POL00027938
POL00027938
CONFIDENTIAL
SCHEDULE B5
TRANSITION AND MIGRATION
Version History
Version No. Date Comments
1.0 31/08/06 Agreed version as at date of signature of
CCN1200
2.0 25/01/07 Baseline copy of 1.1
3.0 09/07/07 Baseline copy of 2.1
40 23/02/09 Baseline copy of 3.2
44 13/05/09 Applying changes as per CCN1258
6.0 06/07/09 Moving all schedules to V6.0 as agreed with
Fujitsu
6.1 23/12/09 Applying changes as per CCN 1268
7.0 10/05/10 Moving all schedules to V7.0 as agreed with
Fujitsu.
8.0 21/02/12 Applying changes as per CCN1289a and
CCN1294d
9.0 13/01/14 Moving all Schedules to v9.0 in accordance with
CCN1349
10.0 10/09/15 Moving all Schedules to v10.0 in accordance with
CCN1506
11.0 31/03/16 Moving all schedules to V11.0 in accordance with
CCN1604
12.0 03/07/17 Moving all schedules to V12.0
13.0 Updating as per CCN1617a and moving all
Schedules to v13.0
Schedule B5 Version 13.0
Page 1 of 34
CONFIDENTIAL
SCHEDULE B5
TRANSITION AND MIGRATION
1. [NOT USED]
2: INTRODUCTION
21 This Schedule BS:
2.2
23
24
3.1
3.2
2.1.1 records the activities and obligations that are to be performed (and the
Dependencies as at signature of CCN1246 that are to be satisfied) in relation to
Transition and incorporates the HNG-X Programme Plan as at signature of
CCN1246 relating to the performance of those activities and obligations (and the
satisfaction of those Dependencies)
2.1.2. describes certain transitional business continuity arrangements; and
2.1.3 describes the Infrastructure Services and the elements of:
(a) the Horizon Service Infrastructure forming part of the Infrastructure; and
(b) the Horizon Applications that will apply;
during the Roll Out Phase.
Provisions relating to performance of the Tasks, and the procedure for reviewing and
making changes to the HNG-X Programme Plan after the date of signature of CCN1200,
are set out in Schedule B6.2.
Fujitsu Services shall carry out Transition in compliance with the Migration and
Implementation Requirements and the HNG-X Migration Assumptions.
The HNG-X Programme Plan and a description of the Dependencies as at the date of
signature of CCN1246 are set out at Parts 2 and 3, respectively, of Annex 1 to this
Schedule. The Parties agree that those parts to that Annex need not be updated to reflect
changes made subsequently to the HNG-X Programme Plan.
ACTIVITIES AND OBLIGATIONS RELATING TO TRANSITION
Introduction
The activities and obligations that are to be performed in relation to Transition fall into two
categories:
3.1.1 those activities and obligations that are required exclusively for the purposes of
Project HNG-X ("HNG-X Project Activities"); and
3.1.2 those activities and obligations that effect changes to the Existing Services,
Horizon Applications and Horizon Service Infrastructure that are not required
exclusively for the purposes of Project HNG-X ("Associated Change
Activities").
HNG-X Project Activities
3.2.1. The HNG-X Project Activities are divided across the following HNG-X Project
Workstreams:
Schedule B5 Version 12.0
Page 2 of 34
POL00027938
POL00027938
CONFIDENTIAL
3.2.2
3.2.3
(a) HNG-X Application development and testing;
(b) Migrate Data Centres to HNG-X Configuration;
(c) HNG-X Application Pilot;
(d) HNG-X Application Rollout;
(e) Not used;
(f) Post Application ADSL Changes; and
(g) Decommission of Horizon equipment situated in the Data Centres.
The HNG-X Project Workstreams are further described in Part 1 of Annex 1 to
this Schedule.
The relationship between the Tasks and Dependencies and the respective HNG-
X Project Workstreams is set out at Level 2 in the HNG-X Programme Plan.
3.3 Associated Change Activities
3.3.1
3.3.2
3.3.3
The Associated Change Activities are divided across the following Associated
Change Workstreams:
(a) Service Desk Improvements;
(b) Next Day Engineering Service;
(c) Branch Network Changes;
(d) AP Clients Migrated to EDG;
(e) Branch router development;
(f) Branch Router Rollout; and
(g) Horizon counter PCI development
The Associated Change Workstreams are further described in Part 1 of Annex 1
to this Schedule.
The relationship between the Tasks and Dependencies and the respective
Associated Change Workstreams is set out at Level 2 in the HNG-X Programme
Plan.
3.4 Trigger Events
The Trigger Events for the transition of the HNG-X Services, other than the BCSF Service,
are set out in Schedule B3.1.
3.5 Migration Assumptions
3.5.1
Where any HNG-X Requirement within the Migration and Implementation
Requirements is inconsistent with an assumption which is (a) related to that HNG-
X Requirement and (b) set out in the HNG-X Migration Assumptions, that
inconsistency shall be dealt with in accordance with paragraph 4.1.2 of Schedule
B6.1.
Schedule B5 Version 12.0
Page 3 of 34
POL00027938
POL00027938
CONFIDENTIAL
3.5.2
3.5.3
In the event that:
(a) the outcome of paragraph 3.5.1 is that an HNG-X Requirement is
modified under the HNG-X Programme Requirements Change Control
Process to avoid an inconsistency with the HNG-X Migration
Assumptions and there is a consequent amendment needed to (i) any
Tasks or (ii) any Dependencies related to those Tasks; or
(b) there is any inconsistency between the HNG-X Migration Assumptions
and (i) any Tasks or (ii) any Dependencies related to those Tasks, then
to the extent that such inconsistency is identified before completion of
the Task referred to in the HNG-X Programme Plan as 'HNGXL2_0330'
(“High-level Design”),
such matters and any amendment necessary to the HNG-X Programme Plan
shall be dealt with under the Change Control Procedure with the intention that:
(c) such adjustment to the Charges for Project HNG-X as may be necessary
shall not include adjustment to any of the Price Thresholds; and
(d) neither Party shall be obliged to carry out such Tasks or Dependencies
to the extent of that inconsistency until an appropriate CCN has been
agreed by both Parties.
If the outcome of paragraph 3.5.1 is not that an HNG-X Requirement is modified,
but the Parties agree instead to modify the HNG-X Migration Assumptions to
avoid an inconsistency with that HNG-X Requirement, such modification and any
consequent amendment needed to (i) any Tasks or (ii) any Dependencies related
to those Tasks, shall be dealt with under the Change Control Procedure with the
intention that:
(a) any adjustment to the Charges for Project HNG-X as may be necessary
may include adjustment to the Price Thresholds; and
(b) neither Party shall be obliged to carry out such Tasks or Dependencies
to the extent of that inconsistency until an appropriate CCN has been
agreed by both Parties.
4. TRANSITIONAL BUSINESS CONTINUITY, INFRASTRUCTURE AND HORIZON
APPLICATIONS DURING TRANSITION
41 Annex 2 to this Schedule B5 sets out:
4.41
4.1.3
in Part 1 of that Annex, the Infrastructure Services and the elements of the
Horizon Service Infrastructure forming part of the Infrastructure during the Roll
Out Phase;
in Part 2 of that Annex, the elements of the Horizon Applications that shall apply
in each Branch during the Roll Out Phase, prior to the HNG-X Date for that
Branch; and
in Part 3 of that Annex, the business continuity provisions specific to NBS that
shall apply during the Roll Out Phase.
5. ASSOCIATED DOCUMENTS,
5.1 The following CCDs are associated with this Schedule B5:
Schedule B5 Version 12.0
Page 4 of 34
POL00027938
POL00027938
CONFIDENTIAL
Document Reference Document Title
1 REQ/CUS/STG/0001 HNG-X Migration Strategy - Agreed
Assumptions and Constraints
2 SD/STD/001 Horizon Office Platform Service
Style Guide
3 RS/FSP/001 Security Functional Specification
4 PA/PER/033 Horizon Capacity Management and
Business Volumes
5 Not Used
6 AP/MAN/002 AP-ADC Reference Manual
7 BP/DOC/008 Automated Payments System
Client List
8 BP/DOC/014 POCL Automated Payments
Generic Rules
9 CRIIFS/002 Automated Payments _ Interface
Specification - EDG / DES
10 CS/PRD/058 Fujitsu Services / Post Office Ltd
Interface Agreement for Operational
Business Change - Reference Data
11 BP/IFS/010 Application Interface Specification
Reference Data to Fujitsu Services
Limited
12 CS/IFS/003 Fujitsu Services/Post Office Ltd
Operational Business Change —
Branch, Interface Agreement
13 CR/FSP/006 Audit Trail Functional Specification
14 EF/SER/001 Debit Card MoP Functional
Description
15 SD/DES/005 Horizon OPS Reports and Receipts
- Post Office Account Horizon Office
Platform Service
5.2 There are no CRDs associated with this Schedule BS.
Schedule B5 Version 12.0
Page 5 of 34
POL00027938
POL00027938
CONFIDENTIAL
ANNEX 1
PART 1
HNG-X PROJECT WORKSTREAMS, ASSOCIATED CHANGE WORKSTREAMS AND
RELATED TRIGGER POINTS, ACCEPTANCE POINTS AND PURCHASE POINTS
‘Ts ILLUSTRATIVE DIAGRAM
1.1 The following diagram shows, for illustrative purposes only, the relationship between
HNG-X Project Activities and Associated Change Activities, and some of the
Dependencies between them. It also indicates the Parties' views, at the date of signature
Schedule B5 Annex 1 part 1 Version 12.0
Page 6 of 34
POL00027938
POL00027938
CONFIDENTIAL
POL00027938
POL00027938
of CCN1200, of the key Acceptance Points and the points at which significant purchases
occur.
11) Ararat
ae
2 At) Service Desk T2) Service Desk
[+ Nnecrenene { ——} Canoe
1) Erprenng
I} “Eureere }-——
‘ Scans
‘jae Cats t
$ Migrate ioEDG $ XITRNGX
Seeeeenee Application
paren 8
Ton
ietaiee Fe! Wain
cious
Rab (ready for
Xa) Maat Ova Carve i
oP cong
21) Branch
von
Acceptance
2) Purchase CAL
5) Data Centre co)
Ready for HNG-X PA) Purchase:
‘Screens
hm ae) ontcxrgp ri
KEY
(23) HNG-X
fetapars
wee HN x Actin
4) HNG-X App Rollout
‘T6) Counter Application
Rollout Complete
X6) Post faton ,
1 ply
* Thoge Port
7) Decomission Horizon T7) HNG-X Bedding In
rel
Schedule B5 Annex 1 part 1 Version 12.0
Page 7 of 34
CONFIDENTIAL
1.2 In the diagram above and elsewhere in this Agreement, references in the form:
1.2.1. "X1","X2","Xn": are references to the HNG-X Project Workstreams designated
as such in the first column in Table 1 in this Annex;
1.2.2 "A1", “A2", "An": are references to the Associated Change Workstreams
designated as such in the first column in Table 2 in this Annex;
1.2.3 "Z1","Z2","Zn": are references to the Acceptance Points designated as such in
the first column in Table 3 in this Annex;
1.2.4 "P1","P2","Pn": are references to the Purchase Points designated as such in the
first column in Table 4 in this Annex; and
1.2.5 "T1,"T2", "Tn": are references to the Trigger Points designated as such in the first
column in Table 5 in this Annex.
1.3 Where there is an inconsistency between the description of an item in the diagram above
and the description of that item in the Tables in this Part 1 of Annex 1, the description in
those Tables shall prevail.
Schedule B5 Annex 1 part 1 Version 12.0
Page 8 of 34
POL00027938
POL00027938
POL00027938
POL00027938
CONFIDENTIAL
2s DESCRIPTIVE TABLES
Table 1 - HNG-X Project Workstreams
# Name and HNG-X_ I Description
Programme Plan
Reference
X1_ I HNG-X Application I Development and testing of the Business Capabilities and
development and Support Facilities and associated HNG-X Service Infrastructure
testing including any changes required to intercept new functionality
released on the Horizon Service Infrastructure. This work
HNGXL2_0175 includes purchase and building of test environments in the Data
Centres. This environment will later become the production
system at the live Data Centre and the disaster recovery/test
system at the disaster recovery site, each such site being a
different Data Centre.
X1a I FS Testing A milestone within HNG-X Project Workstream X1 when Fujitsu
complete Services testing is complete.
HNGXL2_0942
X2~ I Migrate Data Migrate the environment used in testing referred to in X1 above
Centre to HNG-X to its production configuration.
Configuration
Before this activity can start, the AP Clients need to have been
HNGXL2_0955 migrated to the EDG (A4), the Business Capabilities and Support
Facilities development, testing and acceptance has to complete
(X1, Z2) and branch network changes have to be completed (A3).
Included in this activity is the decommissioning of the Data
Centres at Wigan and Bootle.
X3_ I HNG-X Pilot and Pilot of the Business Capabilities and Support Facilities in the
Acceptance Branch estate.
HNGXL2_0990 Pilot Branches must have had their router installed before they
are migrated and the Data Centre needs to be ready for the HNG-
X System (T5).
X4 I HNG-X Application I Rollout of the Business Capabilities and Support Facilities to the
Rollout Branch estate. Before this can take place, Z3 must have
occurred. Rollout will be in accordance with the HNG-X Migration
HNGXL2_1005 Assumptions.
Rollout will be deemed to have been completed when the HNG-
X Applications have been rolled out to 96% of the Branch estate.
Schedule B5 Annex 1 part 1 Version 12.0
Page 9 of 34
CONFIDENTIAL
Name and HNG-X
Programme Plan
Reference
Description
Following completion of rollout, Fujitsu Services will
accommodate a 2 week activity in order to roll out any remaining
Branches that have not been rolled out in the planned period.
Branches requiring roll-out beyond that point will be subject to
separate arrangements through the Change Control Procedure.
Such changes will not be chargeable to Post Office, unless the
failure to rollout within the planned period (including the
subsequent 2 week activity) is due to matters within the sole
responsibility of Post Office.
Each individual Branch must have had its router installed before
it can be migrated.
XS
Not Used
x6
Post Application
ADSL Changes
HNGXL2_1020
Branches on ADSL IPStream Office will be migrated to IPStream
Home once HNG-X Application Rollout (X4) is complete. This is
planned to take three months.
X7
Decommission of
Horizon equipment
HNGXL2_1010
Once HNG-X Application Rollout (X4) is complete, elements of
the Horizon Service Infrastructure remaining at the Data Centres
will be decommissioned. As part of this activity, some software
changes will be made at the Data Centres.
Table 2 - Associated Change Workstreams
# Name Description
A1 I Service Desk The migration of the existing help desk dedicated to Post Office
Improvements to a single Service Desk shared with other customers of Fujitsu
Services, such Service Desk to be based in the United Kingdom
HNGXL2_0010 and use Fujitsu Services’ corporate tool set.
A2 I Next Day The introduction of 'next day’ Service Levels in relation to the
Engineering Engineering Service, as set out in the Service Description for the
Service Engineering Service.
Schedule B5 Annex 1 part 1 Version 12.0
Page 10 of 34
POL00027938
POL00027938
CONFIDENTIAL
Name
Description
HNGXL2_0025
Rollout
HNGXL2_0135
A3 I Branch Network Changes to the Branch telecommunications network including:
Changes 1) the Branch Network Resilience Service;
HNGXL2_0035 2) ADSL IP Stream for rural Branches;
3) ADSL IP Stream for remaining Branches using ADSL;
4) the replacement of VSAT by ADSL or ISDN (in
accordance with the HNG-X Migration Assumptions); and
5) the consolidation of ISDN types to single data type.
A4 I Confirm all Clients APS Clients that are currently directly connected to the Horizon
have successfully Service Infrastructure are migrated to use the EDG instead.
moved to EDG
The migration is under the management of Post Office. If there is
HNGXL2_1130 a risk that not all AP Clients will be migrated to the EDG by the
time X2 is due to commence, written notice must be given by Post
Office to Fujitsu Services by 1 October 2006 in order to allow an
alternative approach to be developed (notification after this date
risks delay to Project HNG-X). Any changes required will be
handled under the Change Control Procedure.
AS5 I Horizon counter Development of the solution to implement agreed changes to
PCI development Horizon counters and the HNG-X System for the handling of
Sensitive Authentication Data and Cardholder Data.
HNGX_941833
A6 I Branch router Development of the solution to allow a router to be installed in each
development Branch to replace the network functionality provided, as at the date
of signature of CCN 1200, by the Branch gateway PCs. These
HNGXL2_0095 changes are introduced to improve the Branch network service
(e.g. backup network to almost all Branches) rather than as a cost
reduction. The router replaces the facilities provided by the Branch
Network Resilience Service.
A7 I Branch Router Rollout of routers to the Branch estate can start once the
development (A6) and Data Centre Migration (X2) are complete.
Router rollout dates are as stated in the Programme Plan at
Schedule B6.2 Annex 1. As this change is made to the Horizon
Service Infrastructure it will be handled as a Release for the
Horizon Service Infrastructure.
Also included in this change is migrating, where reasonably
possible, any remaining Branches on ISDN to leased circuits.
Schedule B5 Annex 1 part 1 Version 12.0
Page 11 of 34
POL00027938
POL00027938
CONFIDENTIAL
Name
Description
The router devices shall be installed by engineers dedicated solely
to the rollout and shall be at no additional cost to Post Office other
than as set out in Schedule D7, paragraph 3.3.3.
The provisions in this row A7 (as amended by CCN 1246) are
without prejudice to the provisions of CCN1219 or Commercial
Terms (CTs) numbered CT0615c and CT0673 which relate to
(amongst other matters) the replacement of Old Style Mobile
Configurations with Replacement Mobile Configurations and the
roll out of Replacement Mobile Configurations in connection with
the roll out of routers to Branches.
Table 3 - Acceptance Points
Z1 I HNG-X Acceptance Gateway 1 (Readiness for Router Roll Out) - HNGXL2_0130
Z2 I HNG-X Acceptance Gateway 3 (Readiness for Live Pilot) and subsequent authorisation
for Live Pilot by the RAB - HNGXL2_0945
Z3 I HNG-X Acceptance Gateway 4 (Readiness for Branch Migration) and subsequent
authorisation for migration by the RAB - HNGXL2_1000
Z4 I Not Used
Table 4 - Purchase Points
# Name and HNG-X Description
Programme Plan
Reference
P1 I Order Router Commit to the purchase of the 3G, 4 port routers for Branches.
This needs to occur six months before the rollout of routers (A7)
HNGXL2_0125 to allow for manufacturing. Some units will need to be purchased
before this to support development and testing.
P2 I Purchase CAL Purchase of Microsoft CAL (Client Access Licences) for counter
access to Windows based platforms in the Data Centre. This
HNGXL2_0950 needs to occur before the Live Pilot.
Schedule B5 Annex 1 part 1 Version 12.0
Page 12 of 34
POL00027938
POL00027938
CONFIDENTIAL
POL00027938
POL00027938
P3
Not Used
P4
Not Used
Table 5 - Trigger Points
# I Name and HNG-X I Description Planned Date
Programme Plan (as at T1 and to
Reference be superseded
by the HNG-X
Programme
Plan)
T1 I Amendment Date The effective date of CCN 1200. 1 April 2006
T2 I Service Desk 1 October 2006
Change
Service Desk changes (A1) complete.
HNGXL2_0020
T3 I Engineering Engineering Service changes (A2) complete. 2 May 2006
Service Change
Complete
HNGXL2_0030
T4 I Wigan/Bootle Data Centres at Wigan and Bootle decommissioned I As shown in the
Decommissioned following move of elements of the Horizon Service I HNG-X
Infrastructure in those Data Centres to alternative Data I Programme
HNGXL2_1025 Centres of Fujitsu Services. The decommissioning is I Plan at Part 2
expected to take three months from the point that the I of Annex 1 to
Data Centre is ready for HNG-X (T5). this Schedule
BS
T5 I Data Centre Ready I Data Centre ready for Live Pilot — which will occur when I As shown in the
for HNG-X all changes complete for Live Pilot to go ahead. HNG-X
Programme
Schedule B5 Annex 1 part 1 Version 12.0
Page 13 of 34
CONFIDENTIAL
POL00027938
POL00027938
HNGXL2_0965
Plan at Part 2
of Annex 1 to
this Schedule
BS
Té6
Counter
Application Rollout
Complete
HNGXL2_1015
Completion of HNG-X Application Rollout (X4) which
will occur when the last Branch is migrated from the
Horizon Applications to the Business Capabilities and
Support Facilities.
As shown in the
HNG-X
Programme
Plan at Part 2
of Annex 1 to
this Schedule
BS
7
HNG-X Bedding in
Period Complete
HNGXL2_1070
Twelve months after completion of HNG-X Application
Rollout (X4). This time is to allow the HNG-X System to
bed in fully.
As shown in the
HNG-X
Programme
Plan at Part 2
of Annex 1 to
this Schedule
BS
Schedule B5 Annex 1 part 1 Version 12.0
Page 14 of 34
POL00027938
POL00027938
CONFIDENTIAL
ANNEX 1
PART 2
HNG-X PROGRAMME PLAN
HNG-X Version 80 Amendment 20 Plan — Level 2
L
Schedule B5 Annex 1 part 2 Version 12.0
Page 15 of 34
CONFIDENTIAL
Schedule B5 Annex 1 part 3 Version 12.0
Page 16 of 34
ANNEX 1
PART 3
DEPENDENCIES
rl
Dependencies as at
CCN1268.xis
POL00027938
POL00027938
CONFIDENTIAL
ANNEX 2
PART 1
TRANSITIONAL INFRASTRUCTURE
1. INTRODUCTION
1.1 This Part 1 of Annex 2 provides an overview of:
2.1
2.2
1.1.1 the elements of the Horizon Service Infrastructure forming part of the
Infrastructure; and
1.1.2 the related Infrastructure Services that Fujitsu Services shall provide to Post
Office,
during the Roll Out Phase.
The provisions of this Part 1 of Annex 2 shall cease to have effect upon the occurrence
of Trigger Point T6: (Counter Application Rollout Complete).
There are four elements to the Infrastructure applicable to Branches awaiting installation
of the Business Capabilities and Support Facilities during the Roll Out Phase:
1.3.1 the Central Infrastructure and Branch Telecom Infrastructure parts of the HNG-X
Service Infrastructure described in paragraphs 1.2 and 1.3.2 of Schedule B3.3;
1.3.2 the Branch Infrastructure part of the HNG-X Service Infrastructure described in
paragraph 2 of Schedule B3.:
1.3.3. Office Platform Service (OPS) (as defined in this Annex); and
1.3.4 Transaction Management Service (TMS) (as defined in this Annex).
OPS shall cease to be applicable in respect of each Branch upon the installation of the
Business Capabilities and Support Facilities in respect of that Branch and TMS will cease
to be applicable in respect of any Transactions carried out after such date at each such
Branch.
Unless specified otherwise, all references to Branches and Counter Positions in the
following paragraphs of this Annex shall be construed to mean those Branches and
Counter Positions during the Roll Out Phase where the Business Capabilities and Support
Facilities have not been installed and activated.
OFFICE PLATFORM SERVICE
Purpose
This paragraph 2 details the functions and capabilities provided by the OPS. The OPS is
provided using the Equipment installed in Branches described in Schedule B3.4.
Availability
2.2.1 User access to OPS
Schedule B5 Annex 2 part 1 Version 12.0
Page 17 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.2.2
(a)
Users may only log-on to the OPS in their Branch in accordance with
their defined role. Any access to data or services outside of that Branch
is controlled exclusively by the relevant counter application.
Access to OPS and services offered via OPS to Users working in the
Branches shall be controlled by a mechanism conforming to the CCD
entitled "Horizon Office Platform Service Style Guide" (SD/STD/001),
offering multiple access levels and providing specific identification of
each User. An exception to this is the Mails Application which does not
conform to the “Horizon Office Platform Service Style Guide”
(SD/STD/001).
Authentication of all Users logging on to the OPS in the Branch shall be
undertaken by the elements of the Infrastructure on which OPS is based.
Full access control and password management facilities shall be
provided. Users shall only access those Applications for which they have
been given permission by the Branch. Each User shall be identified by
a unique User-id and individual password.
The OPS shall provide facilities to enable the Branch Manager to
establish new Users and set an initial password for all Users in a Branch.
Should a User forget their password the Branch Manager shall be able
to reset the password. The same procedure shall apply at single Counter
Position Branches and multiple Counter Position Branches.
For situations where the sole User (e.g. Branch Manager in a single
Counter Position Branch) has forgotten their password, the OPS shall
provide the facility to generate a unique key as part of the log on toa
specific username. This shall be phoned to the Help Desk who shall
provide the corresponding key which when input to OPS shall allow
access to the administration facilities. The User shall then be able to
reset their User password.
Concurrency
The solution for OPS is based on a PC infrastructure configured such that multiple
activities within a Branch do not significantly impact on each other. In particular
back office processes (e.g. report production) will be operate on a logically
consistent set of data which will not be affected by any concurrent counter
transactions.
2.3 Security
2.3.1
Security of data and audit trail for OPS
(a)
All data captured at a Branch either as part of a Transaction performed
at a Counter Position or as an administration function shall form part of
a unique Transaction which shall be given a unique reference number
by Riposte and details stored in the message store. The format of this
message store entry shall vary according to the Transaction type but will
typically contain:
(i) Post Office ID;
(ii) Counter Position ID;
(iii) unique Transaction ID;
(iv) date;
Schedule B5 Annex 2 part 1 Version 12.0
Page 18 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.3.2
(f)
(v) time;
(vi) User ID;
(vii) Application; and
(viii) Transaction details.
Each Counter Position PC shall contain a journal and all journal entries
shall be automatically replicated to all other members of the work group.
A work group shall include all the Counter Position PCs in the Branch
and one of the correspondence servers, at which TMS is provided. This
correspondence server forms part of a “cluster” of correspondence
servers of which two are located on one Data Centre site and the
remaining two located on the other Data Centre site. All Transactions
associated with one correspondence server are automatically replicated
to the other site. Within each site all Transactions are reliably mirrored
within a multiple disk array which has no single point of failure.
Once data are stored in the message store they shall never be altered.
New Transactions shall always be appended to the message store.
Retrieval of data using a particular key field shall retrieve all entries
containing that field.
The security of data held within OPS shall not be compromised by any
incident nor when OPS is re-established following any Incident.
Fujitsu Services shall provide synchronisation facilities which shall
automatically check the status of the journal for a node when it is re-
established following failure. Should the journal be out of step (e.g.
through failure of the Counter Position PC) Fujitsu Services shall
automatically synchronise the journal and any data files to the same
state as all other journals in that work group. Synchronisation may occur
from another Counter Position PC (in a multi-Counter Position Branch)
or from one of the correspondence servers or the second hard disc
referred to in paragraph 4.2.4(b) (in a single Counter Position Branch).
The operating system supporting the OPS shall provide assurance of
access control and data integrity functions.
OPS Secure Suspension
(a)
The OPS and the elements of the Infrastructure on which OPS is
provided shall provide secure time-out facilities for each Counter
Position PC.
Fujitsu Services shall provide a User activated suspension which shall
enable the User to either:
(i) clear the screen and leave the Counter Position PC for a short
period. In such circumstances, the User session shall be
reactivated by the User entering their password. Any applications
which were active shall be left active. The display presented when
the suspension facility is activated shall be different to any normal
desktop or application screen; or
(ii) suspend a customer session and start a second session, and
thereafter swap between the two sessions until one of them has.
been completed.
Schedule B5 Annex 2 part 1 Version 12.0
Page 19 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.3.3
While an individual Transaction is waiting for input from a peripheral, a
pick-list or on-line interaction, or while reports or receipts are printing,
these facilities may be inhibited.
Should the User who initiated the suspension be unable to re-activate
the facility, the following actions may be taken:
(i) after a period of time, during which there is no active session, the
session shall be automatically logged-out. A journal message will
be created indicating this;
(ii) the Branch Manager may assume responsibility for any
uncompleted session, the Stock Unit or share thereof, by entering
his own User name password;
(iii) I once the Counter Position PC has logged-out any authorised
User may then use that Counter Position PC; and
(iv) all the above Events shall be written to the journal.
The facility shall allow the User to resume work with the minimum delay
consistent with achieving security in accordance with the provisions
hereof.
Inactivity Time-out
(a)
(c)
The OPS and the elements of the Infrastructure on which OPS is
provided shall provide secure inactivity time-out facilities if the Counter
Position PC is inactive for a period defined in reference data for each
Counter Position PC.
Should the User be unable to re-activate the facility, the following actions
may be taken:
(i) after a period of time during which there is no active session the
session shall be automatically logged-out. A journal message
shall be created indicating this;
(ii) the Branch Manager may assume responsibility for any
uncompleted session, the Stock Unit or share thereof, by entering
his own User name / password;
(iii) I once the Counter Position PC has logged-out, any authorised
User may then use that Counter Position PC; and
(iv) the above events shall be written to the journal.
The facility shall allow the User to resume work with the minimum delay
consistent with achieving security in accordance with the provisions
hereof.
2.3.4 Encryption Key Management
(a)
The OPS shall support a reliable and secure means for the storage and
transfer of data. This shall include the use of techniques used selectively
and in agreement between Post Office and Fujitsu Services as specified
in the CCD entitled "Security Functional Specification" (RS/FSP/001).
Schedule B5 Annex 2 part 1 Version 12.0
Page 20 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.3.5
(b) With the exception of PIN Pads (in which case paragraph 2.3.4(c) shall
apply), a key management system shall be in place so the encrypted
data can be deciphered without risk of that cryptographic key being
exposed.
(c) Fujitsu Services shall support the use of PIN Pads and the associated
cryptographic management. PIN Pads shall comply with the
requirements of ISO 9564.
Horizon OPS Style Guide
Any HNG-X Service to be offered via the OPS shall be provided in accordance
with the CCD entitled “Horizon Office Platform Service Style Guide”
(SD/STD/001) which shall set out, among other things, general guidelines for the
Human Computer Interface. An exception to this is the Mails Application which
does not conform to the “Horizon Office Platform Service Style Guide”
(SD/STD/001).
3, TRANSACTION MANAGEMENT SERVICE
3.1 Purpose
This paragraph 3 details the functions and capabilities provided by the TMS.
3.2 Overview
3.2.1
3.2.2
The TMS shall provide the interworking between the Branches and the Data
Centres using the Branch Telecom Infrastructure. TMS shall be provided using
both Branch and correspondence server Equipment, presenting interfaces to the
HNG-X Service Infrastructure for onward transmission to Client systems or the
Post Office Service Environment.
The role of TMS shall be to provide a secure and resilient messaging and
journalling service which shall support the transfer of data between OPS and the
HNG-X Service Infrastructure.
3.3 General Attributes
3.3.1
3.3.2
Scalability
(a) Fujitsu Services shall provide TMS such that it shall be scaleable to meet
Post Office's future business needs in accordance with the CCD entitled
“Horizon Capacity Management and Business Volumes” (PA/PER/033).
(b) The modular nature of TMS and the Horizon Service Infrastructure shall
be scaleable to enable the workload growth specified in the CCD entitled
“Horizon Capacity Management and Business Volumes” (PA/PER/033)
to be accommodated, subject to the design constraints of the Horizon
Applications.
Data Integrity
(a) A Horizon Application or TMS Agent shall be able to be certain, at some
level, that data have been positively acknowledged as received by TMS,
or a peer application connected to TMS.
(b) Data transfers shall be capable of being despatched as:
Schedule B5 Annex 2 part 1 Version 12.0
Page 21 of 34
POL00027938
POL00027938
CONFIDENTIAL
(i) immediate;
(ii) background / trickle fed; and
(iii) time deferred.
3.4 General Service description
3.4.1
Interface support
TMS shall interface with each instance of OPS within each Branch.
3.4.2 Data delivery
(a)
(b)
TMS shall provide for the distribution and collection of both file and
record level data to and from the OPS.
Overnight Fujitsu Services shall produce a report of those Branches
which have not been polled in the last 24 hours (including date of report,
FAD code of each unpolled Branch and the date when that Branch was
last polled), and that report shall be e-mailed to Post Office's Business
Support Unit.
4. GENERAL INFRASTRUCTURE SERVICES REQUIREMENTS
44 Introduction
This paragraph 4 contains characteristics common to both the OPS and TMS.
42 Links from OPS to TMS
4.2.1
4.2.2
General
(a)
(b)
(c)
Each instance of OPS within Branches shall interface with TMS to allow
the transfer, in both directions, of authorised data files and messages.
The transfer of data between OPS and TMS shall be secure, complete,
accurate and robust.
Within OPS it shall be possible for OPS to identify whether data from
OPS have been received by TMS or not.
Data Replication
(a)
(c)
Fujitsu Services shall use data replication and synchronisation
techniques to ensure that data transfer between Counter Positions at
which OPS is provided and between instances of OPS at each Counter
Position and the TMS are secure, complete, accurate and robust.
Once a Transaction has been settled at a Counter Position, TMS shall
commit the full Transaction details to that Counter Position PC's
message store. The Transaction details shall simultaneously be
automatically replicated to all other Counter Position PCs in the Branch
so that the data are securely captured. In addition, Fujitsu Services shall
automatically replicate Transaction details to a remote server at which
TMS is provided.
The OPS Counter Position PCs and TMS servers are known as "nodes".
Schedule B5 Annex 2 part 1 Version 12.0
Page 22 of 34
POL00027938
POL00027938
CONFIDENTIAL
4.2.3
4.2.4
(d)
All data and message transfers from a single node shall be generated in
a strict numbered sequence with a unique node identification. Any
attempt to introduce a fraudulent message shall be automatically
detected and rejected by OPS.
Data and message transfers shall be resilient to either network or node
failure. When the failure condition is resolved the nodes shall
automatically synchronise and complete any data or message transfers
that are required to ensure these nodes are in a consistent state.
Data Integrity
(a)
(4)
Fujitsu Services shall use techniques to ensure data integrity within the
OPS and as part of data/message transfer between OPS and TMS,
including:
(i) cyclic redundancy checks shall be calculated for all journal
records, including Reference Data; and
(ii) data encryption used selectively on certain data fields.
All messages and data shall have a cyclic redundancy check applied
when they are initially committed to the journal and this shall be checked
every time the message or data is accessed. This shall protect against
accidental corruption and casual tampering. Any failure of a cyclic
redundancy check shall cause the message to be rejected and retrieved
from alternate nodes.
In the event that nodes fail, recovery shall take place through the use of
the following techniques: associating of Post Office and correspondence
server nodes, message numbering, marker (message high and low
water marks) exchange message transfers to equalise water marks.
Fujitsu Services shall automatically detect any attempt to alter data and
shall log such attempts for subsequent investigation by Fujitsu Services.
Details of all such attempts shall be passed to Post Office.
Recovery
Fujitsu Services shall perform general recovery processes as
specified in the CCD entitled “HNG-X Business Continuity
Framework” (SVM/SDM/SIP/0001).
The Counter Position PC in all single Counter Position Branches shall
be fitted with a second hard disk which shall be exchangeable to
facilitate rapid exchange of systems and Transaction data in the event
of a system failure other than a hard disk failure.
Schedule B5 Annex 2 part 1 Version 12.0
Page 23 of 34
POL00027938
POL00027938
CONFIDENTIAL
PART 2
TRANSITIONAL APPLICATIONS
The following provisions of this Part 2 of Annex 2 will be effective in respect of each Branch until
the HNG-X Date for that Branch.
‘Ts
1.1
21
EPOSS
EPOSS is an electronic point of sale service application which provides the following
functions:
1.1.1 onall Counter Positions in all Branches and Other Authorised Locations:
(a) facilities to Counter Clerks in support of Transactions with Customers;
(b) a “till” function; and
(c) a framework within which other applications can be invoked to support
specialised Transactions within a Customer Session;
1.1.2 to Users within Branches including:
(a) stock balancing;
(b) Branch cash accounting;
(c) production of Client summaries; and
(d) User administration tasks;
1.1.3 transfer of data to Post Office systems and services outside the Horizon Service
Infrastructure using the File Management Support Facility; and
1.1.4. management information reporting using the File Management Support Facility.
EPOSS records Transactions to the Riposte message store. These are replicated by
Riposte to the message stores on file servers at the Data Centres. The TMS Agents
extract and reformat Transaction data and present it for further analysis, summarisation
and forwarding by the Business Capabilities and Support Facilities.
Cash, cheque and voucher methods of payment are handled by EPOSS. For payment
using a debit card, EPOSS (from the settlement menu) initiates Debit Card to obtain
authorisation of payment.
APS
APS is a generic application that enables Post Office to provide a range of bill payment
and pre-payment services to the customers of many Post Office Clients. APS provides
transaction facilities at the counter, integrated into Customer Sessions using facilities
provided by EPOSS. APS also supports transfer of data to and from Post Office Client
systems and Post Office systems via the Business Capabilities and Support Facilities.
APS is available at all Counter Positions in all Branches.
Schedule B5 Annex 2 part 2 Version 12.0
Page 24 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.2
2.3
24
25
2.6
27
APS supports a range of advanced data capture facilities (the “AP-ADC Facility”) which
are controlled and constrained by Post Office Reference Data. These facilities extend
the capabilities of APS and provide support for:
2.2.1 product selection mechanisms using picklists;
2.2.2 arange of data capture and validation routines;
2.2.3. external applications as the Parties may agree under the Change Control
Procedure; and
2.2.4 the use of print templates in support of customised receipt and slip print layouts.
The production of Reference Data by Post Office to make use of the AP-ADC Facility
shall be in accordance with and subject to the provisions of the CCD entitled “AP-ADC
Reference Manual” (AP/MAN/002) once that CCD has been agreed and introduced in
accordance with the provisions of CCN 1131b. Until that CCD has been agreed and
introduced, the production of Reference Data by Post Office to make use of the AP-ADC
Facility shall be in accordance with the document entitled “AP-ADC Reference Manual”
(AP/MAN/002) version 3.2 (or any subsequent version thereof agreed through the
Change Control Procedure).
APS supports the following range of Tokens conforming to the standards in the relevant
CCDs:
2.3.1. magnetic stripe cards; and
2.3.2 bar coded documents.
APS supports the use of desktop buttons, which may be specified as being equivalent to
a manually entered AP barcode Token.
As referred to in paragraph 2.2.3 of this Annex, APS supports access to DVLA POME for
the purpose of vehicle re-licensing Transactions only. DVLA POME is the Driver Vehicle
and Licensing Agency (DVLA) and Post Office MOT enquiry service which is based on
systems that are external to the Horizon Service Infrastructure. The AP-ADC Facility will
perform online interactions with DVLA POME using the DVLA Licensing capability of the
Business Capabilities and Support Facilities during a vehicle re-licensing Transaction.
Such interaction will take place via the DVLA On-line Link. Information concerning MOT
status and vehicle excise duty as well as other supporting data will be retrieved during
the course of such on-line interaction, as specified by Post Office Reference Data for the
purposes of the re-licensing Transaction. The interaction with DVLA POME may be
configured to deal with scenarios where no response is received from DVLA POME within
designated time periods.
APS handles interaction with customer Tokens and records Transactions in the Riposte
message store. It also passes Transaction details to EPOSS for incorporation into a
Customer Session. Transaction data is replicated by Riposte to the message stores on
file servers at the Data Centres. The APS agents extract and reformat transaction data
and present it for further analysis, summarisation and forwarding by the Business
Capabilities and Support Facilities.
The clients and tokens supported by APS are referred to in the CCD entitled “Automated
Payments System Client List” (BP/DOC/008). Specific payments and the APS
Transactions which support them conform to the relevant AP Client Specification, which
in turn references the CCD entitled “POCL Automated Payments Generic Rules”
(BP/DOC/014) and appropriate Token Technology Specification(s). Data is transferred to
AP Clients using the File Management Support Facility in accordance with the appropriate
Application Interface Specification. Such transfer will either be direct to the AP Client in
Schedule B5 Annex 2 part 2 Version 12.0
Page 25 of 34
POL00027938
POL00027938
CONFIDENTIAL
2.8
3.1
3.2
3.3
41
4.2
accordance with the relevant automated payment client specification or via the EDG in
accordance with the CCD entitled “Automated Payments Interface Specification - EDG /
DES” (CR/IFS/002).
Post Office will be responsible for:
2.8.1 the design and development of new AP Transactions that use the AP-ADC
Facility;
2.8.2 (save to the extent that Fujitsu Services is required to facilitate testing of Post
Office Reference Data in accordance with the CCD entitled “Fujitsu Services /
Post Office Ltd Interface Agreement for Operational Business Change -
Reference Data" (CS/PRD/058)) ensuring that Post Office Reference Data,
intended to introduce those new Transactions, functions correctly within the
Horizon Service Infrastructure (in accordance with any applicable Reference Data
rules) and has the desired business effect; and
2.8.3 defining receipts (for all AP Transactions that use the AP-ADC Facility) that
contain sufficient information to allow manual recovery of a subset of the
transaction data following a system failure, to the extent that such manual data
recovery is required by Post Office.
LFS
The LFS application provides an interface between Branches and the Post Office's
Advanced Distribution System (SAP/ADS) using the File Management Support Facility
and is at all Branches.
LFS includes an LFS Branch application. This is present on all Counter Positions at all
Branches. It provides:
3.2.1 screen dialogues for inputting relevant data which are written to the Riposte
message store;
3.2.2 facilities for scanning bar coded labels to monitor movement of cash and stock
bags and pouches into and out of the Branch. Data captured from these bar
codes are written to the Riposte message store; and
3.2.3 a facility for viewing specialised messages originated by SAP/ADS and
transmitted to the Branch.
LFS includes an interface to SAP/ADS for the exchange of batch data using the File
Management Support Facility and manages the forwarding to, and receipt from, Branches
of that data. Data created in Branches is extracted from the Riposte message stores by
agent applications.
MESSAGE BROADCAST
The Message Broadcast (“MBS”) application provides a mechanism for transmitting plain
text messages to all Branches or to Branches specified in a list.
MBS comprises the MBS Branch application, which provides facilities for managing
messages received, presenting available messages for selection by Users, displaying
messages on the Counter Position screen and printing them to the back-office printer.
This is available at all Counter Positions in all Branches (but messages can only be
received at locations with a data communications link).
Schedule B5 Annex 2 part 2 Version 12.0
Page 26 of 34
POL00027938
POL00027938
CONFIDENTIAL
4.3
5.1
5.2
5.3
MBS utilises the Message Handling Support Facility, which provides facilities for creating
messages by text input (including copying text from other electronic documents including
emails received by Fujitsu Services from Post Office) and distributing them to Branches.
NBS
The NBS application supports transaction of banking business in Branches. It is installed
at all Counter Positions in all Branches, but requires an operational data communications
link in order to process Transactions. NBS is invoked from EPOSS either by:
5.1.1. acard swipe (or input of card details) where EMV functionality is not supported in
respect of that card; or
5.1.2 _aCustomer inserting his or her card into the chip card reader in a PIN Pad where
such card supports EMV functionality,
while in serve customer mode other than at the settlement menu.
The following Transaction types are supported by the NBS:
5.2.1 cash deposit;
5.2.2 cash withdrawal;
5.2.3. balance enquiry;
5.2.4 withdraw limit;
5.2.5 change of PIN at PIN Pad; and
5.2.6 cheque deposit.
NBS has the following functional components:
5.3.1 NBS manages reading of data from magnetic stripe bank cards and EMV chip
cards, presentation of screen dialogues to the User and User data input, input of
PIN numbers by customers, and printing of receipts. It also integrates the banking
Transactions into an EPOSS Customer Session. NBS writes data to a message
store, including “immediate” messages to initiate message exchange with the
Bank systems, this message exchange being brokered by the Business
Capabilities and Support Facilities.
5.3.2 NB Authorisation Agent applications run on servers at the Data Centres. Such
servers harvest relevant “immediate” and standard messages. Messages
between the Counter Position and the Bank systems are brokered by the
Business Capabilities and Support Facilities. Standard messages are harvested
by the agents and summarised and forwarded to the Reconciliation Application
within the Business Capabilities and Support Facilities; and
5.3.3 The Reconciliation Application as used by NBS receives data from the NB
Authorisation Agents and from Bank systems and prepares reports reconciling
these data streams and identifying reconciliation exceptions for investigation and
corrective action. These facilities are provided by the Business Capabilities and
Support Facilities.
Schedule B5 Annex 2 part 2 Version 12.0
Page 27 of 34
POL00027938
POL00027938
CONFIDENTIAL
6.1
6.2
6.3
6.4
65
6.6
7A
h2Z
73
REFERENCE DATA MANAGEMENT APPLICATION
The Reference Data Management Application is a database application running in the
Data Centre. It receives Reference data from the Post Office Reference Data System in
accordance with the CCD entitled “Application Interface Specification Reference Data to
Fujitsu Services Limited” (BP/IFS/010). It also provides facilities for the manual input of
data by Fujitsu Services’ personnel and incorporation of system generated data from
other parts of the Horizon Service Infrastructure.
Reference Data from Post Office Reference Data System is delivered in separately
identifiable change instructions and loaded into Fujitsu Services’ Reference Data
Management Centre. These change instructions are then made available to a daily
extract process when correct authorisation for each request is received from Post Office.
Details regarding the delivery and authorisation of Reference Data are given in the
following CCDs:
6.2.1 for products, “Fujitsu Services / Post Office Ltd Interface Agreement for
Operational Business Change - Reference Data” (CS/PRD/058); and
6.2.2 for Branches, “Fujitsu Services/Post Office Ltd Operational Business Change —
Branch, Interface Agreement” (CS/IFS/003).
Reference Data Management Application is implemented with the following major
functional components:
6.3.1 Reference Data Management agents running on Data Centre servers;
6.3.2 host database application in the Data Centre; and
6.3.3 _ file transfer capabilities provided by the Central Infrastructure.
Reference Data Management Application provides facilities for version control of
Reference Data including start and end dates for its validity. It manages distribution of
Reference Data to Branches via the Infrastructure.
Reference Data Management Application provides data used by all the other Initial
Horizon Applications and has the potential to extend this to additional Horizon
Applications running on the Horizon Service Infrastructure.
Reference Data Management Application shall check Reference Data consistency and
report exceptions.
AUDIT FACILITIES
The Audit facilities provide the mechanisms to record and maintain an audit trail of
Transactions and events according to the CCD entitled “Audit Trail Functional
Specification” (CR/FSP/006).
The Audit facilities enable the recording of an operational audit trail and a commercial
audit trail as such terms are referred to in the CCD entitled “Audit Trail Functional
Specification” (CR/FSP/006). These comprise the audit trail associated with the operation
of the Applications operated by Fujitsu Services, and the audit trail of that part of Fujitsu
Services’ internal commercial records to which Post Office's internal auditors or agents
have access.
Data within the operational audit trail will be retained for 18 months, although transaction
data in the TMS journal, including data relating to NBS and Debit Card will be retained for
seven years.
Schedule B5 Annex 2 part 2 Version 12.0
Page 28 of 34
POL00027938
POL00027938
CONFIDENTIAL
74
75
76
9.1
9.2
9.3
Data within the commercial audit trail will be retained for seven years, although some data
will be retained for the term of the Agreement which may be longer.
Access to audit trail data is provided to authorised Post Office personnel either by
interactive access or through a set of standard reports.
The storing of audit data and the retrieval of data to satisfy the requests are provided by
the Business Capabilities and Support Facilities.
RECONCILIATION FACILITIES
Reconciliation Facilities are provided by the Business Capabilities and Support Facilities.
DEBIT CARD
The Debit Card application supports Transaction of Debit Card payments in Branches. It
is installed at all Counter Positions in all Branches, but requires an operational data
communications link in order to process Transactions. Debit Card can be invoked from
EPOSS either by:
9.1.1 a card swipe (or input of card details) if EMV functionality is not supported in
respect of that card; or
9.1.2 aCustomer inserting his or her card into the chip card reader in a PIN Pad where
such card supports EMV functionality,
when EPOSS is at the settlement menu.
The following Transaction types are supported:
9.2.1 Debit Card purchase;
9.2.2 Debit Card refund; and
9.2.3 Explicit Reversal (as defined in the CCD entitled “Debit Card MoP Functional
Description” (EF/SER/001)) or its equivalent functionality in the Business
Capabilities and Support Facilities.
Debit Card has the following functional components:
9.3.1 Debit Card manages reading of data from magnetic stripe debit cards and EMV
chip cards, presentation of screen dialogues to the User and User data input, and
printing of receipts. It also integrates the DC Transactions into an EPOSS
customer session. Debit Card writes data to the Riposte message store, including
“immediate” message exchange with the Data Centre, and onwards to the
Merchant Acquirer (this message exchange being brokered by the Business
Capabilities and Support Facilities); and
9.3.2 The DC Authorisation Agents run on servers at the Data Centres. Such servers
harvest relevant “immediate” and standard messages. Messages between the
Counter Position and the Merchant Acquirer are brokered by the Business
Capabilities and Support Facilities. Standard messages are harvested by the
agents and summarised and forwarded to the Reconciliation Application provided
by the Business Capabilities and Support Facilities.
Schedule B5 Annex 2 part 2 Version 12.0
Page 29 of 34
POL00027938
POL00027938
CONFIDENTIAL
10. MAILS APPLICATION
10.1 Mails is a postal acceptance application designed to fully automate the service selection
and pricing of mails items transacted at Counter Positions. Mails provides transaction
facilities at each Counter Position, integrated into the Customer Session using facilities
provided by EPOSS. Mails replaces the scales functionality of EPOSS.
10.2 Mails is a standard cashier script application that has been customised for UK use by the
addition / alteration of cashier scripts and the creation of specific Mails Reference Data.
Mails Reference Data is unique to the Mails Application and is supplied by Post Office
Limited. Mails Reference Data contains Client data, typically comprising services, tariffs,
rules and constraints.
10.3. Mails accepts manual input of data (weight, destination, service type) as well as automatic
input from electronic weigh scales and barcode readers.
10.4 Mails is implemented with the following major functional components:
10.4.1 Mails Application running on every Counter Position;
10.4.2 Data Centre support for Reference Data subscription groups;
10.4.3 Mails agents (for Reference Data distribution) running on the Data Centre
servers; and
10.4.4 File transfer facilities supported by the Business Capabilities and Support
Facilities.
10.5 Mails supports the following postal acceptance functionality:
10.5.1 Mails includes the Clients, their products and services as defined by Mails
Reference Data;
10.5.2 Mails applies conformance to the business rules defined in Mails Reference Data
and only permits users to select those services that are valid for a set of input
variables (weight, destination, value of content, delivery urgency and signature
required);
10.5.3 Mails can be customised by Mails Reference Data;
10.5.4 Mails prints postage labels and receipts as defined in the CCD entitled “Horizon
OPS Reports and Receipts - Post Office Account Horizon Office Platform Service”
(SD/DES/005);
10.5.5 Mails includes on screen help and links to additional Mails help screens in the
form of HTML pages which can be accessed by the Counter Clerk;
10.5.6 Mails accesses the generic Postcode Address File ("PA File") to verify or
complete a destination address on selected services;
10.5.7 Mails captures track and trace barcode information during a mails acceptance
transaction and passes this information along with associated PA File data to the
EDG for onward transfer to Clients by the Business Capabilities and Support
Facilities; and
10.5.8 Mails allows the capture of the track and trace barcode information and
verification of price for pre- franked “bulk mail”. The track and trace and item
Schedule B5 Annex 2 part 2 Version 12.0
Page 30 of 34
POL00027938
POL00027938
CONFIDENTIAL
details are sent to the EDG for onward transfer to Clients by the Business
Capabilities and Support Facilities.
10.6 Mails records complete postage related details including value, weight, destination,
service(s), track and trace, postcode and label as well as all other standard transaction
details to the message store.
11. MAILS ADMINISTRATION APPLICATION
11.1. Mails Administration supports the following functions:
11.1.1
11.1.2
11.1.3
11.1.4
Mails despatch and exception handling;
Local collect;
Return of undelivered priority mails items; and
Fast input of "bulk mail" (known as "Speed Bulk").
11.2 Mails despatch
11.2.1
11.2.2
11.2.3
11.2.4
The despatch process allows the reconciliation between track and trace items
scanned in as part of the acceptance process and those awaiting collection by
the carrier.
For mails items confirmed as available for despatch a record will be created and
sent to the EDG for onward transfer to Clients by the Business Capabilities and
Support Facilities.
The despatch process will include a mechanism for recording if the despatch is
the last for that day.
The despatch process will allow reconciliation errors to be corrected or an
exception report produced prior to the despatch of the remaining items.
11.3 Local collect
11.3.1
11.3.2
11.3.3
The local collect function allows mails items delivered to the Branch for local
collect to be scanned in using the track and trace barcode. A record of barcodes
will be sent to the EDG for onward transfer to Clients by the Business Capabilities
and Support Facilities.
The local collect function allows mails items to be collected by Customers and will
charge either an open or fixed fee. A record of each collected item will be sent to
the EDG for onward transfer to Clients by the Business Capabilities and Support
Facilities.
The local collect function allows items that have not been collected after a defined
period to be scanned out of the Branch. A record of each non collected item will
be sent to the EDG for onward transfer to Clients by the Business Capabilities
and Support Facilities along with a code indicating the reason for non collection.
11.4 Return of undelivered priority items
Priority mails items not delivered by the carriers delivery agent can be returned to any
Post Office and recorded by scanning the track and trace barcode. A record of each
collected item will be sent to the EDG by the Business Capabilities and Support Facilities
for onward transfer to Clients along with a code indicating the reason for non delivery.
Schedule B5 Annex 2 part 2 Version 12.0
Page 31 of 34
POL00027938
POL00027938
CONFIDENTIAL
12.4
12.2
13.4
13.2
13.3
Speed Bulk
Pre-franked mails (Bulk Mails) can be scanned in without any weight / price checks. A
record of each collected item will be sent to the EDG for onward transfer to Clients by the
Business Capabilities and Support Facilities.
ETU APPLICATION
The ETU Application supports the Customer purchase or refund of mobile phone related
credits and associated content products (e.g. ring tones). It is installed at all Counter
Positions in all Branches, but requires an operational data communications link in order
to process Transactions. ETU credit products (known as Topup products or PIN products)
are invoked by swiping a card (or input of card details). ETU content products (known as
PIN/e-voucher products) are invoked by selecting an ETU desktop button. The following
Transaction Types are supported:
12.1.1 the purchase of a card based Topup product;
12.1.2 the purchase of card based PIN product;
12.1.3 the purchase of a PIN/e-voucher product;
12.1.4 the refund of a card based Transaction; and
12.1.5 the refund of a PIN/e-voucher Transaction.
The ETU Application manages reading of data from magnetic stripe cards, the selection
of ETU products from menus, the presentation of screen dialogues to the User and User
data input, and the printing of receipts. It also integrates the ETU Transactions into an
EPOSS Customer Session. ETU writes data to the Riposte message store, including
"immediate" messages to initiate message exchange with the e-pay authorisation system,
provided by Business Capabilities and Support Facilities.
BUREAU APPLICATION
The Bureau Application provides the ability to trade foreign currencies and traveller's
cheques at Counter Positions. The service provided in a particular Branch can range from
none to full bureau de change facilities, depending on the Bureau Type defined in
Reference Data for the Branch in question.
The Bureau Application has the ability to receive Spot Rates Files and Margins Files from
the Post Office using the Business Capabilities and Support Facilities, and to use the data
in these files to control the rates at which currencies and travellers’ cheques are traded.
The Bureau Application extends EPOSS counter functionality to support, depending on
Bureau Type, for:
13.3.1 buying currency and travellers’ cheques;
13.3.2 selling currency and travellers’ cheques;
13.3.3 remitting currency and travellers’ cheques for sale (but not travellers’ cheques
redeemed) into and out of Branches;
13.3.4 transferring currency and travellers’ cheques for sale (but not travellers’ cheques
redeemed) between Stock Units;
13.3.5 revaluing currency to reflect changes in spot rates; and
Schedule B5 Annex 2 part 2 Version 12.0
Page 32 of 34
POL00027938
POL00027938
CONFIDENTIAL
13.3.6 declaring the quantities of bureau stock on hand.
14. PAF FACILITY
1441 The PAF Facility is a generic facility based on QAS Software. The PAF Facility is not an
Horizon Application itself, but may be invoked by a PAF Calling Application.
14.2 The function of the PAF Facility is to:
14.2.1 allow Users to validate an address by entering the details of premises and
postcode or premises, street and town of the address to be validated;
14.2.2 present Users with a validated postal address;
14.2.3 permit Users to enter a postal address manually; and
14.2.4 make available the manually entered postal address for use in the PAF Calling
Application.
14.3. The PAF Facility is provided by the Business Capabilities and Support Facilities.
Schedule B5 Annex 2 part 2 Version 12.0
Page 33 of 34
POL00027938
POL00027938
POL00027938
POL00027938
CONFIDENTIAL
PART 3
NBS SPECIFIC BUSINESS CONTINUITY REQUIREMENTS
This Part 3 of Annex 2 sets out the business continuity provisions specific to NBS that shall apply
during the Roll Out Phase.
‘Ts NBS
1.1 Each Data Centre (if required to support the NBS on its own as a result of a failure of
the other Data Centre) shall have the capability in normal operation with no failures
having occurred:
1.4.1 to support the Contracted Volumes in relation to the NBS and Debit Card as
defined in the CCD entitled "Horizon Capacity Management and Business
Volumes” (PA/PER/033); and
1.4.2 to support Fujitsu Services’ obligations in respect of NBS Service Levels set
out in (as the case may be):
(a) Annex 3 to Schedule B4.4; or
(b) paragraph 2.3.4 of the CCD entitled “Branch Network: Service
Description” (SVM/SDM/SD/0011) and paragraph 3.3.4.5 of the
CCD entitled “Data Centre Operations Service: Service Description”
(SVM/SDM/SD/0003),
without preventing or impairing that Data Centre's support for Fujitsu Services’
obligations in respect of the Service Levels for other HNG-X Services in existence
at the Amendment Date.
1.2 The Data Centres (including NBS elements) will be configured such that no single point
of failure within the Data Centres will cause the NBS to fail with both Data Centres in
operation.
1.3 Switchover to backup systems within the Data Centres and for the network connections
within the Data Centres:
1.3.1 for real-time elements of the NBS affecting Banking Transactions at Counter
Positions shall be automated with the exception of the persistent store which
shall be manually switched over; and
13:2 for non-real time elements may be automated or manual.
Schedule B5 Annex 2 part 3 Version 12.0
Page 34 of 34