O Security Management Service: Service
FUJITSU Description
FUJITSU SERVICES
Commercial in Confidence
FUJ00088180
FUJ00088180
SVM/SDM/SD/0017
1.0
24/08/06
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Internal Distribution:
External Distribution:
Approval Authorities:
Security Management Service: Service Description
Service Description — Contract Controlled Document
HNG-X and HNG-X Application Roll Out Transitional Period
Service Description for the Security Management Service as
provided under contract to Post Office
APPROVED
Richard Brunskill: Fujitsu Services
(See PA/PRO/O10 for Approval roles)
(For Originator to distribute following approval)
(For Document Management to distribute following approval)
Name Role Signature Date
Dave Hulbert Post Office: Head of Systems
Operations
Richard Brunskill Fujitsu Services: Senior Service
Delivery Manager
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 1 of 20
CONTRACT CONTROLLED
O Security Management Service: Service
FUJITSU Description
FUJITSU SERVICES
Commercial in Confidence
FUJ00088180
FUJ00088180
Ref: © SVM/SDM/SD/0017
Version: 1.0
Date: 24/08/06
0.0 Document Control
0.1 Document History
Version No. Date Reason for Issue Associated
CP/PEAK/PPRR
Reference
1.0 24/08/06 Agreed
0.2 Review Details
Review Comments by [Date]
Review Comments to : Originator & Document Management
Mandatory Review
Post Office: Operations Support Bernadette O'Donnell
Post Office: Commercial Mike Hannon
Fujitsu Services: Commercial Pam Purewal
Fujitsu Services: SI James Stinchcombe
Fujitsu Services: CS Brian Pinder
Optional Review
Issued for Information — Please restrict this
distribution list to a minimum
Post Office: Head of Systems Operations Dave Hulbert
Fujitsu Services: Head of Service Delivery Carl Marx
( * ) = Reviewers that returned comments
0.3. Associated Documents
Reference Version I Date Title Source
SVM/SDM/PRO/0016 Security Incident PVCS
Management, Joint Working
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 2 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
roo) Security Management Service: Service Ref: =SVM/SDM/SD/0017
FUJITSU Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
Document
RS/POL/002 Horizon Security Policy PVCS
RS/POL/003 Access Control Policy PVCS
SVM/SDM/SD/0015 Reconciliation Service, PVCS
Service Description
Unless a specific version is referred to above, reference should be made to the current
approved versions of the documents.
N.B. Printed versions of this document are not under change control.
0.4. Abbreviations/Definitions
Abbreviation Definition
IDS Intrusion Detection System
IPS Intrusion Prevention System
0.5 Changes in this Version
Version Changes
0.6 Changes Expected
Changes
Expected changes should the HNG-X design or solution require amendment to the service provided by
Fujitsu Services.
Post contract signature following agreement to any Draft Notes (DN) included within the document.
This CCD has not had full review by Post Office.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 3 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
)} Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
0.7 Table of Contents
1.0
2.0
“2.4, 1
2.5
2.5.1
2.5.2
2.6.3
2.7
2.8
2.9
2.10 DOCUMENTATION SET SUPPORTING THE SERVICE
SERVICE SUMMARY...
HNG-X.
SERVICE DEFINITION
Security Organisation and Management.
Compliance Monitoring and Audit......
Cryptographic Key Management
PIN Pads.
Security Event Management and Firewall Event Analysi:
System and Physical Access Control.
Anti-Virus and Malicious Software Management see
Security Incident Reporting and Problem Management
System Security Change Management..
Security Awareness and Training.
Information Retrieval and Audii
Prevailing Threats and Vulnerability Manz
Litigation Support...
SERVICE AVAILABIL ITY...
SERVICE LEVELS AND REME!
General Principles.
Service Level Relie!
Rectification Plan..
Service Levels for which Liquidated Damages Apply
Service Levels for which no Liquidated Damages App!
Operational Level Agreements.
Performance Metrics.
Design Targets...... .
SERVICE LIMITS AND VOLUMETRICS......
ua te ue a be
w
we Ww
New and Old Data Queries.
A AND LICENCE!
Assets...
Licences...
CHARGES.
Operational Fixed Charges.
Operational Variable Chargs
Additional Operational Variable Charge.
DEPENDENCIES AND INTERFACES WITH OTHER OPERATIONAL SERVIC
POST OFFICE DEPENDENCIES AND RESPONSIBILITIES........-
BUSINESS CONTINUITY...
3.0 HNG-X APPLICATION ROLL OUT — TRANSITIONAL PERIOD...
3.1 SERVICE DEFINITION..
3.2. SERVICE AVAILABILITY.
3.3 SERVICE LEVELS AND REMEDIES.
3.4 SERVICE LIMITS AND VOLUMETRIC:
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 4 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: ~=SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
3.5 ASSETS AND LICENCES. 23
3.6 CHARGES : 3
3.7 DEPENDE! . SERVIC 3
3.8 3
3.9 BUSINESS CONTINUITY 3
3.10 DOCUMENTATION SET SUPPORTING 3
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 5 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
1.0 Service Summary
1.1. The Security Management Service provides a range of security-related activities that
support the establishment and maintenance of an ISO 27001 — compliant
infrastructure. The Security Management Service monitors operations and
introduces specific protective security controls to maintain the integrity, availability
and confidentiality of information used and produced by the various Services, other
than the Service Integration Service.
1.2. Fujitsu Services’ contractual obligations for delivering and maintaining provision of a
secure system is set out in Clause 16 (Security) of the Agreement. The Security
Management Service consists of the following elements:
(a) implementation and maintenance of Post Office security policy and procedures;
(b) compliance monitoring and audit;
(c) cryptographic key management;
(d) security event management and firewall event analysis;
(e) system and physical access control;
(f) anti-virus and malicious software management;
(g) monitoring of any IDS or IPS in place;
(h) _ security incident reporting and problem management;
(i) system security change management;
(j) security awareness and training;
(k) audit data retrievals and prosecution support;
(1) Subject Information Requests management;
(m) _ prevailing threats and vulnerability management;
(n) litigation support; and
(0) LINK compliance questionnaire.
1.3. The Security Management Service staff will be appropriately trained to carry out the
Service.
1.4. In performing the Security Management Service, Fujitsu Services shall be responsible
for:
(a) delivery of the security policy as specified in paragraph 4.1.3 of Schedule A4 of
the Agreement;
(b) maintaining with Post Office the identity of the persons from both Parties
authorised to receive sensitive security-related material (including
cryptographic key components); and
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 6 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
2.0
2.1
2.1.1
(c) liaising with Post Office in the manner described in the Working Document
entitled: "Security Incident Management, Joint Working Document"
(SVM/SDM/PRO/0016).
HNG-X
Service Definition
Security Organisation and Management
Security organisation and management within the Security Management Service provides a
number of organisational and management activities required for compliance with ISO 27001.
These are:
(a) the co-ordination of security activities and prioritising of activities according to risk
within the appropriate Fujitsu Services risk register;
(b) the creation and maintenance of security-related procedural and process documentation
to assist compliance and help maintain correct operation by Fujitsu Services and Post
Office staff;
(c) the regular reviews of Fujitsu Services Security Management Service documentation to
provide appropriate security input and compliance to the requirements of ISO 9001;
(d) the management of ISO 27001 gap analysis, preparation of a plan for implementation in
accordance with agreed terms of reference (TOR) and monitoring of corrective actions;
and
(e) informing Post Office of any changes to the HNG-X Application that are likely to have
an impact upon security.
2.1.2 Compliance Monitoring and Audit
Compliance monitoring and audit within the Security Management Service provides a number
of compliance monitoring and audit activities required for compliance with ISO 27001. These
are:
(a)
(b)
the undertaking of periodic physical security and system security audits of the Data
Centre, the Service Desk and other locations used to provide the Services, other than
the Service Integration Service, on a risk management basis to provide ongoing
assurance of compliance to security policies and procedures. Activities will include
reviews of operational processes, provision of reports covering IT, environmental,
physical, personnel security etc. and the monitoring of identified corrective actions; and
the provision of advice and guidance on issues affecting personnel security within Fujitsu
Services including the investigation of personnel security issues and staff vetting queries.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 7 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
2.1.3
Cryptographic Key Management
The cryptographic key management element of the Security Management Service provides a
number of cryptographic key management activities. These are:
(a)
(b)
(c)
(d)
(ce)
2.1.4
management of the automated Key Management System (KMS) for the creation,
distribution and installation of required cryptographic material to the live estate and the
maintenance of periodic key replacement for all Branches in addition to the safeguarding
of live and reserve keys;
operation of functionality and configuration changes to the HNG-X Application in order
to optimise service;
management of KMS event logging and incident handling to assist the Service Desk
Service, the Systems Management Service, the Third Line Support Service and the
Application Support Service (Fourth Line) in error resolution and problem management;
management of the manual cryptographic estate by maintaining the creation,
distribution, auditing and periodic replacement of cryptographic keys within agreed
timescales; and
supplier management of cryptographic key suppliers.
PIN Pads
2.1.4.1. The Security Management Service shall ensure PIN Pads comply with the
requirements of ISO 9564. Fujitsu Services' key management service for any key
directly or indirectly protecting the secrecy of PIN values (together, "PIN Encryption
Keys") shall comply with ISO 11568 Parts I to 3.
2.1.4.2. The key management service used between each PIN Pad and the rest of the HNG-X
Services shall be the DUKPT scheme as described in paragraph 6.2 of Schedule A4
of the Agreement.
2.1.4.3. In the event of an actual or suspected key compromise in respect of a PIN encryption
2.1.5
The
key used within the HNG-X Services, Fujitsu Services shall implement key change
mechanisms in accordance with the principles stated in ISO 11568 Parts I to 3.
Security Event Management and Firewall Event Analysis
security event management and firewall event analysis element of the Security
Management Service provides a number of security event management and firewall event
analysis activities. These are:
(a)
(b)
management of audit mechanisms to monitor detect and record events that might
threaten the security of the HNG-X Service Infrastructure;
operation of the security event management system utilising the Systems Management
Service system to track and report events of security significance and daily monitoring
of the security event management system to identify relevant events and logging of
details;
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 8 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
(c) regular analysis of audit trails to identify new features and vulnerabilities introduced by
new systems to facilitate trend analysis and to assist the investigation of security
breaches;
(d) reviewing security configurations of event filters to optimise efficiency and minimise
security weaknesses;
(ec) undertaking risk assessments to establish adequate firewall policies / rule bases and the
subsequent monitoring of events generated by the HNG-X Service Infrastructure;
(f) analysis of firewall event logs using trend analysis software to identify the presence of
any potential attacks or of areas of vulnerability and the provision of advice for any
remedial action; and
(g) prompt investigation and remedial action in order to minimise the impact of any security
breach.
2.1.6 System and Physical Access Control
The system and physical access control element of the Security Management Service provides
a number of system and physical access controls which are defined within the CCD entitled:
“Access Control Policy” ( RS/POL/003), These are:
2.1.6.1 System Access Control
(a) Management of the process for validating that Users are authorised before being
permitted access to the HNG-X Service Infrastructure.
(b) Management of the allocation and auditing of secure ID tokens where used to validate
that Fujitsu Services users who access the HNG-X Central Infrastructure from locations
remote from the Data Centres do so via secondary token authentication.
(c) Management of system controls in the environment, Data Centre or location where the
HNG-X Services are performed.
2.1.6.2 Physical Access Control
(a) Access to the live or test Data Centre is requested by a Fujitsu Services user via Fujitsu
Services' online system in the following manner:
¢ the Fujitsu Services user will receive an e-mail to acknowledge submission;
¢ the Data Centre Operations Service will check throughout the day/night for any
requests not yet actioned;
¢ the Data Centre Operations Service will action request with approval or rejection;
and
e the Fujitsu Services user will receive an e-mail to sanction request or refuse request
with the reason for non approval.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 9 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
(b) All Fujitsu Services users shall register and sign-in at reception when visiting the various
premises occupied by the Service Desk Service, Systems Management Service and Third
Line Support Service respectively.
2.1.7. Anti-Virus and Malicious Software Management
The anti-virus and malicious Software management element of the Security Management
Service provides a number of anti-virus and malicious software management activities. These
are:
(a) management of the distribution of updated anti-virus software and appropriate
signatures across the HNG-X Service Infrastructure to maintain protection of the HNG-
X Services from viruses and malicious software;
(b) initial configuration of alerting mechanisms and event filters to provide automatic
notification and prompt virus incident response;
(c) provision of regular updates to identify and cleanse new and emerging virus strains;
(d) daily and periodic checks of emerging viruses and other malicious software to be
informed of threats and to determine the available defensive measures; and
(ec) provision of event monitoring and incident response via normal incident handling
procedures. Analysis of details to understand the threat and inform corrective actions.
2.1.8 Security Incident Reporting and Problem Management
2.1.8.1. The security incident reporting and problem management element of the Security
Management Service provides a number of security Incident reporting and problem
management activities defined in detail in the Working Document entitled: “Security
Incident Management, Joint Working Document” (SVM/SDM/PRO/0016). These
are:
(a) provision of a central point of contact for all security related issues;
(b) investigation and reporting to Post Office of any actual or potential threats or
breaches that may have a material effect on the HNG-X Services in accordance
with agreed procedures; and
(c) provision of ongoing liaison with Post Office and support to the Fujitsu
Services’ Security Board as defined in the CCD entitled “Horizon Security
Policy” (RS/POL/002).
2.1.9 System Security Change Management
The system security change management element of the Security Management Service
provides a number of system security change management activities. These are:
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 10 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
(a) management of security compliance with agreed change processes and the assessment of
the business and security impact of incident and problem management systems including
the provision of options for resolution and containment of security and business risk; and
(b) assessment of the business and security impact of Change Requests and the assessment
and approval/rejection of security related operational Change Requests.
2.1.10 Security Awareness and Training
The security awareness and training element of the Security Management Service provides a
security awareness training programme for Fujitsu Services and relevant Post Office
personnel.
2.1.11 Information Retrieval and Audit
2.1.11.1 Description of Terms
“Banking Transaction Record Query” means a record query in respect of a Banking &
Related Services Transaction which the Data Reconciliation Service Host (DRSH) has
reconciled or has reported as an exception, the result or records of which are subsequently
queried or disputed by Post Office or a third party;
udit Record Query” means a record query that is not a Banking Transaction Recor
“Audit Record Query d query that t a Banking T: tion Record
Query and which relates to Transactions.
“APOP Voucher Query” means a record query for APOP voucher archived records;
“Old Data” means the extraction of records created before the 3rd January 2003, but not
earlier than the 18" May 2002 (before which data was automatically deleted), relating to
Transactions, other than Banking & Related Services Transactions meeting the Search
Criteria, such extraction being limited to the following specific types of information/data
fields: the ID for the User logged-on, Counter Position ID, stock unit reference, Transaction
ID, Transaction start time and date, Customer Session ID, mode (e.g. serve customer),
product number and quantity, and sales value, Entry Method, State, IOP Ident, Result,
Foreign Indicator;
“Period One” means, in respect of each Transaction the period of 90 days commencing on
the date of that Transaction;
“Period Two” means, in respect of each Transaction the period commencing the day after
expiry of Period One for that Transaction, expiring on the earlier of:
(a) seven (7) years in the case of Transaction records up to and including the 18" May 2002
if created before commencement of the NB Pilot (Soft Launch); and
(b) the date of completion of transfer of Post Office Data (including the record of that
Transaction) in accordance with Schedule E of the Agreement;
“Query Day” means each date against which an Audit Record Query or an Old Data query is
raised;
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 11 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
“New Data” means the extraction of records created on and following the 3rd January 2003
relating to Banking & Related Services Transactions (and, in the case of Audit Record Queries
relating to all Transactions) meeting the Search Criteria, such extraction being limited to
specific types of information/data fields as follows:
(a) in the case of an Audit Record Query - the ID for the User logged-on, Counter Position
ID, stock unit reference, Transaction ID, Transaction start time and date, Customer
Session ID, mode (e.g. serve customer), product number and quantity, and sales value,
Entry Method, State, IOP Ident, Result, Foreign Indicator; and
(b) in the case of a Banking Transaction Record Query - Banking & Related Services
Transaction ID, Banking & Related Services Transaction type, receipt date, receipt time,
the reason code (in the case of a discrepancy) and DRSH sub-value(s) (e.g. CO
Confirmation, C1 Confirmation, NB Decline,
in all cases an ‘Event Log’ will also be produced and provided with the Audit Record Query,
detailing; GroupID, ID, date, User, SU, EPOSSTransaction.T and EPOSSTransaction. Ti.
“Search Criteria” means: To be specified for each individual Record Query or Old Data
query (as applicable). In the case of an Audit Record Query of either:
(a) The date or dates (not exceeding 31 consecutive days), FAD and PAN (or equivalent
identifier); or
(b) The date or dates (not exceeding 31 consecutive days), and Branch FAD; or in the
absence of a Branch FAD the full Branch postal address;
in the case of a Banking Transaction Record Query of either:
(a) Date, Branch FAD and PAN; or
(b) Date and Branch FAD,
Fujitsu Services shall have access (such access being restricted to properly authorised Fujitsu
Services staff) to records of each Banking & Related Services Transaction during Period One
and Period Two.
2.1.11.2 Fujitsu Services shall carry out the data queries in accordance with the limits set out
in section 2.4.1 of this Security Management Service, Service Description.
2.1.12. Prevailing Threats and Vulnerability Management
2.1.12.1. The Security Management Service shall ensure that any prevailing threats and
vulnerabilities arising from hackers and / or crackers are managed in accordance with
ISO 27001. Such prevailing threats and vulnerabilities may be exploited despite the
presence of anti-virus monitoring, firewalls and intrusion detection software which
Fujitsu Services has in place throughout the HNG-X Service Infrastructure and may
be as a result of:
(a) software defects requiring vendor issued patches or bug fixes;
(b) insecure accounts with weak or non existent passwords;
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 12 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: ~=SVM/SDM/SD/0017
J Description Version: 1.0
FUNITSU SERVICES Commercial in Confidence Date: 24/08/06
(c) unnecessary services, for example, Telnet or remote access;
(d) _ built in weaknesses, for example, backdoor accounts; and
(e) system mis-configuration.
2.1.12.2. In managing such prevailing threats and vulnerabilities, the Security Management
Service will:
(a)
(b)
(c)
(d)
assess the existing vulnerabilities on each element of the HNG-X Service
Infrastructure;
determine the degree of risk for each vulnerability identified;
mitigate or resolve the vulnerability by the updating of Hardware and / or
Software versions or by applying vendor issued service packs, hot fixes or
Software patches; and
in any investigation carried out by Post Office and/or by Fujitsu Services of any
potential or actual security breach or threat, Post Office and Fujitsu Services
shall report to each other (or Fujitsu Services shall report to Royal Mail Group,
if required by Post Office) any actual or potential security breach or threat
identified in the course of such investigation that may have a material adverse
effect upon the security of the Infrastructure. The procedures by which such
threats shall be reported and the methodology for investigating and resolving
security incidents (disputed Banking & Related Services Transactions are
defined within the CCD entitled "Reconciliation Service, Service Description"
(SVM/SDM/SD/0015)) shall be as set out in the Working Document entitled
“Security Incident I Management, Joint Working — Document”
(SVM/SDM/PRO/0016).
2.1.13 Litigation Support
2.1.13.1 Where Post Office submits an Audit Record Query or Old Data Query in connection
with litigation support, at Post Office’s request Fujitsu Services shall, in addition to
conducting that query:
a)
present records of Transactions extracted by that query in cither Excel 95,
Excel 97 or native flat file format, as agreed between the Parties; and
b) subject to the limits set out in section 2.4.1 analyse:
(i) the appropriate Service Desk records for the date range in question; and
(ii) fault logs for the devices from which the records of Transactions were
obtained;
c) in order to check the integrity of records of Transactions extracted by that
query;
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 13 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
0) request and allow the relevant employees of Fujitsu Services to prepare
witness statements of fact in relation to that query, to the extent that
such statements are reasonably required for the purpose of verifying the
integrity of records provided by Audit Record Query or Old Data Query
and are based upon the analysis and documentation referred to in this
section 2.1.13 of this Security Management Service, Service
Description; and
(ii) request and allow the relevant employees to attend court to give
evidence in respect of the witness statements referred to in the sub-
section (c)(i) above;
d) provided that:
(i) Fujitsu Services’ obligations set out in sub-sections (a) and (b) above
shall be limited, in aggregate, to dealing with a maximum of 150 (in
aggregate) Record Queries and Old Data Queries per year (on a rolling
year basis); and
(ii) Fujitsu Services' obligations in the case of provision of witnesses
referred to in sub-section (c) above shall be to provide witnesses to
attend court up to a maximum (for all such attendance) of 60 days per
year (on a rolling year basis).
2.1.13.2 For the avoidance of doubt the target times set out in Table 1 for dealing with Audit
Record Queries and Old Data Queries shall not apply in respect of Fujitsu Services!
obligations under sub-section 2.1.13.1(c) above.
2.1.13.3 Any information requested beyond that available by Audit Record Query and/or any
witness statements or witness attendance beyond that available in accordance with
section 2.1.13.1 of this Security Management Service, Service Description shall be
agreed on a case by case basis and shall be dealt with in accordance with the Change
Control Procedure.
2.1.13.4 Sensitive card data included in records of Banking & Related Services Transactions
extracted by record query and provided to Post Office (but, for the avoidance of
doubt, not that included in records for Transactions extracted for Audit Record
Queries in respect of any other Business Capability and Support Facility) shall be in
the encrypted form in which they are held.
2.1.13.5 The Security Management Service shall ensure reasonable access to the audit trail of
Banking & Related Services Transactions for Post Office auditors for audit purposes
which access shall be by written request and reasonable notice to Fujitsu Services.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 14 of 20
CONTRACT CONTROLLED
O Security Management Service: Service
FUJITSU Description
FUJITSU SERVICES
Commercial in Confidence
FUJ00088180
FUJ00088180
SVM/SDM/SD/0017
1.0
24/08/06
2.1.14 LINK Compliance Questionnaire
Fujitsu Services shall support Post Office in the completion of the annual LINK Security
Statement, by submitting a completed Compliance Supplier Questionnaire in respect of LINK
when requested by Post Office.
2.2 Service Availability
The Security Management Service will be available between 09:00hrs to 17:30hrs Monday to
Friday excluding all Bank Holidays.
2.3. Service Levels and Remedies
2.3.1 General Principles
2.3.1.1. The performance of the Security Management Service against the Operational Level
Target (OLT) applicable in respect of the relevant Security Management Service shall
be measured and reported and success or failure against each shall be judged over the
OLT calendar month.
2.3.1.2. The values applicable to each of the Security Management Service OLTs are
identified within section 2.3.6 of this Security Management Service, Service
Description.
2.3.2 Service Level Relief
This section is not applicable to the Security Management Service.
23.3 Rectification Plan
See paragraph 7.1 of Schedule C1 of the Agreement.
2.3.4 Service Levels for which Liquidated Damages Apply
There are no specific SLTs applicable to the Security Management Service for which
liquidated damages apply.
2.3.5 Service Levels for which no Liquidated Damages Apply
There are no specific SLTs applicable to the Security Management Service for which
liquidated damages do not apply
2.3.6 Operational Level Agreements
Table I describes the OLTs applicable to the Security Management Service.
Table 1
re)
Q)
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence)
CONTRACT CONTROLLED
Page: 15 of 20
oO
FUJITSU
FUJITSU SERVICES
FUJ00088180
FUJ00088180
Security Management Service: Service Ref: =SVM/SDM/SD/0017
Description Version: 1.0
Commercial in Confidence Date: 24/08/06
OLT
Limits on Audit Record Queries
Period One
Period Two
Period One and Period Two
Target
Time
5 Days
7 Days
Subject to section 2.4.1, and applicable only in respect of Audit
Record Queries, consisting of data archived with effect from
the 4" Jan 2003, 7 Working Days (for queries of 14 or less
days’ duration) and 14 Working Days (for queries of greater
than 14 days’ duration).
Subject to section 2.4.1, and applicable only in respect of Audit
Record Queries consisting of data archived between the 18"
May 2002 up to the Third Jan 2003, 14 Working Days (for
queries of 14 or less days’ duration) and 28 Working Days (for
queries of greater than 14 days’ duration)
2.3.7
Performance Metrics
There are no performance metrics applicable to the Security Management Service.
2.3.8
Design Targets
There are no design targets applicable to the Security Management Service.
2.4
2.4.1
Service Limits and Volumetrics
New and Old Data Queries
Table 2 defines the limits on New and Old Data queries, including APOP Voucher Queries
which Fujitsu Services shall be obliged to complete.
Table 2
() Q)
Limits on Banking Transaction Limits on Audit Record Queries
Record Queries
Period One Period Two Period One and Period Two
Limits 900 per year (on I 100 per year (on I Subject to section 2.4.1, the limit per year (on a rolling year
a rolling year
basis) with no
more than 126
in any calendar
month
a rolling year
basis) with no
more than 14 in
any calendar
month
basis) shall be the first of the following to be reached: (i) 720
Audit Record Queries consisting of Old or New Data & APOP
Voucher Queries or; (ii) 15,000 Query Days.
The limit per calendar month, allowing a ‘burst rate’ of 14%
shall be the first of the following to be reached, of which not
more than 10 shall be APOP Voucher Queries: (i) 100 Audit
Record Queries, or (ii) 2100 Query Days subject to the
constraints of the agreed annual limits above.
2.4.1.1. The limits set out in column I in Table 2 above and the provisions of this section
2.4.1 of this Security Management Service, Service Description shall apply in
connection with the application of those limits.
©Copyright Fujitsu Services Ltd 2006
(Commercial In Confidence) Page: 16 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
FUJITSU Security Management Service: Service Ref: =SVM/SDM/SD/0017
J Description Version: 1.0
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
2.4.1.2.
2.4.1.3.
2.4.1.4.
2.4.1.5.
2.4.1.6.
2.4.1.7.
The limits set out set out in the column 2 in Table 2 above and the provisions of this
section 2.4.1 of this Security Management Service, Service Description shall apply in
connection with the application of those limits with effect from the date of
commencement of HNG-X Project Workstream X4 (HNG-X Application Roll Out).
For the purpose of applying the limits in column 2 in Table 2 above from the date of
commencement of HNG-X Project Workstream X4 (HNG-X Application Roll Out)
the number of queries equivalent to Audit Record Queries (and associated Query
Days) that were carried out in the period up to 12 months prior to that date shall be
included in calculating whether the annual limit has been reached (on a rolling year
basis).
For the purpose of applying the limits in column 2 in Table 2 to the month in which
the HNG-X Project Workstream X4 (HNG-X Application Roll Out) commences, the
Audit Record Queries carried out since the commencement of that calendar month
shall count towards the limits of Audit Record Queries for that month.
Where:
(a) anew Audit Record Query which is received by Fujitsu Services or Post Office
requires analysis of an existing Audit Record Query; and
(b) a member of Fujitsu Services’ personnel is needed to deal with that new or
existing Audit Record Query; but
(c) that person is unavailable due to his or her attendance at court or other
proceedings in connection with an Audit Record Query,
the target times specified in column 1 to Table I shall not apply to that new or
existing Audit Record Query which the Security Management Service shall instead
deal with as soon as reasonably practicable.
For the avoidance of doubt, the limits set out in column I to Table 2 in respect of
Banking Transaction Record Queries shall not apply in respect of reconciliation
incident management and settlement reporting carried out as a function of the DRSH.
Post Office may at any time on three (3) months’ written notice vary the aggregate
limits of Audit Record Queries which Fujitsu Services is required to carry out as
specified in column 2 in Table 2, between:
(a) _ the limits specified in Table 1; and
(b) _ the following substitutes for those limits (applicable on the same basis): 1020
Audit Record Queries or 21250 Query Days per year on a rolling year basis,
and a maximum, allowing a ‘burst rate’ of 14%, of 142 Audit Record Queries or
2975 Query Days per calendar month;
and between:
(c) _ the substitute limits set out above; and
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 17 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
roo) Security Management Service: Service SVM/SDM/SD/0017
FUJITSU Description 1.0
FUJITSU SERVICES Commercial in Confidence 24/08/06
2.4.1.8.
2.5
2.5.1
(d) _ the following substitutes for those limits (applicable on the same basis): 1500
Audit Record Queries or 31250 Query Days per year on a rolling year basis,
and a maximum, allowing a ‘burst rate’ of 14%, of 210 Audit Record Queries or
4375 Query Days per calendar month.
Post Office shall submit Banking Transaction Record Queries to the Service Desk
Service and Fujitsu Services shall accept record queries and Old Data Queries only
from properly authorised Post Office staff. The Service Desk Service will pass these
queries to the Security Management Service.
Assets and Licences
Assets
There are no assets associated with the Security Management Service.
2.5.2
Licences
There are no licences associated with the Security Management Service.
2.6
2.6.1
Charges
Operational Fixed Charges
See Schedule D1 of the Agreement.
2.6.2
Operational Variable Charge
The Security Management Service operational variable charge is calculated against the number
of Branches at a price per Branch as defined in Schedule D1 of the Agreement.
2.63 Additional Operational Variable Charge
2.6.3.1 The additional operational variable charge applicable to the Security Management
Service is applicable to the number of Audit Record Queries logged as defined in
section 2.4.1 of this Security Management Service, Service Description.
2.6.3.2 Fujitsu Services’ charges in respect of dealing with any Audit Record Queries up to
the limits set out in section 2.4.1.2 shall be as specified in Schedule D1 of the
Agreement.
2.7. Dependencies and Interfaces with Other Operational
Services
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 18 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
roo) Security Management Service: Service SVM/SDM/SD/0017
FUJITSU Description 1.0
FUJITSU SERVICES
Commercial in Confidence 24/08/06
2.7.1 Any changes agreed between Post Office and Fujitsu Services to the scope or
availability of the Security Management Service and/or any of the other Operational
Services will be agreed in accordance with the Change Control Procedure. As at the
Amendment Date, this Security Management Service interfaces with all of the
Operational Services.
2.8 Post Office Dependencies and Responsibilities
In addition to the generic Post Office responsibilities set out in Schedule AS of the Agreement,
Post Office shall comply with section 2.4.1.8 of this Security Management Service, Service
Description.
2.9 Business Continuity
There are no business continuity arrangements for the Security Management Service.
2.10 Documentation Set Supporting the Service
See the document set listed at section 0.3 of this Security Management Service, Service
Description. Should any elements of the Security Management Service be changed following
agreement with Post Office, Fujitsu Services will ensure these documents are also reviewed
and amended where necessary in line with changes agreed.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence) Page: 19 of 20
CONTRACT CONTROLLED
FUJ00088180
FUJ00088180
roo) Security Management Service: Service SVM/SDM/SD/0017
FUJITSU Description : 10
FUJITSU SERVICES Commercial in Confidence Date: 24/08/06
3.0 HNG-X Application Roll Out — Transitional Period
3.1. Service Definition
See section 2.1 of this Security Management Service, Service Description.
3.2. Service Availability
See section 2.2 of this Security Management Service, Service Description.
3.3. Service Levels and Remedies
See section 2.3 of this Security Management Service, Service Description.
3.4 Service Limits and Volumetrics
See section 2.4 of this Security Management Service, Service Description.
3.5 Assets and Licences
See section 2.5 of this Security Management Service, Service Description.
3.6 Charges
See section 2.6 of this Security Management Service, Service Description.
3.7. Dependencies and Interfaces with Other Operational
Services
See section 2.7 of this Security Management Service, Service Description.
3.8 Post Office Dependencies and Responsibilities
See section 2.8 of this Security Management Service, Service Description.
3.9 Business Continuity
See section 2.9 of this Security Management Service, Service Description
3.10 Documentation Set Supporting the Service
See section 2.10 of this Security Management Service, Service Description.
©Copyright Fujitsu Services Ltd 2006 (Commercial In Confidence)
CONTRACT CONTROLLED
Page: 20 of 20