From: "Hodgkinson, Sean (UK - Manchester)" <j
To: "Westbrook, Mark (UK - Manchester)"
Subject: FW: Branch Database and Change Management Additional Questions
Date: Thu, 15 May 2014 13:03:21 +0000
Importance: Normal
Inline-Images: image003.png; image004.png; image005.png; image006.png; image007.png;
image008.png
WBONO000911
WBON0000911
Sean Hodgkinson
Deloitte
Mobile:
www.deloitte.co.uk
From: Davidson James [mail
Sent: 15 May 2014 11:06
To: Westbrook, Mark (UK - Manchester); Hodgkinson, Sean (UK - Manchester); Julie George
Cc: Newsome Pete
Subject: Fwd: Branch Database and Change Management Additional Questions
Hi,
Please see below.
Sent from my iPhone
Begin forwarded message:
From: Simpkins John <
Date: 15 May 2014 1
To: Davidson James <_
Subject: FW: Branch D:
gement Additional Questions
James, we did not discuss timescales but I have just been asked by Leighton for some more details before a
10:30 meeting today.
These are to the best of my knowledge:
Question I about the TXN_CORR_TOOL_JOURNAL table.
WBD_000781.000001
WBONO000911
WBON0000911
How does this process operate and who has the ability to be able to perform this e.g. POL and/or Fujitsu?;
and
The normal support route is used to identify when a fix is required, either from a branch raised incident or
estate monitors that alert support staff.
A TES incident would be raised with evidence.
This would be transferred to the SSC as a Peak because they support the applications.
The SSC would investigate with evidence from the support branch database and then liaise 4" line
development (evidence and progress would be recorded on the Peak).
4th line development would generate the required scripts using a test system to make the correction.
An MSC (or OCP/TfS) would be raised for permission to run the support tool on the live branch database
(BRDBX015).
The SSC would run the script using the support tool against the live estate.
What monitoring is performed over the table TXN_CORR_TOOL_JOURNAL?
The Support tool is written to run under the SSC (read only role) role and connects internally as the
APPSUP role (write permission).
All changes are written to the AUDIT logs.
The output from the support tool is captured and recorded on the Peak.
I can find just one recorded use of this tool:
Date: 03/03/2010
TFS: 20156
Peak: PC0195561
OCP: 25882
Branch: 226542
Question 2 about JOURNAL_SEQ DENSE_SET_CHECK ENABLED setting.
Can we see evidence to demonstrate that this parameter is currently set to “True”?; and
I ran this query against the live BRDB (node 1) today at 09:47
WBD_000781.000002
1 select * from brdb_system_parameters
2* where parameter_name = 'JOURNAL_SEQ_DENSE_SET_CHECK_ENABLED'
These are the results:
PARAMETER_NAME:JOURNAL SEQ DENSE SET CHECK ENABLED
VERSION_NUMBER:1
INSERT_TIMESTAMP:05-OCT-09 04,06.30.0639 AM
START_DATE:05-0CT-09
PARAMETER_DESCRIPTION: Indicates whether sequence checking is required in BRDBC002
PARAMETER_TYPE:T
PARAMETER_NUMBER:
END_DATE:
PARAMETER_DATE:
UPDATE_TIMESTAMP:
PARAMETER_TEXT:
This indicates that this parameter has not been changed since created on 05-Oct-2009
WBONO000911
WBON0000911
Who has access to be able to amend this parameter and is any proactive monitoring performed to ensure
that it is not altered?
As this is in the database it would require write permission to update the parameter.
This would require access to the APPSUP role which may be granted to the SSC under MSC. Any change
to this role is audited.
I am unaware of any proactive monitoring of these values.
Regards
John
From: Davidson James
Sent: 14 May 2014 16:38
WBD_000781.000003
To: Simpkins John
Subject: FW: Branch Database and Change Management Additional Questions
James Davidson
Post Office
Fujitsu
Lovelace. Road, Bracknell. RG12 8SN
MOD: rnin RO errr
Email: 7
goo«oa
Fujitsu is proud to partner with Shelter, the housing and homeless charity
Reshaping ICT, Reshaping Business in partnership with FT.com
= Please consider the environment - do you really need to print this email?
From: Hodgkinson, Sean (UK - Manchester) [mailto:
Sent: 14 May 2014 16:11
To: Davidson James
Cc: Dave M King; Jane E Smith; Rod Ismay
Subject: RE: Branch Database and Change Management Additional Questions
James,
WBONO000911
WBON0000911
I have been provided with your contact details by my colleague, Mark Westbrook, as somebody who may
be able to assist with technical queries we have in relation to the Branch Database.
Please could you review the email trail below, and advise whether this is something you can assist with?
Kind regards,
Sean
Sean Hodgkinson
Deloitte
WBD_000781.000004
From: Dave M King [mailto:
Sent: 14 May 2014 11:49
To: Hodgkinson, Sean (UK - Manchester); Jane E Smith; Rod Ismay
Ce: Rodric Williams
Subject: RE: Branch Database and Change Management Additional Questions
Sean
WBONO000911
WBON0000911
I’ve had a chat with Jane and I believe the only way we will be able to resolve this is if you get
confirmation from Fujitsu of whether this has ever been done and what the process is (POL have no direct
access to the database). If corrections are needed, “we” insert a transaction to correct the situation
following a reconciliation process rather than make direct changes to any transaction in the database.
I am in a similar position with the audit trail question
I believe you have a contact in Fujitsu who can confirm directly?
Thanks
Dave King I Senior Technical Security Assurance Manager
2nd Floor, I Future Walk, Chesterfield, S49 1PF
Postline
From: Hodgkinson, Sean (UK - Manchester) [mailt
Sent: 13 May 2014 19:27
To: Jane E Smith; Rod Ismay; Dave M King
Subject: Branch Database and Change Management Additional Questions
All.
WBD_000781.000005
WBONO000911
WBON0000911
Following review of the technical design document in relation to the Branch Database, I had a couple of
queries that I was hoping you may be able to help with. If not, please could you direct me toward
somebody who may be able to assist:
) Balancing Transactions
Section 5.6.2 describes back end database amendment process which is included by design:
Inserting Balancing Transactions
From the above we wish to clarify, with evidence where possible:
How does this process operate and who has the ability to be able to perform this e.g. POL and/or Fujitsu?;
and
What monitoring is performed over the table TXN_CORR_TOOL_JOURNAL?
) Audit Store File Generation — Optional Parameter
Section 7.2.2.8 on page 122 describes how:
WBD_000781.000006
WBONO000911
WBON0000911
Can we see evidence to demonstrate that this parameter is currently set to “True”?; and
Who has access to be able to amend this parameter and is any proactive monitoring performed to ensure
that it is not altered?
Jane - Per our conversation earlier this morning, have you been able to locate any of the documents to
support the ‘Client File Receiving Project’ 2012? As discussed we'd like to see evidence to demonstrate
that the correct plans, approval and testing was performed before the change was applied to live, so would
expect evidence such as:
Business plans and requirements;
Steering group minutes;
Approvals at each stage of development, testing and final go live;
Evidence of any testing performed during the development life cycle; and
Post go-live review to ensure business requirements were met and any residual risks were adequately
documented.
If any of you have any questions in relation to the queries raised, please feel free to give me a call.
Kind regards,
Sean
Sean Hodgkinson
Senior Consultant I Audit Advisory
Deloitte LLP
PO Box 500, 2 Hardman Street, Manchester, M60 2AT, United Kingdom
I Mobile:{ GRO. H
www.deloitte.co.uk
Please consider the environment before printing.
UK Futures
How can UK business drive growth?
httpy//www.deloitte.co.uk/ukfutures
IMPORTANT NOTICE
WBD_000781.000007
WBONO000911
WBON0000911
This communication is from Deloitte LLP, a limited liability partnership registered in England and Wales with registered number 0C30367S. Its registered office is 2, New
Street Square, London EC4A 3BZ, United Kingdom. Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private
company limited by guarantee, whose member firms are legally separate and independent entities. Please see www.deloitt
legal structure of DTTL and its member firms.
‘o.uk/about for a detailed description of the
‘This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the
intended recipient(s), please (1) notify it.security.ukf” by forwarding this email and delete all copies from your system and (2) note that disclosure,
distribution, copying or use of this communication is s ed. Email communications cannot be guaranteed to be secure or free from error or viruses. All emails
sent to orfiver sei UX sul avoonntiono ssomely wctved ad stoned by ax ended! opglinewidde tis Gmepeen Cision
To the extent permitted by law, Deloitte LLP does not accept any liability for use of or reliance on the contents of this email by any person save by the intended recipient(s)
to the extent agreed in a Deloitte LLP engagement contract.
Opinions, conclusions and other information in this email which have not been delivered by way of the business of Deloitte LLP are neither given nor endorsed by it.
This email and any attachments are confidential and intended for the addressee only. If you are not the named
recipient, you must not use, disclose, reproduce, copy or distribute the contents of this communication. If you have
received this in error, please contact the sender by reply email and then delete this email from your system. Any
views or opinions expressed within this email are solely those of the sender, unless otherwise specifically stated.
POST OFFICE LIMITED is registered in England and Wales no 2154540. Registered Office: 148 OLD STREET,
LONDON EC1V 9HQ.
Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS) Limited,
or from Fujitsu Telecommunications Europe Limited, together "Fujitsu".
This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and
may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it
is virus-free.
Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London W1U
3BW.
Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London W1U
3BW.
PFU Imaging Solutions Europe Limited, registered in England No 1578652, registered office Hayes Park
Central, Hayes End Road, Hayes, Middlesex, UB4 8FE.
Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office Solihull
Parkway, Birmingham Business Park, Birmingham, B37 7YU.
WBD_000781.000008