FUJ00080842 - Report: Monthly Report on Quality Management across the Post Office Account.
Evidence on official site
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
FUJ00080842
FUJ00080842
Quality Management Report
Document Title:
Quality Management Report (Nov 2011)
Document Reference: PGM/PAS/REP/0798
Release:
Abstract:
Document Status:
Author & Dept:
Not Applicable
Monthly Report on Quality Management across the Post Office
Account.
Approved
Neneh Lowther
External Distribution: N/A
Security Risk
YES, security risks have been assessed, see section 0.9 for details.
Assessment Confirmed
a Authorities:
Mark Arnold
Head of Business Management
Bill Membery
Quality and Compliance
Manager
© Copyright Fujitsu Services
Limited 2011
FUJITSU CONFIDENTIAL Ref. PGM/PAS/REP/0798
(FUJITSU EYES ONLY) Version: 2011-10.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED Page No: 1 of 14
FUJ00080842
FUJ00080842
o Quality Management Report af
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY) &€&
0 Document Control
0.1 Table of Contents
0.1 Table of Contents
0.2 Document History
0.3 Review Detail:
0.4 Distribution List following Approval
0.5 Associated Documents (Internal & External) .
0.6 Abbrevi
0.7 Glossary.
0.8 Changes Expected
0.9 Accuracy
0.10 Securit
2 MANAGEMENT SUMMARY...
3.1 BMS Updates
4.1 — Integrated Assessment Pla
4.2 Health Checks Conducte:
4.3 Summary...
44 Assessments planned
45 Ernst & Young Walkthrough Audits ..
46 PCl Audit...
5 PROCESS IMPROVEMENT 11
5.1 Quality Leads...
5.2 Quality and Compliance Framework
& CORRECTIVE ACTION
6.1 Current statu:
7 MEASURES...
7.1 Customer Satisfaction and Complaints
72 Customer Satisfaction Interview Progr: = a
Fea User Satisfaction - USAT ent
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 2 of 14
FUJ00080842
FUJ00080842
Quality Management Report
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
0.2 Document History
Only integer versions are authorised for development.
Version No. I Date Summary of Changes and Reason for Issue Associated Change
- CP/PEAK/PPRR
Reference
04 07 Feb 2011 _I First draft copy for Business Management
4.0 2011-02 I 01-Mar-2011 __I Approval version for February 2011 (should say January)
44 30 Mar 2011 Update for February 2011 Report
2.02011-02 I 01-Apr-2011 __I Approval version for February 2011
2.4 2011-03 48-Apr-2011 I Update for March 2011
3.0 2011-03 28-Apr-2011 Approval version for March 2011
3.1 2011-04 09-Apr-2011 Update for Apr 2011
40 27-May-2011 I Approval version for April 2011
4.4 2011-05 31-May-2011 I Update for May 2011
5.0 2011-05 28-Jun-2011 Resynchronised dated versioning and corrected formatting.
This is the report for May 2011
5.1 2011-06 27 Jul 2011 Update for June 2011
5.22011-06 I 28-Jul-2011 Corrections to links etc. following review
2011-6.0 28-Jul-2011 Approved version of June 2011 report
2011-6.1 25-Aug-2011 I Update for July 2011
2011-6.2 02-Sep-2011 Added distribution list at section 0.4
2011-7.0 05-Sep-2011 Approved version of July 2011 report
2011-7.1 09-Sep-2011 I Update for August 2011
2011-7.2 05-Oct-2011 I Corrections and improvements following review
2011-8.0 05-Oct-2011 I Approved version of August 2011 report
2011-8.1 13-Oct-2011 Update for September 2011
2011-9.0 31-Oct-2011 Approved version of September 2011 report
2011-9.1 09-Nov-2011 I Update for October 2011
2011-9.2 46-Nov-2011 I Corrections and improvements following review
2011-10.0 21-Nov-2011 I Approved version of October 2011 report
2011-10.1 05-Dec-2011 Update for November 2011
0.3 Review Details
Review Comments by:
Review Comments to: Neneh Lowther, Bill Membery + RMGA Document Management
Role Name
Head of Business Management Mark Arnold
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
Linked 2011 (FUJITSU EYES ONLY) Version: 2011-10.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 3 of 14
FUJ00080842
FUJ00080842
Quality Management Report
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
Quality and Compliance Manager Bill Membery
Change Manager Ken Westfield
Optional Review
Role Name
None
(* ) = Reviewers that retuned comments.
0.4 Distribution List following Approval
Issued for Information following approval
Name
Stephen Long
David Court
Gavin Bell
James Davidson
lan Howard
Hazel Taylor
Peter Beresford
Torstein Godeseth
Tim Healy
Amit Apte
Stephen Doyle
0.5 Associated Documents (Internal & External)
References should normally refer to the latest approved version in Dimensions; only refer to a
specific version if necessary.
Reference Version Date Title Source
PGM/DCM/TEM/0001 I See note I See note above POA Generic Document Template Dimensions
(DO NOT REMOVE) I above
PGM/DCM/ION/0001 POA Document Reviewers/Approvers I Dimensions
(DO NOT REMOVE) Role Matrix
0.6 Abbreviations
BA Business Assurance
BMS Business Management System
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
lmben ond (FUJITSU EYES ONLY) Version: 2011-10.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 4 of 14
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
Quality Management Report
FUJ00080842
FUJ00080842
Abbreviation
Definition
BV Bureau Veritas — Fujitsu's external compliance auditors
CAS Client Assistant Schedule
css Customer Satisfaction Scorecard
E&Y Ersnt and Young
FJ Fujitsu
Iso Intemational Organisation for Standards
NC Non Conformance
PCI Payment Card Industry
PCI DSS Payment Card Industry Data Security Standard
POLTD Post Office Ltd
POA Post Office Account (Fujitsu)
QMR Quality Management Review
RMG Royal Mail Group
SP SharePoint
0.7 Glossary
ISO 9001
Term Definition
Quality management systems — Requirements (International Standard)
BS OHSAS 18001
Occupational health and safety management systems — Requirements (British
Standard)
ISO 14001 Environmental management systems - Requirements for use (International Standard)
ISO 27001 Information technology — Security techniques — Information security management
systems — Requirements (International Standard)
0.8 Changes Expected
ae
0.9 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.10 Security Risk Assessment
Security risks have been assessed and it is considered that there are no security risks relating specifically to this
document.
© Copyright Fujitsu Services
Limited 2011
FUJITSU CONFIDENTIAL
(FUJITSU EYES ONLY)
UNCONTROLLED IF PRINTED OR LOCALLY
STORED
PGM/PAS/REP/0798
2011-10.0
21-Nov-2011
5 of 14
FUJ00080842
FUJ00080842
Quality Management Report
Pe)
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
1 Purpose
This document is the monthly report on the suitability, adequacy and effectiveness of the Quality
Management system across the Post Office Account (POA).
This management system includes:
1. Fujitsu Business Management System (BMS)
2. POA local processes and procedures
3. POA Second and Third parties
This document is the main input to the regular management review of the POA’s Management System
which is undertaken in compliance with ISO 9001 clause 5.6 Management review and ISO 27001 clause
5.1.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref. PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version: 2011-10.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED Page No: 6 of 14
FUJ00080842
FUJ00080842
o Quality Management Report .
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
2 Management summary
Details
Item Summary [CTRL] Click to
follow link
4 A document detailing both external and internal audits has been published. This POA
is now on SharePoint. Integrated
Audit
Schedule
2 2 non-conformances and 1 observation remain outstanding from previous audits.
The delivery plans to address these issues are on target.
All observations from the Ernst and Young (E&Y) audit have been resolved
except those for User Management and these are currently running to plan. The
framework document has gone out for formal review (PGM/PAS/MANO04).
All outstanding observations from the Vocalink audit are on target for completion.
3 The quarterly management management reviews is scheduled for December I QMR Minutes
2011. -Sep 11
A control objectives document for ISAE 3402 (SAS70) has been provided to
Fujitsu by Ernst and Young and is to be discussed by Stephen Long on 14!"
November 2011, as is the use of an Ernst and Young consultant to move this
forward for April 2012.
The Link Audit outstanding items are on target to be completed by 31% January
2012 by Security Operations.
The BV audit was completed in Sep 2011. Of the 7 observations raised on POA,
5 items have been closed and the remaining 2 are on target for completion by
the end of Dec11.
The RMG audit has been completed and no observations or issues have been
raised so far. The audit report will be provided to us by RMG by the end of
December 2011.
All outstanding Actions from the Ernst and Young Audit 2010-2011 have now
been closed. These have been reviewed by PO LTD/ RMG and we are awaiting
final closure by Ernst and Young.
The Ernst and Young audit is in progress with walkthrough meetings held on the
7" and 8'" November 2011 and evidence requested has been provided to E&Y
on their e-portal. E&Y will be visiting IRE11 on the 15" and 16th November to
continue this. This project is being managed via a E&Y Client Assistant
Schedule (CAS) that is reviewed weekly with PO LTD and monthly at Executive
level.
The forthcoming PCI Audit is dependent on PO LTD raising the relevant Change
Requests for the comparison work between version 1.2 and version 2.0 and a
Change Request for the actual audit itself. To date these have not been
forthcoming despite repeated requests.
The next POL audit steering group is 22% November and the next QMR is in
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED Page No: 7 of 14
FUJ00080842
FUJ00080842
o Quality Management Report od
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
Details
Item Summary [CTRL] Click to
follow link
December 2011.
FJ quality forum is on 18 December 2011.
oc ht Fujitsu Servi FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
lima (FUJITSU EYES ONLY) Version: 2011-10.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 8 of 14
FUJ00080842
FUJ00080842
o Quality Management Report
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
3. Introduction
This section of the report covers the Fuiitsu. BMS which defines how we.work..The kev. components of the
BMS can be found on Café VIK IRRELEVANT
3.1 BMS Updates
Updates to the BMS are received from Group Quality each month and the POA Quality Manager reviews
these and highlights anything that will have an impact on the account.
IRRELEVANT
linder develooment.can he folind at anna *
IRRELEVANT I
The next BMS Quality forum is to be held in December 2011 and the account is required to produce for
this, a lessons learned quality review and a Quality management highlights and lowlights reports.
‘and BMS Changes
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 9 of 14
FUJ00080842
FUJ00080842
Quality Management Report
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
4 Assessments
4.1 Integrated Assessment Plan
Details of all these assessments are shown on the Integrated Assessment Schedule. These are
maintained by the POA Compliance and Quality Team and held on the POA Business Management
SharePoint site POA Integrated Audit Schedule
4.2 Health Checks Conducted
4.3 Summary
e The Vocalink audit has been completed and all remedial activities are progressing according to
plan with a deadline of January 31% 2012 to be completed by Security Operations.
e The BV audit was completed in September 2011 and all remedial work are progressing according
to plan.
© The RMG audit has been completed. The initial report from RMG will be provided by 30"
November 2011.
e The E&Y Walkthrough audit is in progress
4.4 Assessments planned
4.5 PCI Audit
PO LTD has advised that the PCI audit will take place on the 14'" February 2012. POA has requested
that the coordination of all PO LTD audits take place prior to this to prevent over audit in the last quarter
of the year. PO LTD has also requested that this audit will be under PCI version 2, if it is not completed
by the end of December 2011.
A request has been sent to PO LTD to raise a CR for the preparation for this Audit and for the
assessment of the changes between versions 1.2 and 2.0 and their likely impact. To date, no response
has been received.
5 Process Improvement
5.1 Quality Leads
As a result of the health checks, the following individuals have agreed to become Quality Leads in their
respective areas. Applications Development (Steve Evans), Test (Debbie Richardson) and Security
Operations (Donna Munro). A ‘training plan’ will be developed during the 1% quarter of 2012 for the
nominated Quality Leads.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED Page No: 10 of 14
FUJ00080842
FUJ00080842
Quality Management Report
Pe)
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
5.2 Quality and Compliance Framework
POA has contractual, legislative and compliance requirements placed upon it by its stakeholders and
evidence that these are met is required as part of its Customer Lifecycle Gateways and as part of its
internal and external audits.
POA has begun discussing with BA on how this framework will link into its processes and as a result of
this further discussions are taking place with PO LTD and BA around the framework. SAS 70 is to be
discussed with POL and BA to see if this meets requirements of both BA and PO LTD and enables the
reduction in the level of repetitive audits.
The organisational changes within the structure of Fujitsu will affect these discussions and any
agreement and guidance has been sought from the BMS team as to the impacts of this.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 11 of 14
FUJ00080842
FUJ00080842
Quality Management Report
Pe)
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
6 Corrective action
6.1 Current status
The following table is a snapshot of corrective actions from the audits that have been conducted so since
this year including 3 outstanding actions from the previous BSI audit. Full details of these are on
SharePoint - Corrective Action Status. This is updated weekly with comments and actions from resolution
owners.
Business
Assurance
Vocalink
Non-ConformanceI 0 I 2I0/0/O0/0/0/0/0/0/0/0
Observation) OI0I/O/}]0I}1/0}7/0/1}/2/0I2
Opportunity for Improvement] 0 I 0I/0/0/0/0]/0/0/0]/0/0/0
Good Practice} 0 I0/O0}/0/0/0/0/0/0]/1{0Ij0
TOTAL (Oct 2011) 0 Mo I o Mo [7 o Bao 15
Status Some Corrective Actions are Overdue
Some Corrective Actions are Open but none are Overdue
Some Corrective Actions are Closed
All observations from the E&Y audit (2010/2011) have been resolved and PO LTD is agreeing closure.
The framework document has gone out for formal review (PGM/PAS/MANO0004).
The updates on the overdue observations are as follows;
GHQ/PSD/RMG/RoyalMailAccount/080610 Sequence 06 and BSI/7431833 Sequence 02
These items are under discussion with the BMS team and are awaiting a decision on how the BMS is.
going to be affected by the organisational changes that are currently occurring in Fujitsu.
BSI/7492972_7560946 Sequence 02
Discussions are underway with PO LTD Security team to agree a set of metrics that will be reviewed at
each ISMF. An initial set of measurements have been presented and these are under review for
enhancement.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 12 of 14
FUJ00080842
FUJ00080842
Quality Management Report
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
7 Measures
7.1 Customer Satisfaction and Complaints
We have adopted the Corporate CSS approach and these have been aligned with the POA functional
areas. This new format and structure has been agreed with PO LTD. The score card for Operations is
currently with PO LTD for a moderated score for each of the services. The score cards for Programmes
and Projects and Account Management are still outstanding due to staff changes. These issues have
been escalated to senior management.
7.2 Customer Satisfaction Interview Programme - CSIP
All actions from the CSIP for 2010/11 have been addressed and completed.
The CSIP interview for POA for 2011/2012 has been scheduled for the 21°t December 2011.
7.2.1 User Satisfaction - USAT
Customer satisfaction data covering complaints and the USAT surveys from the monthly analysis of
service performance are included below.
USAT for November 2011
USAT scores remain constant; overall score of 4.5 out of 5
Focus within Engineering and HSD will continue.
12 complaints received from a total of 10329 calls taken in October-11
All complaints have been investigated and feedback given.
Justified Complaints Un-Justified Complaints
Equipment Quality 2x
Equipment 1x
Online Services 1x Online Services 2x
HSD Process 2x
No response Required Complaints
Online Services 1x
Engineer ETA 2x
HSD 1x
USAT surveys are conducted each month by the Help Desk contacting a sample of Postmasters
(typically less than 50% respond to these requests). The USAT survey data for October has been added
and this continues to show little change in the levels of satisfaction quoted which remains at acceptable
levels.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 13 of 14
FUJ00080842
FUJ00080842
Quality Management Report
[oe]
FUJITSU FUJITSU CONFIDENTIAL (FUJITSU EYES ONLY)
USAT 2010 - 2011
4.6
45 —
Oct- Nov- Dec- Jan- Feb- Mar- Apr- May- Jun- Jub Aug- Sep- Oct- Nov-
10 10 10 14 14 14 41 414 14 -140°11 °110°41°~°-11
8 Communication
Proposals for updating the Quality page on the POA SharePoint site are to be discussed as part of the
Business Management initiative.
9 Quality Forum
The next BMS Quality Forum is scheduled for 1°* December 2011.
© Copyright Fujitsu Services FUJITSU CONFIDENTIAL Ref: PGM/PAS/REP/0798
limbed oat (FUJITSU EYES ONLY) Version’ 2011-10.
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 21-Nov-2011
STORED PageNo: 14 of 14