FUJ00155276
FUJ00155276
'
Thomas Penny _ —_ .
From: Holmes Alan
Sent: 20 October 2008 08:50
To: Evans Steve (FEL01); Thomas Penny; Jenkins Gareth GI; Birkinshaw. Roy; Sewell Peter
(FELO1); Meek Steven
Subject: RE: AUDIT - CP update
Attachments: HzCounterEventsCP.doc
As discussed at the last meeting, I have watered down the proposed CP- copy attached.
Alan a =
wl
i POH-6121D
HzCounterEventsC \_
P.doc (219 KB)...
From: Evans Steve (FELO1)
Sent: 15 October 2008 13:08
To: Evans Steve (FELO1); Thomas Penny; Jenkins Gareth GI; Holmes Alan; Birkinshaw Roy; Sewell Peter (FELO1); Meek Steven
Subject: AUDIT - CP update
When: 20 October 2008 16:00-17:00 (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London.
Where: Greendale Room - RMGA TEAM ONLY - 2nd Fir BRAO1
This is a follow up to today's meeting, minutes of which roughly below.
Discussed costs with respect to proposed Audit changes:
Current costs of manual process:
Person 1 {Manual Event checking] - (Anne/Gareth) 1 hr/day
Person 2 [Extraction/Filtering] - (Steve Meek) 2hr + /day
[Event Refresh] 3hr fortnightly
These are skilled tasks, especially for person 2, which may take some time to train A.N.Other to do, and may take that
replacement resource much longer.
Whether the new development happens sooner, or later, the manual process is likely to continue to be required to be
done for another 6 months.
The cost and schedule of development/on-going manual effort we hope to estimate by COP tomorrow (16th Oct), after
SE/AH/SM meet.
An initial assumption is that delivery of a solution will be from the same base and resource that current deliveries are
made (i.e. from current BRAO1 Audit team).
However the real cost of this development (or rather of not doing it) is in'the potential for mistakes (especially by a
‘new resource, without the experience of SM) to be made in a manual process which uses data so far abstracted from
the original source: which is the proposed new wording for the CP.
Actions from today's (15th) meeting:
SE/AH/SM meet 16th to discuss estimated costs of dev.
AH to propose new wording of CP
Steve
FUJ00155276
FUJ00155276
COMPANY IN CONFIDENCE
oO
FUJITSU
HNG-X CHANGE PROPOSAL CP NO:
CP TITLE: HNG-X CPnnnn - Enable analysis of Counter event DATE RAISED: 20 Oct 2008
messages within the HNG-X Audit solution
REQUIRED IMPLEMENTATION / PURCHASE DATE: (damm/y) I ORIGINATOR: Alan Holmes
ANTICIPATED CP CLOSURE / COMPLETION DATE: (mmm-yyyy) I CHANGE OWNER: Pete Sewell
TECHNICAL SPONSOR: Alan
DATE BY WHICH CP TO BE IMPACTED: (gammy)
Holmes
Budget Holder Approval for Impacting:
CP CLASSIFICATION: (omar or Hard Copy Signature)
FAST-TFRACK/URGENT/ROUTINE/FOR INFORMATION*
(‘strikethrough as applicable)
DAB Required: Yes/No (Strikethrough as Date DAB Authorised:
applicable)
LIFECYCLE STAGE:
Stage 1 : Strategic Approval
Stage 2 : Start-Up-& Feasibility
Stage 3
Stage 4 : Solution Specification
Stage 5 : Solution Build & Test
‘Stage 6 : Implementation
(‘strikethrough as applicable) Not Applicable
RELATED Change Request/Request for Work Package: N/A
RELATED PEAKs: PC0152376
RELATED HORIZON CPs: N/A
RELATED HNG-X CPs: N/A
Impact statements must consider all transitional states between Horizon and HNG-X, as well as the
final HNG-X solution.
Description of Change Proposed:
The Audit system supports a service (the Prosecution Support Service) whereby POL can request an
extract of historical data that is held within the Audit archive. Typically this requires retrieval of archived
Riposte transaction data. The data, as returned to POL, is often used to support legal proceedings
where, say, a postmaster is accused of fraud. In such cases, we must also provide a witness
statement with the audit data which attests to its provenance and integrity.
Historically, the Horizon Audit service has relied solely on the retrieval & analysis of archived Riposte
message store data when servicing POL audit data requests for Horizon branch transaction data. A
recent issue (PC0152376) has identified a deficiency in this approach. In certain failure scenarios, it is
Possible that the Horizon counter may write an inconsistent set of messages to the local message
store. This casts a doubt over the overall integrity of the resulting transaction data.
When a Horizon counter hits one of the above mentioned failure scenarios, an NT event message is
written to the local event log. This event is captured by Sysman & relayed to the central Sysman
events database. This event data is subsequently secured in the Audit archive. A tactical solution has
been incorporated into the Horizon Audit retrieval process to provide a short term resolution to this
problem. For every branch Riposte data retrieval, the archived events generated by counters at the
branch are also analysed to identify any possible occurrences of problems which might adversely affect
the integrity of the transaction data.
The current Horizon tactical solution is a largely manual process, the operation of which is reliant on a
few key individuals. Whilst we believe that we will have to live with this tactical solution for the
remaining life of the Horizon Audit system, a permanent solution for the HNG-X Audit solution is
required. In outline, this will require the following:
> Amending the HNG-X Audit server (ARC) and workstation (AUW) applications to automatically
©Copyright Fujitsu Services Ltd 2007 COMPANY IN CONFIDENCE Ref: PGM/CHMI/TEM/0001
Version: V1.0
Date: 17-NOV-07,
UNCONTROLLED IF PRINTED PageNo: 1 of3
FUJ00155276
FUJ00155276
FUfirsu COMPANY IN CONFIDENCE
Tetrieve and filter Events data when performing Horizon branch data retrievals.”
Amending the HNG-X Audit server (ARC) and workstation (AUW) applications to automatically
tetrieve and filter Events data when performing HNG-X branch data retrievals.”
Introduce Prosecution Support process changes around the operation of the amended system
& the production of witness statements.
> Identify suitable skilled & committed resources to perform any manual analysis required.
> Identify all ongoing operational costs associated with operating the revised service.
vv
The attached diagram illustrates the required changes.
ProcessOverview.vs
d
Acceptance Criteria and Methods (Functional and Non Functional):
Testing will be required to ensure that all suspect counter events are extracted by the system.and
presented to the Audit workstation user for further analysis
Reason for Change and Justification for Required Date (above):
While we do not believe that (due to time constraints) it is practicable to introduce this change into
Horizon, it is required to ensure the viability of the ongoing Prosecution Support service within HNG-X.
The changes will be required to be present within the initial live version of the HNG-X Audit system at
Weekend D
' The HNG-X Audit solution will need to continue to support the retrieval & analysis of Horizon branch audit data
for seven years
? While there is no reason to believe that the HNG-X counter will suffer the same deficiencies as the Horizon
counter, it is advisable that similar checks are performed in both environments
©Copyright Fujitsu Services Ltd 2007 COMPANY IN CONFIDENCE Ref: PGM/CHM/TEM/0001
Version: V1.0
Date: 17-NOV-07
UNCONTROLLED IF PRINTED Page No: 2o0f3
FUJ00155276
FUJ00155276
FUfiTsu COMPANY IN CONFIDENCE
Consequences if Not Approved:
> Weare obliged to present, and vouch for the integrity of, Audit data that is fit for purpose — i.e.
admissible as evidence in court. If this change is not approved, we will need to continue
operating the current Horizon tactical process for the lifetime of HNG-X.
Platforms (Physica!) Affected: (insert identity and details of all platforms requiring software update by this CP ~ wht
> ARC — Audit Server
> AUW — Audit Workstation
Business Applications Affected: (insert identity and details of all Applications requiring update by this CP —
where known)
> Audit Server retrieval application
> Audit workstation client application
External Impact Assessment Distribution: (insert contact details and additional rows as required)
Name: Organisation: Contact No:
impact on Royal Mail Group Account: (insert additional rows as required)
Resource Grade : Man-days Non Labour Cost (£)
TOTAL
Documents Affected: (insert additional rows as required)
Document Reference _I Title Current Version
Evan frou focbarayys, ® SSC.
ta - SSC \v gh
———— Rison I ine eal
\I pave. CP= Nw <0 ror Jah
Gout On rrernry re .
©Copyright Fujitsu Services Ltd 2007 ‘COMPANY IN CONFIDENCE Ref: PGM/CHM/TEM/0001
Version: = V1.0
Date: 17-NOV-07
UNCONTROLLED IF PRINTED Page No: 3of3
FUJ00155276
FUJ00155276
ener tesues [Audit Branch Data Audit Extractions -HNGX 7
t chan, -
vl need 1 be cut i i Existing Application!
into HNG-X Audit ‘Audit Workstation Audit Server I ANOther I roves
solution eee wudit Server. \ a II
- 8) PO
=I I eT
it!
Lg A
THe q
Wire Crea TS)
Development Activities’
+ Client change to
include EVENTS audi
freer
28:
if a7
eli bration
points in Branch data
retrievals. = Issues
. H Fivoli event data is know
Initiate retrieval of 11 I faction retrievals & do {to be incomplete viz
. TMS & Event Data ‘Seal check I Tum of TECs during
Events storms
_ ,G2ps in the events
g —— sequences generated
o ; I by OMOB
9 I There are occasional
g I comupt records within
; i she Events gut racks
S =
)
‘ Burd Feandorriz Jy Issues
Aarnctna on I Format of event data can
‘Server co ! I be troublesome. E.9
tneaages for tok i I unescaped quotes within
. Branch in question. I! [quoted felas
= ( Ficannot prove the
4 completeness of event
i} -
‘Apply secondary ! one oeeecaeI I “ = .
eng of messaee an i 4
} i rz
—_— FF Development Activities
— I Secondary Fite
% Poosaatprntipay }I Maintenance of secondary
ner cata titer pattems
[get erent I kd I] extractor Link mechanism
; neon pret Lidl _—- I andinteraton ino server
pant i oe ic
Development Activities] iy I i pec if fi I I I RFI database changes
+ New Client Action ( Ie! Geatal i 4 I Progress Monitoring
+ Acton mogiing __ J boobed Update to support docs
XLS and XML abstr
Issues
Issues Need to identify suitable
‘« Need to consider how we I skiled & commited
handie situation where . . resource to performs
the Event analysis is PES ESTE SESE SSE ES corres o I this task on an ongoing
inconclusive re the V basis
integrity of the data .
Issues =)
‘Need to consider issues
around the completeness
of event data,
General Issues
Equivalent change
will need to be cut
into HNG-X Audit
solution
Development Activities
* Client change to
include EVENTS audit
Points in Branch data
retrievals ,
FI
Development Activities I
+ New Client Action
* Action monitoring
FUJ00155276
FUJ00155276
Tae
oY
e
(Eanaizenvenc=]
spreadstiest-Wser
XLS &
Fj Issues
ivoli event data is know
be incomplete viz
Turn of TECs during
/ Events storms
{Gaps in the events
I sequences generated
iby OMDB
s There are occasional
rrupt records within
I the Events gudit tracks
F Issues
Format of event data can
ibe troublesome. E.g
[unescaped quotes within
F quoted fields
Cannot prove the
/ completeness of event
data
_[Feevelopment Activities
Primary Filter
I Secondary Filter
b: Maintenance of secondary
filter patterns
If. Extractor Link mechanism
and integration into servei
I side
I, RFI database changes
Progress Monitoring
fi Update to support docs
Issues
Need to consider how we
handle situation where
the Event analysis is
inconclusive re the
integrity of the data
py Messagesstore:to=
I==fesolvezany=—I
‘MessageStore
Issues
Jeed to consider issues
around the completeness
of event data,
ai
ae
Issues
; Need to identify suitable
skilled & committed
resource to performs
I this task on an ongoing
basis
FUJ00155276
FUJ00155276
Kozo.
I Ta
General Issues Se
Equivalent change
will need to be cut
into HNG-X Audit
solution
Development Activities ] I
* Client change to I
include EVENTS audit
points in Branch data
retrievals I Issues
voli event data is know
I to be incomplete viz
Turn of TECs during
I Events storms
Gaps in the events
} sequences generated
by OMDB
ere are occasional
rrupt records within
the Events qudit tracks
F Issues
Format of event data can
be troublesome. E.g
unescaped quotes within
' quoted fields
Cannot prove the
completeness of event
7 [data
a ryt
ne —
ag _[Fbsvelopment Activities
fe rd b: Primary Filter
as ; Secondary Filter
sea », Maintenance of secondary
I i I filter patterns
there I —#! Extractor Link mechanism
fe & I and integration into servei
Devel Activities I? NS a 1 side
evel oor aes vies yt ce eat RFI database changes
+ New Client Action K eee Progress Monitoring
* Action monitoring H ft I Update to support docs
XLS &
MessageStore
f Issues
Need to identify suitable
I skilled & committed
resource to performs
this task on an ongoing
I basis
Issues
Need to consider how we
handle situation where
the Event analysis is
inconclusive re the
integrity of the data
Issues nee
leed to consider issues
around the completeness.
of event data,
FUJ00155276
FUJ00155276
General Issues
Equivalent change
will need to be cut
into HNG-X Audit
solution
Development Activities
* Client change to
include EVENTS audit P-
points in Branch data
retrievals I
Development Activities I
° New Client Action i
* Action monitoring
XLS &
Fi Issues
[Tivoli event data is know
} to be incomplete viz
y Turn of TECs during
i Events storms
Gaps in the events
I sequences generated
I by OMDB
There are occasional
I corrupt records within
the Events quit tracks
Issues
Format of event data can
be troublesome. E.g.
unescaped quotes within
i quoted fields
‘Cannot prove the
completeness of event
data
Development Activities
Issues
Need to consider how we
haridle situation where
the Event analysis is
inconclusive re the
integrity of the data
jSreconstructed==——I
Ewessagestore===I
MessageStore
Issues
deed to consider issues
around the completeness
of event data,
Primary Filter
; Secondary Filter
pb} Maintenance of secondary
I filter patterns
, Extractor Link mechanism
and integration into server
I side
I, RFI database changes
» Progress Monitoring
Update to support docs
Issues
Need to identify suitable
skilled & committed
I resource to performs
I this task on an ongoing
basis
General Issues
Equivalent change
will need to be cut
into HNG-X Audit
‘solution
Development Activities]
* Client change to
include EVENTS audit
points in Branch data
retrievals . .
Development Activities
* New Client Action
* Action monitoring
FUJ00155276
FUJ00155276
; Issues
ivoli event data is know
j to be incomplete viz
"Turn of TECs during
I Events storms
{Gaps in the events
} sequences generated
by OMDB
"There are occasional
{ corrupt records within
{the Events gudit tracks
Issues
‘Format of event data can
be troublesome. E.g.
unescaped quotes within
quoted fields
ICannot prove the
completeness of event
data
I Development Activities
Primary Filter
, Secondary Filter
b Maintenance of secondary
I filter patterns
Extractor Link mechanism
} and integration into serve!
I side
» RFI database changes
P Progress Monitoring
XLS &
I Update to support docs
MessageStore
Issues
Need to consider how we
handle situation where
the Event analysis is
inconclusive re the
integrity of the data
Issues
teed to consider issues
around the completeness
of event data,
geese Issues
Need to identity suitable
skilled & committed
I resource to performs
I this task on an ongoing
_ basis
General Issues
Equivalent change
will need to be cut
into HNG-X Audit
solution
Development Activities’
* Client change to
include EVENTS audit
points in Branch data
retrievals .
Development Activit
+ New Client Action
* Action monitoring
ieee
ito,workst
ee
oe
ae
pis
:
eae
Osos
os
OO
Se:
canes
feces
Paes
Benen ces:
XLS &
FUJ00155276
FUJ00155276
Issues
Fvoli event data is know
ito be incomplete viz
Turn of TECs during
i Events storms
IGaps in the events
I sequences generated
I by OMDB.
There are occasional
corrupt records within
he Events gudit tracks
Issues
‘Format of event data can
be troublesome. E.9
unescaped quotes within
quoted fields
Cannot prove the
completeness of event
(data
Development Activities
; Primary Filter
I Secondary Filter
; Maintenance of secondary
filter patterns
I Extractor Link mechanism
and integration into server
side
' RFI database changes
I Progress Monitoring
=
Update to support docs
Issues
Need to consider how we
handle situation where
the Event analysis is
inconclusive re the
integrity of the data
‘MessageStore
Issues
deed to consider issues
around the completeness
of event data,
ro Issues
», Need to identify suitable
I skilled & committed
I resource to performs.
§ this task on an ongoing
I basis
“General Issues I
Equivalent change
will need to be cut
into HNG-X Audit
solution
Development Activities Pi
Client change to
include EVENTS audit FF
points in Branch data I!
retrievals I H
i
Development Activities
New Client Action
Action monitoring
Issues
eed to consider how we
andile situation where
ve Event analysis is
reonclusive re the
tegrity of the data
HAN
FUJ00155276
FUJ00155276
[Audit Branch, Data Audit Extractions - Horizon’,
Aucit Werks E
‘isabil 24.
Data
< Retrieve
Anal ze-Data
Amend RFI Db to
bh Hzand Hx
event ee sub+ -points
Initiate. retrieval.of
[Action retrievals & do
TMS & Event Data
Vv
Seal check
7
Confirm Integrity:of:
Seal- Check
retrieved data vial! ft
Abstract required
Build Hx and/or Hz
abstracted. XMLjon
messages *)
Server containing
messages'for the: °
Apply:secondary
Perform secondary
filtering of messagesI
+] analysis of.message I
Additional analysis of
messages (Hx and/
or Hz)
fs. Set of regular
expressions to Hx
vand/or Hx sets to
“exclude benign
‘events =
*: Generate CSV.
XLS and XML abstract-—
Issues
sed to consider issues
ound the completeness
event data,
“Create Witness =
Statement
Existing Applicatici
Process
Issues
Format of event data can
be troublesome. E.g
unescaped quotes within
quoted fields
Cannot prove the
completeness of event
data
[ Development Activities
Secondary Filter
, Maintenance of secondai
filter patterns
" Extractor Link mechanisr
and integration into serv:
side
, RFI database changes
», Progress Monitoring
Update to support docs
Issues
Need to identify suitabt
skilled & committed
* resource to performs
this task on an ongoin
basis