FUJ00234911
FUJ00234911
CONFIDENTIAL
SCHEDULE A5
POST OFFICE RESPONSIBILITIES
Version History
1.0 31/08/06 Agreed version as at date of signature of CCN 1200
1.41 26/09/06 Minor corrections by PO
1.2 11/10/06 Further corrections from FS
1.3 19/01/07 Further minor corrections
14 22/01/07 Further corrections
2.0 24/01/07 Baseline copy of 1.4
2.1 05/05/09 Applying changes as per CCN1224a
6.0 06/07/09 Moving all schedules to V6.0 as agreed with Fujitsu
6.1 31/03/10 Applying changes as per CCN1276a
6.2 01/04/10 Applying changes as per CCN1270.
7.0 24/05/10 Moving schedule to version 7.0
8.0 21/02/12 Applying changes as per CCN1304b, CCN1310b and
CCN1294d
9.0 13/01/14 Applying changes as per CCN1349, CCN1307a, CCN1329a
and CCN1346
10.0 10/09/15 CCD reference update, applying changes as per CCN1346
and moving all Schedules to v10.0 in accordance with
CCN1506
11.0 31/03/16 Applying changes as per CCN 1423c, CCN 1427, CCN
1504a and moving all Schedules to v11.0 in accordance with
CCN1604
12.0 03/07/17 Applying changes as per CCN1614a, CCN1618a and
moving all Schedules to v12.0
13.0 Updating as per CCN1613a, CCN1616b, CCN1647 and
moving all Schedules to v13.0
14.0 20/12/2021 Updating as per CCN1641c, CCN1655a, CCN1623b,
CCN1648b, CCN1669a, CCN1672a, CCN1657d, CCN1678
and moving all Schedules to V14.0
15.0 22/12/2022 Updating as per CCN1701a, CCN1703a, CCN1709a,
CCN1711a, CCN1725a, CCN1727, CCN1731, CCN1724a,
CCN1729
Schedule AS Version 15.0
Page 1 of 28
CONFIDENTIAL
SCHEDULE A5
POST OFFICE RESPONSIBILITIES
1. INTRODUCTION
14 This Schedule A5:
4.44 sets out in Annex A, certain Post Office Responsibilities that Post Office shall
perform to enable Fujitsu Services to perform the HNG-X Services;
1.1.2 sets out in Annex B, certain Post Office Responsibilities which Post Office
shall perform to enable Fujitsu Services to perform the BCSF Service and
shall take effect at Trigger Point T5 (Data Centre Ready for HNG-X);
1.1.3 Removed by CCN1725a
1.1.4 Removed by CCN1725a
1.1.5 identifies in paragraph 4, the Azure Responsibilities, and
1.1.6 identifies in Annex E, the Payment and Banking Responsibilities
1.2 Subject to paragraph 2.3, Post Office shall perform all Post Office Responsibilities
whether or not set out or referred to in this Schedule.
2. POST OFFICE RESPONSIBILITIES RELATED TO THE BANKING FUNCTION AND
DEBIT CARD
241A Removed by CCN1725a
2.1B In respect of HNG-X:
2.1B1,
The provisions of Annex E to this Schedule shall set out the Banking Responsibilities,
Banking Obligations, Debit Card Responsibilities and Debit Card Obligations or
identify where they are located in this Agreements.
2.2 The omission from the provisions referred to in paragraph 2.1A and 2.1B of an obligation
or responsibility of Post Office connected with the Banking Functions or Debit Card
shall, for the purposes of paragraphs 2.3 to 2.8:
Schedule A5 Version 15.0
Page 2 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
2.3
24
2.5
2.6
27
2.2.1 if the obligation is stated as something for which Post Office "shall be
responsible", result in that obligation being classed as a “Banking
Responsibility" or “Debit Card Responsibility” (as applicable);
2.2.2 if the obligation is stated to be something which Post Office "shall do", result
in that obligation being classed as a “Banking Obligation" or “Debit Card
Obligation” (as applicable);
2.2.3 if the obligation is to make payment to Fujitsu Services, result in that
obligation being classed as a "Banking Obligation" or “Debit Card Obligation”
(as applicable); and
2.2.4 in all other cases shall be, as the context so requires, a Banking Obligation
or Banking Responsibility or Debit Card Obligation or Debit Card
Responsibility.
Any failure by Post Office to carry out a Banking Responsibility or a Debit Card
Responsibility shall not be a Default under this Agreement.
Removed by CCN1672a
Fujitsu Services shall not be liable to Post Office:
2.5.1 in respect of any breach of its obligations in relation to the Banking Functions
(including its obligations to achieve any Service Level which measures
Fujitsu Services’ performance in relation to the Banking Functions) (the
“Dependent Obligations") or any delay in performing the Dependent
Obligations to the extent that such breach or delay was caused by the failure
by Post Office to carry out a Banking Obligation or a Banking Responsibility
(whether or not a Default) (a "Dependency Failure"); or
2.5.2 for any failure to perform or delay in performing its obligations in relation to
Debit Card where Fujitsu Services proves that such failure or delay was
directly caused by the failure of Post Office to perform a Debit Card
Responsibility or a Debit Card Obligation (whether or not a Default).
Fujitsu Services shall notify Post Office in writing as soon as reasonably practicable
after Fujitsu Services becomes aware of any Dependency Failure or becomes aware of
any matters or circumstances which would with the effluxion of time result in a
Dependency Failure.
In the event of a Dependency Failure, Fujitsu Services shall be entitled to recover from
Post Office such reasonably incurred, increased costs and expenses (if any) which it
incurs in performing the Dependent Obligation in question to the extent that such
increased costs and expenses were the result of the Dependency Failure. Fujitsu
Services shall provide a statement of such increased costs and expenses incurred for
approval by Post Office, such approval not to be unreasonably withheld.
Schedule A5 Version 15.0
Page 3 of 28
FUJ00234911
FUJ00234911
FUJ00234911
FUJ00234911
CONFIDENTIAL
28 Fujitsu Services shall use all reasonable endeavours to mitigate the amounts (if any)
payable under paragraph 2.7.
29 Post Office shall ensure that all its 31,000 PEDs are provided to Fujitsu Services to
register on the Ingenico Asset management tool to support its PCI compliance
3. ASSOCIATED DOCUMENTS,
3.1 The following CCDs are associated with this Schedule A5:
Document Reference
Document Title
7. I EF/SER/007 (Withdrawn)
REQ/GEN/REP/1091
Debit Card MoP — Functional
Description (Withdrawn)
Note — this only applies to Horizon
Mapping Schedule B3.2 to the HNG-
X Solution
2. CS/PRD/058
Fujitsu Services / Post Office Ltd
Interface Agreement for Operational
Business Change - Reference Data
3. PA/PER/033
Horizon Capacity Management and
Business Volumes
4. SVM/SEC/POL/0003
RMGA Information Security Policy
5. NB/IFS/025 (withdrawn) EMV Banking and Retail NBX -
CAPO Application Interface
Specification (withdrawn)
6. NB/IFS/024(withdrawn) EMV Banking and Retail NBX —
LINK Application Interface
Specification (withdrawn)
7. DES/NET/TIS/0006 (withdrawn) CAPO to HNG-X Technical Interface
Specification (withdrawn)
8. DES/NET/TIS/0008 (withdrawn) VOCALINK — HNG-X Technical
Interface Specification (withdrawn)
9. DES/NET/TIS/1839 ((withdrawn) Santander - HNG-X_ Technical
Interface Specification (withdrawn)
10. NB/IFS/029 (Withdrawn)
DES/NET/TIS/1839 (withdrawn)
NBX - A&L Technical Interface
Specification (Withdrawn)
Santander HNG-X Technical
Interface (withdrawn)
Schedule A5 Version 15.0
Page 4 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
11. Withdrawn in CCN1616b
12. Withdrawn
13. Withdrawn in CCN1616b
14. ET/IFS/001 Application Interface Specification:
Horizon to e-pay
15. I DES/NET/TIS/0009. "e-pay — HNG-X Technical Interface
Specification
16. BP/SPE/046 APOP Definition
17. SVM/SDM/SD/0020 End to End Reconciliation Reporting
18. SVM/SDM/STD/0001 Post Office Ltd Operational Business
Change —- _ Branch, Interface
Agreement
19. BP/SPE/035 NBS Definition
Note — this only applies to Horizon
20. CS/SER/016 (Withdrawn) Service Description for the Security
Management Service (Withdrawn)
Note — this only applies to Horizon
SVM/SDM/SD/0017 Security Management Service:
Service Description
21. CS/SER/010 Transaction Benchmark Service:
Service Description
Note — this only applies to Horizon
22. NB/SPE/003 Network Banking: Counter Dialogue -
Activity & Screen Flows.
Note — this only applies to Horizon
23. NB/PRP/004 EMV Banking: User Interface Design
Proposal.
Note — this only applies to Horizon
24. SD/STD/001 (Withdrawn) Horizon Office Platform Service Style
Guide (Withdrawn)
Note — this only applies to Horizon
Schedule A5 Version 15.0
Page 5 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
DES/APP/STD/0001 (withdrawn)
HNG-X UI Style Guide (withdrawn)
DES/APP/STD/3433
HNG-A UI Style Guide
25. SVM/SDM/SD/0015 Reconciliation Service: Service
Description
26 AP/IFS/063 Horizon APOP Authorisation Service
Application Interface Specification
27 Not Used Not Used
3.2 The following CRDs are associated with this Schedule A5:
Document Reference Document Title
NO CRDs APPLICABLE
4, POST OFFICE RESPONSIBILITIES RELATED TO THE USE OF MICROSOFT
AZURE SERVICES FOR THE HOSTING OF THE SERVICES
44 Post Office shall accept and agree to the terms of the Customer Agreement and
undertakes to comply with such terms at all times during which Fujitsu Services uses the Microsoft
Azure Services in providing Services to Post Office.
4.2 Fujitsu Services shall notify Post Office of any changes to the Customer Agreement made
by Microsoft from time to time. Post Office's continuing use of the Microsoft Azure Services shall
constitute acceptance of any such changes to the Customer Agreement. Post Office shall ensure
that it continues to comply with the Customer Agreement and any updates and changes made to
it by Microsoft from time to time.
43 Post Office shall:
4.3.1. nominate a named individual whose name, phone number and email address shall be
manually recorded as having read and accepted the Customer Agreement on behalf of
the Post Office.
4.3.2 _ inform Fujitsu Services promptly of any material breach by Post Office of the Customer
Agreement.
4.3.3. authorise Fujitsu Services to place orders for Microsoft Azure Services on behalf of the
Post Office, if required
Schedule A5 Version 15.0
Page 6 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
5.1
5.2
5.3
5.4
POST OFFICE RESPONSIBILITIES RELATED TO THE DEPLOYMENT OF THE
APPDYNAMICS AGENT SOFTWARE WITHIN THE HNG-X SYSTEM
Analysis of the AppDynamics Agent Software itself shall be undertaken by Post Office,
via AppDynamics. Fujitsu Services shall not be responsible for the performance of the
AppDynamics Software Agent itself or any consequential performance impact on the
Services which is caused by the AppDynamics Software Agent. Post Office agrees that
the data gained from the use of the AppDynamics Agent Software shall be used for Post
Office internal, informational purposes, only and that such data shall not be used in
measuring the performance against Service Level Targets. The means of measuring
and reporting against the Service Level Targets remain as defined in the Agreement.
Post Office shall procure and make available for Fujitsu Services’ use, licenses for the
AppDynamics Agent Software(s) to be deployed in the Data Centres. Post Office will
also ensure that it has in place support contracts for the software directly with its third
party supplier AppDynamics. Post Office shall provide all patches and updates to be
deployed to the software. Post Office shall raise Change Requests using the Change
Control Procedure for deployment of such patches and updates by Fujitsu Services.
Post Office is responsible for monitoring of the AppDynamics Agent Software(s)
deployed within the HNG-X System. Fujitsu Services shall provide Incident
Management support for Incidents raised by Post Office with respect to the operations
of the AppDynamics Agent Software, such Incident Management Support shall be
limited to checking that the AppDynamics Agent Software is running on the HNG-X
System and is capable of communicating with the Post Office AppDynamics servers.
Fujitsu Services shall not monitor the operations of the AppDynamics Agent Software.
Post Office is responsible for ensuring that;
5.4.1 the AppDynamics Agent Software will not perform any OS level write operation
on any database servers which might cause memory leak and/or corruption;
and
5.4.2 no business sensitive data will be exported outside of the HNG-X System by
the AppDynamics Agent Software; and «
5.4.3 no Post Office Personal Data is exported outside of the HNG-X System by the
AppDynamics Agent Software; and +
5.4.4 no PCI data will be exported outside the PCI Cardholder Environment, as
described in the CCD entitled “PCI CARDHOLDER ENVIRONMENT”
(DES/SEC/ION/2006) and that the AppDynamics Agent Software environment is
set up to protect the data as stated; and +
5.4.5 the same licence key and AppDynamics Agent Software endpoint will be used
for each environment; and +
Schedule A5 Version 15.0
Page 7 of 28
CONFIDENTIAL
5.4.6 the AppDynamics Agent Software is configured to delete older log files such that
the AppDynamics Agent Software implementations do not continually increase
disk space usage.
5.5 Post Office is responsible for architecting the overall solution of the AppDynamics Agent
Software(s) deployed within the HNG-X System. Post Office shall be responsible for
provision of any subject matter expertise and Incident resolution with its third-party
supplier AppDynamics in resolving issues with the AppDynamics Agent Software(s).
Schedule A5 Version 15.0
Page 8 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
ANNEX A
POST OFFICE RESPONSIBILITIES IN RELATION TO THE HNG-X SERVICES
Post Office shall provide and maintain Reference Data in accordance with Post Office
business requirements and as specified in the CCD entitled “Fujitsu Services / Post
Office Ltd Interface Agreement for Operational Business Change - Reference Data”
(CS/PRD/058).
Save as expressly provided otherwise in this Agreement, any CCN or Work Order, Post
Office shall be responsible for:
1.2.1 the provision of all training for its employees, agents, contractors and sub-
contractors; and
1.2.2 the production of all training material required,
in connection with any new and/or modified Services and Applications introduced under
the Change Control Procedure and/or the Work Ordering Procedure.
Post Office shall ensure that all ETU Transactions carried out at Counter Positions are
correctly processed by e-pay according to the AIS entitled “Application Interface
Specification: Horizon to e-pay” (ET/IFS/001) and that daily reconciliation files are
produced and processed according to that AIS.
In relation to the POLSAP Services, Post Office shall be responsible for having
appropriate and sufficiently trained staff available for the provision of Replacement
Services to the POLSAP applications support (whether such staff reside within Post
Office or within the Next Supplier of Replacement Services) to investigate and progress
operational and application issues relating to the POLSAP applications support 24 hours
aday.
In relation to BNR, Post Office shall be responsible for bearing the risk for the wireless
hardware once installed until it is returned to Fujitsu Services in the same condition that
it was in when installed, subject to fair wear and tear.
In relation to the CCD “Horizon Capacity Management and Business Volumes”
(PA/PER/033), section 2.6 Post Office will:
1.6.1 provide information on forecast changes to business volumes; and
1.6.2 endeavour to provide timely information on all likely and possible changes
to business volumes,
within current or new Post Office Services.
In relation to the CCD entitled “RMGA Information Security Policy”
(SVM/SEC/POL/0003), Post Office shall be responsible for:
Schedule A5 Annex A Version 15.0
Page 9 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
1.7.4 assessment and regular review of compliance; and
1.7.2 incident reporting (joint responsibility dependent on area of responsibility).
Removed by CCN1703a
Post Office will be responsible for maintaining the Replaced Branch Infrastructure to
the minimum specification described in Schedule B3.4 Replaced Branch Infrastructure
and CCD entitled “Counter Hardware Design Specification” (BP/DES/003) in all
Branches and any other Post Office authorised locations.
Post Office will be responsible for ensuring that communications related Incidents
and/or problems in respect of the Replacement Services to the Branch Network Service
which are being provided by the Network Tower Contractor, are routed to the Network
Tower Contractor and not to Fujitsu Services.
Itis agreed that title of previously installed BT VSAT BB dishes, mounts, cabling, indoor-
units and Cisco VPN router hardware in the Branches (“VSAT Equipment’) shall transfer
from Fujitsu Services to Post Office on the day of migration of the VSAT BB networking
element for that Branch in accordance with the details set out in the Asset Transfer
Agreement in Attachment 2. For the avoidance of doubt, Post Office shall pay a Transfer
Payment of £1 in accordance with paragraph 7.1.2 of Schedule E for the VSAT
Equipment on signature of CCN1614, receipt of which is hereby acknowledged by
Fujitsu Services. Post Office will be responsible, on transfer of such title, for the removal
and compliant disposal of all VSAT Equipment removed from Branches as part of such
Branches’ migration from the VSAT BB communications method to Branches to the
Replacement, which will be supplied by the Next Supplier. The Parties agree that the
approach being adopted for the transfer of ownership and responsibility for removal and
disposal of VSAT Equipment is particular only to the VSAT Equipment listed in the said
Asset Transfer Agreement and does not create any contractual, commercial or
operational precedent for any other equipment removal and disposal activities which
may be required in future at any other Branches.
For Branches where the Branch Network Service is being replaced by Replacement
Services, Post Office will ensure the timely procurement of the Replacement Services
Post office will ensure that the Fujitsu Service development environments and the
following test environments;
4.Solution Verification & Integration (SV&I Rig)
2. Live System Test (LST Rig)
3. Reference Data Test (RDT Rig)
will be continue to be provided with representative Replaced Branch _Infrastructure_and
Replacement Services to the Branch Network Services (previously provided by Fujitsu Services)
by the Next Supplier. In the event that there are failure(s) as a consequence of such Replaced
Branch-Infrastructure provided by the Next Supplier(s) or of any Replacement Services during
the remaining period when Fujitsu Services is providing these development and test
environments, Fujitsu Services will raise new Incident(s) with the Post Office service desk for the
attention of the Next Supplier(s) to ensure the support of the Fujitsu Services development and
test environments, including but not limited to enabling the replacement of failed part(s) by Post
Schedule A5 Annex A Version 15.0
Page 10 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
Office and/or the Next Supplier(s) or reinstating services to the development and test
environments by Post Office and/or the Next Supplier(s). It is agreed that this support will be
provided by Post Office at no cost to Fujitsu Services. Fujitsu Services will exercise reasonable
care and skill in accordance with its own established internal procedures when housing and/or
using the equipment to perform the Services.
1.14 Post Office acknowledges that the HNG-X Test Infrastructure will operate until at least
31st March 2022.
1.15 Training Controls Disablement and Re-Enablement Service
1.15.1 As a default Training Controls are enabled. When making a Request to Disable Training
Controls, Post Office must ensure that such requests meet all the following conditions, Requests
to Disable Training Controls which do not meet the following conditions will be rejected;
1.15.1.1 Post Office must have previously communicated their intention to issue
a Request to Disable Training Controls to Fujitsu Services, during a
Major Incident service bridge call. During the Major Incident service
bridge call the Post Office signatory who will issue the Request to
Disable Training Controls will be identified to Fujitsu Services. After the
call Fujitsu Services will send an email to the identified Post Office
signatory requiring Post Office to issue Fujitsu Services with
instructions to make a Request to Disable Training Controls and
subsequently a Request to Re-Enable Training Controls.
1.15.1.2 The Request to Disable Training Controls must then be communicated
on email to; the POA Operations Director, the POA Service Lead and
the POA Duty Manager (contact details as specified in the Working
Document entitled "POA Operations Major Incident Procedure"
(SVM/SDM/PRO/0001));
1.15.1.3 The emailed Request to Disable Training Controls must be sent from
one of the agreed Post Office Ltd. signatories documented in the
Appendices of the Working Document entitled "POA Operations Major
Incident Procedure" (SVM/SDM/PRO/0001);
1.15.1.4 The emailed Request to Disable Training Controls must contain the
following text;
“Post Office hereby request that Fujitsu Services temporarily disables
Training Controls in HNG-X Systems with immediate effect until such
time as Fujitsu Services receives a written Request to Re-Enable
Training Controls from Post Office.”
1.15.2 On receipt of a valid Request to Disable Training Controls Fujitsu Services will
complete such disablement within approximately 30 minutes of receiving the
Request to Disable Training Controls if received within the period Monday-Friday
09:00hrs -17:30hrs excluding Bank Holidays, or within approximately 90 minutes
at any other times. On completion of such disablement Fujitsu Services will send
an email to the Post Office signatory who issued the request confirming the same.
1.15.3 During the period between disablement and re-enablement of the Training
Controls pursuant to duly authorised Post Office requests, Post Office accepts
Schedule A5 Annex A Version 15.0
Page 11 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
that transactions may be undertaken by Counter Position Users for which they
have not achieved the required Restricted Curricula and which would otherwise
have been prevented if the Training Controls were applied and consequently for
which Fujitsu Services shall have no liability.
1.15.4 When making a Request to Re-Enable Training Controls, Post Office must ensure
that such requests meet all the following conditions. Requests to Re-Enable
Training Controls which do not meet the following conditions will be rejected;
1.15.4.1 Training Controls must have previously been temporarily disabled by
fulfilment of a Request to Disable Training Controls;
1.15.4.2 The Request to Re-Enable Training Controls must be communicated on
email to; the POA Operations Director, the POA Service Lead and the
POA Duty Manager (contact details as specified in the Working
Document entitled "POA Operations Major Incident Procedure"
(SVM/SDM/PRO/0001);
1.15.4.3 The emailed Request to Re-Enable Training Controls must be sent from
one of the agreed Post Office Ltd. signatories documented in the
Appendices of the Working Document entitled "POA Operations Major
Incident Procedure" (SVM/SDM/PRO/0001);
1.15.4.4 The emailed Request to Re-Enable Training Controls must contain the
following text;
“Post Office hereby request that Fujitsu Services re-enable with
immediate effect Training Controls in HNG-X Systems, previously
disabled.”
1.15.5 On receipt of a valid Request to Re-Enable Training Controls, Fujitsu Services
will complete such re-enablement within approximately 30 minutes of receiving
the Request to Re-Enable Training Controls if received within the period Monday-
Friday 09:00hrs -17:30hrs excluding Bank Holidays, or within approximately 90
minutes at any other times. On completion of such re-enablement Fujitsu
Services will send an email to the Post Office signatory who issued the request
confirming the same.
Post Office will be responsible for managing and ensuring the EUC Tower Contractor's
distribution of the HNG-A Application under change control, to timescales agreed with
each of Fujitsu Services and the EUC Tower Contractor
Post Office will be responsible for ensuring that all Incidents, initially raised by users at
Counter Positions, passed to Fujitsu Services by the Service Desk will identify which
release of the HNG-A Application is installed
Post Office Responsibilities in Relation to Post Office Cloud
1.18.1 In relation to the provision of the HNG-X Services and the Development Services
for those elements of the HNG-X System migrated from the HNG-X Service
Schedule A5 Annex A Version 15.0
Page 12 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
Infrastructure to Post Office Cloud, Post Office shall undertake the following
responsibilities:
the Post Office Responsibilities set out in paragraph 1.2.1 of CCD
SVM/SDM/SD/0017 - Security Management Service: Service Description;
the provision of, or procure the provision of, the environments, networking,
servers and databases within Post Office Cloud, sufficient to provide the
capacity and performance for development, testing, hosting and delivery of the
Business Capabilities and Support Facilities, and any changes to them, to
enable Fujitsu Services to deliver the Services to the Service Level Targets;
the provision of WAN connectivity to the branch network, to the internet, and to
Fujitsu Services’ support, development and test locations which, as at the date
of this CCN1678 shall be the Data Centres in Belfast and the Stevenage and
Bracknell service locations. Fujitsu Services may request Post Office to provide
WAN connectivity to other support, development and test locations, subject to
the consent to Post Office (not to be unreasonably withheld);
the day to day management, support, maintenance and operational control of
the Post Office Cloud hosted environments, networking, servers and
databases;
provision of monitoring facilities and operational support within and in respect
of the Post Office Cloud, in order to identify and minimise interruptions caused
by the Post Office Cloud to the HNG-X Services and Development Services.
provided by Fujitsu Services;
the management of operational changes to the Post Office Cloud hosted
environments, networking, servers and databases, including the coordination
of operational changes between those being made to Post Office Cloud, and
those being made to the HNG-X System by Fujitsu Services, to ensure
operational changes are made without impacting the Services, wherever
possible. Post Office shall provide Fujitsu Services prior written notice, via the
Operational Change Proposal process of operational changes made by the
Post Office to any Post Office Cloud hosted environments;
the provision of coordination between releases being made to the Post Office
Cloud , including Releases being deployed to the HNG-X System by Fujitsu
Services, to minimise the impact (wherever possible) of such changes on the
live service or development and test services;
the management of security of the Post Office Cloud environments, servers
and databases, including provision, management and maintenance of required
security technologies (as documented in paragraph 1.2.1 of the CCD “Security
Management Service: Service Description” (SVM/SDM/SD/0017)), provided
that Fujitsu Services provides Post Office and/or the Post Office Cloud Service
Provider reasonable assistance and co-operation in respect of such
management as detailed in the CCD “Security Management Service: Service
Description”;
the provision of access to the Post Office Cloud environments for the Fujitsu
Services personnel needed to deliver the HNG-X Services and Development
Services as notified to Post Office in writing from time to time;
the planning, communication and operation of all resilience, disaster recovery
and business continuity activities performed in relation to Post Office Cloud.
Fujitsu Services will retain responsibilities for defining and documenting the
Business Continuity Plans in accordance with Schedule B2 (Business
Continuity) in respect of the HNG-X Application specific aspects of technical
recovery plans for individual sub-systems and the recovery sequences
between sub-systems of the HNG-X Application and for communicating to Post
Office any changes in such Business Continuity Plans or recovery sequences
identified as a result of changes to the HNG-X Application;
co-operation by Post Office , as reasonably requested by Fujitsu Services in
relation to Fujitsu Services' resilience, disaster recovery and business
continuity activities performed for the HNG-X Service Infrastructure;
Schedule A5 Annex A Version 15.0
Page 13 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
the provision of a time synchronisation service for the environments,
networking, servers and databases within Post Office Cloud and, from the point
of migration for time synchronisation service provided for the Network Tower
Contractor from the Fujitsu Services Systems Management Service provided
time synchronisation service to that of the Post Office Cloud, for the Replaced
Branch Infrastructure; and
obtaining and maintaining all Licences required to manage and support, or
procure the management and support of, the environments, networking,
servers and databases within Post Office Cloud, having regarding to such
access and functionality requirements to provide the Services.
1.19 Post Office shall ensure that it's Network Tower Contractor shall replace any phone
lines used by the HNG-X System where required by Fujitsu Services as a result of BT
withdrawing legacy telephone services
Schedule A5 Annex A Version 15.0
Page 14 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
ANNEX B
POST OFFICE RESPONSIBILITIES IN RELATION TO THE BCSF SERVICES
1. BANKING BUSINESS CAPABILITY
The Post Office responsibilities in relation to the Banking Business Capability are defined in Annex
E to this Schedule AS:
2. BUREAU SERVICE BUSINESS CAPABILITY
The following Post Office responsibilities relate to the Bureau Service Business Capability:
21 Post Office shall be responsible for installing and ensuring that to the extent required by
law all Rate Boards comply and are maintained in compliance with all relevant
legislation (current and future), including all relevant Governmental Regulations and,
from the date of UK implementation, EU Directives and EU Regulations. Without
prejudice to the generality of the foregoing, Post Office shall ensure that the Rate Boards
comply with the Electromagnetic Compatibility ("EMC") Regulations 1992, which
implement Council Directive 89/336/EEC (as amended by Directive 91/26/EEC,
Directive 92/31/EEC and Directive 93/86/EEC).
2.2 Post Office shall:
2.2.1 ensure that all Rate Boards are compatible with Counter Equipment using
models as specified in the CCD entitled “Counter Hardware Design
Specification” (BP/DES/003);
2.2.2 be responsible for the provision of all cabling necessary to connect the Rate
Boards to Counter Equipment and shall ensure that such cabling is in
accordance with the CCD entitled “Rate Board Cables” (AS/REP/013);
2.2.3 once each Rate Board has been connected to Counter Equipment, carry out
all maintenance of that Rate Board and of the associated cabling,. This
responsibility extends to all cabling used in making the connection to a
Counter Position; and
2.2.4 provide mains electrical power to each Rate Board (or where more than one
in a Branch, the Rate Boards in that Branch together) from power circuits
that are separate from the power circuit dedicated to the Counter Position.
3. ELECTRONIC TOP-UP BUSINESS CAPABILITY
The following Post Office responsibilities relate to the Electronic Top-up Business Capability:
3.1 Post Office shall be responsible for ensuring that the link from e-pay to the Data Centres
and information transmitted from e-pay to Fujitsu Services across that link shall be in
accordance with the CCDs entitled "Application Interface Specification: Horizon to e-
Schedule A5 Annex B Version 15.0
Page 15 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
41
4.2
4.3
44
pay” (ET/IFS/001) and “e-pay — HNG-X Technical Interface Specification”
(DES/NET/TIS/0009).
APOP BUSINESS CAPABILITY
The following Post Office Ltd Responsibilities are included in the CCD entitled “APOP
Definition” (BP/SPE/046),such Post Office Ltd Responsibilities relate to the APOP
Business Capability.
Post Office Ltd shall specify that the Post Office Data Gateway generates an APOP
verification file as defined in the CCD entitled “Horizon APOP Authorisation Service
Application Interface Specification” (AP/IFS/063) if required for an APOP Service
APS transactions shall conform to the specification defined in the CCD entitled “AP-
ADC Reference Manual” (DES/GEN/MAN/0002)
User access to the APOP administration service shall be from within the Post Office Ltd
domain and no Post Office Ltd clients will have direct access to data held on the APOP
database.
le. Post Office Ltd will not grant access from outside the Post Office Ltd domain
APOP Service Authorisation Service
4.5
4.6
47
48
4.9
4.10
4.11
The APOP authorisation service definition for an APOP Service shall conform to the
specification defined in the CCD entitled “APOP Reference Manual” (AP/MAN/003).
Post Office Ltd shall conform to the security rules for the creation of administrators and
users of the APOP administration service and the use of the APOP administration
service by administrators and users as defined in the APOP Administration Service User
Interface Design Proposal.
The APOP Service Definition shall be constructed using the parameters defined in the
CCD entitled “APOP Reference Manual”(AP/MAN/003).
Post Office Ltd shall define the service definition for an APOP Service which conforms
to the CCD entitled “APOP Reference Manual”(AP/MAN/003) and deliver the service
definition to Fujitsu Services.
Post Office Ltd shall define the format of the reports derived from data extracted from
the APOP database and delivered to Post Office Ltd by the APOP reporting service.
Post Office Ltd/Prism shall build and maintain the APOP administration service server
and workstations which shall include schema files to support the rendering of the extract
files produced by the APOP reporting service.
Not Used
Schedule A5 Annex B Version 15.0
Page 16 of 28
FUJ00234911
FUJ00234911
FUJ00234911
FUJ00234911
CONFIDENTIAL
4.12 Transactions to be processed by the APOP batch service shall conform to the CCD
entitled “Horizon APOP Authorisation Service Application Interface Specification”
(AP/IF S/063).”
4.13 On-line branch transactions initiated at a Post Office Horizon counter position shall
conform to the specification defined in the CCD entitled “APOP Authorisation Service-
On-line Application Interface Specification “(AP/IFS/064).
New APOP Services
4.14 For each new APOP Service:
e Post Office Ltd will produce a specification of the APOP Service business
requirements and business process definition as defined in the APOP User
Guide.
e Post Office Ltd will produce the AP-ADC counter transactions.
« Post Office Ltd will produce the service definition for the APOP Service.
4.15 For each new APOP Service, Post Office Ltd shall, subject to the Work Ordering
Procedure, require Fujitsu Services to produce:
e Voucher receipt templates;
e Customer and Branch receipt templates;
e Counter and Branch weekly reports.
4.16 I For each Counter and Branch weekly report, Post Office Ltd shall define the:
e List of products;
e Report title;
e Cut-off requirements
4.17 For each new APOP Service with an external authorisation service, Post Office Ltd shall,
subject to the Work Ordering Procedure, require Fujitsu Services to produce:
e An APOP web service, web services agent and (optionally) a web server
platform:
« An interface between the Horizon domain and the external authorisation service
Changes to APOP Services
Schedule A5 Annex B Version 15.0
Page 17 of 28
CONFIDENTIAL
4.18
Post Office Ltd shall, subject to the Work Ordering Procedure, require Fujitsu Services to
produce changes to Fujitsu Services supplied components of an APOP Service.
DEBIT CARD
The following Post Office Responsibilities are Debit Card Responsibilities:
Debit Card Responsibilities
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
Post Office shall be responsible for providing, through Post Office Reference Data, DC
Token definitions to cover the DC Token ranges supported by Fujitsu Services.
Post Office shall be responsible for following procedures for Debit Card Transaction
settlement and exception reporting in accordance with the CCD entitled End to End
Reconciliation Reporting (SVM/SDM/SD/0020) to the extent Post Office is required to
do so.
Post Office shall be responsible for generating and transmitting (as reasonably required
by the Fujitsu Services) test Reference Data for testing purposes.
Post Office shall be responsible for ensuring that Fujitsu Services has at all times a
sufficient number of MIDs and TIDs to enable Fujitsu Services to allocate such MIDs
and TIDs to the Branches and Counter Positions respectively.
Post Office shall be responsible for supplying an agreed batch of MIDs to Fujitsu
Services in accordance with the OLA “DC Operational Level Agreement” to ensure that
one MID is available for each new Branch, whenever the supplies of unallocated MIDs
held by Fujitsu Services fall below a threshold limit agreed between Post Office and
Fujitsu Services
Post Office shall be responsible for supplying an agreed batch of TIDs to Fujitsu
Services through the Change Control Procedure whenever the supplies of unallocated
TIDs held by Fujitsu Services fall below a threshold limit agreed between Post Office
and Fujitsu Services.
Post Office shall be responsible for following the reconciliation and incident
management procedures for the investigation, reporting and resolution of business
incidents related to the use of Debit Card (supported by the Payment Management
Business Capability) as set out in the applicable provisions of paragraph 2.8 of the CCD
entitled "Reconciliation Service: Service Description” (SVM/SDM/SD/0015)
Post Office shall be responsible for providing MIDs and TIDs in accordance with the
processes for business change described in the CCD entitled “Post Office Ltd
Operational Business Change — Branch, Interface Agreement” (SVM/SDM/STD/0001).
Post Office shall be responsible for procuring the provision of an EMIS to supply a data
feed to the Reconciliation Support Facility from the Merchant Acquirer in accordance
Schedule A5 Annex B Version 15.0
Page 18 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
with the CCD entitled “Merchant Acquirer EMIS File Application Interface Specification”
(REQ/APPIAIS/1495)”.
The following Post Office Responsibilities are Debit Card Obligations:
Debit Card Obligations
5.10
5.11
5.12
5.13
Post Office shall be responsible for verifying and validating all Debit Card related Post
Office Reference Data for use in connection with the DC MoP, save to the extent that
Fujitsu Services is obliged to do so (for the purposes of the use of such Post Office
Reference Data within the Infrastructure) in accordance with the CCD entitled “ Fujitsu
Services / Post Office Ltd Interface Agreement for Operational Business Change —
Reference Data” (CS/PRD/058). For the avoidance of doubt, the Change Control
Procedure shall be used if Post Office requires any Debit Card related Reference Data
validation or testing outside the scope of the CCD entitled “Fujitsu Services / Post Office
Ltd Interface Agreement for Operational Business Change - Reference Data”
(CS/PRD/058).
Post Office shall procure a service designed to ensure that the EMIS file shall be
available for collection from the Merchant Acquirer by 15:00 hours daily between
Monday and Friday excluding English Bank Holidays. Where the EMIS file is not
available by that time, Fujitsu Services shall follow the procedures set out in the relevant
OLA.
Post Office shall follow the procedure set out in the OLA entitled “DC Operational Level
Agreement’ for reporting potential/actual breaches of security within either the Merchant
Acquirer or Infrastructure.
Post Office shall ensure the security, safe keeping and proper management of all
passwords/passphrases used to generate keys shared between the Data Centre and
the Merchant Acquirer on the Merchant Acquirer side of the interface between the Data
Centre and the Merchant Acquirer.
GENERIC WEB SERVICE SUPPORT FACILITY
The following Post Office Responsibilities are Generic Web Service Responsibilities:
6.1
For each Generic Web Service Post Office shall be responsible for:
6.1.1 the Post Office tasks as defined in the ‘Web Service Client Connection
Process’ (REQ/GEN/PRO/1388) for the:
(a) the Generic Web Service qualification stage;
(b) the Generic Web Service specification stage;
Schedule A5 Annex B Version 15.0
Page 19 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
7A
7.2
7.3
74
75
8.
(c) the Generic Web Service build and test stage;
(d) the Generic Web Service introduction stage;
6.1.2 the provision of the baselined WSDL for the Client web service;
6.1.3 the Client specific elements of the Technical Interface Specification between
the Generic Web Service and the Post Office Client;
6.1.4 the design, development and testing of the APS transactions conforming to
the specification defined in the CCD entitled “AP-ADC Reference Manual”
(DES/GEN/MAN/002);
6.1.5 the security assessment of the APS service and the associated Generic Web
Service for the Post Office Client.
PAF SUPPORT FACILITY
Post Office shall be responsible for supplying to Fujitsu Services the monthly Royal Mail
PAF address data on a CD in ‘Royal Mail Compressed Standard™' format described in
the ‘Royal Mail PAF Programmers’ Guide’ Edition 7 Version 4.0 (REQ/APP/AIS/1526)
Post Office shall be responsible for supplying to Fujitsu Services the monthly Royal Mail
PAF address data on a CD in accordance with the CCD ‘Fujitsu Services/Post Office
Ltd Interface Agreement for Operational Business Change — Reference Data
(CS/PRD/058);
Post Office shall be responsible for supplying PAF additional address data to Fujitsu
Services conforming to the application interface specification ‘Post Office Limited to PAF
Application Interface Specification’ (REQ/APP/AIS/1503);
Post Office shall be responsibly for managing and securely destroying the Royal Mail
PAF data CDs after 12 months.
Post Office shall be responsible for the integrity and accuracy of data provided in
accordance with sections 9.2 and 9.3 and any rectifications required as a result of
erroneous or corrupt data supplied shall be made at Post Office’s sole expense.
POST OFFICE DATA GATEWAY
The following Post Office Responsibilities are Post Office Data Gateway Responsibilities. For
each Post Office Data Gateway Data File transfer:
8.1
8.2
Post Office shall be responsible for supplying to Fujitsu Services approved Application
Interface Specifications (AIS) for Data File transformations to be performed by the Post
Office Data Gateway Support Facility using the approved pro-forma;
Post Office shall be responsible for supplying to Post Office Clients the specification of
the data in Data Files to be transferred from the Post Office Data Gateway to the Client;
Schedule A5 Annex B Version 15.0
Page 20 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
8.3
8.4
8.5
8.6
8.7
8.8
8.9
9.1
10.
Post Office shall be responsible for producing, as Post Office requires, Data File delivery
reports from Post Office Data Gateway data supplied to Post Office Ltd by Fujitsu
Services,
Post Office shall be responsible for producing Post Office to Post Office Client
Operational Level Agreements for each Post Office Client sending Data Files to, or
receiving Data File from, the Post Office Data Gateway Support Facility;
Post Office shall be responsible for ensuring that Fujitsu Services is permitted to
process the data received by the Post Office Data Gateway Support Facility on behalf
of the data owner;
Post Office shall be responsible for ensuring that the Data Files transferred between the
Post Office Client and the Post Office Data Gateway Support Facility shall be in
accordance with the relevant Post Office Data Gateway to Post Office Client Application
Interface Specification;
Post Office shall be responsible for ensuring that the link between the Post Office Client
and the Post Office Data Gateway Support Facility will be in accordance with the ‘Post
Office Data Gateway to Post Office Clients Technical Interface Specification’
(DES/NET/TIS/1499).
Post Office shall be responsible for supplying the information and ensuring that the
content within the PODG Client Connection pack is correct.
Post Office shall be responsible for the ownership and content within the Post Office
Data Gateway (PODG) Route spreadsheets.
CLIENT FILE DELIVERY
Post Office shall be responsible for supplying to Fujitsu Services approved Application
Interface Specifications for Data Files from Post Office Clients (to HNG-X) Clients to be
processed by the Client File Delivery Support Facility.
POST OFFICE DATA GATEWAY CLIENT CONNECTION
The following Post Office Responsibilities are PODG Client Connection Service Responsibilities.
10.1
10.2
10.3
10.4
Post Office shall be responsible for supplying to Fujitsu Services a completed OBC19
form for each request with details of the changes required.
Post Office shall be responsible for ensuring that Fujitsu Services is permitted to
process the data received by Fujitsu Services under the PODG Client Connection
Service on behalf of the data owner.
Post Office shall be responsible for obtaining security credentials directly from Post
Office Clients and to provide Fujitsu Services with the security credentials required to
fulfil a PODG Client Connection Service request as defined in “Post Office Data
Gateway (PODG) Secure Transfer Procedure” (SVM/SEC/PRO/1784).
Post Office shall be responsible for obtaining all necessary consents, authorisations and
notifications from relevant Data Controllers, to enable personal data to be processed by
Fujitsu Services as part of PODG Client Connection Service, in compliance with the
latest Data Protection Act. Post Office Ltd shall indemnify Fujitsu Services in respect of
any losses suffered by Fujitsu Services in connection with the performing the PODG
Schedule A5 Annex B Version 15.0
Page 21 of 28
FUJ00234911
FUJ00234911
FUJ00234911
FUJ00234911
CONFIDENTIAL
Client Connection Service as a result of any Post Office Ltd failure to have obtained
appropriate data protection related consents, authorisations and notifications...
10.5 Post Office shall be responsible for managing the service provided to the Client by the
Post Office Data Gateway Service
1 COUNTER WEB BROWSER SUPPORT FACILITY
The following Post Office responsibilities relate to the Counter Web Browser Support
Facility:
11.4 Post Office shall be responsible for providing the “WebView2” and “.Net
Frameworkv.4.8” softwares, as part of the Replaced Branch Infrastructure, on each
Counter Position at which the Counter Web Browser Support Facility is to be enabled.
Schedule A5 Annex B Version 15.0
Page 22 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
ANNEX C
BANKING RESPONSIBILITIES
HORIZON BANKING RESPONSIBILITIES — Removed by CCN 1648
Schedule A5 Annex C Version 14.0
Page 23 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
ANNEX D
BANKING OBLIGATIONS
HORIZON BANKING OBLIGATIONS — REMOVED BY CCN1648
Schedule A5 Annex D Version 15.0
Page 24 of 28
CONFIDENTIAL
ANNEXE
POST OFFICE RESPONSIBILITIES IN RELATION TO THE PAYMENT AND
BANKING SERVICE
1. General Responsibilities
1.1 Post Office shall
1.1.1. communicate and facilitate the consultation of documents, information
and methodology which it has which are requested by Fujitsu Services and which
are necessary for the provision of the Payment and Banking Service by Fujitsu
Services;
1.1.2 respond to reasonable requests from Fujitsu Services necessary for the
proper performance of the Payment and Banking Service and make decisions
wherever possible in time for requested by Fujitsu Services to meet its
obligations;
1.1.3 inform Fujitsu Services of any event or act likely to delay the performance
of the Agreement within a reasonable time (having regard to the severity of the
delay) upon becoming aware of such event or act. In such case, the Parties shall
consult on ways to limit the delay and may, if necessary, agree on a change to
the dates for providing the Payment and Banking Service;
1.1.4 comply with the General Terms and Conditions of Use of the Payment
and Banking Service as provided in Appendix 2 (General Terms and Conditions
of Use) to Schedule 16;
1.1.5. comply with the prerequisite for the implementation of the Payment and
Banking Service listed hereafter, in particular (i) to have updated antivirus, (ii)
use a browser and information system updated and compatible with the use of
the Service, (iii) to comply and procure that Branches comply with the
requirements of the applicable standards in effect, including PCI DSS and/or PCI
P2PE;
1.1.6 manage its information system with which the Ingenico Central Platform
interoperate and to manage third party intervention as part of the provision of the
Payment and Banking Service; and
1.1.7 provide adequate network connectivity between the Counter Position
and the Ingenico Central Platform.
1.1.8 provision a clean room facility to house a system, which they shall also
procure, from which they invoke the CRM De-Tokenisation API. Post Office shall
retain full responsibility for such clean room facility and system, including their
support, for the duration of the Term of the Agreement.
1.1.9 evidence, and shall procure that its relevant third parties evidence, to
Fujitsu Services an active Attestation of Compliance (AoC) for PCI-DSS to use
the CRM De-Tokenisation API. Post Office shall, and shall procure that any
relevant third parties shall, keep this certification up-to-date, at its cost, for the
Term of the Agreement and provide a copy of the most recent AoCs on renewal
or on request from Fujitsu Services.
Schedule A5 Annex E Version 15.0
Page 25 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
2. Banking Business Capability
The following Post Office responsibilities relate to the Banking Business Capability:
2.1 Post Office shall ensure the security, safe keeping and proper management (as defined
in ISO 11568 parts 1 to 3) of all keys shared between the Ingenico Central Platform and
Vocalink on the Vocalink sides of the interfaces.
2.2. Post Office shall be responsible for ensuring that the links from Vocalink to the Ingenico
Central Platform and information transmitted from Vocalink to Fujitsu Services Sub-
Contractor, Ingenico, across those links shall be in accordance with the CCD entitled
“Axis Managed Payment Service Solution - Solution Design” (DES/APP/MAN/3760).
2.3 3 Post Office shall ensure that software managed by Post Office in Post Office Cloud to
manage the interactions between the HNG-X Application and the Ingenico Software
hosted on the Ingenico Central Platform, for reversals in respect of PBS Banking
Transactions, shall;
e Interact with the HNG-X Application in accordance with the document entitled
“AWS NRT and Agent Lambda Solutions” (DES/APP/HLD/4410); and
e Interact with the Payment and Banking Service in accordance with the document
entitled “Card Present API Functional Specification” (REQ/APP/AIS/4114).
3. 3. DEBIT CARDS
The following Post Office Responsibilities are Debit Card Responsibilities:
Debit Card Responsibilities
3.1 Post Office shall be responsible for providing, through Post Office Reference Data, DC
Token definitions to cover the DC Token ranges supported by Fujitsu Services.
3.2 Post Office shall be responsible for following procedures for Debit Card Transaction
settlement and exception reporting in accordance with the CCD entitled “End to End
Reconciliation Reporting" (SVM/SDM/SD/0020) to the extent Post Office is required to do
so.
3.3 Post Office shall be responsible for generating and transmitting (as reasonably required
by the Fujitsu Services) test Reference Data for testing purposes.
3.4 Post Office shall be responsible for ensuring that Fujitsu Services has at all times a
sufficient number of MIDs and TIDs to enable Fujitsu Services to allocate such MIDs and
TIDs to the Branches and Counter Positions respectively.
3.5 Post Office shall be responsible for supplying an agreed batch of MIDs to Fujitsu Services
in accordance with the OLA “DC Operational Level Agreement” to ensure that one (1)
MID is available for each new Branch, whenever the supplies of unallocated MIDs held
Schedule A5 Annex E Version 15.0
Page 26 of 28
FUJ00234911
FUJ00234911
FUJ00234911
FUJ00234911
CONFIDENTIAL
by Fujitsu Services fall below a threshold limit agreed between Post Office and Fujitsu
Services
3.6 Post Office shall be responsible for supplying an agreed batch of TIDs to Fujitsu Services
through the Change Control Procedure whenever the supplies of unallocated TIDs held
by Fujitsu Services fall below a threshold limit agreed between Post Office and Fujitsu
Services.
3.7 Post Office shall be responsible for following the reconciliation and incident management
procedures for the investigation, reporting and resolution of business incidents related to
the use of Debit Card (supported by the Payment Management Business Capability) as
set out in the applicable provisions of paragraph 2.8 of the CCD entitled “Reconciliation
Service: Service Description” (SVM/SDM/SD/0015)
3.8 Post Office shall be responsible for providing MIDs and TIDs in accordance with the
processes for business change described in the CCD entitled “Post Office Ltd Operational
Business Change — Branch, Interface Agreement” (SVM/SDM/STD/0001).
3.9 Post Office shall be responsible for procuring the provision of an EMIS to supply a data
feed to the Reconciliation Support Facility from the Acquirer in accordance with the CCD
entitled “Merchant Acquirer EMIS File Application Interface Specification”
(REQ/APPI/AIS/1495)”.
The following Post Office Responsibilities are Debit Card Obligations:
Debit Card Obligations
3.10 Post Office shall be responsible for verifying and validating all Debit Card related Post
Office Reference Data for use in connection with the DC MoP, save to the extent that
Fujitsu Services is obliged to do so (for the purposes of the use of such Post Office
Reference Data within the Infrastructure) in accordance with the CCD entitled “Fujitsu
Services / Post Office Ltd Interface Agreement for Operational Business Change —
Reference Data” (CS/PRD/058). For the avoidance of doubt, the Change Control
Procedure shall be used if Post Office requires any Debit Card related Reference Data
validation or testing outside the scope of the CCD entitled “Fujitsu Services / Post Office
Ltd Interface Agreement for Operational Business Change - Reference Data”
(CS/PRD/058).
3.11 Post Office shall procure a service designed to ensure that the EMIS file shall be available
for collection from the Acquirer by 15:00 hours daily between Monday and Friday
excluding English Bank Holidays. Where the EMIS file is not available by that time, Fujitsu
Services shall follow the procedures set out in the relevant OLA.
3.12 Post Office shall follow the procedure set out in the OLA entitled “DC Operational Level
Agreement’ for reporting potential/actual breaches of security within either the Merchant
Acquirer or Infrastructure.
3.13 Post Office shall ensure the security, safe keeping and proper management of all
passwords/passphrases used to generate keys shared between Ingenico Central
Schedule A5 Annex E Version 15.0
Page 27 of 28
FUJ00234911
FUJ00234911
CONFIDENTIAL
Platform and the Acquirer on the Acquirer side of the interface between the Ingenico
Central Platform and the Acquirer.
Schedule A5 Annex E Version 15.0
Page 28 of 28