to comply with the Business Continuity requirements
of 1S027001 and SVM/SEC/MAN/0003
Another preventative measure is the denial of access to the service to anyone who may wish
to deliberately cause disruption. Although not mentioned specifically within Business
Continuity Plans, this requirement is met through general conformance to Access Control
Policy and the Security Functional Specification.
The Security Business Continuity plan (SVM/SDM/PLA/0031) has been produced to meet the
requirements of ISO 27001 and should be used in conjunction with the HNG-X Services,
Support Services (SVM/SDM/PLA/0001) and Engineering Services (SVM/SDM/PLA/0030)
business continuity plans.
Preparedness Measures
Preparedness measures are implemented in a number of ways:
a) The provision of risk and impact assessments, along with references to
appropriate recovery and contingency procedures will allow appropriate actions
to be carried out in a pre-prepared manner.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 27 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
b) Initial technical testing and the operational testing of Business Continuity Plans
will ensure all activation of the Business Continuity Plans will have been carefully
rehearsed.
c) Joint process and procedure walk-through will, as above, ensure all Cross-
Domain (multi-party) Business Continuity processes are tested thoroughly.
8.1.3 Contingency Measures
Contingency measures may be defined as the actions to be performed in the event of a
service break to enable business impact to be minimised during the service outage prior to
recovery being completed.
Contingency measures will include the recognition, activation, incident management and
initiation of recovery procedures. These will be documented within the Business Continuity
Plan and also as references to supporting documentation.
An example of contingency measures is failing over the host server in the event of the prime
server experiencing a failure.
8.1.4 Recovery of Normal Service
These procedures will be mainly of a technical operational nature and there may be
references to other activities that may impact across service boundaries. Where appropriate
these will be referenced within the plan.
8.1.5 Contact List
Each Business Continuity Plan will document the contacts for initial contact and technical
liaison where appropriate, together with details of escalation contacts. This will be in
accordance with the Business Continuity Management process.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 28 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
9 Deliverables and Acceptance Methods
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.2
9.2.1
9.2.2
Introduction
This section defines the deliverables required to satisfy the Business Continuity requirements
of Fujitsu Services (Post Office Account).
Also included within this section is the method of acceptance planned for each deliverable.
Methodologies used in the acceptance process include those identified below:
Joint Review
Joint review is by circulation of, discussion about and agreement upon the structure and
content of a document by Fujitsu Services (Post Office Account) and Post Office Limited.
Document Inspection
Formal inspection of a paper copy, by Post Office Limited, of a commercially sensitive (i.e.
technical design) or Service Provider (i.e. Fujitsu Services Core Services) operational
document, by the appropriate reviewing authorities, whilst under supervision by the document
owner. No paper or electronic copies must be taken. Objective of this process is to verify the
existence of the document; no approval rights are associated with this activity.
Inspection to take place at the premises of the document owner.
Procedural Walkthrough
A paper based technique whereby a scenario is selected and the actions and procedures of
those Service Delivery Units (SDU) impacted followed through to ensure that both individual
service delivery unit procedures, and cross boundary SDU procedures, are both complete
and fully integrated. Where appropriate, i.e. affecting Post Office Limited services, Post
Office Limited will be invited to procedural walkthroughs.
Operational Test
An exercise using live operational service components, or where more appropriate and
agreed by Post Office Limited a test environment, whereby a scenario is selected and the
actions and procedures of those Service Delivery Units (SDU) impacted are followed
through. This is to ensure that both individual service delivery unit procedures, and cross
boundary SDU procedures are both complete and fully integrated, and that the desired
outcome on the operational service components is achieved. This is then followed by the
total regression of any changes made to the live service components.
An example of live operational functionality testing was the Campus Fail-over test that was
conducted during CSR Live Trial. An example of a business continuity operational test in a
test environment is the verification of recovery procedures for the Reference Data RDT Host.
Contract Controlled Documents
Summary
This section includes all references to current Contract Controlled Documents relating to,
and/or containing Business Continuity requirements.
Deliverables List
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014
CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED Page No: 29 of 34
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
FUJ00002793
FUJ00002793
Document
HNG-X Business Continuity
Framework
Document
Reference
SVM/SDM/SIP/0001
marks/Acceptance Method
Joint Review and sign-off
Service Desk Service:
Service Description -
WITHDRAWN
SVM/SDM/SD/0001-
WITHDRAWN
Joint review and sign-off.
Engineering Service:
Service Description
SVM/SDM/SD/0002
Joint review and sign-off.
Data Centre Operations
Service: Service
Description
SVM/SDM/SD/0003
Joint review and sign-off.
Third Line Support Service:
Service Description
SVM/SDM/SD/0004
Joint review and sign-off.
Applications Support
Service (Fourth Line
Support): Service
Description
SVM/SDM/SD/0005
Joint review and sign-off.
Systems Management
Service: Service
Description
SVM/SDM/SD/0006
Joint review and sign-off.
Service Management
Service: Service
Description
SVM/SDM/SD/0007
Joint review and sign-off.
Branch Network Service:
Service Description
SVM/SDM/SD/0011
Joint review and sign-off.
Central Network Service:
Service Description
SVM/SDM/SD/0012
Joint review and sign-off.
Reference Data
Management Service:
Service Description
SVM/SDM/SD/0013
Joint review and sign-off.
Operational Business
Change (Branch Change)
Service: Service
Description
SVM/SDM/SD/0014
Joint review and sign-off.
Reconciliation Service:
Service Description
SVM/SDM/SD/0015
Joint review and sign-off.
Management Information
Service: Service
Description
SVM/SDM/SD/0016
Joint review and sign-off.
Message Broadcast
Service: Service
Description
SVM/SDM/SD/0018
Joint review and sign-off.
Communications
Management Team:
Service Description
SVM/SDM/SD/0019
Joint review and sign-off.
©Copyright Fujitsu Services Ltd 2007-
2014
FUJITSU RESTRICTED (COMMERCIAL IN Ref:
CONFIDENCE)
UNCONTROLLED IF PRINTED OR LOCALLY Date:
STORED Page No: 30 0f 34
Version: 3.0
SVMISDMISIP/0001
23-Mar-2015,
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
The following table lists all Service Descriptions which do not specify any Business Continuity
requirements.
Docume! Document Remarks/Acceptance Method
Reference
Security Management SVM/SDM/SD/0017 I There are no business continuity requirements
Service: Service within this Service Description
Description
End to End Reconciliation SVM/SDM/SD/0020 I There are no business continuity requirements
Reporting : Service within this Service Description
Description
Third Party Management SVM/SDM/SD/0021 I There are no business continuity requirements
Service: Service within this Service Description
Description
©Copyright Fujitsu Services Ltd 2007-_- FUJITSURESTRICTED (COMMERCIALIN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015
STORED Page No: 31 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
9.3 BCF Referenced Documents
9.3.1 Summary
This section summarises all the business continuity deliverables specified within the BCF:
9.3.2 Deliverables List
Plan Document Reference Owner Review mi
Fujitsu Services (POA) HNG-X SVM/SDM/PLA/0003_ I Fujitsu Services I Joint review
Business Continuity Operational (POA)
Test Plan
Fujitsu Services Post Office SVM/SDM/PRO/0028_ I Fujitsu Services I Not Applicable
Account HNG-X Business (POA)
Continuity Management Process
HNG-X Support Services SVM/SDM/PLA/0001 I Fujitsu Services I Document inspection to
Business Continuity Plan (POA) verify compliance with
BCF
HNG-X Services Business SVM/SDM/PLA/0002 I Fujitsu Services I Document inspection to
Continuity Plan (POA) verify compliance with
BCF
HNG-X Security Business SVM/SDM/PLA/0031_ I Fujitsu Services I Document inspection to
Continuity Plan (POA) verify compliance with
BCF
HNG-X Engineering Service SVM/SDM/PLA/0030_ I Fujitsu Services I Document inspection to
Business Continuity Plan (POA) verify compliance with
BCF
SU/MAN/018- this is no longer in I Web pages used by Fujitsu Services I Document inspection to
use. Now procedures for recovery I NT, Unix, contain (Core Services) I verify existence of
can be found on the web pages Procedures, Work procedures
that make up UNIX & NT instructions &
operational documentation. Recovery steps etc.
9.4 Technical Design Documentation
All the technical documents are cross referenced in the PLA documents where applicable in section
9.3, and are available for review where required.
©Copyright Fujitsu Services Ltd 2007-
2014
UNCONTROLLED IF PRINTED OR LOCALLY
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
STORED
Ref:
Version:
Date:
Page No:
SVMISDMISIP/0001
3.0
23-Mar-2015,
32 of 34
FUJ00002793
FUJ00002793
Post Office Account HNG-X Business Continuity Framework
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
9.4.1 Review Method
METHOD SUCCESS CRITERIA
1 Document inspection to verify Not applicable
compliance with BCF if required
by customer.
Confidentiality Restrictions apply.
Inspection on Fujitsu Services
(Post Office Account) site by
suitable qualified customer staff
with no copying of document
9.5 Customer Contingency Plans and Post Office Account
Deliverables in Support of Plans
9.5.1 Summary
This section summarises the deliverables produced by Fujitsu Services (Post Office Account) in
support of external contingency plans. It also contains reference to the associated external
Contingency Plan for completeness.
9.5.2 Deliverables List
No documents are required in support of external contingency plans.
©Copyright Fujitsu Services Ltd 2007- FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDMISIP/0001
2014 CONFIDENCE)
Version: 3.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Mar-2015,
STORED PageNo: 33 of 34