POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
Document Title: ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
Document Reference: REQ/GEN/ACS/0002
Release: Release specific
Abstract: This document comprises the Acceptance Report for HNG-X
Acceptance Gateway 3. It provides details of the Acceptance status
of all POL requirements associated with this Acceptance Gateway
and is for submission to the HNG-X Acceptance Board.
Document Status: DRAFT
Author & Dept: Dave Cooke
HNG-X Acceptance Manager
External Distribution: Neil Williams, Phil Norton, Mark Burley, David Smith,
Liz Tuddenham, lan Trundell
Security Risk No
Assessment Confirmed
Approval Authorities:
lame Role Signature Date
Phil Norton POL Requirements and See Dimensions for record
Acceptance Manager
Dave Cooke FS HNG-X Acceptance Manager See Dimensions for record
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ON/0001) for guidance on who should approve.
© Copyright Post Office Limited GCNIANEOT. bi Seema Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 1 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
0 Document Control
0.1 Table of Contents
DOCUMENT CONTROL
Table of Contents
Document History
Review Detail:
Associated Documents (Internal & External)
Abbre'
Glossary
Changes Expe: .
Accuracy ....
Security Risk Assessment ..
INTRODUCTION...
ic Io
IBIS In BE I= ISISISISISISISISIE
roles pol [e0 Loo Na fom lends feo lo I
Acceptance Board assessment checklist for AG3
REVIEW OF STATUS OF ACCEPTANCE CRITERIA
Functional Requirements — Use Case:
Non-Functional Requirements and Criteria
.2.1 Deferred Test status
Assessment of Status
No Run status
Not Complete Status
3 REVIEW OF STATUS OF ACCEPTANCE INCIDENTG...............:c0000
3.
3.1. Acceptance Incident Aggregation...
3.2 Acceptance Incidents arising from Agreed Deferrals
1 Acceptance Incident details for type Al-AD
2 Aggregated Acceptance Incident details for typ’
3.3 Acceptance Incident arising from non-testable criteria
be
joo
3.3.1 Acceptance Incident details for type AI-NT... 31
3.3.2 Aggregated Acceptance Incident details for tyoe AI-NT 31
3.4 Acceptance Incident arising from Testable criteria 32
3.4.1 Acceptance Incident details for type Al-TS
3.5 Acceptance Incident total...
A APPLICABLE POL REQUIREMENTS AND ACCEPTANCE CRITERIA............ 33
B DEFINITION OF ACCEPTANCE METHODS 34
© Copyright Post Office Limited GCNIANEOT. bi Seema Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 20f 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 "4
FUJITSU COMMERCIAL IN CONFIDENCE
C DEFINITION OF ACCEPTANCE INCIDENT SEVERITY...
lo
ACCEPTANCE BOARD RECOMMENDATION OPTIONS...
0.2 Document History
Version No. Date Summary of Changes and Reason for Issue Associated Change -
CP/PEAK/PPRR
Reference
0.1 28-OCT-2009 Initial version
0.3 Review Details
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on completing the lists below. You
may include additional reviewers if necessary, but you should generally not exclude any of the mandatory reviewers
shown in the matrix for the document type you are authoring.
Review Comments by (date by which comments should be returned)
Review Comments to david.cookd
& RMGADocumentManagement!.
Mandatory Review
Role Name
HNG-X Programme Manager Alan D’Alvarez
HNG-X Solution Architect Jim Sweeting
POL HNG-X Programme Manager Mark Burley
POL HNG-X Requirements Manager Phil Norton
POL HNG-X Acceptance Manager Neil Williams
POL HNG-X Design Authority lan Trundell
HNG-X Testing Manager Debbie Richardson
POL HNG-X Testing Manager Lee Farman
Role Name
Head of Programmes — Private Sector Business Mike Wood
Unit
Head of Change and IS Dave Smith
RMGA Commercial Director Guy Wilkerson
POL HNG-X Senior Contracts and Service Manager Liz Tuddenham
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref REGISENMACSOOU2
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED PageNo: 3 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 "4
FUJITSU COMMERCIAL IN CONFIDENCE
Issued for Information — Please resi
distribution list to a minimum
Position/Role Name
(*) = Reviewers that returned comments
0.4 Associated Documents (Internal & External)
Reference Version Date Title Source
PGM/DCM/TEM/0001 I 5.0 03 June 2009 RMGA HNG-X Generic Document Dimensions
(DO NOT REMOVE) Template
Schedule B6.3— HNG-X Acceptance I Dimensions
Process
Unless a specific version is referred to above, reference should be made to the current approved
versions of the documents.
0.5 Abbreviations
Abbreviation Definition
0.6 Glossary
Term Definition
0.7 Changes Expected
© Copyright Post Office Limited GCNIANEOT. bi Seema Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 4 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
0.8 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.9 Security Risk Assessment
Security risks have been assessed and it is considered that there are no security risks relating specifically to this
document.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 5 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
1. Introduction
This document comprises the HNG-X Acceptance Report to the HNG-X Acceptance Board for the
assessment of the progression through Acceptance Gateway 3 (AG3) — Readiness for Pilot.
The basis for HNG-X Acceptance is defined in Schedule B6.3 and some sections are reproduced within
this report.
The POL Requirements and Criteria, contained in the HNG-X Requirements Catalogue - POL DOORS
archive v1.42, and associated with AG3 are contained in Appendix A.
The definition of the HNG-X Acceptance Methods is contained in Appendix B.
The definition of the Acceptance Incident Severity is contained in Appendix C.
1.1. Scope
The purpose of this Acceptance Board is: -
‘To agree the Acceptance status of the relevant Release (HNG-X Release 1 for AG3) and provide a
recommendation to the ‘Joint Release Authorisation Board’.’ The proposed options that this Board can
select from are described in Appendix D.
This recommendation is based on an assessment of the status of the applicable POL Requirements and
Acceptance Criteria and of the stage progression criteria for AG3 are described in Schedule B6.3.
The primary assessment concerns the status of any Acceptance Incidents as follows:-
Progression through HNG-X Acceptance Gateway 3 shall occur once all of the following have
been satisfied for the HNG-X Acceptance Criteria allocated to achieving progression through the
respective HNG-X Acceptance Gateway:
(a) subject to paragraph 4.6 (of Schedule B6.3 which refers to dispute handling, defect
aggregation and deferred tests), all such HNG-X Acceptance Criteria have been achieved;
(b) activities leading to HNG-X Acceptance Gateway 1 (named “Readiness for Router Roll—
Out (Z1)” and HNG-X Acceptance Gateway 2 (named “Readiness for Data Centre Migration”)
must be completed and these two HNG-X Acceptance Gateways passed through in accordance
with paragraph 4.5.4.2 as pre-requisites to achieve HNG-X Acceptance Gateway 3.
(b) there are no outstanding HNG-X High Severity Acceptance Incidents;
(c) the number of outstanding HNG-X Medium Severity Acceptance Incidents is five or fewer
and an agreed workaround exists for each of them; and
(d) there is an agreed workaround for all outstanding HNG-X Low Severity Acceptance
Incidents except for those which the Parties agree do not require a workaround.
(e) details of all Non Incidents are recorded, although they shall have no impact upon
Acceptance Gateway progression
These together with other supporting factors are summarised in the following checklists for AG3.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 6 of 33
oO
FUJITSU
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
COMMERCIAL IN CONFIDENCE
1.2 Acceptance Board assessment checklist for AG3
References in this table refer to the HNG-X Acceptance Schedule B6.3.
Acceptance Gateways.
Schedule 6.3 paragraph 4.3 identifies three key HNG-X Acceptance Gateways controlling
Acceptance Gateway 3
progression through the HNG-X 7
Acceptance Process Stages plus two additional Acceptance Gateways. First of three key HNG-X I oo ist
Acceptance Gateways. °
Achievement of Requirements. All AG3 Requirements
(With the exception of those Requirements covered by Acceptance Incidents or agreed to be have been achieved
covered by Deferred Tests): (4.5.1.1(a)).
“Theleequenoal of HING:X Acceptance Process stages and the order of precedence for Passage through both
Acceptance Gateways is defined in schedule 6.3 section 2.2 AG 1 &AG2
Xe Results in a defect that would render a key elementof I =
Z& ‘one or more of the Business Capabilities and Support g None allowed
hoe Facilities or a key element of the Infrastructure unfit for I (4.5.1.1 (c)).
B8 operational use. Ss
&< ES
3 Five or fewer allowed and
5g e :
2 3
@ 2 Results in a defect that would cause problems in the 3 each has an agreed
¥ 5 Fo operational use of one or more Transaction types. £ workaround and -
zg 32 =] —
3 ea 3 an agreed Rectification
£ 30 Plan.
# Dae
3 S8 8 Contract does not specify
2 3 8 3 a limit on the number but
g Bea Results in a defect that does not cause any adverse
5 23 operational impact in the use of the Business £ all have an agreed
23 Capabilities and Support Facilities or an element of the 3 workaround (unless
8 =3 Infrastructure, or can be addressed 8 agreed otherwise).
2s by a Fujitsu Services workaround without any adverse I 3
BG operational impact for Post Office. 4 Contract does not
8 3 mention target timescale
8 3 for rectification.
3 2 Is found: =
25 not to be a defect; not to have resulted from the 2
35 introduction of HNG-X or not to fall within the high, 2 Need not be counted.
$2 medium or low categories. s
Pini z
Deferred Tests. ; oe . The total number of
If, other than as a result of a Default of Fujitsu Services, it is impossible for a test to be carried Requirements with
‘out when scheduled in the HNG-X Acceptance Plan then that test becomes known as a
"Deferred Test". Deferred Tests (but not
recorded as an
Acceptance Incident)
equals:
pecepiancel spies) There are no unresolved
I rd ith Schedule 6.3 \h 4.6 the parti that: i
n accordance Wi i bane Sp M ECON Acceptance Disputes.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED PageNo: 7 of 33
Fe)
FUJITSU
COMMERCIAL IN CONFIDENCE
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
POL00032629
POL00032629
2 Review of status of Acceptance Criteria
The POL requirements for Acceptance Gateway 3 comprise all of the functional requirements
represented by the POL Use Cases and a set of the Non-Functional requirements.
2.1 Functional Requirements — Use Cases
There are 144 Use Cases which constitute the POL functional requirements. Their summary status is as
follows: -
Count of Status Status
Service Barrel Not Not Zero Deferred I Failed Passed I Grand
Completed I Covered I defects Failed Total
Banking 8 10 18
Branch Accounting 1 17 18
Branch Admin 2 8 10
Branch Support & 17 17
Control
Bureau de Change 7 7
ETU 1 3 5
loP 1 6 10 19
Postal Services 1 8 9
Retail & Stock Sales 1 1
Shared 1 12 19
Cash & = Stock 3 18 21
Management
Grand Total 1 1 26 107 144
The status of Deferred Failed indicates that a Use Case has one or more defects associated with it, but
that the resolution of these defects have been agreed to be deferred to beyond start of Pilot.
Each of these defects is represented as an Acceptance Incident in section 3.
© Copyright Post Office Limited
2009
COMMERCIAL IN CONFIDENCE
UNCONTROLLED IF PRINTED OR LOCALLY
STORED
Ref.
Version:
Date:
Page No:
REQ/GEN/ACS/0002
0.1
28-OCT-2009
8 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
2.2 Non-Functional Requirements and Criteria
There are 752 non functional Acceptance Criteria associated with Acceptance Gateway 3. Their
summary status is as follows: -
Status
Verification Method No Run I Not Not Failed Passed Grand Total
Completed Covered
Document Review 3 19 2 7 219 250
Design Walkthrough 1 138 139
Monitoring 2 2
Statement of Fact 42 42
Statement of 90 90
Obligation
Solution Test 9 12 1 29 115 166
Release Validation 4 5 7 47 63
Test
Grand Total 17 36 3 43 653 752
Key to Status
Failed — Each Failed Criteria is represented by an Acceptance Incident in section 3
No Run - This identifies the number of criteria whose designated tests have not been run at the time of
this Acceptance Board. A number of these are due to the status of the testing of the criteria being agreed
to deferred, with the associated criteria having the status of ‘Deferred Test’ - see section 2.2.1.
Not Completed — This identifies the number of criterion where either: -
a) Acceptance Evidence has been submitted by FS but not yet assessed by POL,
or
b) Test execution had started but not completed at the time of this Acceptance
Board. These will also have the status of ‘Deferred Test’.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 9 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
2.2.1 Deferred Test status
The Schedule B6.3 acknowledges that there may be circumstances when previously scheduled testing
that was targeted for completion by this Acceptance Gateway cannot now take place. Providing that this
is not due to a contractual default by Fujitsu, and the parties agree, then the tests associated with a POL
requirement may be ‘Deferred’. Fujitsu are still obliged to carry out these ‘Deferred Tests’.
For this Acceptance Gateway, Fujitsu have requested that tests associated with the following 15
requirements are given ‘Deferred Test’ status. These are: -
SEC-3115, SEC-3135, SEC-3210, SEC-3212, SEC-3193, SEC-3161, SEC-3230, SEC-3154, SEC-3158,
SEC-3113, SEC-3177, SEC-3257
These are all associated with the Security Penetration testing that is due to complete on 27/27/09.
The Joint Test Team has advised that ARC-462, ARC-463, TR471 are now scheduled to be tested in
LST and so should also be given ‘Deferred Test’ status.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 10 of 33
oO
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
2.3 Assessment of Status
The following sections provide details of the use cases / criteria that fall into each of the ‘status’ entries in
sections 2.1 and 2.2 together with an impact statement.
2.3.1
No Run status
Asstatus of No Run identifies those criteria whose designated tests have not been run at the time of this
Acceptance Board. There are no Use Cases with a status of No Run.
The number of non-functional criteria with a status of No Run is shown in the table 2.2 and comprises
both ‘non-testable’ and ‘testable’ criteria as follows.
2.3.1.1
No Run/ non-testable criteria
The criteria and impact of the ‘No Run’ status in this category are as follows: -
Original
Object Id
Original Object text
Acceptance Criteria
Verification
Method
Impact
SEC-3138
Risks identified in the area
of SQL injection attacks
(see SEC-3347) will be
managed under Change
Control.
Evidence that all risks
raised under
Requirement SEC-3347
have been addressed
under the Change
Control process.
DR
SEC-3061
By provision of an
appropriate architecture for
HNG-X and associated
service operation, Fujitsu
Services shall protect Post
Office from liability for
information security threats
to a similar extent that Post
Office is protected by
Baseline Horizon unless
Review of
documentation and
agreed waivers prior to
going live shows that all
other security
requirements have
either been accepted or,
where not, waivers have
been agreed by Post
Office Information
Security.
DR
SEC-3060
By provision of an
appropriate architecture for
HNG-X and associated
service operation, Fujitsu
Services shall protect Post
Office from liability for
information security threats
to a similar extent that Post
Office is protected by
Baseline Horizon unless
Review of
documentation and
agreed waivers on
completion of ST tests
shows that all other
security requirements
have either been
accepted or, where not,
waivers have been
agreed by Post Office
Information Security.
DR
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
COMMERCIAL IN CONFIDENCE.
STORED
Ref: REQ/GEN/ACS/0002
Version: 0.1
Date: 28-OCT-2009
Page No: 11 of 33
oO
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
Object Id
Original Object text
Acceptance Criteria
Verification
Method
Impact
ARC-423
Fujitsu Services shall adopt
a quality process and shall
follow a recognised
methodology in the
production of the Solution
Baseline I Documentation
Set.
Post Office
Independent
acknowledge that the
process and
methodology utilised by
Fujitsu Services are
suitable for documenting
the Solution Baseline.
and the
Assessor
DW
2.3.1.2
No Run/ testable criteria
The criteria and impact of the ‘No Run’ status in this category are as follows: -
Original
Object Id
Original Object text
Acceptance Criteria
Verification
Method
Impact
ARC-463
Fujitsu Services shall
demonstrate that network
connections for portable
office configurations shall
be automatically selected
from those physically
available without the
intervention of the
subpostmaster.
Tests to demonstrate
network connectivity for
portable office
configurations are defined
and contained within a
detailed test plan, the
successful completion of
which shall determine the
acceptance of this
requirement. To clarify
‘successful completion’,
ST
Deferred Test
MIG-2981
Fujitsu Services shall
ensure that the closing
position on Horizon can be
fully reconcilable to the
opening position on HNG-X
via means of reports and
the format will be agreed
during development
Migration reports
produced during ST
conform to the agreed
report specification and
contain appropriate data
ST
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
COMMERCIAL IN CONFIDENCE.
STORED
Ref:
Date:
Page No:
REQ/GEN/ACS/0002
Version: 0.1
28-OCT-2009
12 of 33
oO
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
Original
Object Id
Original Object text
Acceptance Criteria
Verification
Method
Impact
MIG-3069
The branch migration
process shall demonstrate:
(a) the closing trading
position for each Branch of
Baseline Horizon,
(b) proof (as defined in MIG
2980) of the successful
migration from Baseline
Horizon to HNG-X,
and
(c) any
regarding
discrepancies
Demonstration as per the
Requirement
ST
MIG-3096
The Fujitsu Services
Configuration Management
service shall make it
possible to identify which
phase (Horizon or HNG-X)
of migration a branch is in
Evidence that the status
of each counter is
correctly identifyable as
being Horizon or HNG-x
during the — simulated
migration period.
RV
MIG-3162
HNG shall be capable of
regression back to Horizon,
including regression of the
full branch estate, up to the
point of Contractual
Acceptance as agreed by
the Migration Strategy
Tests to demonstrate
regression back to
Horizon are defined and
contained within a
detailed test plan, the
successful completion of
which shall determine the
acceptance of this
requirement. To clarify
‘successful completion’,
success criteria will be
iden
RV
SEC-3113
Fujitsu Services shall
provide a list of measures
that will be taken to mitigate
the risk of unauthorised
devices being connected to
any component of the HNG-
x system, with the
exception of passive
devices within the Branch. A
"passive device" is one whic
that all
achieve the
Evidence
measures
requirement
ST
Deferred Test
SEC-3115
Branch Terminals shall be
bootable only from their
primary mass _ storage
device on the terminal.
Evidence that attempts to
boot from other than the
primary mass storage
device fail.
ST
Deferred Test
© Copyright
2009
Post Office Limited
UNCONTROLLED IF PRINTED OR LOCALLY
COMMERCIAL IN CONFIDENCE
STORED
Ref:
Date:
Page No:
REQ/GEN/ACS/0002
Version: 0.1
28-OCT-2009
13 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
Original Original Object text Acceptance Criteria Verification Impact
Object Id Method
SEC-3154 I {CISP 8.5.1b} Unauthorised I Demonstration of I RV Deferred Test
logical access from non- I protection (either by
HNG-X systems and I simulation of attempts of
networks shall be I unauthorised access or by
prevented. This shall I other means). The exact
include but shall not be I timing and environment
limited to, unauthorised I for the tests shall be
access from any of the I agreed in the test plan but
following: Any public I shall in any case be prior
networks used. Networks I to live.
connecting to Third Partie
SEC-3158 I {CISP 8.5.1c} Controls shall I Demonstration of I RV Deferred Test
protect against denial-of- I protection (either by
service attacks originating I simulation of attack or by
from non-HNG-X systems I other means)
including those listed in
Requirement SEC-3152
SEC-3177 I All RADIUS servers that I As per the Requirement ST Deferred Test
authenticate network
access shall be secured
and segregated into logical
network segments by carrier
access method and be
externally visible to
authorised domain users
only.
SEC-3193 I Any mobile backup or I As per the Requirement ST Deferred Test
secondary network
produced within the {CISP.
8.5.1k} specification of the
requirement shall be
secured to the same level
as the primary network.
SEC-3212 I It shall not be possible to I As per the Requirement ST Deferred Test
install any application or
operating system extension
except under the control of
properly authorised and
authenticated systems
administrators carrying out
authorised and audited
changes.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE ve beepeeeienemes
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED
Page No:
14 of 33
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
COMMERCIAL IN CONFIDENCE
oO
FUJITSU
Original Original Object text Acceptance Criteria Verification Impact
Object Id Method
SEC-3257 I The logical security I Tests to demonstrate the I ST Deferred Test
perimeter of the HNG-X I security perimeter are
system shall be defined and I defined and contained
agreed with Post Office I within a detailed test plan,
Information Security. the successful completion
of which shall determine
the acceptance of this
requirement. To clarify
‘successful completion’,
success criteria will be
identifi
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE ve beepeeeienemes
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED
Page No:
15 of 33
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
COMMERCIAL IN CONFIDENCE
Fe)
FUJITSU
2.3.2. Not Complete Status
The following POL requirements have had Acceptance evidence submitted but their assessment has not
yet completed.
2.3.2.1 Not Complete / Functional (Use Case) criteria
2.3.2.2
The number of non-functional criteria with a status of Not Complete is shown in the table 2.2 and
comprises both ‘non-testable’ and ‘testable’ criteria as follows.
Not Complete / non-functional criteria
2.3.2.3. Not Complete / ‘non-testable’ criteria
These criteria all have the verification method of document review. They comprise criteria where
documentary acceptance evidence has been submitted by Fujitsu but where the POL assessment has
not completed.
Ori
inal Object text Acceptance Criteria Impact
ARC-422 The Solution
documentation shall be
provided to POL in
Fujitsu. Services shall make Baseline
available to POL an accurate
and technically complete set of
documentation describing the
Solution Baseline
Documentation Set, excluding
legacy components where
existing Horizon documentation
may be retained.
accordance with the timetable
stated in B6.2 and_ shall
comprise the documents or
other artifacts that are agreed
between Post Office and
Fujitsu Services according to
Schedule B6.2.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.1
Date 28-OCT-2009
Page No: 16 of 33
UNCONTROLLED IF PRINTED OR LOCALLY
STORED
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
Original Object text Acceptance Criteria Impact
ARC-499 For the portable configuration, I DR- Documents provided to
Physical connection to I describe the agreed process
available fixed network end I for connecting the device to
points is manual and presumed I each type of fixed network
to be achieved by the I endpoint and for dealing with
subpostmaster. Fujitsu I all network faults arising from
Services will define with Post I the connection of the device
Office the process that the
postmaster needs to follow to
correct!
DEV-375 HNG-X shall support parallel I Fujitsu will describe how
development streams and, I parallel development and
except where there are I implementation will be
unavoidable dependencies, I supported.
these streams shall be
implementable in any
sequence or combination.
MIG-3017 Physical security of any I Evidence of joint agreement to
infrastructure components, I the — migration processes
including Branch base units, I affecting the security of
which contain any business or I physical infrastructure and the
security sensitive information, I risks to business or security
shall not be compromised by I sensitive information.
processes developed and
implemented for the migration
from Baseline Horizon to HNG-
x
MIG-3020 Fujitsu. Services and Post I As per the Requirement
Office shall jointly produce a
Migration Plan, which shall
detail how Security
requirements at MIG-3015 &
MIG-3216 are to be met
MIG-3033 Fujitsu Services shall I As per the Requirement
implement a reporting process
informing Post Office Ltd of
branches successfully migrated
to HNG X
SEC-3170 All proposals for encrypted I Approval of the Risk
data to pass through any HNG- I assessment process
X firewall layer shall be subject
to risk assessment to
determine if the requirement for
confidentiality outweighs the
requirement for system
availability and integrity.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref REGISENMACSOOU2
2009 Version: .
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED PageNo: 17 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
Ori
inal Object text Acceptance Criteria Impact
SEC-3172 I Cases requiring encrypted data I Approval of the authorisations
to pass through any HNG-X I process
firewall layer shall only be
authorised by Post Office
where a risk assessment has
identified that the requirement
for confidentiality outweighs the
requirement for system
availability and integrity
SEC-3178 Any end-user messaging I Evidence of the Requirement
components or services, and I in the Design.
their dependent systems or
services shall be usable by
authorised users from within
the HNG-X environment only.
“End-user messaging" shall be
interpreted as the Branch
Message Broadcast Service
and any ot
SEC-3180 I In the event that e-mail I Evidence of review if e-mail is
facilities are added to HNG-X, I incorporated.
additional security features
shall be agreed with Post
Office Information Security
prior to implementation.
SEC-3185 I The provision of messaging I Evidence of the Requirement
Capability shall not permit I in the Design.
active or scripted code to be
carried within the message
body that may be executed
upon Branch Terminals or
intermediate systems.
SEC-3223 It shall be possible to recover I Examination of Key
the system to a secure I Compromise and Key Change
operating state from the I Procedures: NB/PRO/O08&
compromise of any key that
could directly or indirectly
expose plain text PIN values.
This represents no change to
the current Horizon system.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 18 of 33
Fe)
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
inal Object text
Acceptance Criteria
SVC-806
Transaction Time Benchmark
evaluation shall be conducted
in accordance with the process
described in the document
‘Counter Transaction Time
Performance - measurement
and results(CS/PER/046)'.
An entry in an artefact within
the Solution Baseline
Documentation Set will be
supplied which cross
references this requirement
with the appropriate document
and the relevant clause within
the document will be supplied.
The document will describe
how this
© Copyright Post Office Limited
2009
COMMERCIAL IN CONFIDENCE
Ref:
Version:
UNCONTROLLED IF PRINTED OR LOCALLY _ Date:
STORED Page No:
28-OCT-2009
REQ/GEN/ACS/0002
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
2.3.2.4 Not Complete / ‘testable’ criteria (ST or RV)
The criteria with this status are shown below together with an impact statement.
Original Original Object text Acceptance Criteria Impact
Object Id
ARC-470 Any single failure within the I Tests to demonstrate
Data Centres shall notI business continuity are
cause loss of any of the I defined and contained within
Business Capabilities &Ia detailed test plan, the
Support Facilities successful completion of
which shall determine the
acceptance of this
requirement. To clarify
‘successful completion’,
success criteria’ will be
identified
ARC-474 Confirmation messages for I As per the requirement
online transactions will only
be harvested in batch mode
at end of day. This means
that the TES will not
receive C2 messages in
near real time, and
Streamline payment file(s)
will only be produced
overnight.
MIG-2987 The capability to provide I As per the Requirement
prosecution support relating
to incidents on Baseline
Horizon shall _—_ continue
unimpaired during and
following completion of
migration.. In Baseline
Horizon this refers to
ARQs. . This may be
interrupted during data
centre move for
MIG-3078 Fujitsu Services shall I Evidence that tools will
provide any tools I ensure achievement
necessary to ensure that all
requirements for migration
to HNG-X are achieved.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE ve beepeeeienemes
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 28-OCT-2009
STORED PageNo: 20 of 33
Fe)
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
Original
Object Id
Original Object text
Acceptance Criteria
Impact
MIG-3109
Fujitsu shall ensure that
during migration (when
client data comprises of
both Horizon and HNG
sourced data) if failures
occur, that the resulting
Client data feeds are
complete and accurate
subject to agreed service
levels (i.e. no omissions
and no dupli
ST displays that Interface
specifications for all
outbound data feeds are
adhered to, irrespective as to
the source system (e.g.
Horizon or HNG). ST also
conforms that no data is lost
or duplicated in the outbound
data files during the
migration period.
MIG-3119
Except where dual
interfaces have been
agreed reference data
changes will be applied
consistently to both
Baseline Horizon and HNG
via a single interface to the
counter estate. This
includes Product, Branch
and AP (including AP_LADC
reference data driven
ST confirms that a single
source of reference data
changes can be consistently
applied to both Horizon and
HNG, in effect simulating the
operational requirement
during migration
MIG-3154
Prior to and during
migration to HNG-X, Fujitsu
Services shall provide a
Live Reference Data
Proving environment
capable of validating
Horizon and HNG-X
reference data prior to its
release into the live
environment. This shall
include the ability to conf
Proof that Horizon or HNG-X
data will operate as expected
in the appropriate
environment
MIG-3155
FS and PO shall establish a
reference data verification
process using the LRDP
environment to determine
that reference data
distributed to the HNG-X
and Horizon environments
will have the same or
where agreed equivalent
functional or operational
effect
Evidence that either Horizon
or HNG produces equivalent
outcomes to the existing live
Horizon data (except where it
is agreed that outcomes will
not be equivalent).
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
Ref.
Version:
Date:
Page No:
COMMERCIAL IN CONFIDENCE
STORED
28-OCT-2009
24 of 33
REQ/GEN/ACS/0002
oO
FUJITSU
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
COMMERCIAL IN CONFIDENCE
Original
Object Id
Original Object text
Acceptance Criteria
Impact
MIG-3161
It shall be possible to make
software changes to
Baseline Horizon during
the Migration period ,
although Post Office has no
current plans for this.
Tests to demonstrate
changes to horizon baseline
during migration are defined
and contained within a
detailed test plan, the
successful completion of
which shall determine the
acceptance of this
requirement. To clarify
‘successful completion’,
success crit
MIG-3164
Baseline Horizon branches
installed during the Branch
migration roll out period
shall be scheduled for
subsequent conversion to
HNG.
Evidence that Branches
installed as Baseline Horizon
can be converted to HNG-X.
Tests to demonstrate this are
defined and contained within
a detailed test plan, the
successful completion of
which shall determine the
acceptance of this
requirement. To c
MIG-3256
Following migration to
HNG-X, Fujitsu Services
shall provide a _ Live
Reference Data Proving
environment capable of
validating HNG-X reference
data prior to its release into
the live environment. This
shall include the ability to
confirm the expected busi
Proof that HNG-X data will
operate as expected in the
HNG-X environment All BAU
processes in place and
agreed with PO Ltd.
SEC-3144
The HNG-X system shall
not retrieve data from any
external web service unless
additional security features
are agreed with Post Office
Information Security. For
the avoidance of doubt, no
security change is required
to the connection to the
DVLA web servi
Demonstration of protection
(either by simulation of attack
or by other means). Tests
are only required if HNG-X
supports browsing of external
web servers.
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
COMMERCIAL IN CONFIDENCE
Ref:
Version:
Date:
STORED
Page No:
REQ/GEN/ACS/0002
0.1
28-OCT-2009
22 of 33
oO
FUJITSU
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
COMMERCIAL IN CONFIDENCE
POL00032629
POL00032629
Original
Object Id
Original Object text
Acceptance Criteria
Impact
SEC-3224
It shall be possible to
recover the system to a
secure operating state from
the compromise of any key
that could directly or
indirectly expose plain text
PIN values. This
represents no change to
the current Horizon system.
As per the Requirement
SEC-3234
Sensitive Cardholder Data
(see Definitions) shall be
rendered unreadable
anywhere it is stored
(including data on portable
media, backup media, and
in logs) by using any of the
following approaches:
One-way hashes (hashed
indexes), such as SHA-1
Truncat
As per the Requirement
SEC-3309
All Sensitive Authentication
Data (see Definitions) and
Sensitive Cardholder Data
shall be encrypted using
approved algorithms and
encryption protocols whilst
in transit over any public
network unless specifically
agreed in writing by the
client.
Approve
Tests show that all specified
data is protected by
encryption or other method
that makes it impractical to
deduce
SER-2195
Fujitsu Services shall
define a Software Delivery
Management _ processes
such that distribution,
activation, Business
enablement and
Regression activities are
known and controlled by
Post Office, by branch and
for the whole estate as
described in Systems Ma
Tests to demonstrate the
migration to HNG-x are
defined and contained within
a detailed test plan, the
successful completion of
which shall determine the
acceptance of this
requirement. To clarify
‘successful completion’,
success criteria will be
identifi
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
Ref.
Version:
Date:
Page No:
COMMERCIAL IN CONFIDENCE
STORED
28-OCT-2009
23 0f 33
REQ/GEN/ACS/0002
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
Original Original Object text Acceptance Criteria Impact
Object Id
TR471 To support external training I As per the requirement
activities including
migration, the solution shall
be capable of running on a
pre-defined portable
platform.
2.3.3 Not Covered / Zero defects status
I
2.3.4 Deferred Failed status
This status identifies those Use Cases where one or more defects have been identified and agreed to be
deferred. An Acceptance incident has been raised for each defect and these are contained in section 3.
2.3.5 Failed Status
This status identifies those Use Cases or non-functional criteria where one or more defects have been
identified. An Acceptance incident has been raised for each defect and these are contained in section 3
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED Page No: 24 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
3 Review of status of Acceptance Incidents
The Acceptance Incidents listed below have been raised because the acceptance evidence has failed to
meet the acceptance criteria. They have been classified into three groups: -
e Those arising from defects whose resolution has been agreed to be deferred until after
the start of Pilot. These have an identifier of Al-AD-nnn
«Those arising from defects that have been raised during the assessment of the non-
testable criteria - in this case Document Review. These have an identifier of AI-NT-nnn.
e Those arising from defects that have been raised during testing and where no formal
deferral discussions have taken place. These have an identifier of Al-TS-nnn.
3.1 Acceptance Incident Aggregation
Schedule B6.3 (4.6.3) recognises that HNG-X Acceptance Incidents that are agreed to result from the
same failure or deficiency, or to affect the same operational process or business function, may be
aggregated into a single HNG-X Acceptance Incident for the purposes of the thresholds identified in
section 1.2. The following sections contain details of all of the individual Acceptance Incidents and then
identifies where aggregation has occurred.
3.2 Acceptance Incidents arising from Agreed Deferrals
There are 105 Als of this type of with the following severity: -
Acceptance Individual Als
Incident Severity
Low 105
Medium 0
High 0
Total 105
Of these, 27 of the Low Severity Als have been aggregated into 8 Low Severity Als giving a net figure as
follows: -
Acceptance Net Individual Als I Aggregated Als Net Total
Incident Severity
Low 78 8 96
Medium (e)
High 0
Total 78 8
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date 28-OCT-2009
STORED PageNo: 25 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
3.2.1 Acceptance Incident details for type Al-AD
Details of these Acceptance Incidents are contained in the embedded WORD document here.
aE
D:\PROFILES\cooked’
My Documents\My Dc
3.2.2. Aggregated Acceptance Incident details for type Al-AD
Details of these Aggregated Acceptance Incidents are contained in the embedded WORD document
here.
D:\PROFILES\cooked’
My Documents\My Dc
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY Date 28-OCT-2009
STORED Page No: 26 of 33
POL00032629
POL00032629
oO ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
3.3. Acceptance Incident arising from non-testable criteria
There are 14 Als of this type of with the following severity: -
Acceptance Individual Als
Incident Severity
Low 4
Medium 10
High 0
Total 14
Of these, 10 of the Medium Severity Als have been aggregated into 1 Medium Severity Al giving a net
figure as follows: -
Acceptance Net Individual Als I Aggregated Als Net Total
Incident Severity
Low 4 0 4
Medium 0 1
High 0 0 0
Total 4 1
3.3.1. Acceptance Incident details for type Al-NT
Details of these Acceptance Incidents are contained in the embedded WORD document here.
ea)
D:\PROFILES\cooked’
My Documents\My Dc
3.3.2 Aggregated Acceptance Incident details for type Al-NT
Details of these Aggregated Acceptance Incidents are contained in the embedded WORD document
here.
D:\PROFILES\cooked’
My Documents\My Dc
© Copyright Post Office Limited GCNIANEOT. bi Seema Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 27 of 33
Fe)
FUJITSU
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
COMMERCIAL IN CONFIDENCE
3.4 Acceptance Incident arising from Testable criteria
There are ?? Als of this type of with the following severity: -
Acceptance
Incident Severity
Individual Als
Low
Medium
Of these, ?? of the Low severity Als have
Acceptance
Incident Severity
Individual Als
Aggregated Als
Low
3.4.1. Acceptance Incident details for type Al-TS
Details of these Acceptance Incidents are contained in the embedded WORD document here.
been aggregated into ?? Als giving a net figure as follows: -
© Copyright Post Office Limited
2009
UNCONTROLLED IF PRINTED OR LOCALLY
COMMERCIAL IN CONFIDENCE
STORED
Ref.
Version:
Date:
Page No:
REQ/GEN/ACS/0002
0.1
28-OCT-2009
28 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 7
FUJITSU COMMERCIAL IN CONFIDENCE
3.5 Acceptance Incident total
The overall status of all Acceptance Incidents is as follows: -
Severity AI-AD - Agreed AI-NT - Non AI-TS - Test Total
Deferred Testable
Low 96 4 TBA
Medium () 4 TBA
High ie) 0 TBA
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.4
UNCONTROLLED IF PRINTED OR LOCALLY Date 28-OCT-2009
STORED PageNo: 29 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
FUJITSU COMMERCIAL IN CONFIDENCE
A Applicable POL Requirements and Acceptance
Criteria
The POL Requirements and Criteria, contained in the HNG-X Requirements Catalogue - POL DOORS
archive v1.42, and associated with AG3 are contained in the embedded spreadsheet.
cal
D:\PROFILES\cooked’
My Documents\My Dc
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 30 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3
FUJITSU COMMERCIAL IN CONFIDENCE
B_ Definition of Acceptance Methods
The set of HNG-X Acceptance methods are defined in Appendix D of Schedule B6.3 HNG-X Acceptance
Process and reproduced below.
Type Description
HNG-X HNG-X Acceptance Criteria that cannot be objectively verified by a test of HNG-X
Document may be satisfied by Post Office undertaking a HNG-X Document Review. The
Review outcome of any such review will be documented by Post Office in the HNG-X
Acceptance Tracking Document. Fujitsu Services will supply a list of documents
(and any specific references within such documents) for Post Office review,
which may satisfy the agreed HNG-X Acceptance Criteria.
HNG-X HNG-X Acceptance Criteria may be satisfied by Post Office participating in an
Design HNG-X Design Walkthrough led by Fujitsu Services of the Fujitsu Services’
Walkthrough I design. The outcome of any such HNG-X Design Walkthrough will be
documented by Post Office in the HNG-X Acceptance Tracking Document.
HNG-X Tests that are owned and managed by Fujitsu Services with significant
Solution Test I Collaborative support from Post Office, for the purpose of verifying that the Fujitsu
Services’ solution for the HNG-X System satisfies the relevant HNG-X
Acceptance Criteria. The collaborative team will produce a joint test report
presenting the results of the tests.
HNG-X Tests that are run and managed by Post Office with significant collaborative
Release support from Fujitsu Services, for the purpose of verifying that the HNG-X
Validation Release satisfies the relevant HNG-X Acceptance Criteria. The combined team
will produce a joint test report presenting the results of the tests and provide
evidence on any areas of non conformance.
Post Office shall specify any need beyond the level of support that Fujitsu
Services are required to provide under normal operational practice (such as a
report etc). Duration, nature and characteristics to be agreed in advance between
Post Office and Fujitsu Services and will take place during Live Pilot or
exceptionally during Live Monitoring. The total duration of HNG-X Monitoring and
the obligations on Fujitsu Services to produce data/reports to support Post Office
monitoring to be agreed between Post Office and Fujitsu Services (each acting
reasonably and in good faith) for a particular HNG-X Requirement.
HNG-X Where the solution to an HNG-X Acceptance Criterion is self-evident and does
Statement of I "0t lend itself to formal proving.
Fact
HNG-X Relates to HNG-X Acceptance Criterion that represents an ongoing contractual
Statement of I obligation for HNG-X.
Obligation
Other Used by exception, to be agreed between the Parties.
© Copyright Post Office Limited COMMERCIAL IN CONFIDENCE Ref: REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 31 of 33
POL00032629
POL00032629
o ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
C Definition of Acceptance Incident Severity
The definition of the severity of an HNG-X Acceptance Incident is defined in Appendix A of Schedule
B6.3 HNG-X Acceptance Process and reproduced below.
High The HNG-X Acceptance Incident was caused by the introduction of changes arising
from Project HNG-X and/or the Associated Change Activities that are subject to the
HNG-X Acceptance Process and results in a defect that would render a key element of
one or more of the Business Capabilities and Support Facilities or a key element of the
Infrastructure unfit for operational use, which could include:
a) not allowing Post Office to undertake one or more Transaction types;
b) not allowing Post Office to undertake one or more Transaction types using the
required business inputs or generating the required business outcome;
c) creating system performance issues which are in, or are likely to cause a, breach
of Service Level Targets.
Medium The HNG-X Acceptance Incident was caused by the introduction of changes arising
from Project HNG-X and/or the Associated Change Activities that are subject to the
HNG-X Acceptance Process and results in a defect that would not prevent operation of
one or more of the Business Capabilities and Support Facilities or elements of the
Infrastructure, but would cause problems in the operational use of one or more
Transaction types.
Low The HNG-X Acceptance Incident was caused by the introduction of changes arising
from Project HNG-X and/or the Associated Change Activities that are subject to the
HNG-X Acceptance Process and results in a defect that does not cause any adverse
operational impact in the use of the Business Capabilities and Support Facilities or an
element of the Infrastructure, or the HNG-X Acceptance Incident can be addressed by
a workaround without any adverse operational impact for Post Office.
Non An incident raised by either Party which, following investigation is found:
Incident
> not to be a defect;
> not to have resulted from the introduction of changes arising from Project HNG-X
and/or the Associated Change Activities that are subject to the HNG-X
Acceptance Process; or
» not to fall within the high, medium or low categories set out in this column.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 32 of 33
POL00032629
POL00032629
ACCEPTANCE REPORT FOR HNG-X ACCEPTANCE GATEWAY 3 “i
FUJITSU COMMERCIAL IN CONFIDENCE
D Acceptance Board recommendation options
It is proposed that the decision of the HNG-X Acceptance Board should comprise one of the following
options: -
1. Proceed through Acceptance Gateway.
i. Acceptance Gateway criteria have all been met.
ii. There no Acceptance Incidents that would prevent progression through this Acceptance
Gateway
2. Proceed through Acceptance Gateway
i. Not all Acceptance Criteria have been met and consequently there are Acceptance Incidents.
ii. The severity of these Acceptance Incidents is within the limits for progression through this
Acceptance Gateway.
iii. Each Acceptance Incident has an agreed workaround.
iv. Where required by the contract, all Acceptance Incidents have an agreed rectification plan or a
target timescale for rectification
3. Proceed at risk through Acceptance Gateway
i. Not all Acceptance Criteria have met and consequently there are Acceptance Incidents.
ii. The severity of these Acceptance Incidents is within the limits for progression through this
Acceptance Gateway.
iii. One or more workaround, rectification plan or target timescale, is not yet agreed.
4. Do not proceed through Acceptance Gateway
i. Not all Acceptance Criteria have been met and consequently there are Acceptance Incidents.
ii. The severity of these Acceptance Incidents exceeds the limits for progression through this
Acceptance Gateway
iii. Remedial actions are required to address the Acceptance Incidents and / or workarounds.
© Copyright Post Office Limited CEAMANEOT, th RememaSEEE Ref REQ/GEN/ACS/0002
2009 Version: 0.1
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 28-OCT-2009
STORED PageNo: 33 of 33