FUJ00154828
FUJ00154828
o
FUJITSU COMPANY IN CONFIDENCE
HNG-X CHANGE PROPOSAL cP NO:
CP TITLE: HNG-X CPnnnn - Enable analysis of Counter event DATE RAISED: 20 Oct 2008
messages within the HNG-X Audit solution
REQUIRED IMPLEMENTATION / PURCHASE DATE: (da/mm/yy) I ORIGINATOR: Alan Holmes
ANTICIPATED CP CLOSURE / COMPLETION DATE: (mmm-yyyy) I CHANGE OWNER: Pete Sewell
DATE BY WHICH CP TO BE IMPACTED: (ad/mm/yy) TECHNICAL SPONSOR: Alan
Holmes
CP CLASSIFICATION: Budget Holder Approval for impacting:
FAST-TRACK/URGENT/ROUTINE/FOR INFORMATION* (Email or Hard Copy Signature)
(‘strikethrough as applicable)
DAB Required: Yes/No (Strikethrough as Date DAB Authorised:
applicable) \ \
LIFECYCLE STAGE:
Stage 1 : Strategic Approval Stage 4 : Solution Specification H I
Stage 2 : Start Up-& Feasibility Stage 5 : Solution Build & Test 10D
Stage 3 ; Requirements Analysis Stage 6 ; Implementation POH-5
(‘strikethrough as applicable) Not Applicable
RELATED Change Request/Request for Work Package: N/A
RELATED PEAKs: PC0152376
RELATED HORIZON CPs: N/A
RELATED HNG-X CPs: N/A
Impact statements must consider all transitional states between Horizon and HNG-X, as well as the
final HNG-X solution.
Description of Change Proposed:
The Audit system supports a service (the Prosecution Support Service) whereby POL can request an
extract of historical data that is held within the Audit archive. Typically this requires retrieval of archived
Riposte transaction data. The data, as returned to POL, is often used to support legal proceedings
where, say, a postmaster is accused of fraud. In such cases, we must also provide a witness
statement with the audit data which attests to its provenance and integrity.
Historically, the Horizon Audit service has relied solely on the retrieval & analysis of archived Riposte
message store data when servicing POL audit data requests for Horizon branch transaction data. A
recent issue (PC0152376) has identified a deficiency in this approach. In certain failure scenarios, it is
possible that the Horizon counter may write an inconsistent set of messages to the local message
store. This casts a doubt over the overall integrity of the resulting transaction data.
When a Horizon counter hits one of the above mentioned failure scenarios, an NT event message is
written to the local event log. This event is captured by Sysman & relayed to the central Sysman
events database. This event data is subsequently secured in the Audit archive. A tactical solution has
been incorporated into the Horizon Audit retrieval process to provide a short term resolution to this
problem. For every branch Riposte data retrieval, the archived events generated by counters at the
branch are also analysed to identify any possible occurrences of problems which might adversely affect
the integrity of the transaction data
The current Horizon tactical solution is a largely manual process, the operation of which is reliant on a
few key individuals. Whilst we believe that we will have to live with this tactical solution for the
remaining life of the Horizon Audit system, a permanent solution for the HNG-X Audit solution is
required. In outline, this will require the following
> Amending the HNG-X Audit server (ARC) and workstation (AUW) applications to automatically
©Copyright Fujitsu Services Ltd 2007 COMPANY IN CONFIDENCE Ref. PGM/CHM/TEM/0001
Version: V1.0
Date: 17-NOV-07
UNCONTROLLED IF PRINTED Page No: 1 of 3
FUJ00154828
FUJ00154828
FUJITSU COMPANY IN CONFIDENCE
retrieve and filter Events data when performing Horizon branch data retrievals."
> Amending the HNG-X Audit server (ARC) and workstation (AUW) applications to automatically
retrieve and filter Events data when performing HNG-X branch data retrievals.’
> Introduce Prosecution Support process changes around the operation of the amended system
& the production of witness statements.
> Identify suitable skilled & committed resources to perform any manual analysis required.
> Identify all ongoing operational costs associated with operating the revised service.
The attached diagram illustrates the required changes.
ProcessOverview. vs
Acceptance Criteria and Methods (Functional and Non Functional):
Testing will be required to ensure that all suspect counter events are extracted by the system and
presented to the Audit workstation user for further analysis
Reason for Change and Justification for Required Date (above):
While we do not believe that (due to time constraints) it is practicable to introduce this change into
Horizon, it is required to ensure the viability of the ongoing Prosecution Support service within HNG-X.
The changes will be required to be present within the initial live version of the HNG-X Audit system at
Weekend D
' The HNG-X Audit solution will need to continue to support the retrieval & analysis of Horizon branch audit data
for seven years
? While there is no reason to believe that the HNG-X counter will suffer the same deficiencies as the Horizon
counter, it is advisable that similar checks are performed in both environments
©Copyright Fujitsu Services Ltd 2007 COMPANY IN CONFIDENCE Ref: PGM/CHM/TEM/0001
Version: V1.0
Date: 17-NOV-07,
UNCONTROLLED IF PRINTED Page No: 2 of 3
FUJ00154828
FUJ00154828
Ps)
FUJITSU COMPANY IN CONFIDENCE
Consequences if Not Approved:
> Weare obliged to present, and vouch for the integrity of, Audit data that is fit for purpose — i.e.
admissible as evidence in court. If this change is not approved, we will need to continue
operating the current Horizon tactical process for the lifetime of HNG-X.
Platforms (Physical) Affected: (insert identity and details of all platforms requiring software update by this CP — wh
> ARC - Audit Server
> AUW — Audit Workstation
Business Applications Affected: (insert identity and details of all Applications requiring update by this CP —
where known)
> Audit Server retrieval application
> Audit workstation client application
External Impact Assessment Distribution: (insert contact details and additional rows as required)
Name: Organisation: Contact No:
Impact on Royal Mail Group Account: (insert additional rows as required)
Resource Grade Man-days Non Labour Cost (£)
TOTAL
Documents Affected: (insert additional rows as required)
Document Reference _I Title Current Version
‘©Copyright Fujitsu Services Ltd 2007 COMPANY IN CONFIDENCE Ref. PGM/CHM/TEM/0001
Version: V1.0
Date: 17-NOV-07
UNCONTROLLED IF PRINTED PageNo: 30of3