FUJ00232719
FUJ00232719
oO HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Document Title: HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Document Reference: SVM/SDM/PRO/4293
Release:
Abstract: Horizon Data Changes Process Work Instruction
Document Status: DRAFT
Author & Dept: Sandie Bothick
External Distribution: NIA
Information Classification: See section 0.9
Management Consultant, FJ
NWE GD UK ECS CPS SECR
Steven Browell See Dimensions for record
Senior Service Delivery
Manager, FJ POA POL See Dimensions for record
Steve Bansal
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN par. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS PageNo: 1 of 14
FUJ00232719
FUJ00232719
o HORIZON DATA CHANGES PROCESS WORK INSTRUCTION -
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN E€&
CONFIDENCE)
0 Document Control
0.1 Table of Contents
0 DOCUMENT CONTROL. 2
0.1 Table of Contents. 2
0.2 Document History. 3
0.3 Review Details.. 3
0.4 Associated Documents (Internal & External). 4
0.5 Abbreviations. 4
0.6 Glossary... 4
0.7 Changes Expecte 4
0.8 Accuracy... 4
0.9 Information Classificatior 4
1 PURPOSE AND SCOPE. 5
1.1. Description........ 5
2 PROCESG.......scssssssssssesesssssesesssssscsesesnsnsssssassesseseasenscscssrsenessecensnsseesasecsessaneseosenensees 6
3 FUJITSU RESPONSIBILITIES.........cscccccsessssssesssesersescneseseencnsssseseseenenestesseeneeeeeasass 8
4 — POL RESPONSIBILITIES...........scscsssssecsssssssesessssssssesssesensesenesrerseneenenseseseseneeeseasonen 9
5 SECURITY....
5.1 Fujitsu Approvers.
5.2. POL Approvers..
A APPENDIX — POL AD-HOC FORM.........:cccssssssssssssssessessseseetseneenensesseenensenesaseseee 11
B APPENDIX — EVIDENCE EXAMPLEG............cssssssesssssesesesssseseseeeesssssseseseeeseaearen 12
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN
Tinto att CONFIDENCE Ref: SVM/SDM/PRO/4293
Version: 0.4
UNCONTROLLED WHEN PRINTED OR _ Date 28-June-2021
STORED OUTSIDE DIMENSIONS Page No: 2o0f 11
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
0.2 Document History
Only integer versions are authorised for development.
Version No. Date Summary of Changes and Reason for Issue Associated Change
CP, CCN or PEAK
Reference
0.4 28/06/2021 Initial Draft Include if known
0.3 Review Details
08-07-2021
Review Comments by:
Review Comments to:
Mandatory Review
Role Name
Management Consultant Steven Browell
Senior Service Delivery Manager Steve Bansal
SSC Manager Adam Woodley; ssedmi
MAC and OBC Service Delivery Manager Sandie Bothick
Information Security Manager Geoff Baker
UNIX Team PostOfficeAccountUNIXTeart
Role Name
MAC and OBC Service Control Jack Steptoe
MAC and OBC Service Control Paul Elmes
MAC and OBC Service Control ‘Simon Cutmore
MAC and OBC Service Control Hamid Abdul
MAC and OBC Service Control Emma Millman
MAC and OBC Service Control Jacqueline Wileock
Problem Manager Matthew Hatch
Document Manager Matthew Lenton
Security Analyst, FJ NEW GD UK ECS ISM Chris Stevens
Operational Security Manager, FJ NEW GD UKECS CPS I 15 penbali
Security Analyst, FJ NEW GD UK ECS ISM fran Khan
(*) = Reviewers that returned comments
distribution list to am
Position/Role Name
POADM. PostOfficeAccountDutyManager@
MAC Team MAC@
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN per SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version 0.4
UNCONTROLLED WHEN PRINTEDOR _Date: 28-June-2021
STORED OUTSIDE DIMENSIONS PageNo: 30f 11
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
0.4 Associated Documents (internal & External)
References should normally refer to the latest approved version in Dimensions; only refer to a
specific version if necessary.
Reference Version Date Title Source
PGM/DCM/TEM/0001 I See note I See note above POA Generic Document Template Dimensions
(DO NOT REMOVE) I above
PGM/DCM/ION/0001 POA Document Reviewers/Approvers I Dimensions
(DO NOT REMOVE) Role Matrix
Alphabetical order
please
0.5 Abbreviations
Abbreviation Definition
APPSUP Application Support
MAC Major Account Controller
POL Post Office Limited
SME Subject Matter Expert
0.6 Glossary
Term Definition
Alphabetical order please
0.7 Changes Expected
0.8 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.9 Information Classification
The author has assessed the information in this document for risk of disclosure and has assigned an information
classification of FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE).
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN par. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS PageNo: 4 of 11
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
1 Purpose and Scope
This document describes the process for making changes to Horizon System, either Branch Access or
Back End Databases. To ensure that there is transparency around the change activity, that evidence is
provided for the activities completed, approval was granted. All of which require the POL owned Ad-Hoc.
form to be completed and approved by POL appointed teams.
Some changes will also require an elevated level of user access known as APPSUP. Providing the
APPSUP role to the user account, provides the user with full data read and write privileges on all Oracle
databases.
NOTE: OOH will follow the standard OOH process. See Document: SVM/SDM/MAN/2378 — Post Office
Account Operations Duty Manager Handbook
1.1 Description
All issues that require the 3x approval process will be recorded in a POL/FJ bonded TfS Incident. The
Incident will contain the below detail to enable POL to make an approval decision and fill out the POL Ad-
Hoc form.
+ What action needs to be taken
+ If APPSUP access is required by FJ
+ Time frame for task to be completed ie. Monday to Friday 9:00 — 16:00 or after 18:00
+ What steps need to be taken, Plan if required
+ What risks should be understood, if action taken or not taken
+ What action evidence Fujitsu propose to share on completion
Current examples where POL 3x Approvals are required —
+ Assisted rollover, assisting branches to rollover when they are in the incorrect trading period.
+ Modifying or deleting counter data, removing a partially completed transaction, which is locking
a counter.
+ Modifying or deleting files on a back end system, where there is an issue with a file received
from a 3rd party system, which impacts a batch process. It is necessary to delete or modify the
file to allow the batch process to be restarted.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS Page No: 5of11
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
2 Process
Incident is logged in TfS, raised by either POL or Fujitsu. The incident to be investigate must be a
bonded incident.
Fujitsu will investigate and will supply POL with options and suggested recommendations to
resolve the issue.
If APPSUP access is required the incidents Summary and Additional comments in TfS (Visible
to POL) will need to be updated with one of the below.
Elevated access — Assisted Rollover
Elevated access - Counter Data Change (Data centre change to support a counter)
o Elevated access — File Change (Remove or Modify)
°°
o Elevated access — Other
Fujitsu will update the incident and pass back to POL to raise the Ad-Hoc form and gain the 3x
required approvals. Incident must contain details described in Section 1.1 Description
POL will route the incident back to FJ once approvals are obtained with the approvals and Ad-
Hoc form attached to the incident as evidence.
Fujitsu will check the Ad-hoc form with the SME supporting team before requesting Fujitsu
approval.
MAC team will email Senior Service Delivery Manager for approval and CC the CSPOA for
awareness.
Once Fujitsu approval has been received, the incident will be updated to confirm Fujitsu
approval
The Fujitsu MAC team will raise a CTASK for the required SME team to perform Ad-Hoc request
co And pass the bonded incident to the relevant team
If APPSUP is required —
The relevant team will pass the Peak (raised from the bonded incident) to the CSPOA Security
team for APPSUP privileges to be granted.
Information required -
o Username
o Start and Finish Date/Time
CSPOA Security check the TfS incident for agreed POL approvals and if supplied, raise an
internal TfS incident requesting APPSUP access and pass to the UNIX team.
The UNIX team will contact the required user and confirm APPSUP access has been granted
CSPOA Security will update the Peak with the internal TfS reference and Date/Time of granted
access
SME arrange for peer review, peer will also witness actions to be performed — How do we record
this? (SME to state who peered or peer reviewer writes a separate statement? Does this go on
TfS CTASK or Peak?)
SME supporting team perform actions detailed on the CTASK, whilst capturing evidence of the
pre and post implementation states, alongside the committed actions. Evidence to be added to
the CTASK, MAC team will add to the TfS bonded incident. Ideally screenshots, along with
statements and execution spooled to a log file.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN par. ‘SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 04
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS
Page No: 6 of 11
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
See examples in section B Appendix — Evidence Examples
Once actions completed, User with granted access will contact the UNIX team for access to be
revoked.
The Unix team will update the TfS internal incident and pass back to the CSPOA security team
CSPOA Security will update Peak with the time the access was revoked.
CSPOA Security close the TfS internal incident
SME close the Peak with comments, action completed, or further action required for monitoring.
SME close the CTASK checking evidence has been attached
Bonded incident with evidence is passed back to POL to review and confirm incident closure.
If APPSUP is Not required -
SME supporting team perform actions detailed on the CTASK, whilst capturing evidence of the
pre and post implementation states, alongside the committed actions. Evidence to be added to
the CTASK, MAC team will add to the TfS incident. Ideally screenshots, along with statements
and execution spooled to a log file.
See examples in section B Appendix — Evidence Examples
Peak Closed with comments, action completed, or further action required for monitoring.
Bonded incident with evidence is passed back to POL to review and confirm incident closure.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS Page No: Toft
FUJ00232719
FUJ00232719
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
3 Fujitsu Responsibilities
Fujitsu to provide the below details —
.
What has happened to cause the issue
Fujitsu will investigate and will supply POL with options and suggested recommendations to
resolve the issue.
Details on any Risks Fujitsu are aware of
Raise an internal CTASK for the actions to be recorded against
Carry out the actions required if approved by POL
Provide evidence on activities performed in the Ad-Hoc form
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS Page No: 8of 11
FUJ00232719
FUJ00232719
eo HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
4 POL Responsibilities
POL to provide the below details —
* Complete the POL Ad-Hoc form
+ Update incident with individual attachments from each approver, showing approver has
approved the specific Ad-hoc form
+ Postmaster approval, if required
+ POL confirm action has been taken and had the desired outcome
+ POL store the evidence for any future review
+ POL to confirm Incident can be closed
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN
Pee fA Wi I CONFIDENCE Ref: SVM/SDM/PRO/4293
Version 0.4
UNCONTROLLED WHEN PRINTEDOR _Date: 28-June-2021
STORED OUTSIDE DIMENSIONS
Page No: 9 of 11
FUJ00232719
FUJ00232719
o HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
5 Security
Illustrated text Illustrated text Illustrated text Illustrated text Illustrated text Illustrated text Illustrated text
5.1 Fujitsu Approvers
Senior Service Delivery Manager
5.2 POL Approvers
Assisted Rollover and Counter changes
Approver
Approval Remit
Branch Reconciliation Team
Check for outstanding Transaction Corrections, and advise Area Manager
IT Service
Approve activity
IT Security
Approve use of elevated access
File Amendments
Approver Approval Remit
Data Governance Team Approve file deletion or modification
IT Service Approve activity
IT Security Approve use of elevated access
© Copyright Fujitsu Services
Limited 2021
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE Ref: SVM/SDM/PRO/4293
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS
Page No: 10 of 11
Re)
FUJITSU
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00232719
FUJ00232719
A Appendix — POL Ad-Hoc Form
Date of request:
Name of person raising the request:
Type of Request:
Is this part of a project:
request:
Is this a Freedom of Information Act
Reason for request and justification for
required date:
Consequence if not approved:
Please confirm you are aware of the
issues with the files:
Confirm the actions to be taken:
Files which require removal:
Additional information:
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN par.
Limited 2021
CONFIDENCE
Version:
UNCONTROLLED WHEN PRINTED OR Date:
STORED OUTSIDE DIMENSIONS Page No:
SVM/SDM/PRO/4293
0.1
28-June-2021
11 of 11
FUJ00232719
FUJ00232719
eo HORIZON DATA CHANGES PROCESS WORK INSTRUCTION “
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
B Appendix — Evidence Examples
B.1 SQL Evidence
PRE EVIDENCE (SQL looking for branch user/stock unit)
select u.branch_user, u.stock_unit, to_char(I.last_logon_timestamp, 'DD-Mon-YYYY HH24:MI-:SS') last_logon
from ops$brdb.brdb_branch_users u
left join ops$brdb.brdb_branch_user_last_logon I
on u.branch_accounting_code = I.branch_accounting_code
and u.fad_hash = I.fad_hash
and u.branch_user = I.branch_user
where u.branch_accounting_code = 109008
and u.fad_hash = 80
and u.stock_unit = 'PX';
OUTPUT FROM SQL ABOVE
BRANCH_USER STO LAST_LOGON
$$PX50 PX 18-Dec-2019 15:15:19
STATEMENT ~ (update PX to DEF, Conformation appears below that 1 record has been updated)
update opsSbrdb.brdb_branch_users
set stock_unit = 'DEF'
where branch_accounting_code = 109008
and fad hash = 80
and branch_user = '$$PX50'
1 row updated.
POST EVIDENCE (Displays the branch user/stock unit)
SQL> select branch_user, stock_unit
from ops$brdb. brdb_branch_users
where branch_accounting_code = 109008
and fad_hash = 80
and branch_user = '$$PX50"; 2345
BRANCH_USER STO (Output from SQL)
$$PX50 DEF
SQL> commit; (Writing to database, conformation from database below)
Commit complete.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN per. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE i
Version: 0.1
UNCONTROLLED WHEN PRINTEDOR _Date: 28-June-2021
STORED OUTSIDE DIMENSIONS
Page No: 12 of 11
oO HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00232719
FUJ00232719
B.2 File Removal Evidence
PRE EVIDENCE
s -Irt /app/brdb/trans/externalinterface/input_share (List files in directory)
7 podguser pathway 8478920 Apr 8 03:33 CA202104061000003920.TAN
COMPLETING ACTION
NRRELEVANT! rm CA202104061000003920.TAN (Remove file)
POST EVIDENCE
IRRELEVANT -brdb:>pwd (Displays the present working directory as detailed below)
Japp/brdb/trans/externalinterface/input_share
ill rdb:>Is -I *TAN (This will list any files in the directory that match *TAN, Line below shows there
“are no files matching)
Is: cannot access *TAN: No such file or directory
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN par. SVM/SDM/PRO/4293
Limited 2021 CONFIDENCE
Version: 0.1
UNCONTROLLED WHEN PRINTED OR Date: 28-June-2021
STORED OUTSIDE DIMENSIONS Page No: 13 of 11