POL00038770 - BTTP/10.11 Enhanced User Management Business Solution Design

Evidence on official site

POL00038770
POL00038770

BTTP / 10.11 Enhanced User Management I
Business Solution Design

Governance

Presented to: SUF 25.08.2016 Date of Approval: /
Outcome: Recommended option accepted. Action now with SD team. i
Outcome '
Conditions: I
ey

INTERNAL USE ONLY 1 of 56 ea

~ “F514
POL00038770

POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Contents

Management Summary — 4

1. 1. Business Problem 4

1.2. Drivers for Change 4

1.3. Summary of Findings 4 :
1.3.2. Impact on Core e Operating F Processes & Management & Support Si Services 8 I

1. 4. ‘Next Steps 10 I

1.5. Owner 10

2. Business Context 10

2. 1. Background. 10

2.2. Business Problem 10
2.2.1. Problem Statement 10
2.2.2. Current Mode of Operation Issues 12
2.2.3. 12
2.2.4. 14
2.2.5. Current Operation Description 29

2. 3. Scope Boundaries 30 :
2.3.1. In scope 30 I
2.3.2. Out of Scope 30 I
2.3.3. Requirements out of scope 32 /

2. 4, Problem Impact on Business 33 I
2.4.1. People 33 I
2.4.2. Process 33 I
2.4.3. Technology 33 /

2.5. Solution Constraints 35

2.6. Solution Acceptance Criteria 36 I

2.7. Key Stakeholder Needs 36 I

3. High Level Stakeholder & Detailed Requirements 37 /

4, Functional Use Cases 37

5. Recommended Option 38

Option 2- Off the Self (Preferred) 38

5.1. Summary 38

5.2. Solution Outline 40
5.2.1. Pros and Cons 44

5.3. Timescale Outline 45

5.4. Budgetary Costs 45
5.4.1. Solution Implementation 45

Internal Use Only 2 of 56 “One Best Way - Delivering Change”

F/1514/2
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0 I

5.4.2. Solution On-Going Service Delivery

5.5. Key Risks & Issues

5.6. Next Steps 47 I
6. Considered Options 47 /
oy Oucnte . Siasnininininininininmimiininininininininiinininininsnininiinininiinininiisninininsnninninuninininininiininnnnnninsnnn o .

7. Appendix A - Glossary 48 I
8. Appendix B - Document History 49 I
i veion isto sonnei ne
9. Appendix C — Post Office Process Classification Framework 49 I

10. Document Control

10.1. Purpose
10.2. Reviewers

10.3. Referenced Documents St
11. Appendix D - AS IS Process Maps 52 I
12. Appendix E - TO BE Process Maps 56 '
Internal Use Only 3 of 56 “One Best Way - Delivering Change”

F/1514/3
POL00038770

POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Management Summary

1.1. Business Problem

User Management describes the functionality that determines who is authenticated to use the
Horizon system and what they can use the system for. In terms of Horizon today, there are nine
different User Roles ranging from a Branch User to an External Auditor.

This document illustrates the processes related to management of a system User, from the initial
registration and set up, through to. any amendments and changes once the User is enlivened and
through to the end point for a User when they are archived from the system, see Appendix D for
the detailed AS IS process maps.

Access control defines the attribute which can be assigned to a User which determines what the
system functions a User can access and action. This manifests itself in the defining of User Roles
which are essentially default groupings of attributes determining the system functions which are
accessible to a User.

The current processes lack control and an audit trail. Users are not restricted to the location and
number of terminals they can log on to and crucially, there are no unique user ID’s. This in turn
makes it difficult to prove who has actually been operating the system at a given time and in
case of fraudulent activity this makes proof of guilt or ownership of culpability difficult to prove.

Project Sparrow produced a number of improvement opportunities which relate to User
Management which are detailed in section 2.2.2 below.

1.2. Drivers for Change

The present user management solution does not provide the necessary controls over who can
access and transact on the Horizon system, thereby exposing the business to regulatory,
financial and reputational damage. The business needs to be able to prove that staff are fully
trained and compliant and that the business is meeting legal and regulatory obligations to both
Clients and Authorities such as the International Civil Aviation Authority (ICAO), the Information
Commissioner's Office (ICO) and the Financial Conduct Authority (FCA). In addition, the business
must be able to protect the agreement it has with Royal Mail by proving we are compliant with
the Mail Integrity Code of Practice.

1.3. Summary of Findings

The summary of key findings is as follows:

« No control of who is in our branches

* No record of who in the branch has been trained to the required standards
e Branch Managers can currently control users and change their passwords
e No single, centralised User Directory

e Not all employees in Branch are being correctly vetted

e The process for vetting employees is paper based and slow

e There is no audit trail of activities performed against a user ID in branch

Internal Use Only 4 of 56 “One Best Way Delivering Change”

F/1514/4
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

The ‘AS IS’ issues and recommended ‘To Be’ state to address those issues is illustrated in the
diagram below. I

Internal Use Only 5 of 56 “One Best Way Delivering Change”

F/I1514/5
9/vLStia

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

Current Solution

vetting
Creston

Audit Trail/Managemant Information

User Registration
Current User Registration
Process is & manual pager
based process using the
PREG for

Lier Wetting (Creation
Users car: be created locally in
brane wath rir guarantee they
hawe heen vetted of passed
raguired training

User Registration (new)
Biectroniz foray ta ragintar
reducing NE arecessing
nosis and removing decay
from posting a forms

Users created ee syatorn
centrally and only abie to
transact ceice they are vetted
and have pamsed required
taining

‘User Vetting ‘Creation (new)

‘User Management

in branch user management open to shuse with

Managen/Postimasters abe to reset clerks
parsiverds.

ho automatic binching/restrictions on users fot

compiant with required reguintary taming

User Management {new}

More secure pamanord regat wibich rae only be

menaged dy user (oe serve) or cemtraty
Users can be exricied/tinckes fram
transacting unui they hewe passed requered
training

User Deletion
Users deleted from the syster fr
Redundant overs sft on the system

User Deletion (new)
Users retired on system Dut retained
int cemtarat repastory with periodic
archer
Automatic housekeeping fer user I
hat used within configurable timesosie

New Solution

ee
I Bete

Audit Trall/Management Information

GeahiingReaieate
Det k user tales

a.
I Rereron
4 Archiving

POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

1.3.1.1.1. Recommendations

The solution must provide:
All users of the Horizon system with a single, unique user ID.
A central repository to house all user credentials for the Horizon system throughout their lifecycle

Confidence at a business level that we know who is working in our branches; that they have all
been vetted; had right to work in UK checks; and have all completed the required induction and
ongoing regulatory & compliance training.

The ability for POL to isolate user access to Horizon should they fail to pass or complete the
necessary training as specified by POL e.g. if a user does not successfully complete AML
training/test then access to products such as foreign currency would be switched off centrally
within POL

Links to the Learning Management system (Success Factors) to ensure that only staff who have
passed the relevant training are enabled to serve customers.

Internal Use Only 7 of 56 “One Best Way Delivering Change”

F/I1514/7
POL00038770

POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

4.3.2. Impact on Core Operating Processes & Management & Support Services

High Level Benefit Assessment

Direct Cost Savings

Enhanced User Management

+ Estimated £50k p.a. saving if the P250 registration form could be automated only when/if link with
LMS/compliance training is delivered

+ Further estimated cost savings Estimated at £70k (figure requires further analysis/validation) saved by
Branch Standards Team

_ HR have raised a risk based on the requirements that they would need to put in additional resource to
manage creation and administration — to be validated

Avoided Costs

+ Further potential benefit achieved through the consolidation of password management.
+ Branch staff only allowed to transact if they have completed mandatory, regulatory training therefore
removing risk of financial penalties.

e Example: Data protection Act 1998, Principle 7 indicates organisations must provide adequate
training and education to staff. Failure to demonstrate this could result in regulatory penalties of
£500k rising to 5% of turnover in the revised DPA expected to go-live in the summer.
Furthermore in the event of an ICO enquiry, failure to provide adequate evidence may result in an
audit programme of our branches being forced upon us.

Non Financial Benefits

+ Clearly understanding who has completed a transaction should enable successful prosecution, reduce legal
consultancy and reduce the number of mitigation cases.

+ Linking user management to LMS will give POL an individual training record for each user

+ Enforcement of necessary vetting and training before allowing users to transact

+ Mitigation against regulatory and reputational risk against a backdrop of increased scrutiny from some
regulators:

+. Improved controls — end to end recruitment, vetting and access processes

se T—COCC—"*NCLsCsCUCis*stCCiaC‘iCOC#COCtCiC‘iC.itO*CwisCCiésC®COCCC;Czit¥CCOCCULTL

o—Reseuree 426-9
Aveided-costs
Nen-firancial o. mpreved-controls- d-to-end-r it t,-vetting-and: S

«Assurance -provided-to-3rd-parties-—- CAA; POCA-contract; Royal Mail

Internal Use Only

S/PLSLid

8 of 56 “One Best Way Delivering Change”
6/VLSL/sd

_ Internal Use Only

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

9 of 56 “One Best Way Delivering Change”

POL00038770
POL00038770
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

1.4, Next Steps

The Solutions Design Document has been produced and is being reviewed. A summary has been
presented to the SUF and the Sponsor w/c 1 August.

1.5. Owner

This document is owned by Angela Van Den Bogerd who is responsible for approval of this
document and all related feedback should be directed to them.

2. Business Context

In accordance with Post Office Information Security Policy and adverse risk appetite, Post Office’s
key controls are designed to ensure regulatory compliance and to make sure we appropriately
manage who has access to data. Policy requirements include:

e Post Office Acceptable Use Policy V1.0 (Section 5 access management refers)
e Post office Business Information systems Policy V1.0

e Post Office Cyber Information security Policy (section 5.6 human resources security
section refers) V1.0

« Post Office Information Assurance Policy V1.0
e Post Office Data Protection Policy V3.0

2.1. Background

We have an opportunity to decrease risk and improve controls of User Access and subsequent
User Management of the Horizon system. In preparation for tender for the Front Office Tower
an improvement opportunities log was compiled and table 1 of section 2.2.1 below is an extract
of the improvement that were identified which relate to user management.

In addition, Project Sparrow produced a number of improvement opportunities which relate to
User Management which are detailed section 2.2.2 below.

2.2, Business Problem

The present user management solution does not provide the necessary controls over who can
access and transact on the Horizon system, thereby exposing the business to regulatory,
financial and reputational damage.

Sections 2.2.1 and 2.2.2 highlight the improvement opportunities that the business has identified
through the Front Office Tower procurement exercise and also from Project Sparrow.

2.2.41. Problem Statement

There are two main classifications of the business problem with User Management in the Horizon
system today:

Internal Use Only 10 of 56 “One Best Way Delivering Change”

F/1514/10
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

1. Lack of control
2. Inadequate risk management.

The current system does not allow the business to control who has access to the Horizon system
and what they can do once able to log onto the system. It does not enforce any pre conditions on
Users so, for example, Users should have undergone a basic disclosure process via Disclosure
Scotland but Users can access the system without this check being conducted and the User being
declared clear to use the system.

We cannot stop Users from accessing the system even though they may have convictions for
theft or other serious crimes nor can we prevent access where Users have failed to complete a
compliance test or have failed that test.

All of the above means that there is considerable risk to the business:
= Risk to Post Office funds from theft, fraud etc.
= Risk to customers’ funds due to theft, fraud etc.
= Risk to customers’ personal information
* Risk of prosecution for non-compliance
= Risk to Post Office’s reputation

= Commercial risk - many client contracts stipulate that branch staff must have completed
the disclosure process to transact their products.

= Commercial risk - it is a legal/ regulatory requirement and a client requirement that all
colleagues serving customers must have had training and completed certain compliance
tests successfully.

Further business problems today include:

= Financial Losses (written-off) as we are unable to fundamentally prove User management
was a problem

= We cannot prove that people have been trained (Compliance to provide figures on
training)

= We do not have a complete record of all Assistants employed within the Agency Network.
(This issue refers to agency branches only.)

= Due to how User Management exists today we can be liable for PCI compliance fines

= Weare at risk of reputational damage, as there are risks like staff not being trained
sufficiently which can lead to products being mis-sold and compensation payment being I
made to customers and financial penalties being incurred by regulatory agencies.

= Branch Managers have too much control today in terms of their ability to create new
Users and amend existing User details.

= Today’s process is very manual and results in a lot of paper having to be manually
complete to create a new User (when done in the correct manner)

= Lack of automation - user management will be an enabler for Success Factors to fully
automate the Vetting process.

* Colleague offers cannot be monitored via the system today.

Internal Use Only 11 of 56 “One Best Way Delivering Change”

F/1514/11
CLIVLS Ld

POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

2.2.2. Current Mode of Operation Issues

Front Office procurement - extract from improvement opportunities log.

10_656

-10_659

10_661

2.2.3.

Process Step
Reference

Improvements to system wide handling of Users. The requirement of annual reporting and holding of printed compliance test on Create New User
a branch by branch basis is archaic. Details and records of tests should be held centrally. This can easily be achieved by adding
a hidden branch code prefix to User names to compensate for any duplication. This would also allow easier handling of relief

PMR.

The Front Office Application should be accessible to branch staff solely via the use of a unique User_id so that there is areliable I Create New User

methodology for auditing sessions or transactions with regard to activity on a per-user basis.

User_ids should be unique across the entire network.
User_ids should be able to be configured by the branch Users to enable ease of use, but should be looked up against a
reference table of existing User_ids to suggest an alternative in the case of duplication.
Link to Pay Number? Where applicable. Should be able to be linked to HR system.

The Front Office Application should be able to restrict Users' rights to complete certain transactions defined as being more Create New User
complex or higher risk so that the exposure to risk associated with these transactions is minimised. / User Roles

Non-transactional system events such as log-on and log-off should be recorded in a format and platform which can be queried Logging On /

or used to enrich existing reporting so that activity can be reviewed on a branch User basis.

The following recommendations have been made in relation to User Management from Project Sparrow.

Rationale for change Consideration for Front Office

Area

Migration
1a

Internal Use Only

I Issue identified

Postmaster & Colleagues claim
not to be competent with new

system prior to “go live”.

12 of 56

Postmasters claiming that they were not
competent on the system when it went live &
training was not sufficient.

POL needs to be able to demonstrate that users
being trained are the correct users & that they
are fully competent and ready for “go live” to
mitigate later challenges.

Training logs need to be fully maintained to

provide accurate records to mitigate possible
later challenges.

“One Best Way Delivering Change”

Logging Off

Training to be monitored to make sure that where
there are competency issues, they are addressed.
Full training records to be maintained with
sufficient notes where applicable.

If any additional and/or intervention is required, it
must be fully documented.

A check of all Colleagues to be trained must be
carried out with HR.

System driven if not registered unable to access
system.
a
=
a
2
=
=
o

1.4

15

3.2

3.4

3.7

5.4

Internal Use Only

POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Users in branch set up with the
incorrect access levels.

Branches not set up with the
correct number/appropriate type
of stock unit.

Where existing branch staff is
being retained, a formal
assessment of knowledge/skills is
not completed prior to incoming
Postmaster taking over.

No robust training records
retained for all training
interventions including sign off
from “trainee”.

Users have a higher access level
to the system than required.

Claims that the Postmaster was
not aware of the issues in
branch.

13 of 56

Risk of fraudulent activity in branch.

Provides better controls in branch.
Risk of fraudulent activity.

Provides better controls in branch, allowing
more accountability.

Branch staff may not be skilled in full range of
branch transactions and procedures; this
potentially could lead to branch discrepancies
during new Postmaster’s learning curve.

POL need to be able to monitor competency
across the network.

POL need to be able to demonstrate training
carried out across the network and maintain
documentation.

POL need to maintain records for all
training/intervention to hi-light issues re: non-
conformance and avoid duplication.

Demonstrate a business that is willing to invest

__in all colleagues.

To prevent fraudulent activity across the
network.

To enable Postmasters to have better controls in
branch.

Principally, Postmasters are responsible for the
operation of the branch and wholly responsible
for the restitution of losses.

Some Postmasters have little involvement or
choose to be ‘absentee Postmasters’. In such
cases, POL needs to ensure that issues are
communicated to the Postmaster.

“One Best Way Delivering Change”

Communication sent to network in readiness for
“go live” including guidelines to access levels.
POL person to make sure that branch staff is set
up with the correct access levels and user ID.
Communication sent to network in readiness for
“go live” including guidelines re: best ways to set
up your branch.

POL person to encourage user stock units where
practical & appropriate.

Training records of existing staff to be retained in
order that incoming Postmaster is aware they are
fully competent on FO.

Complete all training electronically with
confirmation of being stored within FO system at
branch & back end level.

The availability for branches to access this
information readily in branch.

System/business rules need to ensure User access
is controlled in branch by Postmaster or person
with delegated authority of Postmaster. POL
needs central view of this.

Greater identification of the user end User.
Contact with NBSC to be recorded as a User ID
personal to caller - link with HR and in branch
operations.

Recommend that one unique User ID for each
employee/Colleague.

Communicate issues to Postmaster via
letter/email to personal addresses, if absent from
branch.

Greater reliance on Postmaster to communicate
changes in branch /staff - this to be linked with
frequent/infrequent access to system in branch so
vLivLStd

POL00038770
POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL can monitor.

2.2.4,

A series of workshops have taken place to further identify business requirements to address the acknowledged issues and improvement opportunities
around User Management. The following stakeholders attended and contributed to the definition of the current process and identification of business

requirements which now form the Business Requirements Catalogue. The AS IS process maps that were produced are shown at Appendix D.

Workshop 2 - Workshop 3 -
Attendee/Revie Attendance Workshop 1 - CMS Finsbury Dials - Finsbury Dials -
wer Area Role Requirement Leadenhall - 09/02 16/02 23/02
Business
Shaun Turner Programme Readiness Lead Required Attended Attended Attended
Hayden Gilmore Programme Business Analyst Required Attended Attended Attended
Requirements
Phil Norton Programme Manager Optional Attended Attended Did Not Attend
Andy Thornton Programme Project Manager Optional Attended Partial Attendance Did Not Attend
Sally Rush Programme Technical Advisor Required Deputy Attended Did Not Attend Attended
Hector Campbell HR Product Owner Required Did not attend Deputy Attended Deputy Attended
Samantha
Williams HR Product Owner Required Not invited Attended Attended
Debbie Ann Young HR SME Optional Did not attend Did not attend Did not attend
Paul Garnham Network Product Owner Required Attended Attended Attended
Angela James. Network Product Owner Required Did Not Attend Attended Attended
Rodney Lewis Network SME Optional Attended Did Not Attend Did Not Attend
Betty Amin Network SME Optional Attended Did Not Attend Did Not Attend
Beau Burton Training SME Required Attended Did Not Attend Did Not Attend
Natalie Liff Training SME Required Attended Attended Attended
Dave King Information Security Product Owner Required Attended Attended Attended
Aftab Ali Security SME Required Attended Attended Did Not Attend
Shirley Hailstones Project Sparrow SME Required Attended Did Not Attend Attended
Kath Alexander Project Sparrow SME Required Did Not Attend Attended Did Not Attend
Paul Dann FSC SME BSD Review Only Not required Not required Not required
Kevin Seller Network Senior Sign Off Sign Off Only Not required Not required Not required
Julie George Information Security Senior Sign Off Sign Off Only Not required Not required Not required
Joe Connor HR Senior Sign Off Sign Off Only Not required Not required Not required

Internal Use Only

14 of 56

“One Best Way Delivering Change”
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

A second Series of workshops has taken place with internal POL Stakeholders to agree the
desired TO BE processes based on the recommended solution and to further define business
rules and more defined requirements.

Attendees at these workshops were

Workshop 1 Workshop 2

Attendee and Outputs 28 June 5 July
reviewer Area
Shaun Turner Programme Attended Attended
Angela Saul Programme Attended Attended
Dawn Brooks Programme Attended On leave
Samantha Williams HR Attended Attended
Debbie Ann Young HR Attended Attended
Christina Duckworth HR Attended Did not attend
Angela James Network Attended _Did not attend
Betty Amin Network Attended Did not attend
Natalie Liff Training Attended Did not attend
Dave King Information Security Attended Attended

Separate consultations were made with Chris Hardy from Security and Fraud and Sarah Rimmer
in HR.

These were internal process focused workshops, which remained design agnostic and the
following processes and business rules and principles were agreed.

Workshop one on 28 June to cover POL Employed branch users
Joiners process — New POL Employee

Triggers:

- role advertised on IRIS

High Level Proposed Process Agreed

1. Candidate applies for role via Success Factors.

2. HR gather some initial information from the application, issue invitation for interview
3. Interview takes place and right to work checks and evidence provided during interview
4. Candidate deemed successful and conditional offer made to candidate

5. Candidate confirms acceptance

6. Stage one checks triggered internal - check they've no record in POL bad leaver etc.

7. When stage one passed the identity is created (GUID)

8. Candidate can now start using online modules and necessary counter training.

9. Stage two external checks triggered (disclosure Scotland etc.)

10. Stage two passed

11. Counter training passed,

12. User role in user management system updated and pay number created.

13. Begin working in Crown, GUID becomes associated with that Branch.

Note, Full user access to perform tasks in branch will only be granted if BOTH stage two and training is passed.

Internal Use Only 15 of 56 “One Best Way Delivering Change”

FI1514/15
OLvLSW

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

User Management — Create a New Past Office employed User as per workshop 1

Naw User

di one
?,
es
gs
Ee
is

on

z ele
ey rn
EE

indertaken by SF/LMS/HR.

“Internal Use Only 16 of 56

“One Best Way Delivering Change”

e separate pdf of process maps embedded at Appendix E for ease of reading -Note: these maps are only concerned with the User Management process steps so do not contain all of the steps
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Movers Process - POL Employee
Triggers:
« Staff movement between branches
¢ HQ staff to work in branch
e Branch staff to work in HQ
e Staff begin working in multiple branches
e Promotion to different role within branch (promotion

The meeting agreed that if we had a single user ID for working in branch then moving between branches
would not be an issue (‘roaming id’), therefore a process map for Movers has not been deemed necessary.
Business Rules to support the requirements have yet to be fully defined or agreed.

Reasons to temporarily disable a GUID:

« Maternity/long term sick leave
« Conduct issue/suspension

(No process map created for movers)

The requirements in the table below emerged during the workshops and form part of the requirements
catalogue that is embedded in Section 3. These were shared with both Accenture and Fujitsu and POL prior to
the SDD being completed.

Internal Use Only 17 of 56 “One Best Way Delivering Change”

FI1514/17
SLivlSWd

POL00038770
POL00038770

Needed to meet Fraud and
Audit Log years maximum, It shall be — [Investigation team needs in Obligation Have Hardy
larchived after 13 months but obtaining evidence for court Technical
jaccess to archive shallbe —_Icases, Fraud
ossible at oo cost. nalvst

EUM- NEW [3.0 ICreseaNewUser [NFR [Assign a user role- IThe retention peried for Security [Ability to see all users [Testing = Must IWorkshop

AL2164 Postmaster / previous records of with 3 failed CRB Have ton 28

Colleague OR lermpiayment with the Post application. June
Pov/Postmaster JOffice/failed applications shall
fue

EUN-6.0 NEW [3.0 [ModifyaUser [FR [roaming access [The process to attach s user [people could ba sent to work [User can ba attached to [Testing should IWorkshop
Ito ancther branch shali be —_Iin anether branch for la different branch with ton 28
simple without requiring any Iemergencies and don’t want to] minimum amount of June
lunnecessary -epetition of data Ihave to go through extensive Idata capture. (Depends
capture process of setting that person Ion the availability of

up almost from scratch in theirImultiple branches on
new branch SVAl tect ria)

EUM-7.0 NEW [3.0 Isysteminterface [NFR Isystemupdates The feed between Success [User Management needs to be ITests passed in LIS result [Testing iiust Workshop
Factors and the User updated in near real time so Iupdated User Management 1 on 28
management system shall be Ithat if someone passes their Irecord within Xx minutes June
Jas near to real time as training they are ‘unblocked’ ITv be defined).
possible. from performing that task as

lauickly as oossibl
EuN-ee RE SG System FR” ISystem configuration” [Attributes in the Ui system” Jif a new function (such as sell [Anew function or sitribute  [Testing? aise Workshop
[Configuration must be configurable to allow Jice cream) or a new attribute Ican be added to the system 4 on 28
them to be changed according Iis required due to operational [which then allows that June
to business wide decisions, [changes being implemented _I function or attribute ta be
then Post Office require this Jadded to al or any user
Jenhancement to be made in Iwithin xx days of creation.
xX working days (te be
defined hut no ionner than 5)
EUN-6.0 NEW [3.0 Iiocityatser FR lunaitach fromclosed IAll staff ina branch where the Iif there has been fraudulent — [Central acmin function (fo be [Testing Must Workshop
branch manager has been suspended Iactivity in a branch, simply _ agreed where this sts} can ton 28
land the branch is to remain [removing the manager may —_Ide-activate the logon (HUD) Sune
closed for a period of time —_—Inot be enough. if all staff are Iof ali staff na particular
must also have their ability to Ire-assigned under the new —_I branch
log on at THAT branch management any
suspended. subsequently fraudulent
activity can be noted as
attributable to the staff
member directly and not
Jated te the actions af th
EUN-10.0 (NEW [3.0 [Mfocify a User FR lunatiech fromclosed [branch staff that have had [Must allow staff who work in [Pluralbranch userscan [Testing Rust Workshop
i branch only their logon for 2 particular —_I multiple branches to be able toIcontiue to work in other ton 28
branch suspended due to the Iwork in all other branches —_Ibranches even once their June
postmaster being susperded they are assigned te except [HUD ina closed branch has
jand that branch subsequenily Ithe one that has been closed. Ibeen centrally disabled.
remaining closed, must not
have their ability to logon in
nther hranchas susnended.
Internal Use Only 18 of 56 “One Best Way Delivering Change”
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
Leavers Process - POL employee

Triggers:
« Death in service
e Suspension
e Redundancy
e Resignation I

HR will need to key the effective leaving date into the User Management system. When that date is reached
that is when the GUID is retired.

Business Rules to support the requirements have yet to be fully defined or agreed for example, there may be
an operational reason why a GUID might not be retired at the leaving date, for example to assist in balancing I
or accounting processes, however the branch manager should dis-associate user with his branch on their last
working day so that for the avoidance of doubt no further transactions can take place under that user

Identity.

The central admin function receive a ‘hook’ out of the SAP system to retire the GUID once all systems have
closed the user down.

Internal Use Only 19 of 56 “One Best Way Delivering Change”

F/1514/19
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

User Management — Post Office employee leaving

NEE a proce ar eps cated oth Une Mingus wes thar act heme aca than dad
Set ating rach paces wsureancyapeteation se rigatian. tte a repoatatation ofthe econ fers we I
‘statins ath a ier Maragaoace een ela asa NS I

rN :

4

POL employee

tien Hf Rai ey, tt gp fom
‘accep

om

I

Branch/thring Manager

Front Office
Agpicxtion

WR Service Centar/SuccessFactors/UMt
system

See separate paf of process maps embedded at Appendix E for ease of reading -Note: these maps are only concerned
with the User Management process steps so do not contain all of the steps undertaken by SF/LMS/HR.

Workshop two on 5 July to cover Postmasters and Postmaster’s assistants. I

Joiners process — New Postmaster /
Triggers: subpostoffice opportunity advertised
Proposed Process

1. Applies via IRIS or other means depending on commercial opportunities and network.

Internal Use Only 20 of 56 “One Best Way Delivering Change”

F/1514/20
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

2. Applicant must have their own stage 2 vetting undertaken as well as Experian checks and
submit a business plan to team in Chesterfield. The interview takes place and all of those
checks and evidence, including Right to Work are verified.

3. At that point the potential new Postmaster is entered into HR systems and the stage one
check is made.

4. Stage one check passed (stage two already carried out at expense of candidate). LMS
notified and GUID created to allow candidate to carry out mandatory training activities.

5. Training Passed. User role applied to GUID to allow carrying out suitable transactions for a
Postmaster role.

6. First logon in branch is administered by the Auditor/Area Manager present at branch
opening.

Internal Use Only 21 of 56 “One Best Way Delivering Change”

F/1514/21
@ivlsw

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

User Management — Create a New SubPostmaster {workshop 2}

i
I
i
i
X

‘Frospective New Postmaster
t
Es

C avout neocon ecbeties tba atce

‘hen erect anced: marron, Sree

Success Factors
‘tora FRESE
i

Hiing/area
Manager

compen

Front Office
Aontication

HR Service Center

east cee

indertaken by SF/LMS/HR.

‘Internal Use Only

22 of 56

“One Best Way Delivering Change”

POL00038770
POL00038770

e separate pdf of process maps embedded at Appendix E for ease of reading -Note: these maps are only concerned with the User Management process steps so do not contain all of the steps
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Movers Process ~-Postmaster

Triggers:
This scenario does not exist. Noted, however, a Postmaster can own more than one sub Post I
Office and this scenario was not discussed but will be covered further in the Design Phase. I

Leavers Process -Postmaster /

Triggers:
¢ Death in service I
e Suspension I
« Redundancy i
e Resignation I

The central admin function will receive a ‘hook’ out of the SAP system to retire the GUID once all systems
have closed the user down and any outstanding transaction corrections or debts have been settled.

User Management — Post Office employee leaving I
spn rrenm nm ete mete
_—
arate ees I
x i
3 I
:
j
Z
2 i
i
é /
7
£
£ /
= I
:
i
3 — i
oo amen Seay ; - I
a _ seinen nt { om I
: _

See separate pdf of process maps embedded at Appendix E for ease of reading ~Note: these maps are only concerned
with the User Management process steps so do not contain all of the steps undertaken by SF/LMS/HR.

Internal Use Only 23 of 56 “One Best Way Delivering Change”

F/1514/23
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Joiners process - New Postmaster’s Assistant

Triggers: needs of Subpostmaster for staffing. Note: advertisement and recruitment is done
undertaken through any POL systems and is the sole responsibility of the Subpostmaster.

Proposed Process:

1.
2.
3.
4.
5. As with POL employee only when both successful stage two training and stage two is

Postmaster undertakes interview and right to work checks.

Postmaster then contacts HR and requests P250 pack for prospective new assistant.
Complete pack returned for Stage One check. User can be allocated GUID and begin
training only, no counter transactions.

HR conducts Stage 2 checks.

passed can the GUID be assigned a functioning user role in branch.

NOTE: Currently there is nothing stopping an assistant being given access to serve customers via
Horizon before they have stage 2 and any training. In keeping with the aims of the User
Management initiative it is proposed that all future processes should always ensure that both
training and stage 2 are complete BEFORE an assistant can transact.

Internal Use Only 24 of 56 “One Best Way Delivering Change”

FI1514/24
SZ/vlSW

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

User Management — Create a New User postmaster’s Assistant (Workshop 2}

‘ew User

unarsan Trae

Sub-Post Master

Paes

Front Office
Appicrion

HR Service Center SE/LMS/UM

ho Saxtmamer
Stage O04 Faso

cove 88s

/ al — 7)
I esnion sua Factor tage cine rage ve Pins
I jo" ‘hast fap] eETaNE TD

ETngS erat J

raat ome

Biseiomre
Seottand

indertaken by SF/LMS/HR.

“Internal Use Only

25 of 56

“One Best Way Delivering Change”

See separate pdf of process maps embedded at Appendix E for ease of reading -Note: these maps are only concerned with the User Management process steps so do not contain all of the steps
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Movers Process —Postmaster’s Assistant
Triggers:
e Staff movement between branches (postmaster may own more than one branch and the
Assistant can work in any of them)

Single user ID enables this without any further process needed.

Leavers Process - New Postmaster’s Assistant

Triggers:
« Death in service
e Suspension
e« Redundancy
e Resignation

Note: In ensuring that a Postmaster’s Assistant must have stage one and two checks and
training confirmed prior to transacting this will ensure they are registered but it can still be the
case that a Subpostmaster doesn’t inform POL that an assistant has been dismissed/retired etc.
The proposed new process is that a Subpostmaster should inform HR in order that the GUID can

be retired. This does introduce a new responsibility for the Postmaster and any process changes
or contractual implications have not yet been discussed or agreed concerning this.

Internal Use Only 26 of 56 “One Best Way Delivering Change”

FI1514/26
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

User Management — Postmaster’s Assistant leaving

seetiec ars grainy cn crey Hep ot yomoy bee ee erect ae aan ae 7 IE HN i
hams Monagene ct see te me

Rostmuster's Assistant

Fostustee

Front Office
Sapiicatioe

HR Sexvice Center SacenssFactory/UM ovtern

See separate pdf of process maps embedded at Appendix E for ease of reading -Note: these maps are only concerned
with the User Management process steps so do not contain all of the steps undertaken by SF/LMS/HR. I

There are a Set of default user roles shown in the table below which have a hierarchical
order i.e. branch user reports to branch supervisor who reports to branch manager.

There is also a set of functions (also shown in table below) which can be applied to any of
the default user roles (includes what product sets they can transact, which stock units the I
user can attach to etc.) i

Within branch a ‘branch manager’ role can restrict or increase the functions applied to each
of his users. I

The creation of a new function to apply to a user role such as selling ice cream would be '
under taken centrally with the user role being created in the user management system).

Internal Use Only 27 of 56 “One Best Way Delivering Change” \

F/I1514/27
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Proposed DRAFT User Roles v Functions Matrix (not yet confirmed/agreed)

HR

LOCAL USER Support Function * CENTRAL
: Branch I Branch I Branch I, I. I Support : Admin
Function tear I Supervisor I Manager I Auditor I Trainer I Uae Engineer Role
Mails x x x x x x
Banking x x x x x x
FSC x x x x x x
Bill Pay x x x x x x :
Retail x x x x x x
REM In x x x x x
Rem Out x x x x x
Stock Unit
Balance x x x x x
Office Balance x x x x
Cash
Declaration x x x x x
Stock
Declaration x x x x x
Branch Level
Stock x x x
Assign Role x x x
Add Function x x x
Remove
Function x x x
Create User x x x
Archive User x x x
Disable User x x x
Enable User x x x
Reset
Password x x x
View Branch
Users x x x x
View User x x x x
View Sales x x x x
Read Only x
Create User ID
GUID. x
Disable GUID x /
Retire GUID x I

* is currently named Global User -The purpose of the Global role type is to give a nominated
individual a permanent, personalised Global User account to access any branch on the Post Office
estate. A Global user account can be used in any Post Office Branch. The only exception is a

Global User ID with the ‘Trainer’ user group, which can only be used in a Counter Training Office.

There are several types of Global User accounts:-

Auditor E Gives access to all functions of a Branch Manager and

some additional privileges
(Emergency Manager)

Migrate Manager Specialised role for adding new Branches to the Network

Internal Use Only 28 of 56 “One Best Way Delivering Change”

F/1514/28
POL00038770

POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

and creating the Local Users for the new branch
Setup Equivalent to a Branch Manager
Support Provides limited back office functions
Engineer Allows access to system diagnostic functions
Trainer For use on the Counter Training Office (CTO) estate only.

The account allows the user to reset the CTO training

data.

NOTE It is proposed that the term Global User shall be discontinued as the solution described
later in this document is based on the use of a GUID or Global User ID and confusion could arise.
Once the project enters the design phase this issue will be addressed and the above table will be
discussed and amended as necessary with the relevant business stakeholders.

2.2.8. Current Operation Description

During the first set of User Management workshops the existing business processes were
documented. For some of the processes (which are more complex) a process diagram was
produced (see Appendix D), others which are more straightforward are simply listed as the
associated requirements in the requirements catalogue.

Note 1: Northern Ireland Branches: - The two processes above are based on Disclosure
Scotland Checks being performed on the applicants, should an Access NI check need to be
performed the process is as follows:

= P250 received in HRSC (this will be replaced by the automated data capture of this data
onto a portal and automatically sent to HR)

= Stage 1 pass letter sent to Postmaster - including link and PIN number. (this will become
an electronic notification)

= Colleague logs into Access NI system and fills in relevant data

= _HRSC approve

= Access NI complete checks and return Certificate to HR

Note 2: BFPO - It is acknowledged that BFPO’s use their own set of business rules to create new

users and the work undertaken to date has not yet covered these activities in sufficient detail.

There is a general aim to bring the BFPO processes in line with POL ones but that may not be

possible and therefore there may be an additional number of requirements relating to the BFPO :
as work progresses during August 2016. I

Internal Use Only 29 of 56 “One Best Way Delivering Change”

F/1514/29
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

2.3. Scope Boundaries
2.3.4. In scope

In broad terms the scope of the work package can be summarised by the following two areas:
e¢ End-to-end User life cycle management

« Access control
« User Compliance

End-to-end User life cycle management- This document includes the processes related to
management of a system User, from the initial registration and set up, through any amendments
and changes once the User is enlivened and through to the end point for a User when they are
archived from the system.

Access control defines the attribute which can be assigned to a User which determines what the
system functions a User can access and action. This manifests itself in the defining of User Roles
(Section 3), which are essentially default groupings of attributes determining the system
functions which are accessible to a User.

User Compliance - The Branch Standards team in Support Services are regularly called on to supply
Management Information regarding Branch Users and the products they have sold. For example, A
forthcoming Audit by the Civil Aviation Authority means that the Branch Standards Team have to use 20
FTE's for one month to gather and validate data on branch users that have sold mails products to ensure
that they have completed the mandatory compliance training. The business has similar responsibilities to
demonstrate compliance to Royal Mail, Financial Institutions and other regulatory bodies.

In system terms, the scope of this work package is restricted to Users of the Horizon system.
Users are users requiring access to Horizon to serve customers, perform back office functions
(e.g. balancing) or system diagnostics. Presently Horizon is access via EPOS terminals in the POL
branch network, though if alternative channels for accessing Horizon functionality were to be
made available in the future (e.g. via a tablet or laptop), then the same User management
processes and principles outlined in this document should apply to those channels.

2.3.2. Out of Scope

The table below outlines the branch systems which are explicitly out of scope:

AEI The AEI system within branch requires both separate (enhanced)
vetting and User management processes. The existing business
processes will continue to be used to provide User credentials for
the AEI system.

Pay-Station User management for the Pay-Station terminals will continue to be
managed using current processes.

Self Service Kiosks The Self Service Kiosks which exist in some branches today do not
form part of our scope. The control of who uses these systems
(from a branch perspective) will be managed by each user branch
as it is today.

POL website The Post Office website does not form the scope of the
requirements of this document. The system is used by external
customers and their Username / password is part of online self-
service not User management.

External website accessed by general
public

Internal Use Only 30 of 56 “One Best Way Delivering Change”

F/1514/30
POL00038770
POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
Salesforce The Salesforce system is currently utilised in some branches for
Used by FS/MS to manage appointment booking, the Users of this system does not form part

appointments of this scope.

Head Office IT systems Any systems that are used in Head Office.

The table below outlines the processes which are explicitly out of scope:

Process

Vetting checks content This document will refer to the vetting checks conducted both by HR
(Stage 1) and external bodies (Stage 2), but will not describe the
content of those vetting checks.

Third party vetting checks Third parties like the Ministry of Defence (for BFPO Users) and
Fujitsu perform their own vetting checks, which are outside of POL’s
responsibility and therefore this document also.

Audit & Legal Audit and Legal requirements will be part of the Audit and Legal
work package as such this document will not contain an exhaustive
list of these requirements.

Stock Unit Management Stock Unit Management (apart from Logging into and off a stock
unit) will form part of the scope for Branch Accounting.

cTc Counter Terrorist Check

sc Secured Cleared process is not in the scope of User Management.

Internal Use Only 31 of 56 “One Best Way Delivering Change”

F/1514/31
zelvlsWd

POL00038770
POL00038770

ISINESS SOLUTION DESIGN DOCUMI

2.3.3. Requirements out of scope

_A number of requirements in the Enhanced User Management Business Requirements Catalogue V3.0 have been identified as being out of the scope of
Release 1 and more relevant to the Success Factors project. These are being discussed currently to agree ownership and are coloured Amber in the main

requirements catalogue document for easy identification.

I

I

:

/ one ops Ann You
i — I Clee

: - - and BSD0 I a
a 7 3 [stakercid I 7
: . _ I 25]
/

I

t

i Internal Use Only 32 of 56 “One Best Way Delivering Change”

POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0,
2.4, Problem Impact on Business

The problems described within this document manifest themselves as follows
2.4.4, People

Branch Manager/Postmaster - There is no way to see if a user has taken and passed the
mandatory training modules, and no certainty as to which user has actually used a specific stock
unit as there are no controls around users and stock units attached to.

User — There is a risk of password sharing (which will not be totally eliminated by this solution)
which means that Post Office is unable to take action against the correct person.

HR staff — There are lengthy paper based processed to vet potential employees and return

findings to Postmasters. The current solution is stand-alone, potentially incomplete and subject to regular
verification exercises.

2.4.2, Process

The “As Is” processes are complex to perform and have a lack of control and auditability. The
current processes are not enforced for all branch users, for example Postmaster’s Assistants can
use the system without any training and are only put through the vetting process if the
Postmaster initiates it. There is a general lack of end to end process integrity.

2.4.3. Technology

The current solution comprises various disparate elements which are inconsistent and lack
integration.

The following table, extracted from the SDD, summarises the gap analysis between the current
model of operation and the envisaged future model of operation, and illustrates how some of the

current business problems will be addressed.

Category

Management of
unique identifiers.

CMO

The user identity management in the
current solution is managed by the
Horizon system.

The primary issue with the current
system is that a single user can have
multiple identifiers.

The unique identifier in the Horizon
system is termed as HUID.

The primary reason why users have
multiple HUID’s is because the HUID is
a construct of FAD terminal + log id.
There are multiple FAD (HNG) terminals
within branches and also users work in
multiple branches.

FMO

In the future mode of operations the user
will have a global unique identifier - GUID
maintained and managed by the new
enhanced user management system.

The GUID will be mapped to the existing
multiple HUIDs during the migration
process.

Also the GUID will be mapped to the SAPID
of the user managed within the HR SAP /
Success Factors.

Types of user
information stored
within different
systems.

The Horizon system stores the
information about the users primarily
from the branch perspective. The types
of users that are stored within the
horizon system are:

© Branch Managers
© Branch Assistants

In the future mode of operation Horizon
system will continue to store information
about the types of users that its stores
now.

The Enhanced User Management System
and HR SAP / Success Factors will store the

Internal Use Only

33 of 56

“One Best Way Delivering Change”

F/1514/33
Category

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

CMO

* Colleagues

The HR SAP stores information about
the following types of users.

* Corporate Users
© Branch Managers
+ Colleagues

The HR SAP does not store any
information about the branch
assistants.

FMO
information of all four types of users.

Corporate Users
Branch Managers
Branch Assistants
Colleagues

User credentials

The user credentials
(username/password) are stored within
the Horizon system in its central
database.

No user credentials of any kind are
stored within the HR SAP system

The Enhanced User Identity and Access
Management system will be the primary
system that will create and manage the
user credentials for all types of users.

During the interim phase the users that
have not be migrated to the enhanced user
management system will continue to use
the credentials from the Horizon system.

For all new and migrated users the
credentials will be maintained centrally
within the enhanced user management
system.

The Horizon system will have the capability
to validate the credentials with the central
enhanced user management system during
user authentication process.

HR SAP / Success Factors will not maintain
any user credentials.

User Lifecycle
management & Role
assignments.

In the current system the user life cycle
management is done by the branch
managers within the Horizon system.

A single user may have multiple ids
within the same or across multiple
branches. This is because the branch
managers manage this process within
the local branches.

All the role assignments is done
through the HNG terminals.

The user lifecycle process will be stream
lined through HR Success Factors and
Enhanced User Management System.

In the interim state the enhanced user
management system is assumed to be the
master of user life cycle management
information and will maintain the different
states including role assignments.

HR Success Factors will eventually become
the master of user lifecycle management
and will be responsible for providing
updates to the Enhanced User Identity &
Access Management system.

Whenever roles are assigned through HNG
terminals the Horizon system will be
responsible for sending the updates to
enhanced user management system.

Authentication &
Authorisation

The authentication and authorization is
managed by the Horizon HNG terminals
where the credentials are verified
against the Horizon central services.

The Horizon system will delegate the
authentication services to the central
enhanced user identity and access
management system where the credentials
are stored.

The enhanced user management system

Internal Use Only

34 of 56

POL00038770
POL00038770

“One Best Way Delivering Change”

FI1514/34
Category

BUSINESS SOLUTION DESIGN DOCUMENT ~

CMO

ENHANCED USER MANAGEMENT V3.0

FMO

will provide the role details and other
attributes to the Horizon system to perform
access control.

If the user has multiple roles across
multiple branches he will prompted to
select a role and branch from where he
would like to perform his operations post
authentication process.

Self Service

There are no self-service features in
the current mode of operation for users
to change his password.

User passwords are reset by the branch
managers. The risks with the existing
system is that branch managers are
aware of their assistants’ passwords.

The enhanced user identity and access
management system will provide the
services for users to change the password
in scenarios when he is a new joinee and
also when he has forgotten his password.

The self service capability will also provide
the features for user to set and validate the
security questions during password resets.

In scenarios where user is unable to
answer the security questions accurately
capabilities will be provided within the
enhanced user management system to
service the user with password resets
through a help desk function.

Password Policy

There is currently no password policy
managed within the Horizon system in
the current mode of operation.

The enhanced user identity and access
management system will enforce a
password setting policy within the system
for the users. For example.

* Minimum of 8 characters.

* Should contain alphanumeric and
special characters.

* Should have at least one character
in caps.

There will be administrative interface to
configure the password policy.

The system will also have the capability to
configure other rules. Examples of certain
rules are listed below.

* User will be forced to change his
password periodically.

* User cannot repeat his password
for at least 12 consecutive
changes.

2.5. Solution Constraints

POL00038770
POL00038770

In accordance with Post Office Information Security Policy and adverse risk appetite, Post Office’s
key controls are designed to ensure regulatory compliance and to make sure we appropriately
manage who has access to data.

Constraints on the required solution are:

Constraint

Internal Use Only

Description

35 of 56

“One Best Way Delivering Change”

FI1514/35
POL00038770

POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
Constr Description
Timescale Implementation of a full end to end solution is dependent upon the
development of links between the User Management solution and Success
Factors

The impact of HNGa rollout on implementation has yet to be determined.

Resource availability Resource requirements are defined in the business case
Budget Authorisation and budget will be determined by Post Office governance
Legislation or Regulatory needs There are no legal or regulatory constraints, although there are a number

considerations and requirements which need to be met.
Technology framework/strategy Solution components must provide the capability to operate within the
constraints of the domain ownership rules of the Information Model.

There are constraints within the Horizon system to provide this
functionality hence this capability will be provided through User interface
provided by the enhanced user identity and access management system
for the POL users.

Company Standards Post Office Acceptable Use Policy V1.0 (Section 5 access management
refers)

Post office Business Information systems Policy V1.0

Post Office Cyber Information security Policy (section 5.6 human
resources security section refers) V1.0

Post Office Information Assurance Policy V1.0
Post Office Data Protection Policy V3.0
Security "Defined above and to be determined

Safety No constraints envisaged

2.6. Solution Acceptance Criteria

To be determined in the design phase of the programme.

The following key success factors represent measurable criteria that will be used to evaluate the
recommended solutions to determine a solution will be acceptable to the business.

Ex Description Measured by

SOL-1

2.7. Key Stakeholder Needs

The key solution needs from the perspective of key Stakeholders are:

Area Sti older Nam: Key Needs/Features of solu’

People Angela Van Den Bogerd * Clear accountability and resource needed to support Branch
Joe Connor Messaging and Help & Support
Gayle Peacock * Changes to roles in HR, Communication, NBSC and Product

Managers to support effective end to end business process to
determine suitability to serve customers

* Users uniquely identifiable
* Users Training and Compliance can be proven

Internal Use Only 36 of 56 “One Best Way Delivering Change”

FI1514/36
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

S of So!

Area Sti holder Name Key Needs/Feat in

Processes Angela Van Den Bogerd + Tighter controls around vetting to determine ability to transact
Joe Connor only when trained

Gayle Peacock * Revised business processes with links maintained between
training status and system access

System Angela Van Den Bogerd * Passwords created centrally and not by end users, with password
Joe Connor supplied to end user

Gayle Peacock * Management of new supplier with new support arrangements,
continuity and DR

+ Information is shared in real time

Policy/ Dave King * Policies to be clearly defined and communicated - particularly to
Standards Chris Hardy agents/operators/postmasters

Angela Van Den Bogerd * Data retained in line with legal and business requirements

3. High Level Stakeholder & Detailed Requirements

RACI
Responsible
Accountable

Consulted

Informed
Hector Campbell HR Product Owner. Responsible
Samantha Williams HR Product Owner Responsible
Debbie Ann Young HR SME Consulted
Christina Duckworth HR SME i Consulted
Sarah Rimmer HR SME Consulted
Paul Garnham Network SME Consulted
Angela James Network SME Consulted
Beau Burton Training SME Consulted
Natalie Liff Training SME Consulted
Information Consulted

Dave King Security SME
Chris Hardy Security SME i Consulted
Shirley Hailstones Project Sparrow SME Consulted
Kath Alexander Project Sparrow SME Consulted
Caroline Hilton Product Manager Informed
Martin Kearsley Project Manager Informed
Target Operating Informed’
Alison Jaap Model owner

Stephen K Ward Branch Standards Informed

The detailed Requirements Catalogue is embedded below.

Enhanced User
Management_Busines

4. Functional Use Cases

TBC in Design Phase

This section defines the functional requirements in terms of the system actors and outline use
case/functional descriptions.

Internal Use Only 37 of 56 “One Best Way Delivering Change”

F/1514/37
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

t

L

Use Case
Templatev1.0100915

<Insert completed ‘Use Case’ document here >

5. Recommended Option
Option 2 - Off the Self (Preferred)

5.1. Summary

Phase 1 - Off the shelf solution - no integration with HR system
+ Off the shelf package procured and integrated with Horizon
+ Could support single sign on to other systems in POL estate

+ Delivers benefits whilst de-risking Success Factors implementation. Can be plugged into
Success Factors in phase 2

+ Likely automation of P250 process in HR,, current database replaced, but dual running of
processes until Success Factors implemented

The Enhanced User Identity and Access Management will integrate with the Horizon System by
providing the following capabilities.

Authentication Services: The users of the Horizon System will be authenticated using their
credentials (username / password) stored within the Enhanced User Identity and Access
Management System.

Access Control Services : The Enhanced User Identity and Access Management system will
provide information about the authenticated user to the Horizon system in the form of web
service call about which branches does he belong to and what are the active roles within those
branches. The Enhanced User Identity and Access Management system will also provide the
status of the user’s training based upon which the Horizon system can perform the necessary
authorisation to allow or disallow users to use certain functionality within their systems.

User Lifecycle Management & Role Assignments: The Enhanced User Identity and Access
Management System will provide the web service interface to the Horizon system to manage the
lifecycle of user in terms of Role Assignments. For example when the Branch Manager changes
the role assignment for the user within the Horizon System, the Horizon system will notify the
Enhanced User Management System with the updates and the vice versa.

The Enhanced User Identity and Access Management System will integrate with the HR SAP
initially and later with Success Factors - Employee Central modules to acquire information about
the user’s onboarding and background check status.

The HR SAP / Success Factors will notify the enhanced user identity and access management

system about the various status of the users (including the joining and leaving status).
Internal Use Only 38 of 56 “One Best Way Delivering Change”

F/1514/38
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

The enhanced user identity and access management is responsible for the following functions.

1. User Registration: The new user is registered after the Stage 1 checks (Identity & background
checks) are completed by HR. The user registration details are either sent from the Success
Factors - Employee Central Module or the HR person will register the new user within the
Enhanced user identity and access management system using the user interface.

The user details are also updated after stage 2 checks (CRB, Disclosure Scotland).

2. GUID Generation: The Enhanced use identity and access management system will generate a
unique Global user identifier for the new user. The username and password will also be
generated for the user to help him log into the Learning Management system to complete his
mandatory training.

3. Role Assignments: The Enhanced User Identity and Access Management System will provide
the capability for branch managers to assign roles to the users. Roles can be assigned
through Horizon terminals. If the roles are assigned through Horizon Terminals the Horizon
system will notify the Enhanced User Identity and Access Management System. Alternately if
the role is assigned through the Enhanced User Identity and Access Management System the
EU-IA will have to notify the Horizon system about the role assignments.

The system must not allow any role assignments if the new user has not completed his basic
training through the Learning Management System. The Success Factors will provide this
information to the Enhanced User Management System about the training status of the user.

Phase 2 - Off the shelf solution — full integration with Success Factors
+ linked to employee creation
+ Licences required for full Success Factors integration
+ Avoids duplication of people data

The Success Factors - Learning Management module will integrate with the enhanced user
identity and access management system to provide the status of user trainings which will be a
key factor in allowing a user to transact on the Front Office Solution.

The key difference between the interim and future state of operation is that the HR SAP ERP.
system will be decommissioned and will be replaced by the Success Factors which provides the
capabilities e.g. Employee Central, Recruitment & Onboarding, Payroll, Performance & Goals and
other HR related functions.

In terms of the employee master, during the interim state the Enhanced User Identity & Access
Management System will be the employee master and eventually in the future state the Success
Factors — Employee Central module will be the master of employee information after HR SAP is
decommissioned.

Internal Use Only 39 of 56 “One Best Way Delivering Change”

F/1514/39
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

5.2. Solution Outline

Existing Systems

Enhanced Systems

User meres New Systems

fa]
Employee Memt
I re (HR SAP)

A

ence / Data Extract ——!
Aude Data exact

Aut dat extract

‘ud data earact
ut data extrac i i

Existing Systems

Enhanced Systems /

er inteace
~ New Systems

see nfrtace

i I
Enhanced User identity &
- Aecess Mem.

I -cxcwieb sence >I

Ewer semee no

“Auct data exact

The users would be uniquely identified within the EU-IAM - Enhanced User Identity & Access /
Management system with their GUID - Global unique identifiers. The EU-IAM is the primary :
generator and owner of this global unique identifier for the users.

The EU-IAM will also be maintaining and managing the linking between the GUID and the SAPID
maintained within the HR SAP/ SF Employee Central. The EU-IAM will also be maintaining and I
managing the linking between the GUID and the Horizon UIDs. SAPID’s are generated within the I
HR SAP/ SF Employee Central system whereas the HUID’s are generated and maintained within I
the Horizon Central BRDB. I

The following diagram illustrates the relationship between GUID, SAPID and HUID. :

Internal Use Only 40 of 56 “One Best Way Delivering Change”

F/1514/40
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL User

Horizon

Figure 1: Linking between GUID, SAPID and HUID

As highlighted in the diagram above there will be one to one mapping between GUID and SAPID
as both the systems uniquely identify the individual whereas there will be one to many mapping
between the GUID and HUID. This is primarily to cover the capability within Horizon legacy
system where the single user has multiple HUID’s. Although this will not be the scenario when
the new users are created when EU-IAM is commissioned. All new users that will be created
when EU-IAM is operational will have a one to one mapping between GUID and HUID.

The following diagram describes the different states of the User Record. The user state diagram
illustrated below is system agnostic. The user record state will be maintained in either one or
many system e.g. Horizon, Enhanced User Identity and Access Management and HR SAP.

It will be the responsibility of the each system to manage the synchronization and reflect the
correct status of the user record.

Internal Use Only 41 of 56 “One Best Way Delivering Change”

FI1514/41
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

0
11) User Record can go into suspended state Inthe folowing scenarios,
Ex. Absconding, Disciplinary, Suspended, Extenuating circumstances.
21) User roles and branch assignments tobe deactivated,

3.) User isnot alowed to perform any transactions

4.) User snot allowed to any view only information as well.

5.) User isnot allowed to do any trainings.

New User

_-I activity the actors are responsible to share information about the state of

Note : The User Record State is system agnostic, The state will be
‘maintained in all or any of the systems e.g. HR SAP/ HR Success Factors,
Enhanced User Identity and Access Management System and Horizon

System. It wll be the responsibilty ofthe system that has changed the state
to Inform other systems. Where states are maintained through non system

record, Also record once created must be never deleted from the system.

TT.) User Request isn the saved state as user has not provided
some important information,

2.) GUIDis not generated for user at this sage.

3.) The request must not stay in that state for more than a week.
4.) This state may be maintained manually through paper based
forms.

LV

to work documents,
2.) User Request is sent to HRSC for stage 1 checks.
I3.)6uI

1.) Sub-postmaster /branch manager has verified “I

stil not generated for the user.

T) HASC has performed stage i checks successfully. SS
2.) GUID is generated for the user.
3.) Sub-postmaster / branch manager Is notified about
the result
4.) Username / Password are notified to user.
User now needs to complete compliance tra

11.) HRSC has performed stage 2 checks successfully. OS
1) HRSC has performed stage 2 checks successfully.

1 2.) Sub-postmaster is notified about the result.
3) Role is not assigned to user at this stage

41,] User has completed the compliance training
2.) User Is active and can perform his operations.

T) User Record can go into inactive state in the
following scenarios. Eg. Holiday, Annual leave,
Maternity Leave.

2, User is only allowed to see view only information.
3,) User is not allowed to perform any transactions.
4,) User is not allowed to do any trainings.

5,} No reminders about the trainings shall be issued to
telther user or the manager.

‘
1) User Record gets into this state when the user has let the organisation or 1

deceased.

2, User record is retained for certain duration tl itis archived. eg. 7 years
3.) Noaccess to any systems including learnings and training,

4.) Branch and Role assignments are removed from User Record.

5,] User record is available for search if the user decides to join the organisation
again

1] User record is archived in separate repository and is only avalable on reques
2.) Only limited attributes is stored when record is archived.

3.) The business will decide what minimum attributes are required to be stored
within each system,

4.) The user record is not available through searches when archived

5.) Business to decide mechanisms how records will be accessible in archived
state

Internal Use Only

42 of 56

“One Best Way Delivering Change”

F/1514/42
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
The following table explains the various states of User Record illustrated in the diagram above. I

In-Complete State This is the initial state which the user details are captured in the paper based form or the /
HR system. /

The new user has provided insufficient details without which the HR cannot perform his '
basic background checks e.g. identity and right to work checks. Hence the user record :
will be in an in-complete state. I

Since no useful details have been provided by the user no GUID will be generated by the
Enhanced User Identity and Access Management System at this stage.

Initial State This is the first formal state of user record in which all the relevant user details have been
captured by the branch manager and have formally submitted to HR for his Stage 1 - /
Background checks. i

The branch manager may have done some initial identity and right to work checks by not
necessarily his background checks.

Hence still GUID is not generated for the user in the enhanced user identity and access
management system. I

Initial2 State At this state the HR has completed the stage 1 background checks. The user record is :
created with in the enhanced user identity and access management system with a GUID. I

Also the username and initial password is generated for the user for user to log into the
Learning Management System to complete his basic & mandatory trainings.

User is not assigned with any role hence he cannot perform any operations with the
system.

Initial3 State At this state the HR has successfully completed the stage 2 checks i.e. CRB, Disclosure
Scotland checks for the user.

The user is still not operational as he has yet to complete his formal trainings.

Active State Finally the user record attains an Active state when the user has successfully completed I
Initial2 and Initial3 states. i

The postmaster assigns the role to the user in the Horizon system and the Enhanced User I
Identity and Access Management system.

The user is operational and can perform his tasks by authenticating into the business
systems.

InActive State The user record will go into an “inactive” state when the user is on annual leave or a long
holiday.

The user is allowed to only view on information after authentication. He is not allowed to '
perform any operations on business systems e.g. Horizon.

The user can get into active state when the user is back from his long holiday. He still
have to go through the trainings if the operation demands for.

Suspended State The user record will go into a “suspended” state in scenarios when the user is absconding
or suspended from work due to disciplinary action or extenuating circumstances.

All user branch and role assignments will be deactivated from the enhanced user identity I
and access management system and the user will be disallowed to authenticate into any I
system i.e. Horizon, Enhanced User Identity and Access Management System, Learning
Management System.

The user can still get into active state if the suspension is lifted by authorised personal
e.g. HR, Branch Manager.

Internal Use Only 43 of 56 “One Best Way Delivering Change” \

F/1514/43
Retired State

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

e.g. 7 years to adhere to the POL data retention policy.

be removed for the user.

system.

User will not be able to authenticate into any system. All branch and role assignments will

Only minimum and essential information about the user record is retained within the

The user record is available for search if the user decides to join the organization again.

POL00038770
POL00038770

The user record will be in Retired state if the user has left the organization or is deceased. '
The user record will be still available I the system for a certain amount of prescribed time

Archived State

request.

state,

The user record is removed from all systems including enhanced user identity and access
management system and archived in a separate repository and is available only on

Only limited set of attributes are retained when the user record is moved to an archived

5.2.1. Pros and Cons

This option has the following advantages and disadvantages in relation to solving the business
problem and delivery against the high level business requirements.

5.2.1.1, Solution Pros

This solution has the following advantages:

Phase 1 - Off the shelf solution — no integration with HR system

Re-usable component

Meets all requirements

Enables more sophisticated relationships to be created around user roles
Migration costs likely to be lower

Enables a strategic solution

May benefit from supplier upgrades and roadmap

Phase 2 - Off the shelf solution — full integration with HR system

As above
Enables end to end integration

Enables links to be made when staff are employed starting with the generation of

employment references — Success Factors becomes the place where the GUID is mastered I

Full integration of joiners, movers and leavers process

Migration simplified

.2. Solution Cons

Phase 1 - Off the shelf solution — no integration with HR system

Increased cost for initial development

Internal Use Only 44 of 56 “One Best Way Delivering Change”

FI1514/44
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
+ GUID mastered on Off the Self solution
+ Some manual processes still required around joiners, movers and leavers

+ People are held in 2 places, HR and the COTS solution for employees and Agents.

Phase 2 - Off the shelf solution - full integration with HR system
+ Some further cost to achieve full integration

5.3. Timescale Outline

Draft Release 1
Design Phase Plan - p

5.4. Budgetary Costs

As outlined in the Business Case

5.4.1. Solution Implementation

Implementation plan not yet available.

5.4.2. Solution On-Going Service Delivery

To be considered as part of the Design Phase

5.5. Key Risks & Issues

The following risks were identified during requirements gathering. These will be consolidated into
the existing project risks and issues log which contains a full list of all identified risk and issues
which are managed on an ongoing basis.

elihood I Recommended

Id Impact

o1 Migration from the present User _Not yet assessed formally
Management solution to the new
solution will require a mapping of
the existing user estate to new user
IDs. This may be costly, time
consuming and uncover hitherto
hidden non-compliance around
vetting of assistants

02 Password reset process in the Not yet assessed formally
new solution will require helpdesk
agents to validate and reset user
passwords (if self-serve fails). Cost

and resource implications are not.
understood at this stage.

Internal Use Only 45 of 56 “One Best Way Delivering Change”

F/I1514/45
BUSINESS SOLUTION DESIGN Di

Id Description

03 The operational convenience
(albeit non-compliance) of
Postmasters/Managers being able
to add users to the system without
waiting for vetting will be removed.
Short-term staffing issues will no
longer be able to be resolved in that
manner.

04 HR are fine to approve the process
in principle but would want to have
documented that we would not be
in a position at this time to outline
if there would be a saving as this
would depend on the work that
would sit in HR i.e. taking the piece
on creating the ID for Horizon etc. if
we do not move to a fully
automated P250 via the system and
remain with the ‘as is’ paper based
P250 then we would require funding
to complete the larger piece.

Additional Risks Identified in the Solution

Description

}OCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Impact
(H, M, L)

Not yet assessed formally

Not yet assessed formally

Design Document

Mitigation Action Taken or Potential Impact

1. _ I There is risk that the chosen COTs product
for the Enhanced User Identity & Access
Management system will not provide or
support for certain POL requirements.

Identify the GAPs that will not be supported by the
COTS product.

Assess the priority of the requirement.

Assess whether this capability can be provided by
custom and alternative configurations/mechanism
within the COTS products agreed with the COTS
vendor (to support the custom changes). Identify the
residual risks.

Estimate the additional efforts (if required) of custom
mechanisms and agree with POL before
implementation.

2. _ I There isa risk that systems e.g. Horizon, HR
SAP, Learning Management may not support
the capability to submit real time information
about the user lifecycle and attributes
changes to the Enhanced User Identity and
Access Management system through web
service interface.

Alternative mechanisms to be identified and will be
provided within the enhanced user identity and access
management solution to extract the information if the
COTS product support.

There will be a residual risk that the information
within the systems will not be consistent and in
synch.

Estimate the additional efforts (if required) of custom
mechanisms and agree with POL before
implementation.

3. _ I The Enhanced User Identity and Access
Management System will provide centralised
authentication service to business systems
e.g. Horizon through web service functionality
During operations there is a risk that
connectivity may down between the two
systems i.e. Horizon & EU-IAM and branch
users may not be able to authenticate.

Alternative authentication mechanisms /capabilities to
be implemented within the business systems e.g
Horizon to provide offline authentication mechanisms.

Internal Use Only

46 of 56

POL00038770
POL00038770

Likelihood I Recommended
mitigation

“One Best Way Delivering Change”

FI1514/46
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

5.6. Next Steps

Step

Solution design published
Solution reviewed by SUF

Face to face business readiness assessments
completed

Consolidated Business readiness assessment
reviewed ~ all queries resolved

Business case review

Business case finalised and papers submitted
to TDG

6. Considered Options

29 July

4 August

1 - 8 August

12 August

18 - 22 August
25 August

POL00038770
POL00038770

This section provides a summary of other potential options that were considered considered.

6.1. Overview

The study considered the following options and their relative pros and cons:

Option Horizon enhancement - without GUID .
ja password protection
+ Horizon processes largely
unchanged, with HUID linked to .
GUID
+ No GUID password security
+ Branch manager requests GUID, :
manually created by HR
+ Linkages between HUID and
GUID held in Credence .
+ GUID requested at log on
+ APADC used to capture P250
details, transmitted to HR for
likely manual processing
+ Locked into current supplier .
Option Horizon enhancement - with GUID .

1b password protection .

+ Off the shelf package procured
and integrated with Horizon

+ Could support single sign on to
other systems in POL estate .

+ Delivers benefits whilst de-risking
Internal Use Only 47 of 56

User has a single identity
in new systems (such as
LMS)

Possible to report on
activity across the estate
for a user.

HR validation of GUID
creation and who is using
Horizon (see Cons)
Integration with HR
Leavers and Joiners
process (subject to
interface between the
systems being defined and
costed)

Would support integration
with LMS

Minimal impact on branch
process

BFPO’s unaffected

Lowest cost if some
requirements are relaxed

As above

Protects the use of a GUID
by password (still no
guarantee that it is the
real user using it)

HUID Password changes
could be further protected

Cons

GUID could be
used erroneously.
Solution is
Horizon centric
and difficult to
separate

Branch Manager
could still misuse
a Users HUID by
resetting the
password in his
branch. This
would be
mitigated by
alerts detailed on
previous slide.
Migration costs
likely to be higher
Around 30
requirements
partially met

As above
Costs more

More
requirements met
but only another
8

“One Best Way Delivering Change”

FI1514/47
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

Pros Cons
Success Factors implementation. by requiring the GUID
Can be plugged into Success password to be entered.
Factors in phase 2
+ Likely automation of P250
process in HR likely, current
database replaced, but dual
running of processes until
Success Factors implemented

7. Appendix A — Glossary

This section lists all terms used in this document.

AML Anti-Money Laundering
i AP Automated Payment
[ AP-ADC Automated Payment Advanced Data Capture
BRL Business Readiness Lead
BITP Branch Technology Transformation Programme - the programme for the
delivery of the Front Office Application
Clerk I The merchant of the product or service at the Post Office counter
CRB Criminal Records Bureau
: Consumer The User of the product or service acquired by the Customer
Counter Post Office Counter where a product or service is acquired by a customer
from a Clerk
Customer The acquirer of the product or service
DVLA Driver and Vehicle Licencing Authority
i EPOS. Electronic Point of Sale - the Front Office Application at a Post Office

counter, or
Electronic Point of Sale - item

FOA Front Office Application
FSC Financial Service Centre - Branch Accounting and Client Enquiries
' Item The product or Service being acquired by the customer or used by the
consumer
i MagCard Magnetic Swipe Card
An account which is temporarily unavailable due to user forgetting
Locked Account password)

An account which is out of use long term such as during a users'
maternity leave or long term sick leave but should be reinstated
Disabled Account at some future point.

Retired Account An account that has been withdrawn from active life but must not
be deleted for audit purposes and shall never be reinstated for

Internal Use Only 48 of 56 “One Best Way Delivering Change”

F/1514/48
POL00038770
POL00038770

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

use.

An activity in branch that a user can be granted or denied access
Function to (for example Mails processing or stock unit balancing).

An account which is temporarily unavailable due to user forgetting
Locked Account password)

8. Appendix B ~ Document History

This section records the version history of this document.

8.1. Version History

Version Date Change Det Author

0.1 05.04.2016 Outline draft produced Angela Saul

0.2 10.06.2016 More solution Details included following initial SDO Angela Saul

2.0 20.06.2016 Simply changed name to V2.0 at request of BTTP for I Angela Saul
consistency

3.0 05.08.2016 Further details added to Section 5 following release of I Angela Saul
SDD and stakeholder workshops

34 11.08.2016 More detail added after consultation with Business Angela Saul
Readiness

9. Appendix C - Post Office Process Classification Framework
<To be advised>
10. Document Control

10.1. Purpose

This document presents the findings of the study into User Management.

10.2. Reviewers

Job Title Date Completed
Sign off Angela Van Den Director of Support Services
Authority
Internal Use Only 49 of 56 “One Best Way Delivering Change”

F/1514/49
POL00038770

POL00038770
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0 I
Bogerd I
Reviewers for I Sandra McBride SME Network field support /
Comments i
and Feedback: I
Steve Page TA /
Sally Rush TA I
Gayle Peacock Product Owner I
Shirley Hailstones SME Project Sparrow I
Angela James Product Owner I
Kathryn Alexander SME Project Sparrow I
Stefania Ulgiati SME Remuneration and contract i
advisor i
Sharon Rai SME Security i
Paul Blackmore SME Security I
Chris Hardy SME Security /
Joe Connor Product Owner I
Dave M King Information Security Specialist I
Hector Campbell SME HR I
Samantha Williams SME HR I
Reviewers for I Debbie Ann Young Virtual HR Specialist I
Information I
only I
Martin Lewis Project Manager SF I
Alison Jaap Owner of TOM I
Kathryn Lewis Project manager EUC /
Kevin Seller Network Key Accountable I
Representive I
Alison Thompson Transformation Change Key I
Accountable Representative i
Mike Fletcher Communications Key Accountable i
Representative I
Matt Keefe Financial Services Key Accountable I
Representative I
Steve Hayes CIO office Key Accountable i
Representative I
Paul Lebeter Support Services Key Accountable i
Representative I
Jamie Butler Supply Chain Key Accountable
Representative
Michelle Downs Commercial Key Accountable
Internal Use Only 50 of 56 “One Best Way Delivering Change” I

F/1514/50
BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

Representative

Mike Morley-Fletcher

Corporate Services Key Accountable

Representative

10.3. Referenced Documents

Global User Process 3.3
10.11 Enhanced User Management 3.0 15.04.16 Embedded
Business Requirements Catalogue
User Management BSD 0.4 21.03.2016
10.11 Enhanced User Management - I 0.3 26.05.2016
Solution options summary
Solution Design Document 0.8 29,7.2016 I BTTP_R1_SDD_1_
V08@29072016
Internal Use Only 51 of 56 “One Best Way Delivering Change”

F/1514/51
tsiv SW

POL00038770
POL00038770

11, Appendix D - AS IS Process Maps

11.1.1.1. Create a New User (Postmaster Colleague)

User Management ~ Create a New User

‘incon Franca,

S, -vol Aan S08

Sub-Post Master

“Internal Use Only 52 of 56 “One Best Way Delivering Change”

HR Service Center

esivlsWd

or20b

New User

11.1.1.2. Create a New User (POL/Postmaster)

01.04 User Management — Create a New User

LL

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

HR Service Center

roms Ne Perhnrstae as = — ‘one

53 of 56
z
&
FS
g

11.1.1.3. Forgotten Password

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

POL00038770
POL00038770

User Management ~ Forgotten Password

System

J

‘Yaliotes Sasso

Requests Password

‘ablstes hosts pithy
seco? secaptes?
~ ¥
a
eens Sngomten . Freya soe eth
“Internal Use Only 54 of 56 “One Best Way Delivering Change”
SsivlSWd

POL00038770

POL00038770
/ BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0
11.1.1.4, Change/Reset Password
01.04 User Management — Change Password
6
a artes ner epots Answers sstymnn neon
Stace ee warts conte fielatisk
Sg _tochnge thn cea ines
Ej sarsword
ec toemed
nsw 0 Passnard Uoatedt eens ito ators
‘xoeect
xo ws
3 ‘ahdtes Aes Veldates Possnond see
o Aone Success? Accapted?
we
i seco Pri eo
zg beri Rat ‘tats se serperary aoners
2 aquest ro secre etons
= \
“Internal Use Only 55 of 56 “One Best Way Delivering Change”
9S/PLSL/4

BUSINESS SOLUTION DESIGN DOCUMENT ~ ENHANCED USER MANAGEMENT V3.0

12. Appendix E - TO BE Process Maps

as

Leavers To Be
process maps v1.0. p<

Internal Use Only 56 of 56 “One Best Way Delivering Change”

POL00038770
POL00038770