WITNO05970127
WITN05970127
RESTRICTED - COMMERCIAL
Potential exposures from removal of DSS requirements/new contract
Security
DSS security standards (DITSS) are
considerably better defined than the
referenced PO/POCL standards.
Any removal of the DSS standards
may render us exposed.
Retain reference to DSS security standards
Substitute fuller standards (not yet
available)
Data Protection
DSS had detailed requirements for
compliance with Data Protection Act
and provision of information for
subject access requests.
(Min)
Check if POCL are exposed - DSS
requirement was specific due to large
customer database etc
Availability of Fraud Information
POCL were intended to obtain
information from Pathway’s FRMS.
from DSS, as POCL had not contracted
for this information from Pathway.
Although much of this information is
not longer relevant with the removal of
BPS, some elements (eg out of hours
transactions) may still be desirable to
obtain.
POCL raise Change Request on Pathway
for provision of required information
Source information from TIP (assuming all
data that is required is already passed
from Pathway
Commercial Audit/Charging
The revision of the charging structure
will require changes to the invoicing
arrangements. POCL will need to be
able to audit these revised processes.
jf/Potential Exposures
03/06/1999 18:58:00
Page 1 of 2
WITNO05970127
WITN05970127
RESTRICTED - COMMERCIAL
OAS (OBCS Access Service)
The link from DSS (ESNCS) to
Pathway’s central system was based on
the CAPS link functionality (CAS) and
is specified within a DSS only
requirements (R956).
We need to ensure that rights of
access/audit are maintained despite
the removal of the CAS requirement.
Introduce Requirement into new contract
Check that no audit/controls rights lost
OBCS use of PCHL
Certain OBCS operations were
believed to be going to use the PCHL
helpdesk.
Check nothing lost
jf/Potential Exposures
03/06/1999 18:58:00
Page 2 of 2