FUJ00234990
FUJ00234990
foe) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Document Title: HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Document Reference: SVM/SDM/PRO/4293
Release: Not applicable
Abstract: Fujitsu internal work instructions stating the scenarios under which
Fujitsu specialist support staff make changes to Live data to
maintain the effective operation of HNG-X
Document Status: APPROVED
Author & Dept: Sandie Bothick & Steven Browell
External Distribution: N/A
Information Classification: See section 0.9
Approval Authorities:
Name Ri
Steven Browell Management Consultant & CISO See Dimensions for record
Steve Bansal Senior Service Delivery Manager See Dimensions for record
Carey Fultsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
mie CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 1 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION ~
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN ES
CONFIDENCE)
0 Document Control
0.1 Table of Contents
0 DOCUMENT CONTROL..
0.1 Table of Contents
0.2 Document History
0.3 Review Details .
0.4 Associated Documents (Internal & External) .
0.5 Abbreviations
0.6 Glossary...
0.7 Changes Expectes
0.8 Accuracy...
0.9 Information Classificatior
3.1. WorldLine Note
4 DEFINED SERVICE OBLIGATIONS..
5 HORIZON DATA CHANGE PROCESS.
5.1 Overview ....
5.2 Investigation Stage — the Incident
5.3. Taking the Action Required
5.3.1 Process Overview
5.3.2 Obtain POL Appr. .
5.3.3. Obtain Fujitsu Approv:
5.3.4. Grant Additional Elevated Privileg:
5.3.4.1 Reporting on Granting of Additional Temporary Elevated Privileges .
5.3.5 Make the data change ...........::
5.3.6 End the process — closing the Incident
5.4 Reporting on Horizon Data Changes ...
6 CONTINUOUS IMPROVEMENT..
APPENDIX A — POL AD-HOC FORM EXAMPLE.
APPENDIX B — EVIDENCE EXAMPLES
B.1 SQL Evidence ..
B.2 File Removal Evidence
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVM/SDM/PRO/4293.
Limited 2024 CONFIDENCE Version 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 2 of 16
FUJ00234990
FUJ00234990
oe HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
0.2 Document History
Only integer versions are authorised for development.
Version No. Summary of Changes and Reason for Issue Associated Change
CP, CCN or PEAK
Reference
0.1 28/06/2021 I Initial Draft Include if known
0.2 29/06/2021 —_I Reorganised document structure and removed some
unnecessary sections
0.3 13-May-2022 I Revised in response to review comments
04 01 July 2022 I Revised in response to review comments
05 07 July 2022 _I Improved structure of content
06 08 July 2022 I Revisions after feedback
07 15 July 2022 I Further revisions after feedback from SecOps
08 20 July 2022 I Further revisions from MAC and SSC
0.9 27 July 2022 I Further revisions from feedback from SecOps, MAC
and SSC. Added Change Management as a scenario.
Changed APPSUP to “elevated privileges” as a better
definition — and in readiness for inclusion of Post Office
Cloud processes into this document. Expanded
acronyms on first use
1.0 01- Aug 2022 I Approval version
14 01-Aug-2023 I Change to “Optional Review’ list. Change to “Issued for
Information” list. Update to “Abbreviations” list. Update
to section 5.3.4
1.2 10-Aug-2023 I Change “script” to “command” in section 5.3.4.
Append “(or deputy if unavailable)" to Fujitsu approval
named role, section 5.3.3.
2.0 11-Aug-2023 I Approval version
24 12-Oct-2023 Added Section 3.1 to acknowledge the scenario where
WorldLine may be instructed to make changes to the
Live HNG-X System in Belfast
2.2 26-Jan-2024 I Additional changes to section 5.3.4 bullets 5 and 8 to
provide standard method for recording evidence of
GRANT and REVOKE of the APPSUP role
2.3 30-Jan-2024 Numerous small changes following feedback comments
3.0 03-May-2024 I Approval version
0.3 Review Details
Review Comments by:
Review Comments to:
Mandatory Review
Role Name
Management Consultant & CISO Steven Browell
Senior Service Delivery Manager Steve Bansal
Carey Fultsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVMISDM/PRO/4293
mies CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR _ Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 3 of 16
Fe)
FUJITSU
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00234990
FUJ00234990
SSC Manager
MAC and OBC Service Delivery Manager
Information Security Manager (Security Governance)
Chris Stevens
Information Security Manager (Security Operations)
UNIX Team i
Farzin Denbali
Optional Review
Role Name
MAC and OBC Service Control Paul Elmes
MAC and OBC Service Control
Simon Cutmore
MAC and OBC Service Control
Hamid Abdul
MAC and OBC Service Control
Emma Millman
MAC and OBC Service Control
Jacqueline Wilcock
Security Analyst Jack Steptoe
Security Analyst Beverly Brown
Security Analyst lfran Khan
Security Analyst ‘Andy Dunks
Problem, Defect & Quality Manager Matthew Hatch
Document Manager
Matthew Lenton
(* ) = Reviewers that retumed comments.
Position/Role
POADM
MAC Team
POA SecOps
Issued for Information — Please restrict this
distribution list to a minimum
0.4 Associated Documents (Internal & External)
References should normally refer to the latest approved version in Dimensions; only refer to a
specific version if necessary.
Reference Version Date Title Source
PGM/DCM/TEM/0001 I See note I See note above POA Generic Document Template Dimensions
(DO NOT REMOVE) I above
PGM/DCM/ION/0001 POA Document Reviewers/Approvers I Dimensions
(DO NOT REMOVE) Role Matrix
CS/PRD/058 Latest See Dimensions Fujitsu Services / Post Office Ltd Dimensions
Interface Agreement for Operational
Business Change - Reference Data
SVM/SDM/MAN/2378 I Latest See Dimensions Post Office Account Duty Manager Dimensions
Handbook
SVM/SDM/SD/0003 I Latest See Dimensions Data Centre Operations Service: Dimensions
Service Description
SVM/SDM/SD/0004 I Latest See Dimensions Horizon Online 3rd Line Application _I Dimensions
Support Service: Service Description
Carey Fultsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVM/SDM/PRO/4293.
imite CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS
Page No’
4 of 16
FUJ00234990
FUJ00234990
oe) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Reference Version Date Title Source
SVM/SDM/SD/0013 Latest See Dimensions Reference Data Management Dimensions
Service: Service Description
SVM/SDM/SD/0015 Latest See Dimensions Reconciliation Service: Service Dimensions
Description
SVM/SDM/SD/0018 Latest See Dimensions Message Broadcast Service: Service Dimensions
Description
SVM/SDM/SD/0020 Latest See Dimensions End to End Reconciliation Reporting Dimensions
0.5 Abbreviations
Abbreviation Definition
APOP Automated Payment Out-Pay
APPSUP Application Support — an Oracle database role that provides elevated privileges
ccD Contract Controlled Document
GUI Graphical User Interface
HDC Horizon Data Change
MAC Major Account Controller
MID Merchant Identifier
NWH Normal Working Hours (09:00 to 17:30 Monday to Thursday and 09:00 to 17:00
Friday — UK time - excluding UK Bank Holidays)
OBC Operational Branch Change
OOH Out Of Hours (times outside of NWH)
OTR Originators Transaction Reference
POC - Post Office Cloud -
PODG Post Office Data Gateway
POL Post Office Limited
RDMC Reference Data Management Centre
ell Structured Query Language
TID Terminal Identifier
0.6 Glossary
Term Definition
Bonded A developed feature of the Fujitsu TfSNow service management toolset and the POL
ServiceNow service management toolset that allows an Incident to be linked allowing
defined updates to replicate in both directions
SecOps Post Office Account Security Operations Team
TfSNow Fujitsu service management toolset
0.7 Changes Expected
Changes
This document relates to Live data changes in Belfast and will need to be updated to include Post Office Cloud
(POC) once POL and Fujitsu processes are defined.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
ime CONFIDENCE Version, 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 5 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
0.8 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.9 Information Classification
The author has assessed the information in this document for risk of disclosure and has assigned an information
classification of FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE).
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 6 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
1 Purpose & Scope
This document describes the process Fujitsu will follow when making data changes to the Live HNG-X
System in Belfast. It includes the three scenarios that can apply: Change Management; Defined Service
Obligations; and the Horizon Data Change Process.
This document states the actions required, and the local work instructions used, by the teams to perform
the necessary Horizon Data Change Process tasks. Each action clearly states the involvement of Post
Office Limited (POL) in the process.
NOTE: Out of Hours (OOH) will follow the processes described in the “Post Office Account Duty Manager
Handbook (SVM/SDM/MAN/2378)”.
2 Types of Horizon Data Change
The following are situations that mean that Fujitsu needs to make changes to data in the Live HNG-X
System in Belfast:
1. Change Management - typically operational or project changes submitted following the defined
change management process on POA.
2. Defined Service Obligations — processes that are defined in Contract Controlled Documents
that require the intervention of Fujitsu specialist support staff. POL pre-approval is not required.
3. Horizon Data Change Process — all other scenarios not covered under Defined Service
Obligations. All of these require explicit POL pre-approval, and, in some cases, this will include a
requirement for Fujitsu specialist support staff to be granted temporary additional elevated
privileges (sometimes known as the APPSUP role) to be able to take the action required.
Obligations OCESS
These are described below.
3 Change Management
Changes may be submitted following the defined change management process on POA that require Live
data to be changed. This should be described within the change description and approved by POA and
POL as part of the standard approval procedures and using the agreed service management toolsets.
3.1. WorldLine Note
In June 2023 WorldLine were asked by Fujitsu and POL to perform some transactions on their behalf.
This was done under the defined Change Management process with joint approvals from both Fujitsu and
POL. If any future requests are made to WorldLine to make changes that would affect the data held in the
Live HNG-X System in Belfast, then they must also be performed following the defined Change
Management process. This note is included to acknowledge that the scenario could arise and to confirm
the process by which it should be approved and actioned. To aid identification of WorldLine generated
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 7 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
transactions, Fujitsu must request that WorldLine use the Originators Transaction Reference (OTR) prefix
of “TESTA1” with the subsequent 6-digit number for each transaction assigned by WorldLine. The
transaction reference will therefore be “TESTA1nnnnnn’.
4 Defined Service Obligations
There are several defined service obligations held within agreed contract-controlled documents (CCDs)
that require Fujitsu to make changes to data in the Live HNG-X System in Belfast. These are shown
below with a summary description. The relevant Fujitsu specialist support staff always have the
necessary privileges to perform these actions. The involvement of POL in each is stated
1. Clear Failed Recoveries (script)
«Part of the Fujitsu Reconciliation Service (SVM/SDM/SD/0015 & SVM/SDM/SD/0020).
The Fujitsu Reconciliation Team raise Peak tasks for anomalies identified which then
leads to the MAC team to raise a Fujitsu Change for SSC. Once the Change is approved
internally by Fujitsu, the SSC run the required script. This happens frequently.
2. Clear Automated Payment (AP) Exceptions (GUI)
«Part of the Fujitsu Reconciliation Service (SVM/SDM/SD/0015 & SVM/SDM/SD/0020).
The Fujitsu Reconciliation Team raise Peaks for anomalies identified which then leads to
the MAC team to raise a Fujitsu Change for SSC. Once the Change is approved
internally by Fujitsu, the SSC use the web GUI. This happens frequently.
3. Generate Reference Data / Integrity checks / Progression to Live
« Part of the Fujitsu Reference Data Management Service (SVM/SDM/SD/0013 &
CS/PRD/058). POL Data Services raise Reference Data requests via the email gateway
_ _iwhich generates a Peak task. Requests are only accepted from
specific POL source email addresses. Fujitsu generate data for POL as per its request
and then move the generated data into a specific directory. The data is then loaded to
the Live database using the Fujitsu RDMC GUI. Changes are made via tooling to the
RDMC database.
4. Message Broadcast Service (MBS) progression to Live
« Part of the Fujitsu Message Broadcast Service (SVM/SDM/SD/0018). MBS files are
submitted by POL to a Fujitsu group mailbox
PostOfficeAccount.RefDataTeant Requests are only accepted from specific
POL source email addresses. Thi jutomatically delivered to Live. There is no
user involvement unless faults occur — typically in the POL data submitted.
5. PODG (OBC19) / Progression to Live
e Part of the Fujitsu PODG OBC19 service within the Data Centre Operations Service —
Annex A (SVM/SDM/SD/0003). POL submit OBC19 forms to Fujitsu by email. Requests
are only accepted from specific POL source email addresses. Fujitsu raise TSNow
Changes for the Fujitsu teams to perform the required actions. Changes are made via
tooling to generate new XML configuration files.
6. Track & Trace Monthly Despatch Report Cut-off
Part of CCN1627 and included in the Third Line Support Service (SVM/SDM/SD/0004).
Post Office have an ongoing issue relating to subpostmasters not cutting off their Track
and Trace (T&T) reports (formally known as Office Daily Postal Services Despatch
Report) correctly. Fujitsu Service's 3 Line support team perform a manual check each
month to identify outstanding T&T despatch reports and manually remove all records
above the 1500 threshold.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 8 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
5 Horizon Data Change Process
5.1 Overview
The Horizon Data Change Process applies to all scenarios where changes are needed to data in the Live
HNG-X System in Belfast that are not stated in the Defined Service Obligations nor stated under “Change
Management’ as described in Section 3.
This process requires that POL pre-approve the actions Fujitsu need to take and that POL are provided
with evidence of the actions Fujitsu took. The process is managed using the service management
toolsets so that an audit trail is created and retained.
The Horizon Data Change Process may require Fujitsu specialist support staff to be granted additional
temporary elevated privileges in order to be able to perform the actions required.
There can be a variety of reasons why a data change is needed to the Live HNG-X data to resolve an
Incident. Any action to effect a change to Live HNG-X data must be approved by POL before the action is
taken.
The following are example scenarios under which this Horizon Data Change Process could apply:
1. Assisted Branch Rollover.
Modifying or deleting files on a back-end system.
Clear Branch Rollover lock (Deleted user/Deleted Kiosk).
2
3.
4. Deletion of Orphaned User Sessions.
5. Clear APOP Exceptions.
6.
Merchant Identifier (MID) / Terminal Identifier (TID) corrections.
5.2 Investigation Stage — the Incident
The process starts with an Incident being logged in TfSNow, raised by either POL or Fujitsu. The Incident
must be a bonded Incident. Fujitsu will investigate the Incident and will supply POL with options and
suggested recommendations to resolve the issue. If temporary elevated privileges are required to be able
to make data changes to the Live HNG-X System in Belfast to resolve the Incident, then this will also be
stated.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 9 of 16
Fe)
FUJITSU
FUJ00234990
FUJ00234990
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
5.3 Taking the Action Required
5.3.1
Process Overview
If the outcome of the Incident investigation is that a data change is needed to the Live HNG-X System in
Belfast, then the following process applies:
+ Details shared
Incident for POL
intemal aperovat
pProcossos
+ Final approval
‘oreo FOL
eo
+ OPTIONAL
ony peternoait
feauiredI
Seok approvals
and cose a
felevent
trons,
Changes ‘and
Pate
5.3.2. Obtain POL Approval
To request POL approval, Fujitsu will update the bonded Incident with the following information:
1. What action needs to be taken.
2. If applicable, Fujitsu will propose a timeframe either at this stage or later in the process.
Otherwise, POL will provide this as part of their approved response.
3. What steps need to be taken (a plan if required).
4. What risks should be understood (if action is taken or action is not taken).
5. POL will then need to raise the POL Ad-hoc form using the information provided in the Incident
and gain the required POL approvals (see Appendix A for an example POL Ad-hoc form). Fujitsu
is not involved in the POL approval process and only requires a final confirmation and permission
to proceed.
6. POLwill update the Incident to notify Fujitsu that approval has been granted with the approvals
and POL Ad-hoc form attached to the Incident as evidence.
7. Fujitsu MAC team will check the POL Ad-hoc form matches the information Fujitsu provided in
the Incident to ensure the approval matches the action Fujitsu need to take. If the POL Ad-hoc
form does not match the information Fujitsu provided in the Incident, then the approval from POL
will not be considered appropriate and the request will be rejected, and POL will need to either
amend the POL Ad-hoc form or a new Incident will need to be raised.
NOTE: POL decide the communication messages and involvement actions with
subpostmasters.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 10 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
5.3.3. Obtain Fujitsu Approval
Once POL Approval has been obtained a final level of approval is needed by Fujitsu as changes could
have been made by POL to the proposed approach or additional information could have been added by
POL as part of its approval process.
1. If additional temporary elevated privileges are not required:
a. Fujitsu MAC team will email the Fujitsu Senior Service Delivery Manager (or deputy if
unavailable) for approval.
b. If the Fujitsu Senior Service Delivery Manager (or deputy if unavailable) is satisfied with the
details sent to them then they will confirm via email and the process will continue.
c. If the Fujitsu Senior Service Delivery Manager (or deputy if unavailable) is not satisfied with
any of the details, then they will confirm via email and the process will go back to the
investigation stage for alternative options to be considered.
d. Fujitsu MAC will add the Fujitsu Senior Service Delivery Manager (or deputy if unavailable)
response to the TfSNow Incident.
2. If additional temporary elevated privileges are required:
a. The Fujitsu MAC team will email the Fujitsu Senior Service Delivery Manager (or deputy if
unavailable) for approval to proceed and copy SecOps for awareness. MAC team will include
the following SecOps template in the email:
Does this work require additional temporary elevated privileges
from SecOps Yes/No
When does this work need to occur <<NWH/OOH>>
Time of work dd/mm/ccyy hh:mm
Duration of time allowing completion of work <<Duration>>
b. If the Fujitsu Senior Service Delivery Manager (or deputy if unavailable) is satisfied with the
details sent to them then they will confirm via email and the process will continue.
c. If the Fujitsu Senior Service Delivery Manager (or deputy if unavailable) is satisfied with any
of the details, then they will confirm via email and the process will go back to the
Investigation stage for alternative options to be considered.
d. Fujitsu MAC will add the Fujitsu Senior Service Delivery Manager (or deputy if unavailable)
response to the TfSNow Incident.
3. If Fujitsu approval has been granted:
a. Fujitsu MAC team will raise a Change for Fujitsu specialist support staff to perform the
request and link it to the bonded TfSNow Incident.
b. The Fujitsu MAC team will then assign the bonded Incident to the relevant Fujitsu team, this
will raise a Peak reference allowing updates to be visible to POL.
4. If Fujitsu approval has not been granted:
a. Fujitsu MAC team will update the bonded TfSNow Incident to explain why Fujitsu approval
has not been granted and will notify POL that the process will need to restart.
5.3.4 Grant Additional Elevated Privileges - if required
If additional temporary elevated privileges have been cited as needed, then a process is followed to grant
the relevant Fujitsu specialist support staff with the privileges required.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 11 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
1. The relevant team will pass the Peak (raised from the bonded Incident) to the SecOps team for
additional temporary elevated privileges to be granted. The Peak will confirm Date and Time
access is required.
2. SecOps check the TfSNow Incident for agreed POL and Fujitsu approvals and that the request is
being made within the stated timeframe. If the required approvals are not supplied, or the
timeframe is incorrect, then the request will be denied, and new timeframes will need to be
agreed.
3. If the approvals have been supplied and the timeframe is correct, then SecOps will raise an
internal TfSNow Incident requesting additional temporary elevated privileges and pass to the
UNIX team.
4. SecOps will update the Peak with the internal TfSNow Incident reference and pass the Peak
back to the relevant Fujitsu specialist support staff.
5. The UNIX team will grant access to the stated Fujitsu support specialist at the start time required
and will contact the required Fujitsu specialist support staff and confirm additional temporary
elevated privileges have been granted. The UNIX team will update the Incident confirming
access has been granted clearly showing the command has been run with result (see figure
below for example of the type of evidence required). If for any reason TfSNow is not available,
then the UNIX team will need to confirm the time of the command being run to SecOps and a
TfSNow update will be required when TfSNow is operational again.
UNTXuserid>> # sqlplus / as sysdba
SQE*Plus: Release I 1.2.0.4.0 Production on Thu Jan 11 15:20:16 2024
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit
Production
With the Partitioning, Real Application Clusters, Automatic Storage
Management, OLAP,
Data Mining and Real Application Testing options
SQL> grant appsup to ops$<<SSCuserid>> ;
Grant succeeded
SQL> exit
Disconnected from Oracle Database 11g Futerprise Edition Release
11,2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage
Management, OLAP,
Data Mining and Real Application Testing options
HIRRELEVANT <<LJNTXuserid>> # date
5:20:39 GMT 2024
Figure 1: Example of Grant (actual userids will appear between <<>>)
6. SecOps will update the Peak with the Date/Time when access was granted by UNIX
7. Once the required actions have been completed, the Fujitsu specialist support staff member who
was granted additional temporary elevated privileges will contact the UNIX team for access to be
revoked.
8. The Unix team will revoke the additional temporary elevated privileges and update the TfSNow
internal Incident immediately confirming access has been revoked and clearly showing the
command has been run with result before passing the Incident back to the SecOps team (see
figure below for example of the type of evidence required). If for any reason TfSNow is not
available, then the UNIX team will need to confirm the time of the command being run to SecOps
and a TfSNow update will be required when TfSNow is operational again.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 12 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
INIXuserid>> #f sqlplus / as sysdba
SQL*Phis: Release 11.2.0.4.0 Production on Thu Jan 11 16:07:52 2024
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit
Production
With the Partitioning, Real Application Clusters, Automatic Storage
‘Management, OLAP,
Data Mining and Real Application Testing options
SQL> revoke appsup from ops$<<SSCuserid>> ;
Revoke succeeded.
SQL> exit
Disconnected from Oracle Database I 1g Enterprise Edition Release
11.2.0.4.0 - 64bit Production
With the Partitioning, Reat Application Clusters, Automatic Storage
Management, OLAP,
Data Mining and Real Application Testing options
‘hu Jan TT 16:08:32 GMT 2024
Figure 2: Example of Revoke (actual userids will appear between <<>>)
9. SecOps will also monitor the timeframe and if they do not receive a confirmation from the Unix
team by the stated deadline then SecOps will initiate the revocation process.
10. SecOps will update Peak with the date/time the access was revoked.
11. SecOps will close the TfSNow internal Incident.
5.3.4.1. Reporting on Granting of Additional Temporary Elevated Privileges
The granting of additional temporary elevated privileges is recorded using the Fujitsu and POL service
management toolsets and can be reviewed by either party using its own system.
In addition, Fujitsu also report on the granting of additional elevated privileges within the monthly Fujitsu
SecOps report which is shared with POL for its Information Security Management Forum (ISMF) meeting.
5.3.5 Make the data change
Once the Fujitsu specialist support staff are ready to make the required change, the following process is
followed:
1. The Fujitsu specialist support staff perform the actions detailed on the Change, whilst capturing
evidence of the pre and post implementation states, alongside the committed actions. The
actions will be recorded in the Peak.
2. Within the SSC, one member of the SSC will perform the data correction while a second member
of the SSC will witness the change being made. The witness will be recorded in the Peak.
3. The Fujitsu MAC team add the evidence to the Change and to the TfSNow bonded Incident. See
examples in Appendix B — Evidence Examples.
5.3.6 End the process -— closing the Incident
Once the required data changes have been made the process of closing the Incident and the Horizon
Data Change Process is performed.
1. The Fujitsu specialist support staff close the Peak with comments and action completed.
2. The Fujitsu specialist support staff close the Change checking evidence has been attached.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 13 of 16
FUJ00234990
FUJ00234990
ee) HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
3. The bonded Incident with evidence is passed back to POL to review and confirm Incident
closure.
4. POL to confirm the Incident can be closed.
5. POL and Fujitsu close the Incident.
5.4 Reporting on Horizon Data Changes
The actions are recorded within the bonded Incident using the Fujitsu and POL service management
toolsets and can be reviewed by either party at any time using its own system.
6 Continuous Improvement
If, whilst performing any of these actions, Fujitsu identifies a potential defect in any system or process
that requires investigation and a potential fix — whether that would reduce the likelihood of the need to
perform these actions in the future or not — then Fujitsu will raise a Defect which will then be handled
under the POA Live Defect Management process.
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 14 of 16
FUJ00234990
FUJ00234990
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
Ps)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Appendix A — POL Ad-hoc Form Example
The following is a current example of the POL Ad-hoc form supplied by POL at the date of this document.
Date of request:
Name of person raising the request:
Type of Request:
Reason for Request:
Confirm the actions to be taken:
What is the technical risk / impact?
What is the business risk / impact?
Files which require removal:
Additional information:
fe copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref SVM/SDM/PRO/4293
imites CONFIDENCE Version: 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 15 of 16
FUJ00234990
FUJ00234990
HORIZON DATA CHANGES PROCESS WORK INSTRUCTION
2
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Appendix B — Evidence Examples
B.1 SQL Evidence
PRE EVIDENCE (SQL looking for branch user/stock unit)
select u.branch_user, u.stock_sunit, to_char(I.last, logon. times
from ops$brdb. Brdb_branch_sers u
left join ops$brdb.brdb_branch_user_last_fogon
on u.branch_accounting_code = I branch “accounting_code
and ufad_hash = I fad Rash
and u.branich_user = Lbranch_
where u.branch_accounting code = 109008
and ufad_ha
mp, ‘DD-Mon-YYYY HH24:MI-SS}) last_fogon
OUTPUT FROM SOL ABOVE
BRANCH_USER STO LAST_LOGON
$$PX5O PX 18-Dec-2019 15:15:19
STATEMENT late PX to DEF, Conformation appears below that 4 record has been updated)
update ops$brdb brdb_branch_u
set stock_unit ='DEF’
where branch. counting code = 109008
and fad_hash = 80
and branch_user
$PXEO
+ row updated
POST EVIDENCE (Displays the branch user/stock unit)
‘SQL> select branch _user, stock unit
from ops$brdb brdb_branch_users
where branch accounting _code = 109008
and fad_hash = 80
and brafich_user
'§SPX50", 2345
BRANCH_USER STO (Output from SQL)
$$PX50 DEF
SQL> commit; (Writing to database, conformation from database below)
Commit complete.
B.2 File Removal Evidence
(DENCE
is -irt /app/brdb/trans/externalinterface/input_share (List files in directory)
podguser pathway 8478920 Apr 8 03:33 CA202104061000003920.TAN
jemaiinterfacefinput_share
4s + “TAN (This will list any files in the directory that match “TAN, Line below shows there are no files
Is: cannot access “TAN: No such file or directory
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: SVM/SDM/PRO/4293.
Limited 2024 CONFIDENCE Version 3.0
UNCONTROLLED WHEN PRINTED OR Date: 03-May-2024
STORED OUTSIDE DIMENSIONS Page No: 16 of 16