FUJ00234918
FUJ00234918
CONFIDENTIAL
SCHEDULE B3.3
HNG-X CENTRAL AND TELECOMMUNICATIONS INFRASTRUCTURE
Version History
31/08
Agreed version as at date of signature of CCN 1200
26/09/06 Minor corrections
25/01/07 Baseline copy of 1.1
23/02/09 Baseline copy of 2.1
13/05/09 Applying changes as per CCN1258
06/07/09 Moving all schedules to V6.0 as agreed with Fujitsu
23/12/09 Applying changes as per CCN 1268
05/01/10 Applying changes as per CNN 1272
31/03/10 Applying changes as per CCN1276a
01/04/10 Applying changes as per CCN1270
10/05/10 Moving all schedules to V7.0 as agreed with Fujitsu.
21/02/12 Applying changes specified in CCN1294d
13/01/14 Applying changes as per CCN1349,1311b, 1328b
and CCN1400
10.0 10/09/15 Applying changes as per CCN1418, CCN1420a and
as subsequently amended in this CCN1506 and
moving all Schedules to V10.0 in accordance with
CCN1506
11.0 31/03/16 Applying changes as per CCN1423c, CCN1427 and
moving all Schedules to V11.0 in accordance with
CCN1604
12.0 03/07/17 Applying changes as per CCN1610, CCN1614a,
CCN1618a, CCN1621 and moving all schedules to
V12.0
13.0 Updating as per CCN1629, CCN1632 and
CCN1650c and moving all Schedules to v13.0
14.0 20/12/2021 Updating as per CCN1651b, CCN1655a,
CCN1662a, CCN1623b, CCN1648b, CCN1672a
and moving all Schedules to v14.0
14.0a 5/5/2022 Updating as per CCN1623b Part 2 sections missed
in V14.0 conformance.
15.0 21/12/2022 Updating as per CCN1703a, CCN1705b,
CCN1725a, CCN1731, CCN1748
Schedule B3.3 Version 15.0
Page 1 of 10
CONFIDENTIAL
SCHEDULE B3.3
HNG-X CENTRAL AND TELECOMMUNICATIONS INFRASTRUCTURE
1. HNG-X SERVICE INFRASTRUCTURE
44 Introduction
1.4.41
This Schedule B3.3 records and specifies the HNG-X Service Infrastructure that
shall be provided by Fujitsu Services in order to deliver the Business Capabilities
and Support Facilities described in Schedule B3.2.
The HNG-X Service Infrastructure comprises
(a) HNG-X Central Infrastructure; and
(b) I HNG-X Telecommunications Infrastructure.
The HNG-X Service Infrastructure provides functions and capabilities used to
deliver the Business Capabilities and Support Facilities, and the Operational
Services.
The provisions of this Schedule shall not apply in respect of the HNG-X Central
Infrastructure or HNG-X Telecommunications Infrastructure, and accordingly it
does not form part of the HNG-X Service Infrastructure.
1.2 HNG-X Central Infrastructure
1.24
1.2.2
1.2.3
1.24
Subject to paragraph 1.3.4(f), Fujitsu Services shall provide all equipment at the
Data Centres necessary to provide the Business Capabilities and Support
Facilities. This equipment, including the telecommunications equipment, shall
have sufficient capacity to meet the business volumes as set out in the CCD
entitled “Horizon Capacity Management and Business Volumes” (PA/PER/033).
The Transfer Asset Register shall be updated in accordance with the timetable
contained in paragraph 3.2.1 of Schedule E.
Fujitsu Services shall maintain all increases in the capacity of the HNG-X Service
Infrastructure which Fujitsu Services have agreed to make at the request of Post
Office.
Fujitsu Services shall retain all hardware and software provided to a particular
Post Office specification, save that Fujitsu Services may substitute identical
replacements for such hardware and software.
Schedule B3.3 Version 15.0
Page 2 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
1.25
1.2.6
1.2.7
1.2.8
1.2.9
Fujitsu Services may replace, upgrade, remove or decommission hardware and
software from time to time comprised in the HNG-X Service Infrastructure
provided that it continues at all times to comply with its obligations in paragraphs
1.2.3 and 1.2.4 (unless agreed otherwise under the Change Control Procedure).
Unless terminated earlier in accordance with Clause 47.11(f), Fujitsu Services
shall use the facilities of the DR Data Centre to provide a testing environment,
which shall be known as the SV&l Rig which shall support functional testing until
31 March 2025
Unless terminated earlier in accordance with Clause 47.11(f), Fujitsu Services
shall maintain at their Bracknell location the Integration (INT) Rig which shall
support integration testing until 31st March 2025.
Unless terminated earlier in accordance with Clause 47.11(f), Fujitsu Services
shall maintain at their Bracknell location the Component Integration and Test
(CIT) Rig which shall support development testing until 31°t March 2025.
Any additional test configurations that are required to support changes to Post
Office's business shall be dealt with through the Change Control Procedure.
1.2.10 Not used — removed by CT2589b
1.3 HNG-X Telecommunications Infrastructure
1.3.1
1.3.2
1.3.3
1.3.4
Removed by CCN1623b
Removed by CCN1623b
Central Telecom Infrastructure
The Central Telecom Infrastructure provides network connections:
(i) between Data Centres and Post Office sites;
(ii) between Data Centres and Client sites;
(iii) between Data Centres and Fujitsu Services support sites;
(iv) between Data Centres and the Ingenico Central Platform;
(v) between the Data Centres and third party support sites;
(vi) between the two Data Centres (intercampus links); and
(vii) for the test service including any test Branches.
Interface support for Post Office services or Client services
(a) The HNG-X Telecommunications Infrastructure shall include capability
to enable connection between the Data Centres and Post Office systems
or Client systems. The style of connection and operation shall be
Schedule B3.3 Version 15.0
Page 3 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
()
defined in the relevant TIS and shall support real and delayed time
initiation of activities.
The HNG-X Telecommunications Infrastructure and HNG-X Central
Infrastructure shall provide a file distribution function which shall be
responsible for the transfer, monitoring and retry of files as specified in
the relevant AIS and / or TIS.
The HNG-X Service Infrastructure shall support authorisations for Post
Office products through access to computer systems which are external
to Post Office services or are within Post Office services.
Additional Post Office services or additional Client services which
require an additional interface may be agreed from time to time between
Post Office and Fujitsu Services and shall be specified in an additional
TIS and / or an additional AIS.
Interface Support for Santander
(i) Fujitsu Services shall be responsible for provision of, security of,
and management of the communications link between the Data
Centres and Santander (which for the purposes of this Schedule
includes the physical routers, encryption devices, file transfer
management servers and associated cabling), subject to Post
Office complying with (and ensuring that any third party Post
Office uses for siting or storage of such equipment complies with)
the following:
(1) provision of a suitable physical operating environment
for Fujitsu Services’ equipment used for or in connection
with the communications link including the following:
(A) ensuring the physical security of all equipment
which is located on Post Office and/or any such
third party's premises to protect against
unauthorised access; and
(B) provision of environmental conditions as
reasonably required by Fujitsu Services.
(2) permitting Fujitsu Services to gain access (at
reasonable times and on reasonable notice) to all
locations where such equipment is held or is to be
installed, in order to enable Fujitsu Services to effect or
procure the installation, maintenance, repair, renewal
and support of such equipment.
Interface Support for Vocalink
Schedule B3.3 Version 15.0
Page 4 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
Removed by CCN1725a
Post Office shall be responsible for procuring the provision of,
security of, and management of the communications links
between the Ingenico Central Platform and Vocalink in
accordance with and subject to paragraph 1.3.4(g), subject to
Fujitsu Services complying with (and ensuring that any Sub-
contractor or third party Fujitsu Services uses complies with) any
reasonable request for co-operation and/or information made by
Post Office from time to time, where the provision of such co-
operation or information is necessary to enable Post Office to
perform the Post Office Communications Links Services.
(g) Post Office Communications Links Services
Post Office shall, in relation to paragraph 1.3.4(f), be responsible for
ensuring that:
(i)
(i)
(iii)
Schedule B3.3 Version 15.0
Page 5 of 10
the Post Office Communications Links Services are carried out
promptly, efficiently, diligently and professionally, and with all
reasonable skill and care;
it obtains an undertaking from Vocalink that its employees,
servants, agents or sub-contractors engaged to perform the
Post Office Communications Links Services:
(1) keep confidential, and not disclose to anyone else, any
Confidential Information of Fujitsu Services disclosed by
or obtained from Fujitsu Services (or its subcontractors)
in the course of performing the Post Office
Communications Links Services;
(2) use such Confidential Information only to the extent
reasonably required to perform the Post Office
Communications Links Services; and
(3) return such Confidential Information held in tangible form
to Post Office, and to irretrievably delete or destroy all
such information held in electronic form, on termination
or expiry of that party's obligations in respect of the Post
Office Communications Links Services,
other than as required by law;
it or any third party engaged by it to perform the Post Office
Communications Links Services complies with any reasonable
instructions and/or requirements (including without limit any
FUJ00234918
FUJ00234918
CONFIDENTIAL
reasonable instructions and/or requirements relating to Data
Centre security) given to it by Fujitsu Services(or its
Subcontractors) from time to time; and
(iv) the communication links between the Ingenico Central Platform
and Vocalink, shall have sufficient capacity to meet Post Office's
business volume requirements from time to time; and
(v) Post Office shall fully indemnify Fujitsu Services in respect of
any personal injury or loss of or damage to Property incurred by
Fujitsu Services, its contractors or their respective employees
and authorised agents to the extent that such personal injury or
loss of Property is caused by a Default of Post Office, its
employees, agents or contractors in connection with the
performance of the Post Office Communications Links Services.
1.4 Exclusivity
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
No computer system shall be connected to the HNG-X Central Infrastructure or
to those elements of the HNG-X Telecommunications Infrastructure which are
employed exclusively in the provision of the HNG-X Services without the approval
of Post Office.
Fujitsu Services shall maintain a register of computer systems with which such
connections are allowed.
The HNG-X Central Infrastructure and HNG-X Telecommunications Infrastructure
shall provide links into other computer systems as required to support the
introduction of new or re-engineered Transactions required by Post Office.
The identity of any computer system with which a link is to be established shall
be authenticated.
Fujitsu Services shall produce reports detailing any attempt to establish a link
(specified in paragraph 1.4.3) which is rejected. Fujitsu Services shall provide
these reports to Post Office on request. Such reports will not be required where
the link is between the HNG-X Central Infrastructure / HNG-X
Telecommunications Infrastructure and the Banks; and the rejection is due to a
failure of the Banks; or between the HNG-X Central Infrastructure / HNG-X
Telecommunications Infrastructure and the MA and the rejection is due to a failure
of the MA.
1.5 Continued Support of operating systems and Software
Fujitsu Services shall fully support the Software in the HNG-X Service Infrastructure
during the life of the elements of HNG-X Service Infrastructure on which such Software is
utilised in providing Services.
1.6 Functional Title or Code
Schedule B3.3 Version 15.0
Page 6 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
17
241
2.2
3.1
3.2
3.3
Fujitsu Services shall ensure that each component of the HNG-X Service Infrastructure
is clearly marked with a functional title or code so that it can be readily identified in the
relevant documentation and related to its proper place in the HNG-X Service
Infrastructure.
Not Used
1.7.1 Not Used.
1.7.2 Not Used.
SECURITY
Introduction
This section covers the security provisions relating to the HNG-X Service Infrastructure.
Encryption Key Management
2.2.1 The HNG-X System shall support a reliable and secure means for the transfer of
data to the Data Centre. This shall include the use of techniques used selectively
and in agreement between Post Office and Fujitsu Services as specified in the
CCD entitled "HNG-X Technical Security Architecture" (ARC/SEC/ARC/0003)
2.2.2 With the exception of PIN Pads (in which case paragraph 2.1.4 of Schedule B3.4
shall apply), a key management system shall be in place so the encrypted data
can be deciphered without risk of that cryptographic key being exposed.
2.2.3 Fujitsu Services shall support the use of PIN Pads and the associated
cryptographic management. PIN Pads shall comply with the requirements of ISO
9564.
BUSINESS CONTINUITY
Introduction
This paragraph 3 covers the business continuity provisions relating to the HNG-X Service
Infrastructure.
End to End Recovery
End-to-end recovery shall be performed by Fujitsu Services in accordance with the CCD
entitled “HNG-X Business Continuity Framework” (SVM/SDM/SIP/0001).
Business Continuity
3.3.1 Data Centre Resilience
Schedule B3.3 Version 15.0
Page 7 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
(a)
(c)
One Data Centre will be used to support the Business Capabilities and
Support Facilities (the “Live Data Centre”) with a second Data Centre
providing DR (the “DR Data Centre”). There are network components
(appliances and platforms) at the DR Data Centre which contribute to
the provision of Business Capabilities and Support Facilities.
The DR Data Centre will under normal operation be used for testing
except where it needs to be used for business continuity tests. The DR
Data Centre will also host some live network components.
Each Data Centre shall have the capability in normal operation with no
failures or a single failure having occurred:
(i) to support the Contracted Volumes as defined in the CCD
entitled "Horizon Capacity Management and Business Volumes”
(PA/PER/033); and
(ii) to support Fujitsu Services’ obligations in respect of Service
Levels set out in Schedule C1 and each applicable Service
Description.
Each Data Centre will be configured such that the failure of a single
component will not cause the Business Capabilities and Support
Facilities to fail. For the avoidance of doubt, Fujitsu Services will inform
Post Office of those major Data Centre components whose failure may
result in the need to invoke DR. There is a single high capacity WAN
circuit into each Data Centre. Should the link into one Data Centre fail
then a patch via the other Data Centre will be used.
Switchover to backup systems within the Data Centre and for the
network connections within the Data Centre:
(i) for real-time elements of the Business Capabilities and Support
Facilities shall be automated; and
(ii) for non-real time elements may be automated or manual.
Switchover from the Live Data Centre to the DR Data Centre will be
manually initiated.
In the event that the DR Data Centre needs to be used to run the live
service or if the DR Data Centre itself is unavailable, there will be no
significant test environment available. In this scenario, limited testing
(sufficient to test minor fixes needed to keep the live service operational)
will be available at a Fujitsu Services development site. However such
testing facilities will not be sufficient to test releases.
3.3.2 The Central Network
Schedule B3.3 Version 15.0
Page 8 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
(a)
The Central Network comprises the network communications between
the Data Centres and the switches used by Fujitsu Services (or Fujitsu
Services’ Sub-contractor which operates such network) to:
(i) Until November 15'* January 2018, answer ISDN calls from
Branches;
(ii) convert asynchronous transfer mode (ATM) communications
from ADSL Branches into internet protocol (IP) communications;
or
(iii) convert leased line communications from Branches into internet
protocol (IP) communications
(iv) convert wireless wide area network (WAN) protocols from
Branches into internet protocol (IP) communications,
(the "Central Network").
The loss of a major sub-contractor network switching node within the
Central Network shall not cause the complete loss of the Branch
Telecom Infrastructure. However, should a loss of a major sub-
contractor network switching node within the Central Network occur,
Fujitsu Services (in addition to its other obligations under this
Agreement) shall use all reasonable endeavours to procure that any
shortfall in system performance is recovered within seven days of that
loss.
The Central Network shall be configured such that there shall be no
single point of failure within the Central Network. Some failures in the
Central Network may require the Branch to re-establish communications
with the Data Centre.
3.3.3 The Santander Circuit
(a)
The Santander Circuit shall be configured such that there shall be no
single point of failure (including site failure) within the Santander Circuit.
"The Santander Circuit shall have the capability in normal operation, with
no failures or a single failure having occurred to that link:”
(i) to support the Contracted Volumes for Banking Transactions for
Santander as defined in the CCD entitled "Horizon Capacity
Management and Business Volumes” (PA/PER/033); and
(ii) of supporting Fujitsu Services’ obligations in respect of Service
Levels set out in Schedule C1 and each applicable Service
Description.
4. ASSOCIATED DOCUMENTS,
Schedule B3.3 Version 15.0
Page 9 of 10
FUJ00234918
FUJ00234918
CONFIDENTIAL
44 The following CCDs are associated with this Schedule B3.3.
Document Reference
Document Title
41 PA/PER/033 Horizon Capacity Management and
Business Volumes
2 SVM/SDM/SIP/0001 HNG-X Business —_ Continuity
Framework
3 ARC/SEC/ARC/0003 HNG-X Technical Security
Architecture
4 Not Used
42 There are no CRDs associated with this Schedule B3.3.
Schedule B3.3 Version 15.0
Page 10 of 10
FUJ00234918
FUJ00234918