POL00337651
POL00337651
Horizon Support Approval Process
V1.3
14 February 2022
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Contents
1. INTRODUCTION...
11 PURPOSE..
1.2 SCOPE .....
13 PROCESS MANAGEMENT. .
2. CHANGES REQUIRING ELEVATED ACCESS.......ssssscsssssssssssssssssnssssesssnsnsessnseneseasen
2.1 AssisTeD ROLLOVER...
2.2 CHANGE COUNTER DATA...
2.3 FILE CHANGE ..
3
3
4
4
5
S
3. I PROCESS WORKFLOW AND PROCEDURES.....
3.1 _ IDENTIFY AND CATEGORISE...
3.2 REQUEST APPROVAL...
3.3 IT Service APPROVAL.
3.4 ITSecuriry Approval
3.5 DaTA GOVERNANCE APPROVAL...
3.6 BUSINESS OPERATIONS APPROVAL.
3.7 POSTMASTER APPROVAL.....
3.8 IMPLEMENTATION...
4. ROLES AND RESPONSIBILITIES
5. ACCEPTED USE OF PROCESS...
6. REVISION HISTORY ..
7. APPENDICE:!
71 APPENDIX 1— EXAMPLE ASSISTED ROLLOVER PLAN ...
7.2 APPENDIX 2 - ASSISTED ROLLOVER EVIDENCE
7.3 APPENDIX 3— FILE CHANGE EVIDENCE...
Horizon Support Approval Process v1.3 Internal Page 2 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
1. Introduction
This document describes the process for making changes to Horizon, for which an elevated level of user access is
usually required. This elevated access is provided by granting the APPSUP role to the user account, which
provides the user with full data read and write privileges on all Oracle databases. This process document details:
© The types of changes the process is used for;
@ The approvals required for the each change type;
The evidence which is provided to show that the actions carried out are those described in the change
request;
The process flows and procedures;
¢ Roles and responsibilities of those participating in the process.
1.1 Purpose
The purpose of this process is:
¢ Toensure appropriate Post Office approval is provided for any changes which involve Fujitsu modifying or
deleting Horizon data. This may be data on a Horizon counter, or in a Horizon backend system. These
activities are exceptions from normal operation, and require the use of accounts with elevated access rights.
© Where the change is to data for a particular branch, the people required to approve the change will
include the postmaster for the branch. For branches which are managed by multiple partners, the
partner (e.g. Co-op) is the postmaster, so postmaster approval will be provided by the partner
company, rather than the individual branch.
e To ensure that there is transparency around the change activity, and that evidence is provided that only the
data targeted by an approved change is modified.
1.2 Scope
The types of activities the process is used for are:
e Assisted rollover — assisting branches with trading period rollover.
© This may be required where a branch has carried out too many rollovers, or has not carried out
required rollovers for a period of time.
o. Itcanalso be triggered by the Operational Branch Change (OBC) process, where a branch is trying to
open but is in the wrong trading period.
¢ Modifying or deleting counter data, either on the counter or in a back end system
o E.g. removing a blocked user session where it is, for example, attached to a stock unit, and
preventing removal of the stock unit.
o Note, the process was previously used for removing a partially completed Travel Money Card (TMC)
transaction, which was locking a counter. This scenario no longer occurs as the issue which triggered
it has been fixed.
¢ Modifying or deleting files on a back end system
©. This is typically required when there is an issue with a file received from a 3" party system, which
impacts a batch process. It is necessary to delete or modify the file to allow the batch process to be
restarted.
There may be other changes performed under the Change Management process relating to Incidents or planned
changes which need to be approved via this process. Consideration will be given as to whether any such changes
need to be added as a specific type to the process scope.
Horizon Support Approval Process v1.3 Internal Page 3 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
1.3 Process Management
* The Horizon Support Approval Process owner is Dean Bessell.
The process owner will ensure that the process documentation is updated to reflect any changes to the
process, and that changes are communicated appropriately to the people who operate the process, and
other stakeholders.
The process and supporting documentation are reviewed annually.
¢ The list of approvers for each change type is reviewed quarterly, and the date of the last review is recorded
in the IT service desk knowledge article which lists the approvers.
2. Changes Requiring Elevated Access
This section describes the following, for the different change types:
¢ Whois required to approve the change;
¢ The information required for the approvers to make an informed decision;
The steps involved in making the change;
The evidence collected to demonstrate that only the approved change was executed.
2.1 Assisted Rollover
2.1.1 Approvers
Approver Approval Remit
Branch Reconciliation Team I Check for outstanding Transaction Corrections, and approve activity
Postmaster Understand how a change which impacts their counter occurred
IT Service Approve activity
IT Security Approve use of elevated access
2.1.2 Supporting Information
The following information is required for the approval requests:
© Date of request
© Person raising request
«Branch
Reason assisted rollover is required
Required date for assisted rollover, with justification for required date
Sponsor for the assisted rollover, and purchase order number
© Consequence if rollover request is not approved
Additional information — e.g. branch current trading period
@ Name, contact details and availability for Area Audit and Support Manager
2.1.3 Assisted Rollover Process
Fujitsu provide a rollover plan, detailing the steps required to complete the rollover, and showing what Fujitsu
will do, and what the postmaster or auditor will do. Fujitsu are in contact with the branch while the steps
detailed in the plan are carried out. See Appendix 1 for an example assisted rollover plan.
Horizon Support Approval Process v1.3 Internal Page 4 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
2.1.4 Evidence
Fujitsu can provide a screenshot taken from the system on which they run the assisted rollover script. This
shows the command to run the script being entered, and the output which includes the branch trading period
status before and after the rollover is carried out. See Appendix 2 for an example screenshot.
2.2 Change Counter Data
2.2.1 Approvers
Approver Approval Remit
Branch Reconciliation Team I Check for outstanding Transaction Corrections, and approve
Postmaster Understand how a change which impacts their counter occurred
IT Service Approve activity
IT Security Approve use of elevated access
2.2.2 Supporting Information
¢ Date of request
© Person raising request
¢ Branch
Details of change required, including whether change it to counter or back end system
@ Reason change is required
* Required date change, with justification for required date
© Sponsor for the change, and purchase order number
@ Consequence if change request is not approved
¢ Any additional supporting information
2.2.3 Change Counter Data Process
Typically Fujitsu will run a script to make a change to data relating to a specific branch or counter which is held
ina central database (rather than on the actual counter).
2.2.4 Merchant Identifier (MID) / Terminal Identifier (TID) Corrections
An example of the types of change covered by this process are Merchant Identifier (MID) and Terminal Identifier
(TID) corrections. These IDs are required to register counter adds and removals, and branch openings and
closures. Very occasionally an issue may occur which means a correction is required to the Estate Management
database. CHAP secrets for the Branch Router configuration are stored in encrypted form in the Estate
Management Database (EMDB). EMDB also uses the Key Server to retrieve the appropriate key and passphrase
to decrypt the CHAP secrets as they are required by the Boot Platform. The design of the EMDB database is
contained in the Estate Management Database (EMDB) HLD {DES/SYM/HLD/0031}
2.2.5 Evidence
The evidence will be a log file generated from running a script to resolve the issue.
2.3 File Change
2.3.1 Approvers
Horizon Support Approval Process v1.3 Internal Page 5 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Approver Approval Remit
Data Governance Team Approve file deletion or modification
IT Service Approve file deletion or modification
IT Security Approve file deletion or modification
2.3.2 Supporting Information
Date of request
Person raising request
Details of file change required — name of file(s) and activity (modification or delete)
Reason file change is required
Required date for file change, with justification for required date
Sponsor for the file change, and purchase order number
Consequence if file change request is not approved
e Any additional supporting information
2.3.3 File Change Process
Fujitsu will run a script to modify or delete a file on a central system.
2.3.4 Evidence
Fujitsu can provide evidence of the script run to modify or delete the file — the log file generated when the script
was run. See Appendix 3Appendix 3 — File Change Evidence for an example log file.
Horizon Support Approval Process v1.3 Internal Page 6 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
3.
3.1
Horizon Support Approval Pro
Process Workflow And Procedures
Identify and Categorise
- 1 Identify and Categorise
Identify and Categorise
Request io use
comes ocses
(cient ke)
y
aa
avs Sevice
ream reve
y
os is
‘at requred fo “ Pseeyiaay
g — 7 era sen trT OSD
5 I
¥
vot a4 re een
Ref Step Description Role
Request for elevated i i
Input soruethaident telat Arequest to carry out a change which requires elevated n/a
access has been generated and an incident ticket logged.
11 Advise IT Service team I Service desk agent advises the Horizon IT Service team of
of request .
the request and asks them to complete the request Service Desk
template. (DSD)
1.2 aoe ints. The Horizon IT Service team checks whether all the Horizon IT
information required to complete the request template has_ I Service
been provided in the ticket.
13 Work with appropriate I If the request does not contain all the required information, I Horizon IT
SMEs to get missing na ag abs .
info or it is unclear whether all the required info is present, then I Service
the Horizon IT Service team will contact relevant SMEs to try
to collect all the information required to progress the
request.
1.4 a Check whether all the information required to progress the Horizon IT
request is now available. Service
15 Eneure requestor'ls, If it has not been possible to gather the information Horizon IT
aware request cannot , ., ‘
proceed necessary to proceed with the request, and it has been Service
decided not to continue, ensure the requestor is made
aware.
Horizon Support Approval Process v1.3 Internal Page 7 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
1.6 Populate approval Horizon IT Service manager populates the approval request Horizon IT
request template ‘
template. Service
21 Request Approval Request Approval process
Output
Horizon Support Approval Process v1.3 Internal Page 8 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
3.2 Request Approval
n Support Approval Process — 2.1 Request Approval
% I
4 t No I
5 2140 aion ve
Fa 216
5 243 0 Horizon prev) j
Ea [Nile ner 7 nae TTSenicefor Al Z
g ae Cie arfieaion
a ves a No — ———— i
a No
=
Err)
214 215
equa Daa rages chess sense eur
Govemance ‘Operations baaraergl
‘epprovel ‘ral poset
¥
precy
Werk wth approver
‘ed requestor io
resovetssues (——
reverting
‘prov
24 T 2 a a
5 Governance Operations va Implementation
B Approval Aosronl iene Somat
6
Horizon Support Approval Process v1.3 Internal Page 9 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Ref Step Description Role
Input et A request to carry out a change which requires elevated Process input
ticket) access has been generated and an incident ticket logged.
Input Completed request I Template completed during Identify and Categorise stage Process input
2.1.1 IT DSD
2.1.2 Request Approvals I Service desk request approval for the assisted rollover from IT DSD
the approvers. Details of current approvers for each change
type are in KBO014710 in ServiceNow.
«The service desk email all the approvers listed in the
knowledge article for the particular request type. The
approvers agree within their teams how to respond to the
requests — e.g. main approver normally responds, next
approver knows it’s their responsibility if the main
approver is not available etc.
e Include “Elevated access” in the email subject line, and
attach a PDF extract of the incident ticket.
¢ The service desk should ask the approvers to provide
approval on the day the request is sent, and should follow
up with any approver group which has not responded by
the end of the day.
e = If the request is being made in the context of a major
incident, the service desk should request an immediate
response and follow up the email with messages or phone
calls as necessary.
¢ The email text includes a reminder for people to advise if
any of the approvers need to be changed. This is covered
in the knowledge article.
2.1.3 Fileichenge? Whether or not the request involves modification or deletion I IT DSD
of a file determines which business team is asked to approve.
2.1.4 Request Data Include the Data Governance team approvers on the approval I IT DSD
Governance approval °
request email.
2.1.5 Request business Include the Branch Reconciliation Team (BRT) approvers, and IT DSD
operations approval r
the Area Manager representative on the approval request
email.
2.1.6 Request IT service Include the Horizon IT Service team approvers on the approval I IT DSD
per request email.
2.1.7 — 'Tseourty I Include the Horizon IT Security team approvers on the ITDSD
me approval request email.
2.1.8 Collate approval Service desk receives responses to approval requests. IT DSD
request responses
2.1.9 All approved? Service desk checks whether all the approvers have approved I IT DSD
the change.
Note that approval to proceed must be received from all the
following:
@ One Horizon IT Service team approver;
@ One Horizon IT Security team approver;
Horizon Support Approval Process v1.3 Internal
Page 10 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Ref Step Description Role
e Either a Data Governance team approver, or a BRT.
approver, as appropriate.
¢ For branch affecting change, postmaster approval.
2.1.10 pened Horizon IT I If one or more of the approvers has not approved the request, I IT DSD
clarification escalate to the Horizon IT Service team.
2.1.11 a The Horizon IT Service team tries to understand the issues Horizon IT
resolve iseuce preventing approval of the request, and works with the Service
preventing approval I requestor and approvers to try to resolve them, to allow the
change to progress.
2.1.12 I Allapproved? Check whether the escalation process has resulted in the IT DSD
request being approved.
2.1.13 Attach approval Service desk agent attaches each email received responding to I IT DSD
evidence to incident nan
ticket the approval request to the incident ticket. Note that separate
emails from each approver must be attached, rather than one
email which includes several responses.
2.1.14 _ I Advise requestor and I If the request has not been approved and the proposed IT DSD
approvers request
not approved change will not therefore go ahead, email the requestor and
approvers to let them know.
2.2 IT Service Approval Process to get IT Service approval. Process
Output Output
23 IT Security Approval Process to get IT Security approval. Process
Output Output
24 Data Governance Process to get Data Governance approval. Process
Output Output
2.5 Business Operations _I Process to get Business Operations approval. Process
Approval
Output Output
3 Implementation Process for implementation of the change. Process
Output Output
Horizon Support Approval Process v1.3 Internal Page 11 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
3.3 IT Service Approval
Horizon Support Approval Process — 2.2 IT Service Approval
IT Service Approval
o Request for approval to
3 use elevated access
a (email)
<8 Posoa *S 222 [2230 )
Sz a 224 Ny, Decumment Respond t
Re <a to approver ument reasons ————_—Respondto
53 a for not approving approval request
8 Y eagee
Ye:
v
o
= 2a
a Request
5 Approval
[e}
Ref Step Description Role
Input Request for approval Email received from IT DSD, seeking approval for a request to I Process input
for elevated access 7 ‘
(email) carry out a change which requires elevated access.
2.2.1 OK to approve? Review details of change and determine whether to approve. I Horizon IT
Service
2.2.2 —— reasons If do not want to approve the request, ensure the reasons for I Horizon IT
Pprowing not approving are documented, to be provided to IT DSD. Service
Include details of any additional information required to be
able to approve.
2.2.3 enna toapproval_I Respond to request for approval, advising IT DSD whether IT Horizon IT
Service approve the request. If not approved, include reasons I Service
why.
21 Request Approval Back to Request Approval process Process
Output
Horizon Support Approval Process v1.3 Internal Page 12 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
3.4 IT Security Approval
Horizon Support Approval Process — 2.3 IT Security Approval
IT Security Approval
Inputs
use elevated access
Request for approval I
(email)
y
E>
s = “94, 4 Ny 232 233
85 < a Document reasons ————>_Respond to
53 ORT epee? for not approving approval request
aa ra t
Ye:
v
o
= 2a
a Request
5 Approval
[e}
Ref Step Description Role
Input Request for approval I Email received from IT DSD, seeking approval for a request to I Process input
for elevated access 7 A
(email) carry out a change which requires elevated access.
2.3.1 OK to approve? Review details of change and determine whether to approve. I Horizon IT
Security
2.3.2 —— reasons If do not want to approve the request, ensure the reasons for I Horizon IT
Pprowing not approving are documented, to be provided to IT DSD. Security
Include details of any additional information required to be
able to approve.
2.3.3 enna toapproval_I Respond to request for approval, advising IT DSD whether IT Horizon IT
Security approve the request. If not approved, include reasons I Security
why.
21 Request Approval Back to Request Approval process Process
Output
Horizon Support Approval Process v1.3 Internal Page 13 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
3.5 Data Governance Approval
Horizon Support Approval Process — 2.4 Data Governance Approval
Data Governance Approval
Inputs
Data
Governance
use elevated access
Request for approval I
(email)
y
“244
~\
NN
< >on
“a approve? for not approving ages
24.2 243
Document reasons ————> Respond to
Ye:
v
o
= 2a
a Request
5 Approval
[e}
Ref Step Description Role
Input Request for approval I Email received from IT DSD, seeking approval for a request to I Process input
for elevated access 7 A
(email) carry out a change which requires elevated access.
2.4.1 OK to approve? Review details of change and determine whether to approve. I Data
Governance
2.4.2 —— reasons If do not want to approve the request, ensure the reasons for I Data
Pprowing not approving are documented, to be provided to IT DSD. Governance
Include details of any additional information required to be
able to approve.
2.4.3 enna toapproval_I Respond to request for approval, advising IT DSD whether IT Data
Security approve the request. If not approved, include reasons I Governance
why.
21 Request Approval Back to Request Approval process Process
Output
Horizon Support Approval Process v1.3 Internal Page 14 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
3.6 Business Operations Approval
Horizon Support Approval Process — 2.5 Business Operations Approval
Business Operations Approval
. We
252 .
ae wt = 258 255
Ly. Hes Manager Document reasons > Respondto. ~-——
resp? representative OK I for nat approving ‘opproval request
toepprove ft
¥
253
Request
epprovel
4 -—*—- -
=) 26 24
& Postmaster Request
2 Approval Approval
Ref Step Description Role
Input Request for approval I Email received from IT DSD, seeking approval for a request to I Process input
for elevated access I i
(email) carry out a change which requires elevated access.
2.5.1 Ok to approve? Review details of change and determine whether to approve. I BRT
2.5.2 Advise Area Manager I If there are no issues, let the Area Manager representative BRT
representative OK to
approve know the request is approved, so they can seek Postmaster
approval.
2.5.3 Request Postmaster Area Manager representative requests postmaster approval, Area Manager
pp via the Postmaster Approval process, unless the change is to representative
carry out an assisted rollover. For assisted rollover, the
postmaster approval will be provided by the OBC team, along
with the completed form describing the required activity.
2.5.4 Dooument'reasone: If do not want to approve the request, ensure the reasons for I BRT
for not approving . "
not approving are documented, to be provided to IT DSD.
Include details of any additional information required to be
able to approve.
2.5.5 poms toapproval_I Respond to request for approval, advising IT DSD whether BRT I BRT
he approve the request. If not approved, include reasons why.
2.6 Postmaster Approval I Proceed to Postmaster Approval process Process
Output Output
21 Request Approval Back to Request Approval process Process
Output
Horizon Support Approval Process v1.3 Internal Page 15 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
3.7 Postmaster Approval
Horizon Support Approval Process — 2.6 Postmaster Approval
Postmas
I Reweior—]
> es
2 ‘on
of .
268 a om
262 veckuth aes F
263 Pose paver Nae pone Sa saanese
Ly <waiepeng > —ve-»I "ratte Pesos ants pena repens SD
ondatcne nag eateoh trues ond det od
‘home
— cro
y
2 zea
4 287
S55 q seth mite
‘partner to get ——_
ae ‘response to IT 052 I
268
Provide respnse
‘Oxto approve >— rasp pre re
Veena!
+
26
> romper
for nck approving baie al
L 1
= II.
Ref Step Description Role
Input Request for approval I Email received from IT DSD, seeking approval for a request I Process input
for elevated access i" .
(email) to carry out a change which requires elevated access.
2.6.1 este our Area Manager representative checks whether the branch I Area Manager
impacted by the change is a multiple partner branch. representative
2.6.2 — If the branch impacted by the change is a multiple partner I Area Manager
fireger seta of branch, the Area Manager representative provides details I representative
request of the request to the relationship manager who works
with the partner.
2.6.3 base wih snuttiple For branches which are operated by a multiple partner, Multiple Partner
owas change I the partner organisation provides approval for any branch I Relationship
impacting changes, on behalf of the postmaster. Manager
2.6.4 ee for Review details of change and determine whether to Multiple Partner
approve.
Horizon Support Approval Process v1.3 Internal Page 16 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
Ref Step Description Role
2.6.5 Document og If do not want to approve the request, ensure the reasons I Multiple Partner
‘or not approving
Pe for not approving are documented. Include details of any
additional information required to be able to approve.
2.6.6 Provide response to I Respond to request for approval from partner relationship I Multiple Partner
approval request via i .
email manager, advising whether the multiple partner approves
the request on behalf of the branch. If not approved,
include reasons why.
2.6.7 Feed back Email service desk with approval decision, including Multiple Partner
postmaster response ae
to IT DSD reasons why, if the request is not approved. Relationship
Manager
2.6.8 doateel eae. Area Manager representative works with the Area Area Manager
and discuss as Manager for the branch, to contact the postmaster and representative
necessary discusses the rollover, or data change, ensuring the
postmaster knows why it is required and what will happen.
2.6.9 Lp gma Area manager representative ensures the Area Manager Area Manager
with details, an cai i 4
request for approval I Sends Postmaster an email containing details of the representative
request, and asking whether the Postmaster is happy to
approve.
2.6.10 I OK to approve? Postmaster determines whether they are happy to Postmaster
approve the rollover plan.
2.6.11 fornkapromg If do not want to approve the request, ensure the reasons I Postmaster
for not approving are documented, in a reply to the email
requesting approval from the Area Manager.
2.6.12 ae to bt a Respond by email to the Area Manager’s request for Postmaster
request via email a °
approval, advising whether the request is approved. If not
approved, include reasons why.
2.6.13 I Feed back Email service desk with approval decision, including Area Manager
postmaster response - 4
to IT DSD reasons why, if the request is not approved. representative
2.1 Request Approval Back to Request Approval process Process Output
Horizon Support Approval Process v1.3 Internal Page 17 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
3.8 Implementation
Horizon Support Approval Process — 3 Implementation
omits Emoieerevesta 3
“facta be >I ohaetechene oetiton
torres “
2 =a . von cnr
A REESE) ooatcumee [-*) tsetcentel — etrrmmcared >) eects
e ostoneon
+
310
ese 3a
ent he sai 8D
Syne somes lnc ten
scares ‘weet
¥ FO
weryoacae I pouet nee
cranye ree meson
ome Sane
woeng se
Ref Step Description Role
Input ee’ Approval Approvals collected for change requiring elevated access Process input
3.1 Inform Fujitsu approval _I Update incident ticket to confirm that the change hasbeen I IT DSD
has been provided for .
the change approved, and email confirmation to Fujitsu.
3.2 — on I Fujitsu internal process applies. Elevated access will be Fujitsu
required for the rollover I granted at the Post Office approved start time. At the time
of writing, details are in Fujitsu’s RA Report document,
reference COM/MGT/REP/4165.
For some file changes the engineer carrying out the change
already has the required level of access.
3.3 Carry out change Fujitsu carry out the approved change, collecting evidence of I Fujitsu
their activity with elevated access.
3.4 H appropriate, switch Fujitsu internal process applies. Elevated access will be Fujitsu
off elevated access .
required for the change I revoked at or before the Post Office approved end time. At
the time of writing, details are in Fujitsu’s RA Report
document, reference COM/MGT/REP/4165.
For some file changes it is not necessary to switch on an
additional level of access.
3.5 Add evidence that only I Add evidence of the change being carried out, as described I Fujitsu
‘the planned activity was I - oe .
carried out to incident I in Section 2, to the incident ticket.
ticket
3.6 Update Incident to Update the incident ticket to confirm that the change has Fujitsu
indicate change
complete been completed.
Horizon Support Approval Process v1.3
Internal
Page 18 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Ref Step Description Role
a7 Email approvers to Service desk email the approvers for the change type, IT DSD
advise the change has i
been completed advising them the change has been completed. This acts as a
prompt for steps 3.8 and 3.10.
3.8 Identify root cause of I Understand why the change carried out by Fujitsu was Horizon IT
why the change was . ; feces] i
required required and determine whether there is an underlying issue I Service
which needs to be addressed — e.g. is training required for a
branch, or is there a technical or process issue?
3.9 Inform business Once it is understood why the change was required, follow Horizon IT
process of potential . ae - i
non-compliance or up as appropriate to ensure the underlying issue is Service
training requirement addressed.
3.10 Review evidence and Review the evidence provided to show that the required Horizon IT
confirm that only the So - .
planned activity was change was the only activity carried out with elevated Security
carried out access.
3.11 Advise IT DSD evidence _I Email IT DSD to advise evidence provided by Fujitsu of the Horizon IT
has been reviewed - 5 - i
activity carried out has been reviewed. Security
3.12 Aitach email from IT Attach email from IT Security responding to request to IT DSD
Security to incident . . aa
ticket review evidence to incident ticket
4. Roles and Responsibilities
The roles and responsibilities defined for this process are described below.
Role
Description
IT Digital Service
Desk agent
e Receives incident ticket requesting elevated access for a Horizon change
Sends details of the change to the appropriate approvers, and requests
approval
Escalates to Horizon IT Service team if an approver does not want to approve a
request Attaches approval emails to incident ticket in ServiceNow
Informs Fujitsu that approvals have been provided
IT Service manager
Checks ticket has all information required, and liaises with requestor if not
* Completes request template
Area Manager
representative
e Works with Area Managers to ensure postmaster approval is obtained for
changes impacting branch data
Relationship ¢ Gets approval from multiple partner organisation on behalf of postmaster, for
Manager changes impacting multiple partner branches.
Postmaster Provides approval for change impacting branch data
BRT Approver Provides approval for changes impacting branch data (confirming there are no
outstanding counter actions which would suggest the change should not be
made).
Data Governance
Approver
¢ Provides approval to carry file changes
IT Service Approver
Provides approval to carry out the change
Horizon Support Approval Process v1.3 Internal Page 19 of 21
POL00337651
POL00337651
HORIZON SUPPORT APPROVAL PROCESS
Ensures any issues which resulted in a data change being required are
addressed
IT Security Approver I Provides approval to carry out the change
Checks that evidence is provided that activity carried out with elevated access is
in line with approval
Fujitsu © Carry out the change
Provide evidence that only the activities described in the change were carried
out .
5. Accepted Use Of Process
The process includes an activity (step 3.8) to try to understand, and eliminate, the root cause of each type of
issue for which this process is used. In some cases, it may be determined that there is a reason why the root
cause cannot, or will not, be eliminated, and the process will continue to be used in these cases. This section
details scenarios where it has been agreed the process will continue to be used.
6. Other Horizon Approval Processes
This section describes other approval processes which are in place for Fujitsu activities which impact Horizon
data.
6.1 Clear Failed Recoveries
This is part of the Fujitsu reconciliation service. The Fujitsu reconciliation team raise PEAK tasks for anomalies
identified which leads to the Fujitsu SSC raising CTASKS under CHGO210692. Once the CTASK is approved
internally by Fujitsu, the SSC run the required script.
Frequency - Approx 150 per year.
This is required when an automatic recovery has failed. Fujitsu report to Post Office that reconciliation activity is
required (via BIMS). Post Office (reconciliation team) carry out the activity (e.g. talking to bank / customer,
organising refund), and provide approval for Fujitsu to clear a failed recovery from the system.
As a “Failed recovery” is cleared before Post Office is informed there is no approval ahead of the change being
made. IT Security are copied on the email advising Post Office that the activity has taken place.
6.2 Clear Automated Payment Exceptions
This is part of the Fujitsu reconciliation service. The Fujitsu reconciliation team raise Peaks for anomalies
identified which then leads to the Fujitsu SSC raising CTASKS under CHGO210692. Once the CTASK is approved
internally by Fujitsu, the SSC use the web GUI.
Fujitsu reconciliation team email Post Office reconciliation team with a statement of issue and action required. If
a transaction has a state 4, then the Post Office reconciliation team advise Fujitsu to F99 — i.e. clear the failed
recovery. As Post Office are requesting that change, it is effectively approving it. Fujitsu email Post Office to
confirm when the change is made, and IT Security are copied on this email.
7. Revision History
Version I Date
Comments Author
0.1 1-Mar-2021
Initial version Lorna Owens
Horizon Support Approval Process v1.3 Internal Page 20 of 21
HORIZON SUPPORT APPROVAL PROCESS
POL00337651
POL00337651
0.2 1-Apr-2021 I Updated following review by Martin Godbold Lorna Owens
0.3 8-Apr-2021 I Updated following conversations with Martin Godbold, Dean Lorna Owens
Bessell and Fujitsu
0.4 14-Apr-2021 I Update following review by KPMG Lorna Owens
0.5 20-Apr-2021 I e Re-structure flow charts Lorna Owens
Make changes following use of the process for two requests
0.6 29-Apr-2021 I Remove duplicate IT DSD swimlane from Implementation process I Lorna Owens
1.0 19-May- Process approved by process owner Lorna Owens
2021
f.1, 14-Oct-2021 I Add section for accepted uses of process Lorna Owens
1.2 1-Nov-2021 I Remove Monthly Clear Down of Track & Trace Items as an Lorna Owens
accepted use of the process. After further discussion, it has been
decided to continue getting approval for each instance of this
activity.
1.3 14-Feb-2022 I e Updates following a review of the operation of the process Lorna Owens
e Added “Other Horizon Approval Processes” section
e¢ Added “Merchant Identifier (MID) and Terminal Identifier
(TID) corrections as activities covered by this process.
8. Appendices
8.1 Appendix 1 — Example Assisted Rollover Plan
See below an example of an assisted rollover plan.
a
Example%20Assiste
d%20Rollover%20Pl:
8.2 Appendix 2 - Assisted Rollover Evidence
See below a screenshot from the system on which assisted rollover commands were run, showing the command
to run the script being entered, and the output, which includes the branch trading period status before and after
the rollover is carried
@I
Assisted Rollover
Evidence.png
8.3 Appendix 3 — File Change Evidence
The file below shows the output from running SQL commands to resolve a file issue.
a
SQL Script
INC0335265. bt
Horizon Support Approval Process v1.3 Internal
Page 21 of 21