POL00035756
POL00035756
®
Business Technology Transformation Programme
Business Specification Document
Compliance Training Work Package 1.11
Number:
Governance
Presented to: Kevin seller (Network) Date of 25/03/2016
Michael Larkin (Network Conformance) Approval:
Sarah Malone (Training)
Outcome: To Be Confirmed
Outcome {Provide commentary on the decision and if the special requests or caveats are attached to the
Conditions: decision}
Document 1. Ensure the business and programme stakeholders can:
Purpose clearly communicating to a technology service provider what the solution needs to do to satisfy
the customer's and business’ needs
Provide input into the next phase of this programme — the Business Design Cycle.
2. Define the scope of the work package
3. Detail the business process (es) and applicable collateral that underpins the steps within the process
(es).
Template/ Click Here
Guidance
Location
aN
INTERNAL USE ONLY Lof 21 th
“One Best Way ~ Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
Contents
1. Overview 3
1.1. Business Specification Document 3
1.2. Regulatory Compliance Training 3
1.2.1. Background 3
1.2.2. Existing Compliance Management 4
1.2.3. Existing Compliance Auditing 5
2. Scope Boundaries 6
2.1. In Scope 6
2.1.1. Level 3 Requirements 7
2.2. Out of Scope 7
2.3. Business Problem 8
2.3.1. Issues with the current solution 8
2.3.2. Costs & Risks of current solution 9
3. Business Requirements
3.1. User Interface / Availability
3.2. Links to User Management
3.3. Management Information 14
4 Business Collateral 15
5 DRAID Log 16
5.1 Decisions 16
71 Risks 16
7.2 Actions 7
7.3 Dependencies 17
8 Improvement Opportunity 18
9 Project Sparrow Recommendations 20
10 Stakeholders 20
Appendix A - Requirements Catalogue 21
Appendix B - Glossary 21
Appendix C - Stakeholder Feedback 21
Appendix D - Existing Horizon User Management Business Rules 22
Appendix E - Document Control
Document Version History
Document Reviewers & Signatories 22
Internal Use Only 2of 21 “One Best Way ~ Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
1, Overview
1.1. Business Specification Document
This Business Specification Document (BSD) has been produced for the Compliance Training work package.
The purpose of this document is to:
e Ensure the business and programme stakeholders can:
o Clearly communicating to a technology service provider what the solution needs to do to satisfy
the customer’s and business’ needs
co Provide input into the design phase with the supplier
« Define the scope of the work package
Detail the business process (es) and applicable collateral that underpins the steps within the process
(es).
1.2. Regulatory Compliance Training
Post Office Ltd operates in an ever changing environment in relation to the compliance that must be
delivered and adhered to for a wide range of products and services that we transact within our branch
network. As such, it is vital that Post Office Ltd provides the necessary training, support, advice and
assurance to the people working in all branches to ensure they are fully equipped to operate compliantly.
The result is customers are provided with the best possible service, our reputational branch is protected and
the regulatory risks are minimised.
In this ever-changing regulatory environment, Post Office Ltd must ensure it identifies, manages and
controls any existing and future regulatory risks.
Post Office Ltd’s current approach for administering Compliance Training, a combination of workbooks
supported by a test on Horizon for branch colleagues, a manual class room process for new joiners and the
HR system known as ‘Orbit’ for all other colleagues, is a reactive and inflexible process that requires
refreshing to ensure the business continues to effectively and efficiently delivers on its obligations. It is an
approach that confirms adherence to a process rather than one which supports engagement and true
understanding and deployment of the training.
Our current process for testing knowledge and understanding of compliance is fragmented and does not
meet the changing needs of the network models. It is also the process that is being favoured by Product
Teams to demonstrate to Clients such as DVLA compliance to training and procedures and there is a risk
that the approach will overload the branch network.
41.2.1, Background
Everybody who works in a branch is required to understand each compliance module and complete the
associated test before they start serving customers.
Post Office Ltd’s compliance training modules cover a number of different regulatory areas and help branch
colleagues understand what they need to do to ensure that the business operates in a compliant way. This
helps to ensure our customers know that they can trust the Post Office brand.
There are 3 main approaches to deliver Compliance Training -
¢ New Joiners
New joiners to crown branches and new agents and operators attend classroom induction training sessions
and will complete the tests while they are in the classroom. Compliance workbooks are read and a manual
test is completed and marked by the Field Support Advisors running the training. The joiner must then
complete the tests once assigned a branch to obtain a receipt of completion for each of the compliance
modules.
Internal Use Only 3 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
For agency branches, including those operated by multiple partners, it is the responsibility of the agent or
operator to recruit their own members of staff and ensuring that they read the workbooks, complete the
tests on Horizon and obtain a receipt of completion for each of the compliance modules before they start
work. For some of the Network Transformation branches, a proportion of the assistants will be offered
places on the classroom induction training sessions.
« Existing Branch Colleagues
Historically, Post Office has had an obligation to demonstrate to the different regulators that all branches
have been trained regarding how to operate compliantly. This has led to the approach of deploying an
annual training plan which requires all existing branch colleagues to read the relevant compliance
workbooks, complete the tests on Horizon and obtain a receipt of completion for each of the compliance
modules, in order to transact the appropriate products and services.
The modules are refreshed on an annual basis and are issued to the branch network at intervals during the
year. Each module is accompanied by a 10 question Horizon test, which must be completed within a three
week period. A printout from the Horizon system is then produced which identifies the user ID of the person
who has completed the test and this also indicates they have passed the test.
The colleague in the branch must select what role they play in the branch - Agent, Operator, Branch
Manager, Officer in Charge or Clerk.
* Head Office & Central Support Teams
As directed by Post Office Ltd, usually to support Christmas pressure or industrial action, head office and
central support teams access the HR ‘Orbit’ system to read the online compliance modules and take the
associated tests, which must be completed prior to working on the branch counter.
The modules are refreshed on an annual basis and are implemented onto the HR ‘Orbit’ system network at
intervals during the year. Each module is accompanied by a 10 question test, which must be completed
prior to working on the branch counter.
In addition, there are some compliance modules which are unrelated to branches, which all central support
and head office teams must complete annually, e.g. Data Protection/Information Security. These are
available on the HR Orbit system. New joiners are asked to complete this as part of their induction and this
is monitored by HR.
The HR ‘Orbit’ system is not in scope for this work package.
1.2.2, Existing Compliance Management
Historically, it has been the role of the Compliance Team, Branch Standards and the Network Engagement
Team to determine the annual compliance training plan. The Compliance Team provide the guidance on
what training needs to take place to satisfy the regulators. As a group, they decide on the timing of the
different modules that best suit the needs of the regulator and the branches and sign off the content of the
training. For example, mail compliance training is typically deployed in October to ensure that branches are
re-trained at the point proceeding the busiest time of the year for mails transactions.
The Branch Standards Team is responsible for ensuring that all branches complete the training within the
required period. They are not responsible for ensuring that Head Office and Central Support Teams
complete the training.
If a different team want to add to the compliance training plan then the request will be raised via the
normal business change process.
Internal Use Only 4 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
1.2.3. Existing Compliance Auditing
The Field Support Team is responsible for ensuring that new colleagues, agent, operators and any assistants
attending the classroom complete the relevant compliance training. They provide workbooks to the new
entrants mark the tests and input the results to a SharePoint site.
The Branch Standards Team is responsible for ensuring all branches complete the required on-going training
to the required timescale. However, the monitoring approach varies depending on the type of branch.
* Crown branches. Branch managers are requested to complete a SharePoint site to indicate how many
members of staff are working in the branch. A daily Horizon test file is polled by the Compliance Team
and sent to the Branch Standards Data Team and this information is then used to check the number of
different users which have completed the training. A branch isn’t classed as fully compliant until the
expected number of users have completed and passed the training. Regular reports are sent to the
Crown management team to inform them who have completed the training and they also assist in
ensuring the branches complete it on time.
* WHSmith branches. These branches are treated very similarly to Crown branches. Staffing information
is provided to the Branch Standards Team by the WHSmith relationship team and the Branch Standards
Team track completion against the number of staff that are expected to complete the training.
» Agency branches. As above, the data of test information is polled daily and sent to the Branch
Standards Data Team for analysis. Whilst the report indicates the different users in the branch who
have completed the training, because the data regarding the assistants who work in our branches is not
100% accurate and due to the fact that the agent or operator is contractually responsible for ensuring
all staff have been trained, the branch is classed as compliant if there is a user ID who completes the
training at the agent/operator/officer in charge level. Reminders to complete the training are sent to
branches throughout the training window. The Branch Standards Team also makes pro-active calls to
branches that have yet to complete the training before the deadline. They also manage the process for
agency branches where they have failed to complete the training on time and initiate the relevant
corrective action. If an agency branch fails to complete the training on time then this could result in a
visit by a Field Support Advisor and the agent will be charged up to £100 to cover the costs.
Completion of the relevant compliance training modules also forms part of the branch Compliance audit.
The Field Support Team identify which modules should have been completed, identify the members of staff
working in the branch and check that an Horizon receipt is available for all members of staff to ensure that
it has been completed.
Whilst Head Office and Central Support Teams are required to undertake the training via the HR Orbit
system, there is no co-ordinated central monitoring that takes place for completion.
The Civil Aviation Authority also has the legal right to audit any of our branch networks to ensure that any
colleague handling mail in branch has completed the Dangerous Goods training. They also have the right to
request training record information at any time.
(EMC Web Platform - this is the training platform used for the Branch Staff)
(Orbit - this is the training platform used for the Head Office Staff)
Internal Use Only 5 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
2. Scope Boundaries
2.1, In Scope
The scope of this work package is to stipulate the requirements for a new regulatory training solution to
replace two existing systems:
System Description
Horizon POS solution The vast majority of counter colleagues undertake their regulatory
compliance training in branch via the Horizon system. System
constraints mean tests are restricted to 10 multiple choice
questions.
The operational content is delivered through a work book available
via Online Help, which the counter staff are expected to read before
taking the test.
EMC Web platform Developed and administered by EMC, this system was rolled out in
November 2014 for new starters attending POL administered
classroom training (Postmasters, Crown Colleagues and some
Agency branch assistants). The operational content and test
questions are consistent with the Horizon POS solution.
Counter colleagues initially taking their regulatory compliance tests
on this system are advised to continue to use it for any subsequent
tests, rather than the Horizon POS system.
The tag of regulatory compliance training is historic, and perhaps something of a misnomer when
looking at the current set of training modules delivered under that banner. Technically speaking,
some of the modules delivered under the auspices of ‘regulatory compliance training’ do not have
a regulatory element and could be more accurately described as product knowledge or
conformance training. The modules currently delivered via the two systems noted above are:
Financial Services (all branches except Locals)
DVLA Product Knowledge (only DVLA branches)
Homephone & Broadband
Information Security & Data Protection
Anti-Money Laundering
Dangerous Goods
Mails Compliance
Locals Foundation Module (designed specifically for new starters in Locals branches)
Driving License (AEI branches only)
UKBA (AEI branches only)
General Health & Safety (Crown Only)
Colleague Responsibility (Crown Only)
Manual Handling (Crown Only)
Working Safely (Crown Only)
Self-Audit (Legacy DDA compliance test)
In addition to the two systems noted above which provide the channel regulatory compliance
training, the following three areas are within the scope of this document:
1. Change control processes related to the training content
2. Process to chase up non-compliant branches and users
3. Management information
Internal Use Only 6 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
The first two are currently processes which take place largely independently of the system and
there are benefits to be derived by improving the solution to drive better change control and
management of non-compliance (i.e. failure to take the test by deadline)
2.1.4. Level 3 Requirements
There was no Level 3 requirements originally identified for Compliance Training.
2.2. Out of Scope
The table below outlines areas which are explicitly out of scope:
rea
Head Office staff training Head Office (admin) staff has to take and pass a subset of the
regulatory compliance tests. This is done on an internal training and
performance management system called ORBIT (administered by
SABA). This system is considered out of scope for this work
package.
Existing e-learning content New starters that go through the POL administered classroom
training have to undertake some foundation e-learning modules for
products.
Regulatory Compliance Training Although training content will be discussed in this document, this
Content will only be generic terms, based on an understanding that the new
regulatory compliance training solution will need to be able to
deliver a channel to deliver the operational content (currently a
workbook) and a test to check that the content has been digested
and understood.
Other forms of operational training All training delivered outside of the two systems noted in Section
2.1 is also out of scope. This would include the following:
« Sales coaching/training
« Classroom training delivered by Field Support Advisors
Onsite training delivered by Field Support Advisors to new
agents
Ad-hoc remedial training
Enhanced Financial Service training and accreditations
Training for AEI
Any training related to programme or change rollouts (e.g.
EUC branch)
Internal Use Only 7 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
2.3. Business Problem
The Post Office operates in an increasingly regulated environment, with recent years seeing a growth in the
Financial Services products offered, securing a market share in the telephony market and stricter regulation
in the mails area. Given this background context it is imperative that the Post Office be able to deliver a
strong compliance training offer and, critically, be able to evidence to regulators that training is being
deployed and robust processes are in place to address failures to take the necessary tests.
The failure of the current regulatory compliance training solution to fully meet these requirements exposes
the business to financial and reputational risk in the form of regulator sanctions and damage to the Post
Office reputation as a trusted brand. Both of these could ultimately make it more difficult to secure further
business in an increasingly competitive environment.
2.3.1. Issues with the current solution
The following issues have been identified with the current regulatory compliance training solution:
Issue/Limitation mpact
Lack of integrated user directory
and compliance training record
No in built system notifications
or enforcement of test passes.
Users that have not taken the
test cannot be blocked from
transacting
Restriction on test questions
both in terms of number and
response method
No integration between
operational content (workbook)
and test
Unable to save progress through
a test - Horizon POS solution
only
Two distinct system solutions
which are not integrated
Internal Use Only
Template Version 1.0
Difficult to evidence to regulators with any degree of confidence who is
working in our branch network and who has been trained. For the POL
stakeholders facing off to regulators this is the single biggest flaw with
the current solution.
Increased costs in monitoring and intervening with non-compliant
branches and users. The latest test (Financial Services) saw 34% of
branches non-compliant when the deadline had passed, which imposes
costs on the business in terms of intervention calls to branches and
remedial action.
The number of test questions on the current Horizon POS is limited to
10 with the only response type being a selection of one of no more than
four multi-choice options (some questions just have two options,
usually True/False). Although the EMC web platform could deliver more
than 10 questions, the training also has to be kept consistent, so this
too is structured around a set of 10 questions.
This limitation on the bank of questions restricts the ability of the
business to demonstrate that the training has improved the capability of
counter colleagues. A small bank of questions with no randomisation
encourages users to simply guess their way through the test.
The current Horizon POS solution forces a separation of the workbook
content and the test questions. The user is expected to read the
workbook and then undertake the test. This does not, particularly in the
case of some of the lengthier and more detailed workbooks, provide a
user friendly learning experience which is conducive to knowledge
transfer and building of capability.
Frustration for users having to start the test again, where they have
progressed part way through and then been forced to exit to perform a
different system function (e.g. serve a customer). Ultimately delays
some users in passing the test and adds to the burden of follow up
intervention and remedial action.
The two solutions outlined in Section 2.1 have no integration. This
means there are two streams of management information which have
no common user ID, confusion for new starters who are faced with one
system prior to their classroom training (EMC web platform) and then
seeing colleagues using the Horizon POS solution when they get into
branch and it also means the operational content and test questions
have to be provided to two systems
8 of 21 “One Best Way Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
Operational content (workbook) __ Historically, branches have been used to receiving hardcopy workbooks
not easily printable - Horizon to read through before taking the test. During 2015 all such workbooks
POS solution were gradually moved onto Horizon Online Help. A print facility is
available to the back office printer, but it requires each page to be
printed individually, which is time consuming for a 30 page workbook.
The knock on impact of this is that branches are more likely to have to
consume the content on the terminal, having to break off to serve
customers and thereby delaying when they can take the test. Or more
significantly, they will not read the workbook content at all and guess
their way through the test.
Poor management information Both of the two solutions outlined in Section 2.1 require management
offer information to be extracted and then manipulated via Access and Excel
to produce reports for different areas of the business and enable
remedial action. There is the cost of this additional data manipulation,
but it also delays intervention actions to chase test passes.
No single multi-channel solution I The Horizon POS solution is only accessible via a Horizon terminal,
whilst the EMC Web Platform is a web-based solution, so is accessible
via any device with a browser, but is not accessible via the Horizon
POS.
Those counter colleagues using the Horizon POS solution have to try
and both read the operational content and take and pass the test on the
POS. This can be time consuming and disruptive to customers,
especially in branches with only one Horizon POS terminal.
Lack of portable training record Users moving between branches have to either take the regulatory
compliance tests again in each branch they work in, or ensure they
photocopy their training completion receipts and keep them in each
branch for audit purposes.
Field Support Advisors reliant on I The Horizon POS provides a receipt at the end of the test to prove that
paper receipts as proof of a user has passed. The Postmaster/Manager in the branch is
compliance when auditing responsible for keeping a record of all these audit slips for themselves
branches and all members of staff for each of the mandated tests. Field Support
Advisors then audit these as part of a compliance audit in the branch,
This is time consuming and inefficient, particularly in branches with
large numbers of counter clerks, where the auditor might be trying to
reconcile 100 individual receipts or more.
System inflexibility pushes The mandatory training modules are generally done on an annual cycle,
business to annual test cycles including the updates to the operational content and the test questions.
Changes to process in the meantime would tend to be communicated
via the fortnightly communication Branch Focus channel, but would not
necessarily be reflected in the workbook or training.
No in-built system tracking, The authoring, revision and approval of the operational content
approval or audit trail for (workbooks) and test questions all takes place outside of the current
content solution. Similarly, the audit trail of versions of the operational content,
is accessible, but requires working back through previous versions of
the workbooks. This makes the change process more cumbersome and
slower than it needs to be and also makes finding old content and the
dates it was live difficult (important for Project Sparrow).
Internal Use Only 9 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
2.3.2. Costs & Risks of the Current Processes
During the course of gathering requirements, business stakeholders have been asked to contribute what
they see as the key risks of continuing to operate with our current solution. The following were identified as
part of that process:
1. Costs of remedial action on non-compliant branches - The cost of identifying and taking
remedial action with branches and users that have not taken the test are considerable and, due to
increasing regulatory scrutiny, growing. The Branch Standards Team manages the process of
remedial action which combines communications out to branch, report generation and intervention
phone calls and visits. In response to recent regulator audits, the Branch Standards Team has had
tO change their intervention model in Agency branches. Before interventions were targeted to
secure a Postmaster/Manager pass in each Agency branch, based on the fact that the Postmaster
then has the contractual responsibility to ensure all their staff is compliant. This has now shifted to
chasing individual user compliance via periodic phone audits (around 45% of branches bi-annual
and the rest annually). This has increased the scale and scope of the remedial action considerably
and is made more difficult by the current user management and compliance training solutions.
Estimated costs for remedial action: £240k P/A
2. HMRC Regulator Risk - Post Office Ltd is legally obligated to adhere to the Money Laundering
Regulations 2007. This year we are under regulatory supervision from HMRC, who will be
conducting branch compliance audits. Due to the increased level of scrutiny from our regulator, POL
is able to demonstrate compliance.
HMRC guidance states:
‘You must make sure any employees are aware of the laws covering money laundering. In
particular, employees who deal with customers - including receptionists and anyone who
answers the telephone - should receive regular training to make sure your business
complies with the regulations’.
Whilst there is currently have AML / CTF compliance training in place for network colleagues, POL
remain unable to monitor completion quickly and efficiently, and consequently unable to evidence
this accurately in the event of an audit. Issues with the current solution include the loss of
completion receipts and false operator reporting in relation to staff training. The wider implications
of being unable to evidence compliance include potential financial penalties.
Furthermore in 2015 Post Office Security enlisted the help of external consultancy, Promontory
Financial Group, to review our existing Anti-Money Laundering (AML) and Counter Terrorist
Financing (CTF) landscape. The report produced by Promontory highlighted that we need to
enhance our training framework and recommended the following action in order to successfully
meet our regulatory obligations:
‘The firm;
Implement its training, awareness and communications plan as a priority
Considers oversight of training completion, including establishing a formal process to
accurately monitor individual staff training completion and pass rates
Revisits the number of times assessments can be attempted before full training has to be
retaken.’
3. 1$027001 certification - This is a contractual requirement upon us for the provision of some
Government Service services. Information Security & Data Protection training is a key Control
Group and the requirement for continual improvement is the principle of the ISO.
4. Data Protection Act 1998 relates to Personal Data. Principle 7 relates to Security and within that,
Post Office must provide adequate training & education to our Branch staff. In the event of a breach
where POL are unable to evidence training has occurred in a Branch or across the network to an
‘expected’ level could result in regulatory penalties of £500k rising to 5% of turnover in the revised
DPA expected to go-live in the summer. Furthermore in the event of an ICO enquiry, failure to
Internal Use Only 10 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
provide adequate evidence may result in an audit programme upon our branches being forced upon
us.
5. PCI-DSS is a regulatory requirement upon Post Office and relates to the processing of credit and
debit cards. Once again Branch training is an essential requirement and failure to achieve annual
certification would represent a direct loss of c£40-50m to the business, although it is unlikely.
6. FCA is another regulatory requirement upon where information security training and education is a
corner stone. The FCA have the ability to impose unlimited fines and it is recognized that a failing in
another area like DPA or PCI-DSS have resulted in their respective regulatory bodies to flag these
up to the FCA for them to strike.
7. Dangerous Goods is a set of regulations administered and enforced by the Civil Aviation Authority
(CAA). Deployment of the Dangerous Goods training is a key touchstone for the regulator, who
currently audits POL on an annual basis. Failure to provide the relevant evidence and assurances
that POL has robust processes in place to ensure effective deployment of the training could result in
the CAA issuing enforcement notices requiring POL to put in place stronger controls, through to
ultimately removing the ability to transact mails. Any enforcement notices issued would also impact
on the relationship with our biggest client, Royal Mail. The CAA have already noted weaknesses in
our training deployment and this has resulted in changes to the remedial action processes managed
by Branch Standards (see point 1 above)
8. Reputational risks - A regulator sanction in any of the above areas would entail potential
reputational risks for Post Office. Clients and customers have trust in the Post Office brand and any
suggestion that our staff and agents were not deploying the required regulatory safeguards would
damage that trust. This may ultimately knock on to both clients and customer taking their business
to competitors. Stakeholder feedback to date has been that significant regulator sanctions are
unlikely at this stage, but the weaknesses in our current compliance training solution do leave us
exposed should more regulatory scrutiny be brought to bear on us, something that has already
been seen in the case of HMRC and the CAA.
Further work is required in the format of a Business Case to fully validate the benefits and cost savings
associated with Compliance Training and the current As-Is processes.
Internal Use Only AL of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
3. Business Requirements
3.1. User Interface / Availability
Reference
RCT-REQ-01
RCT-REQ-02
RCT-REQ-03
RCT-REQ-04
RCT-REQ-05
RCT-REQ-06
RCT-REQ-07
RCT-REQ-08
RCT-REQ-09
RCT-REQ-10
RCT-REQ-11
RCT-REQ-12
Internal Use Only
‘Template Version 1.0
‘Requirement Description
The new solution must be easy to navigate for the user.
The new solution must be in line with POL brand guidelines and tone of voice.
The new solution must be DDA compliance.
The new solution must be available across different device types (tablet, laptop, phone, POS).
The user must have the ability to start on one device and complete on another.
The new solution must have the facility to integrate test content in with blocks of questions.
The new solution must have randomised questions from a larger bank of questions.
The new solution must have the facility to put rules and logic behind the questions served to an individual user
(e.g. if a branch gets a question wrong on one topic, ask the branch more questions on that topic or failure of a
large number of questions flags.
The new solution must have the ability to save where you are in a test and come back to complete it.
The new solution must have content workflow and an audit trail.
The new solution must have the ability to embed pictures and videos as part of the training content.
The new solution must have the ability to have expanded question styles - true/false, multi choice, multi correct,
12 of 21 “One Best Way Delivering Change”
RCT-REQ-13
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
drag and drop, image based questions.
The new solution must have the option to “lock” a test after a set amount of fails, requiring the user to get
confirmation from an authorised manager to continue.
3.2. Links to User Management
Reference
RCT-REQ-14
RCT-REQ-15
RCT-REQ-16
RCT-REQ-17
RCT-REQ-18
RCT-REQ-19
RCT-REQ-20
Internal Use Only
‘Template Version 1.0
Requirement Descri
There must be mapping to the users and roles held within Horizon (proposal is to have one user ID per individual)
Single user sign on process (i.e. no requirement to log into POS and Compliance Training solution separately)
User set up mastered by HR in line with Horizon user management process (Please see the User Management BSD
for further information)
User configurable (Horizon POS, e-mail, text) reminder notifications on the system at individual user level and at
Manager/Supervisor level of non-compliance
Facility to prevent, based on test deadline, non-compliant users from:
© Transacting particular product sets
o Transacting any products
Single user training records attached to the user ID and transferable between branches
Ability to disable users to account for long term absence, but provide reminders of outstanding tests when user
logs back in
13 of 21 “One Best Way Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
3.3. Management Information
Requirement Requirement Description
Reference
RCT-REQ-21
RCT-REQ-22
RCT-REQ-23
RCT-REQ-24
RCT-REQ-25
RCT-REQ-26
RCT-REQ-27
RCT-REQ-28
Internal Use Only
‘Template Version 1.0
Web analytics to identify consumption of data (e.g. track that a video was watched until the end)
Branch level dashboard for Postmaster/Manager identifying who is compliant with each test and where there are
outstanding tests to be taken
Reporting by test and question (pass rates etc.)
Dashboard reporting by:
+ Overall network
Segment
Network Hierarchy - RSM/ASM
+ National Multiple Partner
+ Individual Branch (available to central admin staff and auditors also)
The ability to manipulate MI (where appropriate), so that we are not forced to pay additional ums to have new
reports built; however a number of template reports should be available for ease of use
Completion rates by individual, branch and area.
Completion rates by currently available test
Completion rates across all tests in a given time period.
14 of 21 “One Best Way Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
4 Business Collateral
Business collateral that provides the detailed information necessary to inform the detailed design.
Collateral name Doc. Reference Doc.
Version
Compliance Training Workshop One Presentation Compliance Training Workshop One Presentation v0.3
Online Compliance Training High Level Proposal Online Compliance Training High Level Proposal V1.0
PID Compliance Training PID Compliance Training V1.0
5 DRAID Log
5.1 Decisions
‘D No. Dat
Decision I
Taken I
I Workshop I Core Services Decision Description Core Services
Owner
7.1 Risks
Date Risk Risk Title I Risk Detail Contingency Plans / Actions Impact I Severi Next
Opened I Ref I (1-5) ty Review
Date
02-03- RK-01 Nobusiness There is not currently a As discussed there is the issue of
2016 owner Business Owner for each of ‘content owners’ and this would
the aspects of compliance need to be addressed as part of
training. the solution.
Internal Use Only 15 of 21 “One Best Way Delivering Change”
Template Version 1.0
Key:
Category
Impact
Likelihood
Severity (Impact x Likelihood =)
7.2 Actions
Action I Date I Workshop
Ref I Opened
UM- 16/02/2016 WS1
AP-
001
UM- 04-03-2016 WS2
AP-
002
7.3. Dependencies
Id Description
BUSINESS SPECIFICATION DOCUMENT
Medium
Low
Action Detail
Medium
High
Owner
When default user roles are agreed, set up sT
session with Network (PG & AJ) to agree the
names of the roles (e.g. Are terms such as Clerk
still appropriate in POL?)
Find a business owner for Self-Audit (Legacy DDA ST
compliance test.
DP-01 In order to deliver a robust compliance
training solution, there will need to be a link
to user IDs, such that users can be blocked
from transacting product sets (or entirely) if
they have not passed a test by an elapsed
deadline
Internal Use Only
‘Template Version 1.0
16 of 21
Impact
ST
“One Best Way Delivering Change”
Target
Date
01/03/2016 Open
14/03/2016 Open
POL00035756
POL00035756
Updated Comments
This AP is contingent
on the default user
roles being agreed
first.
Owner Action to manage dependency
Resolved: Both BSDs being written
by HG so will ensure they reference
each other at the relevant points.
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
8 Improvement Opportunity
Reference
I Requirement I Requirement Details Source
I number Area
I (if applicable)
10_334 Futures Training Scott Training Mode Addition of a Training Mode — To enable the training of new Branch User
Degg staff and so that existing staff can practice changes without Forum - Karen
the need to use a live counter and stock. Goldthorpe
(Manor PO,
Sheffield)
10_484 Futures Training Scott Training Not all team members understand Horizon, Paystation etc. - FSC Issues Log
Degg Difficult to correct an error if you don't understand how it
occurred in the first instance.
*All FSC teams will need training on the new system - what's
changed, what's new etc.
10_705 Futures Training Scott Training The new training doesn't tell you how to sort a problem when Branch Support
Degg things go wrong. It doesn't tell you what reports to print off to Programme
check things and interrogate the issue.
10_706 Futures Training Scott Training The training does not consist of any training on how to use Branch Support
Degg technology. Programme
10_707 Futures Training Scott Training Training does not cover enough on back office processing and = Branch Support
Degg how to find errors and resolve mistakes. Programme
10_708 Futures Training Scott Training Lack of "what to do if things go wrong" training for branches. _ Branch Support
Degg Lack of loss prevention training. Programme
10_709 Futures Training Scott Training Training on new products isn't very good. DVLA and Health Branch Support
Degg Lottery were poor. Programme
Note: These were the originally improvement opportunities which were identified at the beginning of the project. The requirements detailed in Section 4
incorporate requirements to improve the current business processes associated with User Management within the Horizon System today.
Internal Use Only 17 of 21 “One Best Way Delivering Change”
‘Template Version 1.0
9 Project Sparrow Recommendations
The following recommendations have been made in relation to User Management from Project Sparrow.
Area Issue ident
d
3.11 Postmasters do not
have access to
enough training to
feel competent in
running their branch.
Where training has
taken place, records
have not been kept
consistently.
10 Stakeholders
BUSINESS SPECIFICATION DOCUMENT.
Rationale for
change
POL need to be able
to demonstrate
training across the
network and maintain
robust training
records for branches
and branch staff.
POL00035756
POL00035756
I Consideration for Front Office
On Line training launched
from February 2015 for
completion by all Postmaster
prior to attending classroom
training.
Access to compliance training
and product training is now
available via Subspace, with
options to extend.
Product training records being
maintained and a log retained
in the training catalogue by
BCF.
Below is a list of the stakeholders who have been involved in the production of this BSD.
Attendee/Reviewer
Shaun Turner
Hayden Gilmore
Phil Norton
Paul Blackmore
Sharon Rei
Sue Richardson
Sandra McBride
Claire Davies
Stefania Ulgiati
Shirley Hailstones
Kath Alexander
Mark Horne
Jonathan Knox
Gayle Peacock
Priya Narasimhan
Allen Kambasha
Craig Perrins
Beau Burton
Kevin Seller
Michael Larkin
Sarah Malone
Internal Use Only
Template Version 1.0
Area
Programme
Programme
Programme
Security
Security
Network field Support Team
Network field Support Team
ISAG
NFSP Liaison
Project Sparrow
Project Sparrow
Internal Communications
Internal Communications
Support Services
Network
Network
Network Conformance
Training
Network
Network Conformance
Training
18 of 21
Role
Business Readiness Lead
Business Analyst
Requirements Manager
SME
SME
SME
SME
SME
SME
SME
SME
SME
SME
SME
Product Owner
Product Owner
Product Owner
Product Owner
Senior Sign-Off
Senior Sign-Off
Senior Sign-Off
“One Best Way Delivering Change”
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
Appendix A - Requirements Catalogue
<provide detailed requirements only where there is a need to do so. Examples of when this should happen:
referenced collateral in Section 4 of this document does not provide all relevant information IBM will require
to support the Business Design Phase>
BTTP - Requirements
Catalogue Template \
Appendix B - Glossary
AML Anti-Money Laundering
AP. Automated Payment
AP-ADC Automated Payment Advanced Data Capture
BRL Business Readiness Lead
BITP Branch Technology Transformation Programme - the programme for the
delivery of the Front Office Application
Clerk The merchant of the product or service at the Post Office counter
CRB Criminal Records Bureau
I Consumer The user of the product or service acquired by the Customer
Counter Post Office Counter where a product or service is acquired by a customer
from a Clerk
Customer The acquirer of the product or service
DVLA Driver and Vehicle Licencing Authority
EPOS Electronic Point of Sale - the Front Office Application at a Post Office
counter, or
Electronic Point of Sale - item
FOA Front Office Application
FSC Financial Service Centre - Branch Accounting and Client Enquiries
f Item The product or Service being acquired by the customer or used by the
consumer
I MagCard Magnetic Swipe Card
Appendix C - Stakeholder Feedback
Document Review
Feedback form maste
Internal Use Only 19 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
Appendix D - Document Control
This section records the version history of this document.
Document Version History
Version Date Change Details Author
OL 04/03/2016 Initial version created following workshop one. Hayden Gilmore
1.0 25/03/2016 POL Sign Off Hayden Gilmore
Document Reviewers & Signatories
Version 1.0 Name Role Date Completed
Sign off V1.0 I Kevin Seller Network 25/03/2016
Sign off V1.0 I Michael Larkin Network Conformance 25/03/2016
Sign off V1.0 I Sarah Malone Training 25/03/2016
Reviewer Shaun Turner Business Readiness Lead 11/03/2016
Reviewer Phil Norton Programme 15/03/2016
Reviewer Paul Blackmore Security 15/03/2016
Reviewer Sharon Rei Security 15/03/2016
Reviewer Sue Richardson Network field Support Team 15/03/2016
Reviewer Sandra McBride Network field Support Team 15/03/2016
Reviewer Claire Davies ISAG 15/03/2016
Reviewer Stefania Ulgiati NFSP Liaison 15/03/2016
Reviewer Shirley Hailstones Project Sparrow 15/03/2016
Reviewer Kath Alexander Project Sparrow 15/03/2016
Reviewer Mark Horne Internal Communications 15/03/2016
Reviewer Jonathan Knox Internal Communications 15/03/2016
Reviewer Gayle Peacock Support Services 15/03/2016
Reviewer Priya Narasimhan Network 15/03/2016
Reviewer Allen Kambasha Network 15/03/2016
Reviewer Craig Perrins Network Conformance 15/03/2016
Reviewer Beau Burton Training 15/03/2016
Internal Use Only 20 of 21 “One Best Way Delivering Change”
Template Version 1.0
POL00035756
POL00035756
BUSINESS SPECIFICATION DOCUMENT
End of the Document
Internal Use Only 21 of 21 “One Best Way Delivering Change”
Template Version 1.0