eircom’s regulatory governance model (rgm) · pdf fileeircom’s regulatory...

Industry Update

on

eircom’s Regulatory Governance Model

(RGM)

August 2015

Prepared by:

Head of Compliance & Equivalence (C&E)

eircom

Industry Update on eircom’s RGM August 2015

Confidential of 106

Contents Page

1 Revision history of Report .................................................................................................................................... 3 2 Introduction ........................................................................................................................................................... 6

BACKGROUND TO THE REPORT ......................................................................................................................... 6 2.1 PURPOSE AND SCOPE OF THE REPORT ............................................................................................................. 6 2.2

3 Executive Summary .............................................................................................................................................. 7 KEY UPDATES ................................................................................................................................................. 7 3.1 KEY CONCLUSIONS AND RECOMMENDATIONS .................................................................................................. 15 3.2

4 Appendix 1 Update on Code of Practice (COP) ................................................................................................. 17 INTRODUCTION .............................................................................................................................................. 18 4.1 PROGRESS TO DATE ...................................................................................................................................... 19 4.2 COP ENHANCEMENTS ................................................................................................................................... 21 4.3 CONCLUSIONS ............................................................................................................................................... 22 4.4

5 Appendix 2 Update on BU Processes Compliance Reviews ............................................................................. 23 INTRODUCTION .............................................................................................................................................. 24 5.1 STATEMENTS OF COMPLIANCE (SOCS) ........................................................................................................... 24 5.2 ANALYSIS OF CONTROLS CONTAINED IN THE SOCS .......................................................................................... 36 5.3 ANALYSIS OF RAP CHANGE REQUEST PROCESS ............................................................................................. 39 5.4 CONCLUSION OF ANALYSIS OF RAP CHANGE REQUEST PROCESS .................................................................... 48 5.5 LIST OF EQUIVALENCE ISSUES ........................................................................................................................ 49 5.6 CONCLUSIONS OF EQUIVALENCE ISSUES ......................................................................................................... 59 5.7 LIST OF KEY DIFFERENCES WHICH ARE JUSTIFIABLE CONTAINED IN THE SOCS .................................................... 60 5.8

6 Appendix 3 Update on Key Performance Indicators .......................................................................................... 68 ANALYSIS OF KEY PERFORMANCE INDICATORS (KPIS) ..................................................................................... 69 6.1

7 Appendix 4 Update on Generic Information Flows ............................................................................................. 74 INTRODUCTION .............................................................................................................................................. 75 7.1 STRUCTURED INFORMATION FLOW .................................................................................................................. 75 7.2 UNSTRUCTURED INFORMATION FLOWS ............................................................................................................ 82 7.3 CONCLUSIONS ............................................................................................................................................... 84 7.4

8 Appendix 5 Update on Internal Compliance Reviews/Investigations ................................................................. 86 INTRODUCTION .............................................................................................................................................. 87 8.1 COMPLIANCE REVIEWS .................................................................................................................................. 87 8.2 WHISTLE-BLOWER ......................................................................................................................................... 87 8.3 OPEN C&E INTERNAL COMPLIANCE REVIEWS/ INVESTIGATIONS ........................................................................ 88 8.4 CONCLUSIONS ............................................................................................................................................... 88 8.5

9 Annex 1: Compliance Review of Change Control .............................................................................................. 89 INTRODUCTION .............................................................................................................................................. 90 9.1 SCOPE .......................................................................................................................................................... 90 9.2 APPROACH/METHODOLOGY ............................................................................................................................ 91 9.3 WHOLESALE RAP – REVIEW OF EVIDENCE OF CONTROL .................................................................................. 92 9.4 TED - REVIEW OF EVIDENCE OF CONTROL ...................................................................................................... 96 9.5 NETWORKS– REVIEW OF EVIDENCE OF CONTROL ............................................................................................ 97 9.6 EIRCOM CONSUMER – REVIEW OF EVIDENCE OF CONTROL ............................................................................... 99 9.7 CONSUMER CUSTOMER OPERATIONS – REVIEW OF EVIDENCE OF CONTROL .................................................... 100 9.8 EIRCOM BUSINESS– REVIEW OF EVIDENCE OF CONTROL ................................................................................ 101 9.9

WHOLESALE MNS – REVIEW OF EVIDENCE OF CONTROL ............................................................................... 104 9.10 CONCLUSIONS ............................................................................................................................................. 105 9.11


Confidential of 106

1 Revision history of Report

The following table will be updated each time there is a new version of this Report to record history of the Report

and for Audit purposes.

Version

No

Date Revised by: Basis for version / revision

1 10/08/2015 J Styles First Version


Confidential of 106

List of Figures Page

Figure 1: Rules on sharing Confidential Regulated information ................................................................................................... 7

Figure 2: Rules on sharing Confidential Wholesale Customer information .................................................................................. 8

Figure 3: Completion of COP Training by reporting level .............................................................................................................. 8

Figure 4: Completion of COP Training by business unit ................................................................................................................ 9

Figure 5: Business Process Reviews – Key Processes .................................................................................................................... 9

Figure 6: Source of RAP Change Requests .................................................................................................................................. 10

Figure 7: RAP Change Requests by Status ................................................................................................................................... 10

Figure 8: “Open” RAP Change Requests by Average Age ............................................................................................................ 11

Figure 9: Difference between Original & Current Target Date for Equivalence Issues ............................................................... 11

Figure 10: Supply KPIs for SB-WLR v’s PSTN ................................................................................................................................ 12

Figure 11: Repair KPIs for SB-WLR v’s PSTN ................................................................................................................................ 12

Figure 12: Supply KPIs for Bitstream v’s Broadband ................................................................................................................... 13

Figure 13: Repair KPIs for Bitstream v’s Broadband.................................................................................................................... 13

Figure 14: Progress on System Controls ...................................................................................................................................... 14

Figure 15: Overview of the operation of change controls by BU ................................................................................................ 15

Figure 16: Rules on sharing Confidential Regulated information ............................................................................................... 18

Figure 17: Rules on sharing Confidential Wholesale Customer information .............................................................................. 19

Figure 18: Completion of COP Training by reporting level .......................................................................................................... 19

Figure 19: Completion of COP Training by business unit ............................................................................................................ 20

Figure 20: Number of COP Queries received .............................................................................................................................. 21

Figure 21: Regulatory Pillars of the revised COP ......................................................................................................................... 21

Figure 22: Business Process Reviews – Key Processes ................................................................................................................ 26

Figure 23: Change Control – Key Processes ................................................................................................................................ 29

Figure 24: Source of RAP Change Requests ................................................................................................................................ 39

Figure 25: RAP Change Requests by Status ................................................................................................................................. 40

Figure 26: RAP Change Requests by Average Age (Number of days) .......................................................................................... 41

Figure 27: “Open” RAP Change Requests by Average Age .......................................................................................................... 42

Figure 28: “Closed” RAP Change Requests by Average Age ........................................................................................................ 42

Figure 29: Age of Equivalence Issues .......................................................................................................................................... 59

Figure 30: Difference between Original & Current Target Date for Equivalence Issues ............................................................. 59

Figure 31: Supply KPIs for SB-WLR v’s PSTN ................................................................................................................................ 70

Figure 32: Repair KPIs for SB-WLR v’s PSTN ................................................................................................................................ 70

Figure 33: Supply KPIs for Bitstream v’s Broadband ................................................................................................................... 71

Figure 34: Repair KPIs for Bitstream v’s Broadband.................................................................................................................... 71

Figure 35: Supply KPIs for NGA Operators v’s Downstream ....................................................................................................... 72

Figure 36: Repair KPIs for NGA Operators v’s Downstream ........................................................................................................ 73

Figure 37: Status of System Controls .......................................................................................................................................... 83

Figure 38: Overview of the operation of change controls by BU .............................................................................................. 106


Confidential of 106

List of Tables Page

Table 1: Key conclusions and mitigations ................................................................................................................................... 16

Table 2: Summary eircom Wholesale RAP PDC Process.............................................................................................................. 31

Table 3: List of Controls per Market ............................................................................................................................................ 36

Table 4: List of Controls per Business Unit .................................................................................................................................. 36

Table 5: List of Individual Controls per Business Unit ................................................................................................................. 37

Table 6: List of GAP Controls per Market .................................................................................................................................... 37

Table 7: List of GAP Controls per Business Unit .......................................................................................................................... 37

Table 8: List of Individual GAP Controls per Business Unit ......................................................................................................... 38

Table 9: “Open” RAP Change Requests > 12 months .................................................................................................................. 48

Table 10: List of Equivalence Issues ............................................................................................................................................ 58

Table 11: Key Differences contained in the SoCs ........................................................................................................................ 67

Table 12: List of Groups for the Systems Review project ............................................................................................................ 76

Table 13: List of Data Categories for the System Review project ............................................................................................... 77

Table 14: List of Risk Definitions for the System Review project ................................................................................................ 77

Table 15: List of Risks Identified in System Review project ........................................................................................................ 78

Table 16: List of Controls Identified in System Review project ................................................................................................... 81

Table 17: List of System Controls* per Business Owner ............................................................................................................. 82

Table 18: List of Open and Closed C&E Internal Reviews and Investigations ............................................................................. 88


Confidential of 106

2 Introduction

Background to the Report 2.1

One key element of eircom’s Wholesale Reform Programme is the development of an enhanced Regulatory

Governance Model. It was envisaged that this element of eircom’s Wholesale Reform programme would take three

years to complete in full before all elements are fully integrated into business as usual activity (BAU). Currently

eircom is in year three.

The Regulatory Governance Model contains three main strands as follows:

1. A Group Wide Code of Practice (COP) dealing with eircom’s Access and Non-Discrimination Obligations.

2. A Business Unit Process Compliance review programme to ensure our day to day processes are

compliant with the COP by implementing the necessary Regulatory Controls, the output of which is a

Statement of Compliance (SoC).

3. Independent Regulatory Compliance & Audit Reports prepared by the Head of C&E and the Head of IA

based on their internal reviews to the Board Wholesale Reforms Committee on a six monthly basis to

facilitate Board level oversight and direction setting of compliance.

The Wholesale Reform Programme was offered to ComReg in 2011 on a voluntary basis as part of eircom’s

strategic engagement on key regulatory and public policy issues to deliver:

1. A stronger working relationship with ComReg/Industry by ensuring our processes are non-discriminatory

thereby reducing Wholesale Customer complaints and resulting ComReg sanctions/fines

2. Behavioural change required to position eircom as a trusted and proactive supplier of Wholesale Services

3. To benefit from the EU Commission’s stated commitment that the Framework would acknowledge robust

non-discrimination arrangements with more flexible regulation in pricing and product development in the

retail market.

Purpose and Scope of the Report 2.2

The purpose of this Report is to provide evidence to Industry on how the enhanced Regulatory Governance Model

is being implemented and to highlight key trends and issues. The Report is based on the May 2015 Regulatory

Compliance & Audit Report. This Report covers the progress as at May 2015. Developments since May 2015 will

be covered in the next Report. The next report to Industry is due in January 2016


Confidential of 106

3 Executive Summary

Key Updates 3.1

3.1.1 Update on Code of Practice (COP) [See Appendix 1 for further details]

The COP and associated online training module continues to be a very effective method of how RAP

information needs to be protected. The Figures below illustrate the processes to be followed.(See Fig 1&2)

Figure 1: Rules on sharing Confidential Regulated information


Confidential of 106

Figure 2: Rules on sharing Confidential Wholesale Customer information

A high level of training take up has being achieved across the reporting levels and Business Units

generally. (See Fig 3&4)

Figure 3: Completion of COP Training by reporting level

0.00%

20.00%

40.00%

60.00%

80.00%

100.00%

End of September '14 April '15

Completion of Online COP Training by reporting level

Level 0 & 1 Level 2 & 3 Level 4, 5 & 6 Other (~contractor)


Confidential of 106

Figure 4: Completion of COP Training by business unit

Building on the lessons learned to date the COP is being expanded to cover our Transparency, Pricing

and Consumer obligations. It is planned that an updated COP is targeted for June 2015 followed by further

training.

3.1.2 Update on BU Processes Compliance Reviews [See Appendix 2 for further details]

BU Process Compliance Reviews based on the product life cycle continues to be completed. Statements of

Compliance (SoCs) are submitted to ComReg each time a new RAP product is launched or change is made to an

existing RAP. Three revised SoCs were submitted to ComReg during this period together with an update to all the

SoCs in March 2015 following the December 2014 Report.

Figure 5: Business Process Reviews – Key Processes

0.00%

20.00%

40.00%

60.00%

80.00%

100.00%


Completion of Online COP Training by business unit

Wholesale Consumer (Consumer & Customer Operations)

Business Technology (TED & Networks)

Central Services Contractor


Confidential of 106

The output of the reviews to-date in April 2015 can be summarised as follows:

142 Access Requests have been processed between October 2013 and April 2015 with the highest

number being received from other Operators (See Fig 6)

Figure 6: Source of RAP Change Requests

The treatment of Operator Requests compares very favourably with that of eircom Downstream Business

(See Fig 7)

Figure 7: RAP Change Requests by Status

0

10

20

30

40

50

60

Downstream Operators Upstream

Nu

mb

er

of

Re

qu

est

s

Number of Requests Oct '13 - Apr '15

0

5

10

15

20

25

30

1.Request 2.Accept asConcept

3.UnderReview

4.InDevelopment

5.Rejected 6.Delivered 7.Cancelled

Nu

mb

er

of

Re

qu

est

s

Current Status of RAP Change Requests

DownstreamOperatorsUpstream

Oct '13 - Apr '15


Confidential of 106

There are 15 Access Request open for more than 1 year which now need to be reviewed to determine if

they are being processed in a reasonable timeframe. (See Fig 8) A further analysis will be completed to

determine whether Access requests waiting to be delivered and those delivered are dealt with in a non-

discriminatory way and issues that could have a material impact on the outcome are taken into account,

such as parked time. The output of this analysis will be included in the next report in January 2016.

Figure 8: “Open” RAP Change Requests by Average Age

All Equivalence Issues (Capabilities provided to our Downstream Business not available to other

Operators) need to be closed by December 2015 to ensure a robust Regulatory Governance Model (See

Fig 9)

Figure 9: Difference between Original & Current Target Date for Equivalence Issues

0

5

10

15

20

25

30

1-3 months 4-6 months 6-9 months 10-12 months >1YEAR

Nu

mb

er

of

Re

qu

est

s

Age of Open Requests - in status "Requested", "Accept as concept", "Under

review" and "In development"


Oct '13 - Apr '15


Confidential of 106

3.1.3 Update on Key Performance Indicators [See Appendix 3 for further details]

On a quarterly basis eircom publishes KPIs on the supply and repair of RAP products supplied to Operators

compared to the equivalent inputs consumed by our Downstream Business to show they are provided on a non-

discriminatory basis. The published KPI covering July 2014 to December 2014 show the following:

The supply and repair of Wholesale SB-WLR compared with Retail PSTN is broadly similar (See Fig

10&11)

Figure 10: Supply KPIs for SB-WLR v’s PSTN

Figure 11: Repair KPIs for SB-WLR v’s PSTN


Confidential of 106

The supply of Wholesale Bitstream compared to Retail Broadband is broadly similar (See Fig 12)

Figure 12: Supply KPIs for Bitstream v’s Broadband

The 2 Day repair performance of Retail broadband were approximately 5% better compared with

Wholesale Bitstream in November 2014, and the reasons for this are currently being reviewed.(See Fig

13) The output of this review will be included in the next report in January 2016.

Figure 13: Repair KPIs for Bitstream v’s Broadband

3.1.4 Update on Generic Information Flows [See Appendix 4 for further details]

eircom continues to ensure that all Confidential Regulated Information and Confidential Wholesale Customer

Information retained by eircom in either structured or unstructured form is only disclosed in compliance with the

agreed Regulatory Governance Model.

The Structured Information Flows work stream has identified 6 generic risks where non-discrimination could take

place and 7 generic controls to mitigate these risks.

Progress is taking place to close out the risks identified. (See Fig 14)


Confidential of 106

Figure 14: Progress on System Controls

3.1.5 Update on Internal Compliance Reviews / Investigations [See Appendix 5 for further details]

Three internal Reviews/Investigations opened during the period and three closed during the period leaving five

remaining open.

In addition C&E has carried out a compliance review of Change Control and the output of this review is included in

Annex 1 of this Report. Key findings and recommendations are as follows:

Overall the key controls that were designed to ensure change requests impacting RAP adhere to the

approved processes, operated effectively in the period under review. However, there is also evidence that

controls in our Retail downstream business are operating less effectively than required (See Fig 15 below).

This may be as a result of changes in personnel or the interpretation of controls by control executors.

A briefing of Control Owners and Control Executors on the importance of eircom’s Regulatory Governance

Model and the importance of controls is essential. In other areas controls should be enhanced to improve

transparency around decisions and the analysis of output undertaken to clearly demonstrate compliance

with our non-discriminatory obligations.

C&E will work with the business units to ensure the recommendations outlined are fully implemented and

that the revised controls are included in the next six monthly update of the SoCs to ComReg scheduled for

July 2015. A follow up review will be undertaken to ensure that all controls are operating effectively.

2

3

2

Status of System Controls

Pending Close On-target Delayed


Confidential of 106

Figure 15: Overview of the operation of change controls by BU

Key Conclusions and Recommendations 3.2

Having reviewed the outputs from the work streams and internal investigations it is clear that progress has been

made in a number of areas including the following:

COP - driving a compliance culture

Robust Process to deal with Access Requests

Provisioning and Repairing RAP products being carried out on a non-discriminatory basis

Bedding in of the Regulatory Controls into BAU

It is also clear that a number of Risks are emerging that need to be addressed to ensure a robust Regulatory

Governance Model as follows:

12

6 6

1 1

5

9

2

2

11

Wholesale TED Networks Consumer CustomerOperations

eircomBusiness

Overview of the operation of change controls by BU

Operated effectively Did not operate effectively


Confidential of 106

Risk

Number

Risk to achieving robust

Regulatory Governance Model Description

1

Training on workings of

Regulatory Governance Model

There is a material Compliance Risk that eircom could fail to operate their

controls effectively caused by Control owners and Control executors not fully

understanding the Regulatory Governance Model.

This Risk is increased during periods of staff changing roles.

Mitigation eircom Senior Management Team (SMT) has agreed that all relevant L1 and

L2 managers are mandated to attend a C&E detailed briefing.

2

Access and Equivalence

Issues

There is a material Compliance Risk that eircom could be found to have failed

to respond to Access Requests and close Equivalence Issues in a timely

manner.

Mitigation

SMT has agreed that the relevant L1 owners will urgently call a meeting with

the internal stakeholders to close out these Compliance Risks and include

any revisions in the next Update to SoCs scheduled for July 2015.

3

Programmes

There is a material Compliance Risk that eircom could bypass the Regulatory

Controls caused by SMT initiating Programmes outside the normal Change

Control process for products.

Mitigation

SMT has agreed that any Programme that might have an impact on our

Statements of Compliance should first be reviewed by C&E who can advise of

any steps required to ensure compliance and that this review will be facilitated

by the SMT Programme Sponsor.

Table 1: Key conclusions and mitigations


Confidential of 106

4 Appendix 1 Update on Code of Practice (COP)


Confidential of 106

Introduction 4.1

eircom’s COP is based around the following three principles:

All of our customers – both internal and external – have the same opportunities to influence RAP products

and services.

All customers that deal with eircom Wholesale must be confident that eircom’s own downstream

businesses do not see confidential wholesale customer information.

RAP services provided externally must be of the same quality and with the same information made

available, at the same time, as the services provided to eircom’s downstream businesses which consume

RAP Services.

The COP is supported by custom built online and offline training modules together with a COP Queries help line

and a “whistle – blowing” facility. COP training is mandatory for all eircom employees, agents and contractors.

The diagrams below show:

the rules that apply when Downstream Businesses request information that is considered Confidential

Regulated information, and how the Upstream Businesses make this information available to all operators

including Downstream Businesses under the same conditions.

the rules that apply when managing Confidential Wholesale Customer Information

Figure 16: Rules on sharing Confidential Regulated information


Confidential of 106

Figure 17: Rules on sharing Confidential Wholesale Customer information

Progress to date 4.2

The COP online training has proved a very successful method of delivering the Wholesale Reforms –

Regulatory Governance message around access and non-discrimination.

See graph below re current completion of Online COP training across internal reporting levels.

Figure 18: Completion of COP Training by reporting level

0.00%

20.00%

40.00%

60.00%

80.00%

100.00%


Completion of Online COP Training by reporting level

Level 0 & 1 Level 2 & 3 Level 4, 5 & 6 Other (~contractor)


Confidential of 106

See graph below re current completion of Online COP training by Business Unit.

Figure 19: Completion of COP Training by business unit

Note the fall in the Consumer figure is primarily due to 94 retail resources that have not yet completed the Online

training at the time of this report.

0.00%

20.00%

40.00%

60.00%

80.00%

100.00%


Completion of Online COP Training by business unit

Wholesale Consumer (Consumer & Customer Operations)

Business Technology (TED & Networks)

Central Services Contractor


Confidential of 106

COP Queries

An increase of COP queries arose in Jan ‘15 when access to the OPS Site was unavailable to some

Networks Staff using their Blackberries which in turn gave rise to queries into the COP help desk. (See

graph below).

Figure 20: Number of COP Queries received

COP Enhancements 4.3

eircom is in the process of modifying the COP so that it will cover the 5 main pillars of regulation to

address the compliance risk identified with the lack of training in the December 2014 Compliance and

Audit Report.

Figure 21: Regulatory Pillars of the revised COP

COP – Training

The updated COP and associated training module is target for completion by Q4 of the 2014/2015

financial year.

Rollout of the training will commence in Q1 of the 2015/2016 financial year.

Acce

ss

No

n-D

iscri

min

atio

n

Tra

nspare

ncy

Pricin

g

Co

nsu

mer


Confidential of 106

Conclusions 4.4

Training levels for external contractors still requires close monitoring to ensure continued high levels of

take up.

Improvements need to be made to the accuracy and completeness of the eircom staff information provided

to the Online Training platform.

Rollout of the new COP training will reinforce the lessons learnt on Access and Non-discrimination, and

provide new valuable learning when dealing with Transparency, Pricing and Consumer obligations.


Confidential of 106

5 Appendix 2 Update on BU Processes Compliance Reviews


Confidential of 106

Introduction 5.1

Based on the principles of the COP eircom has carried out a review of all the processes that are used to support

regulated products provided to other Operators and the processes used to support Downstream Products that

contain regulated inputs to ensure they are non-discriminatory. These review followed the following key steps:

Identification of differences that could not be justified which were labelled as Gaps and associated

Controls were put in place to address these Gaps (Equivalence issue)

Identification of risks that could become Compliance issues and associated Controls to mitigate against

these risks

Identification of differences that were justifiable

The output of the above reviews formed the basis of the Statements of Compliance (SoCs) which were submitted

to ComReg for each of the regulated markets. These SoCs are kept up to date and submitted to ComReg as part

of business as usual. These controls are now part of business as usual with the relevant Level 1 Senior Manager

self-certifying on a Quarterly basis that the controls are operational. The controls are now also subject to

Compliance and Audit reviews on a six monthly basis.

Statements of Compliance (SoCs) 5.2

As part of the Wholesale Reforms Programme a core team was assembled involving personnel from the

Programme and Subject Matter Experts (SMEs) from eircom Wholesale (RAP), Technology Evolution and

Development (TED) and Compliance and Equivalence (C&E) to review the BU processes. As eircom had an

obligation to provide a Statement of Compliance with regard to our Next Generation Access Wholesale Broadband

Access (NGA-WBA) product by 30th September 2013, the NGA-WBA product was taken first. Subsequently eircom

engaged with IBM in order to gain access to their expertise in process discovery, analysis, and documentation,

with a view to accelerating the accurate creation of Statements of Compliance.

To date eircom has issued Statements of Compliance (SoCs) for the products/services that eircom is obliged to

offer based on SMP designations in each the relevant markets:

Market 5 Next Generation Access Wholesale Broadband Access (NGA WBA) – 30th September 2013

Market 6 Terminating Segments of Leased Lines (NGN Ethernet) – 5th June 2014

Market 1 Retail Fixed Narrowband Access (RFNA) – 4th July 2014

Market 5 Current Generation Access Wholesale Broadband Access (WBA) – 4th July 2014

Market 4 Wholesale Physical Network Infrastructure Access (WPNIA) – 4th July 2014

Market 6 Terminating Segments of Leased Lines (Non-NGN Leased Lines) - 4th July 2014

Systems Reviews (Covering each of the Regulated Markets) – 22nd

September 2014

The purpose of these SoCs is to demonstrate eircom’s compliance with its non-discrimination obligations. The

SoCs also describe how eircom is implementing transparent and verifiable monitoring of the business processes to

ensure continued compliance.


Confidential of 106

5.2.1 Submitting updated Statements of Compliance to ComReg

As part of notifying a new product or changes to an existing product eircom is required to submit a written

Statement of Compliance adequately demonstrating its compliance with its non-discrimination obligations:

in the case of any offer of a new Next Generation WPNIA / WBA product, service or facility, seven (7)

months in advance of it being made available;

in the case of any amendment or change to an existing Next Generation WPNIA / WBA product, service or

facility, three (3) months in advance of it being made available;

or otherwise as or when required by ComReg.

eircom has also committed to providing Statements of Compliance in the other regulatory markets in line with the

transparency obligations in those markets.

In addition to the original SoCs eircom has submitted a further number of Statements of Compliance to support the

following new product launches and for product changes that occurred in since these SoCs were submitted.

NGA Extended Reach – 03rd

October 2013

NGA Vectoring 15th – November 2013

NGN Ethernet >1Gb EF&AF – 12th September 2014

NGN Ethernet 10G WEIL IBH ISH 1+1 Protection – 28th October 2014

WPNIA Duct Access – 18th November 2014

NGA FTTH Upgrade – 30th January 2015

Bitstream Ethernet Connection service (BECS) via WEIL – 20th March 2015

NGA WBA VDSL Ethernet Access (VEA) – 2nd

April 2015

In Q1 2015 eircom provided ComReg with updates to the SoCs with an explanation of the key changes to the

previous SoCs. eircom has committed to providing such updates on a 6 monthly basis.

Over time some of the Control Descriptions may need to be amended to reflect changes that may have happened

since their creation. There are 3 main activities that will influence and change the Controls under BAU.

Quarterly Self Certification

Internal Audit conducts self-certification with L1 Senior Manager / Control owners every three months.

This may give rise to changes or additions to the controls – as the business processes evolve, IT

development is delivered or new risks arise.

IT end-to-end development process for Remediation requests

Remediation may be completed over a number upcoming IT releases. Once delivered, these

developments may have a bearing on the published Control. In many cases, the Control will no longer be

required. In others, the Control may need to be changed as a result of the automation.

BAU Product development, learning’s, investigations, regulatory issues, etc. A variety of changes and

incidents may arise through the on-going use of a product or process. Developments in the marketplace

may give rise to a requirement to change a Control.


Confidential of 106

The update that is provided to ComReg contains a description of the key changes to the Risks/Controls as a result

of these activities and is set out under the following headings:

New Risks and Controls

Retired Risks and Controls

Other updates

5.2.2 How the Statements of Compliance are created

In order to develop the detail required to demonstrate compliance with eircom’s non-discrimination obligations, the

following general processes are reviewed and assessed for compliance:

Change control processes

Ordering (including pre-ordering)

Provisioning

Repair (including fault reporting)

Figure 22: Business Process Reviews – Key Processes

Each of these processes was assessed with regard to:

Information

Performance

Process/Systems

Features

These processes and a summary of the controls contained within each are described in more detail below.

Change Control

(incl. new products)

Ordering

(incl. pre-ordering)

Provisioning

Fault Reporting

(incl. Fault Repair)


Confidential of 106

5.2.3 Identification of Differences & Risks

During the reviews "issues" are identified and evaluated on a case by case basis to determine whether the issue is

a risk or a GAP or not material and could be justified. The criteria for determining whether an issue becomes a

"Risk" include the following:

Is the issue in the Market? (Y/N) - If "No" the issue is dropped

Is the issue a GAP from regulatory non-discrimination perspective i.e. a potential compliance issue (e.g.

eircom Retail access to TIS information on Saturdays when the equivalent information is not available to

other operators?) - If "Yes" then any existing control is assessed to see if it is adequate and effective. If no

adequate / effective control in place then the issue becomes an Equivalence issue/GAP that needs

resolution.

Is the issue a RISK that non-discrimination could take place e.g. does the issue relate to a manual step in

a process (e.g. the repairing of faults in the network)? If "Yes" then the issue is assessed to determine if it

is material or not. - If the issue is material and cannot be justified then the Issue becomes a Risk that

needs resolution.

Is the issue a difference between the RAP and downstream processes (e.g. how the logical connectivity

is pre-configured for eircom Retail NGA but other operators need to submit orders to do so)? - If "Yes"

then the issue is assessed to determine if it is material, and if so, can the difference be justified? If the

issue is not material or can be justified then the Issue is parked.

On the basis of these reviews a number of GAPs and RISKS may be identified and Controls are put in place to

mitigate them.

The L1 Senior Manager that had responsibility for the RISK/GAP signs a Statement of Compliance that they have

completed the review and are satisfied that the process to identify the risk/gaps is reasonable and that they will

operate the Controls to mitigate the RISK/GAP as described in the Controls Description.

5.2.4 Identification of Controls

In general the controls are broken into the following categories:

Preventative (process / system change to remove the risk)

Detective (metrics/checks to identify if the risk has materialised)

Mitigation (instruction to follow particular process)

Remediation (system / process changes that will be implemented in future)

The choice of control type is dependent on the risk identified. For example

If there is a GAP e.g. that a downstream business can access network performance reports containing

RAP information which is not available to other operators - then the control implemented may be

“Preventative” to stop the supply of report until the equivalent information can be made available to all

operators;

If there is a RISK that non-discrimination can take place e.g. with the repair of faults even though the

repair processes appears to be non-discriminatory the control implemented may be “Detective” to run


Confidential of 106

reports on the fault repair performance to confirm that the equivalent level of performance is being

provided to downstream businesses as is being provided to other operators;

If there is a RISK that downstream businesses can access wholesale customer information until a system

fix has been implemented the control chosen may be a “Mitigation” for the Level 1 Senior Manager to

issue an instruction to those who may access this information to desist from doing so;

If there is a risk that a downstream business can access wholesale customer information which required

system development to rectify then the control may be a “Remediation” to identify the wholesale customer

information and to restrict inappropriate access. For different GAPs/RISKs identified there may be multiple

interim controls implemented to manage the issue until the long term remediation is completed.

5.2.5 Impact of the Statements of Compliance on Business Processes

5.2.5.1 Impact on Change Control processes

When eircom submitted its SoCs it made a commitment to ComReg that any new / changes to products or

services (by downstream or upstream businesses) that may impact the eircom Wholesale RAP products or

services must be assessed and approved by eircom Wholesale RAP and eircom Regulatory Operations prior to a

change taking place.

The processes used within eircom to develop products that require changes to be made to eircom Wholesale

Regulated Access Products have many controls in place to ensure that:

All proposed new or changes to downstream products are assessed and a determination is made whether

a RAP development is required or not.

If RAP development is required then the downstream products cannot launch until the RAP component is

already launched

RAP information about new developments or changes to existing RAP product is not provided to a

downstream business in advance of it being made available to all operators

When a downstream business has a requirement to develop a new or make a change to their existing products

they can discuss their requirement with Regulatory Operations to determine if it is clearly outside the regulated

space. If the change or new product is clearly outside the regulated space then the business unit can proceed to

develop their requirement otherwise the downstream business is advised to submit their requirement to the eircom

Wholesale RAP Change Request process.

As part of the commitment to ComReg, eircom advised that it would use the following processes to manage its

non-discrimination obligations.

RAP Change Request Process

RAP PDC Process

TED E2E & WR Processes

Downstream Business PDC Processes

Downstream Tenders and Contracts Processes


Confidential of 106

These are described in more detail below:

Figure 23: Change Control – Key Processes

5.2.5.1.1 RAP Change Request Process

eircom Wholesale RAP has put in place a process for managing changes to regulated products. This process

ensures that all requests for product/service features that may require changes to RAP Products are captured,

assessed and accepted or rejected in a non-discriminatory manner. This includes requests for new reports or

information on products/services that are based on RAP inputs.

When a request for a product/service feature is received by eircom Wholesale RAP, an acknowledge receipt is

sent to the requestor advising that their request for RAP change has been received. eircom Wholesale RAP then

log the requirement and in conjunction with Regulatory Operations and Technology follow a process to assess

each request, in accordance with our obligations:

Determine if components of the new service falls within a Regulated Market. If the request falls within a

Regulated Market then the process moves to the next step as follows:

Determine if a RAP change is technically feasible

Determine if the proposed RAP change is economically viable1

1 Note: Prior to refusing a request due to economic reasons eircom Wholesale RAP will bring the request to the relevant

industry forum where additional information could be sought from operators, including possible demand for such a request.

RAP Change Request Process

•All requests for product changes that may impact RAP

Products assessed

RAP PDC

•RAP Products developed in line with Regulatory Obligations

T&ED E2E Process

•All products brought through E2E process assessed to

confirm compliance with non-discrimination obligation

Downstream PDC

•Downstream Products developed in line with Regulatory Obligations

Downstream Tenders and Contracts Processes

•All Tenders/Contracts containing non-standard

products assessed to confirm compliance with non-

discrimination


Confidential of 106

eircom Wholesale RAP completes a Customer Response Document (CRD) template outlining eircom Wholesale

recommendation on the change request and rationale for decision. The CRD is signed off with Regulatory

Operations and Technology.

If accepting the request, eircom Wholesale RAP notify all Operators of the proposed development at the same

time through circulation and/or publication on eircom Wholesale website of the following:

Product Information Notice

Product Roadmap

Draft Product Documentation

This description may include key features, timeframe for development and an estimate of the prices. Following this

notification eircom Wholesale RAP will circulate the CRD to the requestor. The request is then progressed through

the internal processes (E2E and eircom Wholesale RAP PDC) to further develop the technical feasibility and

economic viability of developing the request. Further updates are provided to the industry forums by eircom

Wholesale RAP.

If rejecting the request, eircom Wholesale RAP will notify requestor for the reason for the rejection:

Request not in market

Request not technically feasible

Request not economically viable1

Request is already supported by the existing RAP Product portfolio

5.2.5.1.2 RAP PDC Process

eircom Wholesale RAP also operates a Product Development Council to ensure that the relevant functional areas

involved in the day to day operational management of products have input to, reviewed the necessary processes

and systems, and are satisfied that the necessary processes, people and systems are in place to support the

product post launch. The eircom Wholesale RAP PDC council focus is one of functional and operational readiness.

Commercial decisions relating to RAP products are outside the scope of its terms of reference. Launch cannot

take place without Regulatory Operations approval confirming that the product meets our regulatory obligations.

There are 4 stages involved with the eircom Wholesale RAP PDC process. These are as follows:


Confidential of 106

Gate Purpose of stage Stage approval means

Gate 1 Approve outline proposition, establish project team and utilise e2e process to assign cross functional development resources.

PDC agreement to progress to next stage. People to work on project from functional areas confirmed.

Gate 2 Confirm operational and technical feasibility of product. Confirmation of design. Utilise CAPEX and e2e Process to ensure all development & operational costs & revenues are included and signed. Utilise Reg Ops Process to ensure Compliance and Notifications are executed.

Agreement on proposed process and system design and proposal is fit to proceed to next stage.

Gate 3 Develop and test the product by customer or network/system trial/tests. Ensure product is ready for launch.

Approved Test Results are satisfactory and product ready to functionally launch. Agreement that product is ready to Commercially Launch.

PIR Review the product performance is in line with predictions

Table 2: Summary eircom Wholesale RAP PDC Process

5.2.5.1.3 TED Work Request (WR) and End to End (E2E) Processes

eircom has put in place a number of processes that governs the timing, responsibilities, activities and documents

that are involved in moving IT-related business requirements from initial ideas through to a point where they are

ready for the IT Design stage to begin. These processes are referred to as the End-to-End (E2E) Process, Work

Request (WR) process and business prioritisation process. The E2E process covers project-sized requirements

which are defined as those that will need 20 days or more of IT development effort. WR process covers those

requirements estimated to need 19 days or less of IT development effort. The initial request in the E2E process

requires the completion of an Ideation Template which includes two questions which the requestor must answer

before submitting the form:

Does this request have a RAP impact? [yes]/[no]

If yes, has RAP approval to proceed been sought and received? [yes]/[no]

The same questions are also contained on the Works Request Template. The TED account partners for the

downstream businesses review the responses to these questions. If the response to the first question is “yes”

Ideation requests cannot proceed unless the second question is also “yes”. If RAP approval has not been received

the requestor is instructed to issue their request to eircom Wholesale RAP. TED in conjunction with eircom

Wholesale RAP and Regulatory Operations review the outcome of the End to End stages so that the RAP impacts

are correct. A record is kept of all proposals submitted to Ideation, HLC and Functional Design. This record

includes whether there is RAP impact and that approval has been received.


Confidential of 106

5.2.5.1.4 Downstream Business Product Development Councils (PDCs)

The role of eircom Wholesale MNS, Consumer and Business PDCs is to ensure that the relevant functional areas

involved in the development of products have input to and reviewed the necessary processes and systems

changes and are satisfied that the necessary processes, people and systems are in place to support the product

post launch. In addition these PDCs must ensure that the product developments are launched in line with their

regulatory obligations. eircom Wholesale RAP and Regulatory Operations are required to be in attendance at the

Downstream Business PDC meetings. The responsibility of these representatives is to ensure that the RAP inputs

have been identified. Launch cannot take place without eircom Wholesale RAP and eircom Regulatory Operations

approval confirming that the product meets our regulatory obligations.

5.2.5.1.5 Downstream Tenders and Contracts containing “non-standard” products

The eircom Downstream Bids Processes enable the Account Managers and Business Development Managers

(BDM) to respond quickly to a customer’s request, for either bespoke services or procurement of a large volume of

standard products. It draws senior management attention to the opportunity and ensures relevant skills are

prioritised to produce a compelling and winning proposition to put to the client. The bid process is predicated on

an approach of “sell first, build later”. Bids may be originated in a number of ways: sometimes the customer

undertakes a formal procurement exercise and issues Request for Proposal (RFP), Request for Quotation (RFQ),

Request for Information (RFI) or Pre-Qualification Questionnaire (PQQ) etc., occasionally it can be verbal, a series

of emails. No matter which route the customer chooses, it is mandatory to adopt the bid process.

Where the Bid response relies on products that were brought through the PDC it is considered as “standard”,

however where the Bid requires changes to these products such as terms and conditions, product features, prices

etc. then the Bid is considered “non-standard”. In these circumstances a Non-Standard Solution Assessment

Document will be populated. This document details questions to ensure that all non-standard Bids obtain

Regulatory and where required eircom Wholesale RAP approval before they are issued to the customers.

When a solution which includes a “non-standard” product is proposed, sign-off by Regulatory Operations is

required and sign-off by eircom Wholesale RAP may also be necessary. If the view by RAP and Regulatory is that

the “non-standard” product might have RAP implications then eircom downstream must submit a Customer

Request Form to eircom RAP to have the “non-standard” product assessed. If a RAP development is needed or

not, then this sign-off will confirm the fact.

If successful at bid stage, eircom downstream business will sign a contract for the supply of services as outlined in

the Bid. Where a contract that includes a “non-standard” product is proposed, sign-off by Regulatory Operations

and where necessary eircom Wholesale RAP is required. The account manager / BDM must ensure that all

orders/contracts logged as “non-standard” have received Regulatory Operations and where required eircom

Wholesale RAP approval.


Confidential of 106

5.2.5.1.6 Summary of Controls in Change Control

Within Change Control it was found that the provision of RAP information posed the greatest risk where non-

discrimination could take place. Therefore the main controls in Change Control relate to the downstream

businesses and operators following defined processes which require eircom Wholesale RAP and Regulatory

Operations approval in order to obtain new RAP information for existing / new products as follows:

1. Downstream Businesses seeking new reports/information on their services based on RAP products may

contact Regulatory Operations to seek confirmation that their proposal is clearly outside the RAP space,

otherwise they must follow the RAP Change Request Process

2. Downstream Businesses wishing to develop or amend downstream services that may have an impact on

RAP product may contact Regulatory Operations to seek confirmation that their proposal is clearly outside

the RAP space, otherwise they must follow the RAP Change Request Process

3. Downstream Businesses wishing to develop products must bring them through their PDC process to

ensure that they are developed with proper regulatory governance

4. Downstream Businesses wishing to engage in technology developments must bring their projects through

Works requests / E2E process. When submitting their requirement through these processes the PM must

confirm whether or not this project is RAP impacting. If it is then the PM must confirm that they have

RAP/Regulatory approval

5. At Ideation Phase – TED, RAP & Regulatory Operations, review all candidates and confirm that the project

has / has not RAP implications

6. Tenders / Bids and Contracts that contain non-standard products require eircom Wholesale RAP and

Regulatory Operations approval before being submitted to customers.

5.2.5.2 Impact on Pre-Ordering/Ordering Processes

Pre-ordering relates to information that an operator requires to enable them to submit an order for a RAP service.

Ordering relates to the mechanism for an operator to submit an order and for eircom to validate it and to accept

and send back an order acknowledgement. These are described in more detail below.

5.2.5.2.1 Pre-Ordering

eircom provides all Operators, including eircom’s downstream businesses, with network / RAP information that

they require to enable them to order the RAP services. This information is referred to as “Pre-Order” information

and can be provided in the form of bulk information, for example in NGA:

NGA Deployment Plan

o Summary of Exchanges, Aggregation nodes, approximate number of premises in scope and

number of planned cabinets.

o Details of when individual exchange areas are forecast to be available

o Forecast and Actual Ready for Order (RFO) dates

o Indicative details of FTTC cabinets within individual exchange areas


Confidential of 106

o Confirmation that individual NGA cabinets are landed / energised / commissioned, together with

an indicative forecast RFO for each cabinet based on average timeframes.

The “Advanced Pre-Qual File”

o A per Operator file confirming the available premises where Orders can be issued

Additional information (not specific to NGA services) is also made available to operators to enable them to

determine the appropriate orders to place in order to provide their RAP service on an order by order basis. The

main inquiry or information order types that are used by operators are:

Line Enquiry (LE) Order - returns the availability of infrastructure for the POTS Based element of the

product.

Query Account (QA) Order - returns the details of what services are on the line and also provides pre-

qual information if the operator specifies as a Broadband/NGA order type.

Pre-qual Order (PQ) - return the pre-qual information on the line including whether multicast is

available along with all products types that are available to the operator.

5.2.5.2.2 Summary of Controls in Pre-Ordering

In pre-ordering the main controls related to providing equivalent RAP information in equivalent timelines to all

operators and keeping Confidential RAP information secure before it is released to all operators including

downstream businesses on a non-discriminatory basis.

5.2.5.2.3 Ordering

The Unified Gateway is eircom Wholesale’s interface gateway with Operators (including eircom’s downstream

business units for all orders in relation to the provisioning or assurance of the NGA-WBA products). The UG

processes and validates the relevant orders and provides appropriate notifications for Acceptance and Delivery for

provisioning and fault management.

Downstream Businesses have alternative ordering mechanisms for ordering non-NGA RAP services. Many of

these interfaces were built prior to eircom’s regulatory obligations. eircom has designed the UG to provide the

equivalent functionality to operators as is available through these systems.

5.2.5.2.4 Summary of Controls in Ordering

The commitments made to ComReg regarding Ordering relate primarily to ensuring that equivalent features can be

ordered by operators and downstream businesses in equivalent timelines. In the context of NGA-WBA eircom

committed to downstream businesses using the same UG ordering interface as other operators and that this

performance would be monitored on a weekly basis to demonstrate that the same level of performance was

provided to all.


Confidential of 106

5.2.5.3 Impact on Provisioning Processes

Provisioning process for a RAP services relates to the processing of an order to provide the service through to

completion and notification back to the operator that the order is delivered. Some orders can be provided

automatically without manual intervention, for example, electronic enablement of an in-situ line. Other orders

require manual intervention, for example, the provision of a new PSTN line.

5.2.5.3.1 Summary of Controls in Provisioning

The main controls in place for provisioning relate to the end-to-end delivery performance of downstream provides

with the equivalent operator provides which are captured in Key Performance Indicators (KPIs). KPIs are also

published on the www.eircomWholesale.ie website every quarter.

Other controls are in place to ensure that the same richness of information is available to all operators as is

available to downstream businesses.

5.2.5.4 Impact on Fault Reporting / Fault Repair

Fault Reporting and Fault Repair for RAP services cover the processing of a Fault Report through to resolution

and notification back to the operator that the fault is repaired. Fault Reports require manual intervention from fault

receipt through to repair. There are two main activities associated with handling of fault reports. These are

a) Screening the fault report - The screening activity resides in the Wholesale Customer Service centre for

operators while it lies in operation centres for downstream businesses. This activity reviews the reported

fault and sends it to the area in eircom Networks responsible for its resolution.

b) Repairing the fault - The repairing of the faults lies primarily in eircom Networks.

5.2.5.4.1 Summary of Controls in Repair/Fault Reporting

The main controls in place for fault reporting and fault repair relate to the end to end performance of downstream

fault repairs and the equivalent operator fault repairs, which are captured in Key Performance Indicators (KPIs).

KPIs are also published on the www.eircomWholesale.ie website every quarter. Other important controls are in

place to ensure that the same richness of information is available to all operators as is available to downstream

businesses.

5.2.6 Expansion of Business Process Reviews

Following completion of the COP training it is planned that similar business process reviews will take place to

identify risks where breaches to Transparency, Pricing and Consumer obligations could occur.

SoCs will be produced to demonstrate eircom’s compliance with its obligations. These SoCs will also describe how

eircom is implementing transparent and verifiable monitoring of the business processes to ensure continued

compliance. Planning for these reviews will commence in Q4 of the 2014/2015 financial year.


Confidential of 106

Analysis of Controls contained in the SoCs 5.3

The controls contained in the updated RACM submitted to ComReg are analysed as follows:

Controls per Market

Controls per Business Unit

These are detailed in the sections below.

5.3.1 Controls per market

The controls are split between each of the different markets as per the table below. As can be seen Change

Control contains the majority of the controls.

Life-Cycle Market

Total 1 4 5 5 6 6 SB-CPS LLU NGA WBA NGN LLL

Change Control 23 23 12 23 20 23 124

Pre-Ordering/ Ordering 6 11 7 8 7 8 47

Provisioning 7 8 2 5 3 4 29

Fault Report/ Repair 15 17 3 16 6 15 72

Total 51 59 24 52 36 50 272

Table 3: List of Controls per Market

5.3.2 Controls per Business Unit

The split of controls across business units is contained in the figure below. As can be seen eircom Wholesale RAP

contains the majority of the controls followed by Networks.

Business Unit

Life-Cycle

Total Change Control

Pre-Ordering/ Ordering

Provisioning Fault Report/

Repair

Wholesale (RAP&WCS) 23 34 14 40 111

Networks 20 8 15 22 65

TED 12 0 0 0 12

Business 34 4 0 6 44

Consumer 9 1 0 0 10

Customer Operations 4 0 0 4 8

Wholesale (MNS) 22 0 0 0 22

Total 124 47 29 72 272

Table 4: List of Controls per Business Unit

In many instance the same control covers multiple markets. The list of individual controls is contained in the table

below.


Confidential of 106

Business Unit

Life-Cycle



Provisioning Fault Report/ Repair


Networks 8 7 7 10 32

TED 6 0 0 0 6

Business 16 4 0 4 24

Consumer 3 1 0 0 4



Total 55 28 16 32 131

Table 5: List of Individual Controls per Business Unit

5.3.3 GAP Controls per Market

The list of controls that cover Equivalence Issues or GAPs are detailed below. The majority of these reside in Fault

Reporting / Repair.

Life-Cycle

Market

Total 1 4 4 5 6 6

SB-CPS NGA LLU WBA NGN LLL

Change Control 0 0 0 0 0 0 0

Pre-Ordering/ Ordering 2 3 0 2 0 4 11

Provisioning 4 4 0 1 0 2 11

Fault Report/ Repair 9 10 0 10 3 10 42

Grand Total 15 17 0 13 3 16 64

Table 6: List of GAP Controls per Market

5.3.4 GAP Controls per Business Unit

The list of controls that cover Equivalence Issues or GAPs are detailed below. The majority of these reside in

eircom Wholesale.

Business Unit Life-Cycle



Provisioning Fault Report/

Repair


Networks 0 0 0 2 2

TED 0 0 0 0 0

Business 0 2 0 5 7

Consumer 0 0 0 0 0



Total 0 11 11 42 64

Table 7: List of GAP Controls per Business Unit


Confidential of 106

Again, in many instance the same control covers multiple markets. The list of individual GAP controls is contained

in the table below.

Business Unit

Life-Cycle



Provisioning Fault Report/ Repair


Networks 0 0 0 1 1

TED 0 0 0 0 0

Business 0 2 0 3 5

Consumer 0 0 0 0 0



Total 0 6 7 18 31

Table 8: List of Individual GAP Controls per Business Unit

5.3.5 Conclusion of Analysis of Controls

5.3.5.1 All Controls

Change Control contains the largest number of controls. This is very much associated with the level of risk that

now resides in this process cycle. The business process reviews analysed the “as is” i.e. the business processes

and products at a point in time and identified the controls to manage the gaps and risks identified. Any change to

the “as-is” needs to be done carefully to avoid new compliance issues arising. The main risks now relate to the

provision of RAP information to downstream businesses when the equivalent information is not available to

operators. This information could be provided when downstream businesses

offer or develop new products that may have RAP requirements, or

request new reports to create management reports or to provide reports to their customers

It is most important that the controls in Change Control are operated to avoid the potential Compliance issues.

eircom Wholesale and TED/Networks contain the vast majority of the controls. As custodians of RAP information

there is a lot of responsibility on these business units to ensure that this information is kept secure and that

equivalent information is released to all operators in equivalent timelines.

These business units need to adequately resource the operation of their controls and also to make sure that the

remediation work is completed in line with target dates.

5.3.5.2 GAP Controls

Fault Reporting / Repair contain the largest number of GAP controls. Many of these relate to the ability of

downstream businesses to leave faults in a “pending clear” state for a longer period of time that is available to

other operator faults. In the interim manual closure of faults is required until system fixes are in place to close all

faults in an equivalent fashion. The other GAP controls remedy issues associated with “richness of information”

and out of hours repair capability being made available to all operators on an equivalent basis.


Confidential of 106

Analysis of RAP Change Request Process 5.4

As described in Section 5.2.5.1.1 (RAP Change Request Process) eircom Wholesale has put in place a process

for managing requests for RAP Product changes from operators and downstream businesses on a non-

discriminatory basis. On a weekly basis a meeting is held to review all requests and proposed responses.

This analysis of the RAP Change Request Process deals with RAP Change Requests received from 20th

Oct 2013

to 14th Apr 2015 and is broken down by:

RAP Change Requests by Requestor

RAP Change Requests by Status

RAP Change Requests by Age

“Open” RAP Change Requests by Age

“Closed” RAP Change Requests by Age

A summary table of “open” requests that are greater than 12 months old is included in section 5.4.6

The graphs and tables are split by the source of the request as follows:

Downstream = eircom Wholesale MNS, Consumer, Customer Operations and Business

Operators = Operators

Upstream = eircom Wholesale RAP, WCS, TED, Networks, and

Status (Request, Accept as Concept, Under Review, In development, Rejected, Delivered or

Cancelled)

5.4.1 Source of RAP Change Requests

Figure 24: Source of RAP Change Requests

0

10

20

30

40

50

60


Nu

mb

er

of

Re

qu

est

s

Number of Requests Oct '13 - Apr '15


Confidential of 106

5.4.2 RAP Change Requests by Status

Figure 25: RAP Change Requests by Status

*Note – Requests in status 1 – 4 (Request, Accept as Concept, Under Review and In Development) are still open;

Requests in status 5 – 7 (Rejected, Delivered and Cancelled) are closed

0

5

10

15

20

25

30


3.UnderReview

4.InDevelopment


Nu

mb

er

of

Re

qu

est

s

Current Status of RAP Change Requests

DownstreamOperatorsUpstream

Oct '13 - Apr '15


Confidential of 106

5.4.3 RAP Change Requests by Age

Figure 26: RAP Change Requests by Average Age (Number of days)

*Note: The amount of time it takes to meet the requirements contained within the requests is very much dependent

on the amount of system development required to deliver the request. Requests that only require minor process

changes or manual reports can be done relatively quickly, however, those that require system changes take more

time to schedule, design, built and test.

0

50

100

150

200

250

300

350

400

450


3.Under Review 4.InDevelopment


Nu

mb

er

of

day

s fr

om

dat

e lo

gge

d

Average Age of RAP Change Requests DownstreamOperatorsUpstream

<-----Average days from date logged to date closed ------>

Oct '13 - Apr '15

<---Average days from date logged to NOW----->


Confidential of 106

5.4.4 “Open” RAP Change Requests by Age

Figure 27: “Open” RAP Change Requests by Average Age

*Note: A summary table of “open” requests that are greater than 12 months old is included in section 5.4.6.

5.4.5 “Closed” RAP Change Requests by Age

Figure 28: “Closed” RAP Change Requests by Average Age

0

5

10

15

20

25

30

1-3 months 4-6 months 6-9 months 10-12 months >1YEAR

Nu

mb

er

of

Re

qu

est

s Age of Open Requests - in status "Requested", "Accept as concept", "Under

review" and "In development"


Oct '13 - Apr '15

0

5

10

15

20

25

30

1-3 months 4-6 months 6-9 months 10-12 months

Nu

mb

er

of

Re

qu

est

s

Closed Requests - in status "Rejected", "Delivered" and "Cancelled"


Oct '13 - Apr '15


Confidential of 106

5.4.6 Table of “Open” RAP Change Requests > 12 months

“Open” RAP Change Requests > 12 months

Index Date

Raised

Source of

Request Owner Summary of Request Status

Original

Target

Date

Roadmap

Information

1 Apr-14 Downstream eircom Wholesale

Solution to address issue of non-unique addresses All operators have major difficulty placing orders for properties that do not have a unique address, for example Main Street, Listowel, Co. Kerry. There is a system available in Wholesale: AI which would potentially does provide more information so that different addresses can be more easily identified.

4.In Development

Apr ‘15

NGA RM “File that provides ARD ID, masked version of CLI and eligibility for NGA or CGA” (Comment: technically deployed)

2 Dec-13 Downstream eircom Wholesale

NGB Full Install It would be possible to request a full NGB install via the UG. This will allow for the installation of a NGB modem in the customer’s premises. From a technical perspective, perhaps a change could be made to UG for NGB orders to facilitate INSTALL_TYPE = H, H being a CPE install.

4.In Development

Aug ‘15

Bitstream RM “new order type ability to request a Bitstream order with a full install option”

3 Jan-14 Downstream eircom Wholesale

Flexible CLI. Customers (and prospective customers) want the ability to see the CLI of calls that trombone through their PBX lines. The key requirement is to turn off any A Number Validation in order to facilitate a number of use cases

2.Accept as Concept

TDC

SB-WLR RM “Displaying the "A" number when forwarded”


Confidential of 106


Index Date

Raised

Source of


Original

Target

Date

Roadmap

Information

4 Feb-14 Downstream eircom Wholesale

Picture for Missed Appointments / Verification of Technician Visit (ID 16) Operators are complaining that eircom technicians are incorrectly marking orders for re-appointment in cases where the Operator shows up for an appointment but customer is not available. Operators have requested that the technician takes a picture of the door to prove that they were at the location.

3.Under Review

TBC

NGA RM Under Review “Missed Appointments – Technician Feedback” (Comment: This request is expected to be cancelled but awaiting industry confirmation)

5 Apr-14 Operator eircom Wholesale

More detailed engineer notes on customer installs (all products) (ID 38) Operators would like more detailed notes delivered to them on customer installs. If the install does not happen within the standard timescales or goes “non-standard” they need these notes to update their customers and manage their expectations. RAP explained that this would take time to develop if the enriched updates were to be sent back to Operators via the UG but they are absolutely insistent they are not willing to wait for a UG update to get this. Operators have requested an interim solution followed by the UG solution

4.In Development

Dec ‘15

SB-WLR RM In development “updates to UG to ensure all provisioning information is provided via the UG”

6 Feb-14 Operator eircom Wholesale

Prioritised New Line Connection (ID 10) The product, which could be a “paid for” additional service to WLR and would offer a guaranteed install & connection time from order acceptance for both in-situ & pre-cabled lines. An additional variant could be offered for complete new installs also. The product should be available for all WLR/PSTN connections for at least in-situ and pre-cabled lines but ideally covering all connections.

2.Accept as Concept

TBC

SB-WLR RM Under Review “Request - Prioritised delivery SLA”


Confidential of 106


Index Date

Raised

Source of


Original

Target

Date

Roadmap

information

7 Mar-14 Operator eircom Wholesale

Request for ability to test for dial tone to be made available to Operators (ID 30) Operator has requested the facility to perform a line test for dial tone on lines that have faults. This would improve the rate of No Fault Found eircom and operators are working jointly to try and reduce the rate of NFF which is in the interest of both operators. Operators feel that if they were able to perform a line test for dial tone when the customer reports a fault, this would reduce the amount of unnecessary faults logged and have a beneficial effect on eircom’s FAO resources.

4.In Development

Apr ‘15

SB-WLR RM In development “enhanced testing capability for fault diagnosis, dial tone from exchange and ISDN testing” (Comment: technically deployed)


LNN appointment timings request (ID 26) LNN appointment timings - Request for a dialog service to allow advance appointment slot booking for LNN new provides

2.Accept as Concept

Dec ‘15

SB-WLR RM In development “development being led at NGA forum this will provide the ability to check appointment prior to order placement”


NTU Installation per Reseller (ID 15) The existing functionality for NGA ordering allows Operators to install the NTU on behalf of eircom. Operators can choose to do this at an Operator level - exchange by exchange. An Operator has requested that this functionality is extended to allow Operator make this choice for each of their resellers.

2.Accept as Concept

Q3 ‘15

NGA RM Under Review “NTU Installation per Egress Group (Full Requirement)” (Comment: Expected to be cancelled with the interim solution meeting market requirement. Awaiting industry confirmation before cancelling)


Confidential of 106


Index Date

Raised

Source of


Original

Target

Date

Roadmap

Information


Include previous phone number & LE response data in databases (ID 25) Requirement to include additional information (previous phone number & LE response data) in eircom address and in-situ line databases.

4.In Development

Aug ‘15

SB-WLR RM In development “Project reviewing options to improve quality of ee inventory”


Associating SEA orders with an EIL (ID 18) Rules to be applied for selecting the NGN Node to serve a SEA order for operators The original NGN Nodes installed are ESS-6 Nodes with 2x 1Gbps uplinks, which can facilitate capacities of up to 1Gbps. The newer NGN Nodes being installed are SR-12 Nodes with 2 x 10Gbps uplinks, which can facilitate capacities of up to 10Gbps. Given that multiple exchanges have more than 1 Agg Node, and that many of these will have a mix of ESS-6 and SR-12 nodes, we need to put rules in place which determine which node type we connect new SEA orders to. Operators have a specific requirement in terms of how they wish eircom to determine which of these Node types their SEA orders are associated with.

3.Under Review

Q3 ‘15

NGN RM In Development “Automate Rules for correct AGG Node selection(AMP FSS)”


Provide exchange code for an address in ARD DB file and decouple town and street fields (ID 23) Operator has observed that the exchange code is not provided for approx. 50% of the ARD ID addresses Operator needs to see the exchange code for each address to determine if the address can be serviced by LLU

4.In Development

Apr ‘15

SB-WLR RM “Provide a masked CLI with the ard key to give more detail and certainty to Operators selecting the correct address” (Comment: technically deployed)


Confidential of 106


Index Date

Raised

Source of


Original

Target

Date

Roadmap

Information


Configure Bitstream fault report code 242 for Line Share fault reporting (ID 22) To improve fault reporting – will reduce number of No Fault Founds which is a key objective of eircom Wholesale and GT. Will reduce resource overheads in eircom which is critical at a time when eircom is downsizing its staff numbers

4.In Development

Apr ‘15

LLU RM “Enhancements to fault diagnosis tools – further phases” (Comment: technically deployed)

14 Mar-14 Upstream eircom Wholesale / Networks

GT Dashboard (ID 32) The purpose of the next development phase of the GT Dashboard is to fix bugs and enhance functionality for GT staff that enter information on incidents/changes. GT Dashboard is an internal OSS system but requires RAP approval as it contains/provides information to downstream areas (Consumer, Business, Wholesale, and rest of departments) and OAOs on RAP and non-RAP services. As it stands, downstream areas have access to more information than OAOs on incidents/changes for RAP products. The proposal to get RAP approval and to progress with this project is to phase the development in two: Phase 1=> Balance the level of access to information for downstream areas and OAOs for incidents/changes and fix bugs related to notifications to downstream areas and OAOs. Phase 2=> Develop functionality enhancements for internal GT staff to make the system more user friendly and usable.

2.Accept as Concept

Dec-15 Not on Roadmap


Confidential of 106


Index Date

Raised

Source of


Original

Target

Date

Roadmap

Information

15 Feb-14 Upstream eircom Wholesale / Networks

DELT Test – Add H-Log (ID 14) The quality of NTU installations can be measured using functionality available on the N2510. This functionality will allow eircom to determine if there is a bridge tap (bad wiring) on the line as part of the installation post installation. However, this test is done post the completion of the service and results in a second truck roll to fix the problem. This requirement is to develop an online test that would allow technician’s to determine if the line has been installed correctly before leaving the customer premises as part of the installation process. This test would also be made available to other Operators that are installing the NTU themselves. In addition, eircom could utilise this functionality to ensure that an Operator installing the NTU has done so correctly before closing the order.

3.Under Review

Q3 ‘15

NGA RM In development “NTU Installations (DELT with H-Log value)”

Table 9: “Open” RAP Change Requests > 12 months

Conclusion of Analysis of RAP Change Request Process 5.5

A robust process has been put in place by eircom Wholesale RAP to log requests for RAP Product changes and to

continue to track them along their journey through to completion. This analysis shows that the process is widely

used internally by Upstream and Downstream businesses and also by Operators. The performance of responding

to requests and delivering capability to meet the request does not indicate that preferential treatment is provided to

downstream businesses or upstream businesses over other operators.


Confidential of 106

List of Equivalence Issues 5.6

Equivalence Log

Index Date

Opened Description of Issue Owner Status

Date

Closed

Original

Target

Date

Roadmap

Information

1 Jun-13

eircom Consumer/Business has the ability to order Full Install in Broadband which includes the installation of a new NTU with a built in splitter. This differs from what is currently available in the RAP portfolio.

eircom Wholesale

Systems development is required to provide the ability for Operators to request a full install as part of a Bitstream and Line Share orders. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. This has been passed as the ideation phase of the Technology E2E process is now planned for delivery in August 2015. (Current Target: Aug '15)

Open Apr-15

Bitstream RM In development "new order type ability to request a Bitstream order with a full install option" Target: Aug 2015 NGA RM In development "NTU installation – Line Share" Target: Aug 2015

2 Jun-13

eircom Consumer/Business Broadband faults (&PSTN faults logged through RTM) remain in "pending clear" until they are closed manually. The retail faults and OAO faults should be treated in an equivalent manner.

eircom Wholesale

eircom Wholesale RAP has submitted a Works Request to ensure that ALL faults (RAP and downstream) are automatically closed after the ten working hours. (Current Target: Aug '15). Two interim controls are in place to ensure that pending clears are closed manually in both eircom Consumer and Business within the 10 working hours.

Open Aug-15 N/A (No impact on RAP Product)


Confidential of 106

Equivalence Log

Index Date

Opened

Description of

Issue Owner Status

Date

Closed

Original

Target Date

Roadmap

Information

3 Jul-13

eircom Consumer/Business can see all technician comments for Provisioning and Repair. The eircom Wholesale RAP products should be modified to ensure that the equivalent information is provided to downstream businesses and other operators.

eircom Wholesale

Technician comments for fault repair are available to operators through the UG since December ’13. Key provisioning comments are provided manually to operators. Provisioning comments are now available to operators for CGA products on the UG through the combined New Line & Broadband/Line Share Order. This order type has been delivered as part of UG Release in Dec ’14 and is currently on trial by operators. An update to this order is being introduced in April ’15. (Current Target: May '15). In addition a requirement has been raised to identify the differences between the systems and remedy gaps that are identified e.g. PRA Tech comments and SORTs Crew identifier codes (Current Target: Aug '15).

Open

Dec-14 Aug-15

SB-WLR & BS RM In development "ability to order a new SB-WLR line with line share for same day delivery" "Combined delivery of a Non In-situ order and Bitstream on the same day with the appointment rescheduling added." Target: May 2015 SB-WLR RM In development "Include Technician comments on PRA/FRA Faults" Target: Aug 2015 SB-WLR RM In development "updates to UG to ensure all provisioning information is provided via the UG" Target: Dec 2015


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

4 Jul-14

eircom Consumer and Business have access to richer functionality and data for customer address identification and searching than was available to other operators. This information was accessible through a system called AI (Address Interface) and enabled the agents to identify addresses for all customers connected to the eircom Network (including other operator customer details).

eircom Wholesale

An Ideation request for the Technology end to end process has been created and approved. This aims to complete a detailed analysis of the equivalent information provided to eircom downstream businesses versus other operators and put in place a solution to address any gaps that are identified (Current Target: Dec '15). In April '15 eircom Wholesale provided a Masked CLI file to all operators. This weekly file outlines extensive network information on eircom’s copper network. The file includes the exchange information, the products attached to the line and both the CGA and NGA prequal information. The file also includes details regarding the type of NTU in the customer’s premises.

Open Dec-15

NGA, SB-WLR & Bitstream RM In development “File that provides ARD ID, masked version of CLI and eligibility for NGA or CGA” Target Apr 2015 (Comment: technically deployed)

5 Jul-14

eircom Consumer and Business have access to richer fault information for their customers than is available to operators. This is caused by their native access to FHS which contains some data that is not made available to operators through the UG. This information included items such as Line signature, Capacitance Balance and Fault History prior to service commencement with the current operator.

eircom Wholesale

eircom completed a detailed analysis of the fault information provided to eircom downstream businesses versus other operators to put in place a solution to address any gaps that were identified. The first set of enhancements to fault diagnostic tools functionally was delivered in Dec '14 and switched on 19th Feb ’15 – all relevant documentation is in place to support these features. * Connection Status (Line Lockout/Auto Blocked Lines); * Line Signature; * Capacitance Balance; * Line Test History; * Conclusion Statements from Line Test Results; In addition a requirement has been raised through the eircom end-end solution delivery process to deliver * Fault History prior to service commencement with current operator; * Crew identification (Current Target: Dec '15)

Open

Dec-14 Dec-15

SB-WLR & BS RM In development "updates to UG to ensure all fault information is provided via the UG" Target: Dec 2015


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

6 Jul-14

Some eircom Retail agents have access to additional line testing capabilities via MLT client. MLT client allows dial tone, noise and overhearing tests to be performed on the line. Other operators do not have the equivalent capability.

eircom Wholesale

eircom Wholesale RAP logged a systems development to provide this additional information via the UG. This requirement was raised through eircom end-to-end solution delivery process which determined that it is only feasible to provide Dial tone from exchange and ISDN testing which are both now available via the UG. Training has also been provided to operators on how to use these tests. A review of IPM documentation is taking place to see what information needs to be included in it. Noise and Overhearing Tests to be disabled for all downstream CSRs. (Current Target: May '15)

Open Aug-15

SB-WLR, BS RMs In development "enhanced testing capability for fault diagnosis, dial tone from exchange and ISDN testing" Target: April 2015 (Comment: technically deployed)

7 Jul-14

In parallel with developing these testing capabilities for operators, eircom Wholesale will monitor the service assurance performance provided by eircom to downstream businesses and other operators. In particular the screening performance of WCCC compared with downstream businesses and end to end repair performance will be actively monitored to determine whether EOO occurs. If EOO performance cannot be managed eircom Wholesale will take the necessary corrective action which could include system, process and organisational changes.

eircom Wholesale

The outcome of the performance monitoring and plan for corrective actions (if required) was shared with ComReg in March 2015. In November 2014 eircom Wholesale extended the hours of WCC from 8am – 10pm Monday – Sunday for screening of faults. Previous WCC opening hours for screening of faults was 8am-8pm M-F, 9am - 5.30pm Sat, Closed Sunday. Resources are now in place during these extended hours to actively screen faults and to pass them into the Networks queue to be eligible for dispatch to field technicians. In addition as part of Wholesale Reforms eircom has agreed in principle to create a Centralised Fault Screening Centre for the purposes of screening faults from downstream businesses and operators. The implementation of this centre is subject to a scoping and sizing exercise which is currently underway. (Current Target: August '15.)

Open Aug-15

SB-WLR Forum on Update on fault programme (Mar 2015) Support implementation of centralised fault management Target: August 2015


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

8 Jul-14

As part of the NGA reviews, a gap was identified whereby downstream businesses had access to the Ops Site. The Ops Site is an eircom Networks site which contains network performance reports for provisioning and repair etc. In general the information is not segregated between eircom downstream and other operators and may contain a richness that is not available to other operators through the UG. A short term solution was put in place at the time involving a Warning Message on the site which restricted use of the site to Fixed Access Operations (FAO) staff and a long term solution which was designed to restrict access based on User IDs was implemented in May 2014. During this process reviews it came to light that staff from eircom Consumer / Business were accessing files on the Ops Site despite the warning message. This was caused by some eircom staff/agents bypassing the front screen security and clicking the URL link (that they had stored as bookmark or link in document etc.) to the actual report which sits on the Ops site.

eircom Networks

This issue is currently being investigated with a view to implementing a system fix to comprehensively lock down all access to the Ops Site for unauthorised staff. Ideation Request under review with Technology and Networks. (Current Target: Dec '15.)

Open Dec-14

N/A (No impact on RAP Product)

9 Jul-14

GT Dashboard is a Networks system that is updated with Outage Notifications/major faults. It also sends notifications to Operators through a ticker message on the UG. Downstream businesses don’t access UG for legacy products they have read-only access to GT Dashboard to get their outage updates. GT Dashboard contains richer information than is available to operators on the UG.

An Ideation request for the Technology end to end process has been created to complete a detailed analysis of the equivalent information provided to eircom downstream businesses versus other operators and put in place a solution to address any gaps that are identified. In addition Text Message Notification (Optional) of Major Incidents will be developed. (Current Target: Dec '15.)

Open Aug-15

NGN RM In development "Text Message Notification (Optional) of Major Incidents" Target: Q4 2015


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

10 Jul-14

eircom Retail can flag that a new line being installed will also require a broadband service in the future. This changes the threshold up to which copper will be installed as opposed to FCS from €1k to €3k. Other operators would only be offered FCS if the cost of copper was > €1k. (Compliance Case Reference: 480 - Line Provisioning)

eircom Wholesale

The option to indicate an expression of interest is now available to operators for Current Generation products on the UG through the combined New Line & Broadband Order. This order type has been delivered as part of UG Release in Dec ’14 and is currently on trial by operators. An update to this order is being introduced in April ’15 at which stage it is planned that the internal PDC process will be completed and that the relevant industry documentation will be published. (Target: May 15) An interim process has been put in place to check if installation works exceeds €1000 but not €3000, the status is changed to "check if customer requires BB", if operator confirms this is the case then the order is delivered as a copper line. In addition a requirement has been raised through the eircom end-end solution delivery process to complete a detailed analysis to determine the feasibility of adding this flag for other UG orders. (Target: Dec '15) (Comment: Wholesale RAP has advised that they plan to retire other order types - so this requirement may become redundant.)

Open Dec-14

SB-WLR & BS RM In development "ability to order a new SB-WLR line with line share for same day delivery" "Combined delivery of an Non In-situ order and Bitstream on the same day with the appointment rescheduling added." Target: May 2015 (Comment: technically deployed)

11 Jul-14

Orders submitted by operators to transfer eircom customers to them for voice products could fail to be processed where an eircom Business VPN SOC is present on the customer's eircom account. This would result in the order being rejected on the Unified Gateway ordering system. (Compliance Case Reference: 568 - VPN Removal)

eircom Wholesale

In Dec '14 eircom Wholesale RAP developed the capability to allow an Operator request through the UG the automatic transfer of a PSTN line to SB-WLR when there is a VPN service on the account. A manual process was also put in place to deal with orders that fall out from standard UG Process. eW RAP has published process documentation. *Mar 15 - C&E has advised eW RAP that this documentation should be updated to ensure operators are informed why orders on VPN lines fall out of standard process and how these orders will be handled manually. (Current Target: May ’15)

Open Apr-15 SB-WLR RM "Delivered"


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

12 Jul-14

Through accessing eTIPs (a Networks system that provides contact details for technicians) eircom Consumer and Business customer care teams directly contacted technicians and got service updates and arranged for out-of-hours repairs or installs to be carried out on an exceptional basis. This capability was not available to other operators.

eircom Wholesale

A process has been developed where all operators, including downstream businesses can request outside SLA hours that a fault be repaired. These requests are managed on a best effort basis and the associated volume is relatively small. *Dec '14 - eW has advised that it has communicated the Out of Hours process to all operators at bilateral meetings. In line with commitments made in the Statement of Compliance and in line with agreed processes, eircom C&E has advised eircom Wholesale RAP that Operators should also be informed of this process via the Industry forum.

Open Aug-14

Not on roadmap (Out of Hours Capability available)

13 Jul-14

eircom Consumer access eTIPs a Networks system that provides contact details for technicians so that they can identify the appropriate technician to resolve “Health and Safety” and “Dangerous Plant” faults that are raised by customers, operators or public service representatives (police, ambulance etc). (Linked to Equivalence Issue 12)

eircom Networks

There has been some progress on this issue. eircom has restricted the access to eTIPs in downstream businesses only to those that are required to access it for the purposes of Health and Safety reports relating to Dangerous Plant. eircom is also in the process of implementing a change so that instead of traffic being passed from Retail Agents to Field Technicians directly it will to through Networks Service Management Centre (SMC). This is subject to the transfer of resources from eircom Consumer to Networks to handle the extra volume of calls etc. This initiative will also facilitate the removal of access to the eTips tool from all non-Networks Operations staff. (Current Target*: Jul '15) *Subject to resources In the interim a banner has been put in place on the eTips homepage advising users of the appropriate usage of the tool (i.e. that non-Field Operations teams should not access or use the data, except for managing dangerous plant reports outside of working hours) and the disciplinary implications of inappropriate access.

Open Dec-14 N/A (No impact on RAP Product)


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

14 Jul-14

eircom Consumer and Business have access to RAP information for their customers that was not available to other operators. This information is accessible on a system used for Bitstream Order Tracking (BOOTs) and relates to provisioning orders.

eircom Wholesale

A requirement has been raised through the eircom end-end solution delivery process to complete a detailed analysis of the differences between the information available on BOOTs and on the UG and put in place a solution to address the gaps identified. (Current Target: Dec '15)

Open Dec-15

Bitstream RM In development "updates to UG to ensure all provisioning information is provided via the UG" Target: Dec 2015

15 Jul-14

eircom Business have access to richer information for their customers in relation to provides and faults for Leased Line Products than was available to operators. This is caused by their access to DataPlus which contains some data that is not made available to operators through the UG. This information includes items such as technician comments and status updates.

eircom Wholesale

A requirement has been raised through eircom End-to-End Process to determine how this (new) functionality to provide information will be made available to both Operators and Downstream Businesses (i.e. existing Dataplus access will be restricted to Wholesale Products and Networks). The project team is attempting to estimate the cost and timeline to deliver such a system via Web and/or UG Proxy. (Current Target: Dec '15) In the interim order and fault information is provided to operators manually on a monthly basis.

Open Apr-15 Not on Roadmap

16 Jul-14

eircom Business had access to richer information for their customers in relation to provides and faults for Leased Line Products than was available to operators. This was caused by their access to Midas which contains some data that is not made available to operators through the UG. This information included items such as technician comments and status updates.

eircom Wholesale

A requirement has been raised through eircom End-to-End solution delivery process to complete a detailed analysis of the differences between the systems and put in place a solution to address any gaps identified. IT Analysis/System Review to take place which is scheduled to be completed by April 2015 and has a target date for delivery in Dec '15. (Current Target: Dec '15).

Open Apr-15 Not on Roadmap


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

17 Jul-14

eircom downstream businesses’ faults have different start and end time for faults. This is caused by the SLA clock in fault handling systems for downstream businesses starting 30 minutes earlier (8.30am) than the SLA clock for other operators (9am). For example, this could result in the target resolution times for downstream faults being earlier than those for other operators, where faults are logged prior to 8.30am.

eircom Wholesale

Systems analysis is required to identify the systems changes required to align the SLA hours for Retail and Wholesale to 9am - 5pm. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. (Current Target: Dec '15)

Open Apr-14 N/A

18 Jul-14

eircom Business had the ability to leave legacy leased line faults in pending clear for a longer time than was available to other operators. Even though eircom Business were encouraged to close these faults promptly they could, however, leave them pending while trying to contact the end customer to confirm that the service had been restored again.

eircom Wholesale

To address this Gap, eircom Wholesale RAP brought a proposal to industry to agree a standard SLA time for pending clear. The revised proposal was a) 16 working hours for standard faults and b) 48 clock hours for premium faults. This was agreed at industry in Dec '14. Wholesale RAP to implement an IT development to ensure that faults are automatically closed after the agreed period of time. (Current Target: May '15) Note: A manual solution is in eircom Business & eircom Wholesale to close faults in pending clear accordingly.

Open Aug-15

NGN RM In development "Auto Closure of Data Fault" Target: Q2 2015

19 Jul-14

eircom downstream businesses’ have different repair parameters for PRA faults. This is caused by a misalignment of the SB-WLR PRA product and the downstream PRA product.

eircom Wholesale

Systems analysis is required to identify the systems changes required to align the time to repair for standard SLA for downstream and operator PRA faults. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. (Current Target: Dec '15)

Open Apr-14 N/A (No impact on RAP Product)


Confidential of 106

Equivalence Log

Index Date


Date

Closed

Original

Target

Date

Roadmap

Information

20 Jun-12

In 2010 eircom was directed to provide Duct Access product in the WPNIA Market. eircom provided a limited duct product as part of co-location and agreed with ComReg that they would provide Duct Access operators if requested. This requirement was re-directed in Jan 2013 as part of the NGA Decision. BT requested Duct Access in 2012, eircom has not yet provided the Duct Access product in the WPNIA Market as required.

eircom Wholesale

In 2012 eircom Wholesale RAP proposed to start the development of a Duct Access product with a duct network trial. No OAO pursued this proposal so eW RAP proceeded with the product development without the trial. In Dec 2013 eW RAP proposed to notify the Duct Access product in Feb 2014 with launch 6 months later (as required by ComReg Decision). At BT’s insistence eW RAP agreed to include a Pilot stage in the development prior to notifying the product. eW RAP notified ComReg of the Duct Access product on 14th Nov (in advance of reaching agreement on all outstanding issues) requesting approval to launch 1 month later. ComReg agreed that the product could launch in Feb '14.

Closed Feb-15

Feb-15 N/A (Delivered)

21 Jan-15

Service Management captures Martis routing data each day on network (circuit) changes that impact on the routing of downstream business. This data is analysed by Service Level Managers who use it to identify if any significant routing changes have taken place in the customers network. The Service Level Manager arranges for the customer to be notified if a significant routing change has taken place. eircom Wholesale RAP have commenced the process of making this routing report available to OAO’s if they wish to avail of it.

eircom Wholesale

The functionality is to be developed and Industry/ComReg notified as per standard process. (Target: Jul '15) A high level project timeline for this is: 1) Technology analysis phase complete 2) Update Industry via NGN forum of new product functionality on Roadmap – November ‘14 - complete 3) Updated IPM circulated to industry for review - March 2015 4) Formal notification of product change to ComReg - April 2015 5) Publication of proposed IPM - April 2015 6) Product launched - July 2015 (Current Target: Jul '15)

Jul-15

NGN RM In development "MARTIS Routing Report (Leased Lines, PPC)" Target: Q2 2015

Table 10: List of Equivalence Issues


Confidential of 106

Conclusions of Equivalence Issues 5.7

Some progress has taken place with the Equivalence Issues. A number of system developments have taken place

in Dec ’14 and April ’15 to provide part of the solution required to permanently close the issue.

1 Equivalence issue was closed during the period

1 Equivalence issue was opened during period

20 Equivalence Issues remain opened

As can be seen from the graphs below

3 are open for more than 12 months.

13 will have taken more than 1 year to remedy

3 will have taken more than 2 years to remedy

6 are still on target

2 are scheduled to be completed ahead of original target date

12 have slipped from their original target date

eircom needs to put all efforts into ensuring that there are no further slippages and that all these Equivalence

Issues are closed by the end Dec ‘15.

Figure 29: Age of Equivalence Issues

Figure 30: Difference between Original & Current Target Date for Equivalence Issues

0

5

10

15

20

<=1 year >1 year & <=2year

No

. of

Issu

es

Months from Open to now

Current age of Equivalence Issues

0

2

4

6

8

10

12

<=1 year >1 year &<=2year

>2 year

No

. of

Issu

es

From Open to Target Close

Length of time to close of Equivalence Issues


Confidential of 106

List of Key Differences which are justifiable contained in the SoCs 5.8

Key Differences contained in the Statements of Compliance

Index Description of Issue Relevant Market

Justification

1

Pre-Order - eircom Retail access to Pre-qual eircom Retail submits orders for NGA services through the UG like all other operators. For the Current Generation Access products eircom Retail has direct access to pre-qual through their BSS front end system referred to as eCOM.

NGA WBA

eircom Retail’s access to pre-qual is a part of the existing sales process for the legacy products. The legacy products have an Equivalence of Outputs non-discrimination standard. The addition of the NGA flag does not provide eircom Retail with any material advantage as equivalent information will equally have been provided to the other Operators in the Advanced Pre-qual File.

2

Pre-Order - eircom Retail access to ANRM via CDW eircom Retail has access to ANRM which is a network system that stores network address information associated with all end users connected to the eircom network. eircom Retail queries this system to enable them locate an address in order to provide a new line. ANRM contains information which is not available to other Operators such as current telephone number, previous telephone number or the name of the occupant.

NGA WBA

eircom Retail’s access to ANRM is a part of the existing sales process for the legacy products. For provision of a new standalone NGA line all operators are required to order a SB-WLR line first, then must request that this line is transferred to a standalone NGA broadband /Bitstream Plus / VUA line. SB-WLR is a legacy product. The legacy products have an Equivalence of Outputs regime. eircom Wholesale has put in place a facility for other operators to query the ANRM for address information through the UG. If this query is not successful a manual process exists for operators to obtain the required information through Wholesale Customer Care.

3

Pre-Order - eircom Retail set up as two Operators on UG eircom Retail is set up as two operators on the UG which means they have in effect two different accesses into the UG (direct, and via ROC). By having two separate accesses onto the UG it means that eircom Retail has twice the number of simultaneous channels available than other operators do.

NGA WBA

The number of channels available to individual operators is more than adequate for NGA. The fact that eircom Retail has twice the number of channels available to them would only have an impact if there are situations where more than 10 orders are being processed absolutely simultaneously, which is very unlikely. When an operator submits more than 10 orders simultaneously a Policy Breach is issued to the operator to advise them accordingly. eircom Wholesale is monitoring the level of Policy Breaches due to operators exceeding the allowed number of simultaneous orders. If this becomes a problem they may increase the number of simultaneous orders available to all Operators.


Confidential of 106



Justification

4

Pre-Order - eircom Retail UG Data Contract Specific functionality has been developed on the UG to support Retail NGA. This functionality is only required for orders which are submitted via the legacy (ROC) stack and not required for orders submitted via Springboard. The functionality covers the following: Retail SOCs on UG RAP Order Types eircom Retail has a specific capability on UG NGA regulated order types to allow Retail select the relevant eircom Retail SOC associated with the service being ordered. UG passes the SOC across to TIS for billing purposes. Other Operators selects the appropriate Service Type when placing an NGA order on the UG. Capturing of Cease Reason This is an eircom Retail only field on UG and is not part of the Industry Data Contract. The cease reason will dictate whether or not a customer is billed in the context of an early cease and therefore this is essential functionality to ensure that the customer is correctly billed on TIS. Internal capability has been developed on UG to convert the Cease Reason into a Duty ID and it is the Duty ID which is passed to TIS. Early Cease Charges will be applied by TIS based on Duty ID as appropriate. Transfer of existing SOCs to new lines when migration customers This Retail specific functionality is not visible on the GUI front end as it is performed internally within UG. UG will only accept a single Retail SOC on the NGA order types. However, when a customer is migrating to ‘new line’ (e.g. Standalone NGA), there are possibly some ancillary SOCs (VoIP plans, handset rentals, etc.) associated with the old line which have to be transferred to the new line. UG will pass the existing ancillary SOCs to TIS to be added to the new line.

NGA WBA

The Wholesale Reforms Programme stated that eircom would not undertake any significant development on TIS to support NGA services and it is therefore it is not proposed to alter this Retail specific functionality on UG as it is related to billing on TIS. The alternative would be to undertake significant development on TIS and other systems (i.e. ROC).

5

Pre-Order - How WEILs connect to eircom Network WEILs connect directly to the NGN PE Node for eircom Retail Next Generation Broadband service, and to an Aggregation node for other Operators

NGA WBA

This is justified as eircom has a vertically integrated network and eircom has decided to implement the most efficient and effective network solution for Retail / White Label services. This architecture does not provide for any material differences in the functionality of the services and performance levels between Retail / White Label services and that which will be experienced by Wholesale Operators.


Confidential of 106



Justification

6

Pre-Order - Core Network Solutions for eircom Retail NGA Broadband The core network solution for the eircom Retail Next Generation Broadband service differs from the eircom Wholesale Next Generation Bitstream / VUA product. The eircom Retail service is built on an integrated network solution which includes subscriber management. The Unicast core network capability for the eircom Retail service is pre-configured as part of deployment of new NGN nodes to support NGA. This means that eircom Retail does not need to order Unicast per NGN Aggregation Node as other operators do. In addition it means that WEILs are not required by eircom Retail to handover Unicast Traffic.

NGA WBA

BPU are required by operators on a per exchange basis but are automatically in place for eircom Retail. This is justified as eircom has a vertically integrated network. The most efficient and effective technical design for the provision of the eircom Retail Next Generation Broadband service supported this functionality. When eircom Retail provides service to end users they do not have a second network to route their traffic instead they use the eircom network. Other operators route the Unicast traffic to their own networks via specific WEILs. As it is only the operator themselves that can determine which WEILs they would like to route their Unicast traffic to it would not be realistic for eircom to do it on their behalf. Instead eircom Wholesale has put in place a capability that PBUs per exchange are provisioned automatically on receipt on an order from an operator. Operators can submit PBU as soon as an exchange is part of the deployment plan. This ensures that operators are not disadvantaged and they have the flexibility to manage their service as they wish

7

Pre-Order - eircom White Label UG Data Contract The eircom Wholesale White Label NGA product provides operators with the ability to sell an end to end broadband service to customers without the need of having their own network. The product is built on the existing eircom Wholesale NGA Bitstream Plus product with additional capabilities developed on the UG to support business functions that other operators would carry out on their own systems.

NGA WBA

The functionality that has been built into the UG does not provide additional capability to eircom that is not already on the back end systems of other operators that provide services to end users based on the standard UG data contract. The specific developments allow White Label operators to manage the service they provide to their end users much the same as other operators who rely on the eircom Wholesale Bitstream Plus / VUA services. This service management includes end user authentication and authorisation etc.

8

Pre-Order - Core Network Solutions for eircom Wholesale NGA White Label The core network solution for the eircom Wholesale NGA White Label Bitstream Plus service differs from the eircom Wholesale Next Generation Bitstream / VUA products. Modified BPU – White Label Bitstream Plus Unicast, is the set-up of the Unicast VPLS and the connectivity between the NGN Aggregation Node and eircom’s WEIL. This connectivity need only be ordered per NGN Aggregation Node. Additional Access Nodes will be joined to each VPLS, by eircom, as the NGA Bitstream Plus footprint expands.

NGA WBA

eircom has a vertically integrated network. It is the most efficient and effective network solution. This configuration does not impact the performance of the services and similar levels of performance will be experienced.


Confidential of 106



Justification

9

Pre-Order - NGN Ethernet Quotation Tool eircom Retail has built their own quotation tool which ensures that the necessary margin squeeze test is passed with regard to the eircom Wholesale RAP inputs.

NGN Ethernet

Difference is not material. eircom Wholesale RAP provides a Quotation process to Operators whereby the Operator can request quotes for the WSEA service via the quotation tool (Web GUI). eircom Wholesale RAP will provide a quote with an indicative price, subject to full site survey, for the requested WSEA. eircom Wholesale MNS also use this quotation tool when inquiring about providing services to their customers.

10

Pre-Order - Desktop Survey - eircom Retail & eircom Wholesale MNS access eircom Retail and eircom Wholesale MNS submit orders for Desktop Survey requests directly to Access Networks.

NGN Ethernet

Difference is not material. eircom Wholesale RAP provides a Desktop survey process to Operators. The purpose of the Desktop Survey is to · Confirm that the exchange that the operator is quoting a price from, is the correct fibre exchange · Confirm, for placing an order, what is the correct location · Provide an indication of the additional charges that may arise Operators submit these requests to their Account Manager within eircom Wholesale. eircom Wholesale RAP submit these desktop survey requests to Access Networks to generate the responses required.

11

Pre-Order - Core Network Solutions for eircom Business NGN Ethernet services The eircom Business product is built on a vertically integrated network that sits on top of the eircom NGN. The eircom Business services require a physical access path to the end customer to be in place before the logical service is added.

NGN Ethernet

Difference is not material. The eircom Wholesale RAP NGN Ethernet products require a physical access path to the end customer to be in place before the logical service is added, the eircom Wholesale RAP product also requires the operator to have a WEIL installed.

12

Pre-Order Differences – LS v’s eC/B BB There is no pre-order information available for Line Share but there is Bitstream specific information available re rollout plans etc.

WPNIA This difference is not relevant for the WPNIA market.

13

Ordering - eircom Retail NGN Ethernet services, leased lines and PRAs eircom Business raise orders through manual order forms. These orders are entered manually on the Order management System (OMS) by CRC.

NGN Ethernet / Legacy Leased Lines

Difference is not material. Operators raise provisioning orders on the UG. These orders are entered manually on the Order management System (OMS) by WCCC. eircom MNS raise orders through manual order forms. These orders are entered manually on the Order management System (OMS) by WCCC


Confidential of 106



Justification

14

Ordering Differences - ULMP/GLUMP v’s eC/B PSTN When ordering PSTN from eircom Consumer through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will enter the customer’s credit details and will then select the required PSTN product, and this step also includes an option for the customer to express an interest in DSL.

WPNIA

Equivalent process available to operators. When ordering ULMP / GLUMP, the end customer will contact their Operator who will in turn contact eircom Wholesale. Providing that the customer is in a LLU exchange area, the Operator will then log a line enquiry on UG. In terms of UG categories, UG presents from ANRM and provides three options: 1. In-Situ (PUI order type) 2. Pre-pending / Pre-cabled (PUI order type) 3. Nil-cable / blank (PUS order type) With the Line Enquiry, if the customer is In-Situ, then the CSR will verify if the NTU is in place and if it is connected. If the customer is unsure, the CSR will assume it is not connected. This option is used to minimise failed EE's (Electronic Enablement). Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. The Operator can also decide to perform a Data Request for LLU (DRL). Subsequently the Operator can resubmit a line enquiry or can proceed with the order to gather the end customer details, arrange an appointment and submit the order to eircom. The order is accepted through UG.

15

Ordering Difference – LS v’s eC/B BB When ordering broadband from eircom Consumer for example through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide ADSL Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will check if the customer qualifies for broadband using eircom.net, eCom, or R6 Springboard (via UG). If the customer does qualify for broadband, the CSR will select the bundle and install type. If a self-install is available, and a modem is required, this will automatically be posted out to the customers address.

WPNIA

When ordering Line Share, the end customer will contact their Operator who will in turn contact eircom Wholesale. Providing that the customer is in a LLU exchange area, the Operator will then log a line enquiry on UG.Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. The Operator can also decide to request a Local Line Characteristic (LLC). This LLC step is generally not required for Line Share as the existing service is in-situ. The LLC order type on the Unified Gateway allows the Operator to submit a request utilising the UAN and CLI in order to run a detailed analysis of the line. The UG will initialise a test on the CLI and the completion notification will return various technical line characteristics based on the results of the test.


Confidential of 106



Justification

16

Ordering Difference – BS v’s eC/B BB when ordering broadband from eircom Consumer for example through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide ADSL Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will check if the customer qualifies for broadband using eircom.net, eCom, or R6 Springboard (via UG). If the customer does qualify for broadband, the CSR will select the bundle and install type. If a self-install is available, and a modem is required, this will automatically be posted out to the customers address.

WBA

When ordering Bitstream, the end customer will contact their Operator who will in turn contact eircom Wholesale. The Operator will outline and gather the mandatory information and identify the type of order required. The Operator will then enter the required information into UG. The Operator can request both a Pre-Qualification for Bitstream to be performed, and also a Data Request for Bitstream to be performed. Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. If the Operator decides to proceed with the order and the order is a standard over PSTN, the Operator will select the Bitstream product they require and arrange an appointment at the exchange.

17

Ordering Difference – New Line PSTN v’s SB-WLR when ordering PSTN from eircom Consumer through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will enter the customer’s credit details and will then select the required PSTN product

FACO

If a customer requests a new line, the Operator will submit a new line enquiry and based on the UG decision, the order will be accepted or rejected. If accepted, UG will return details with existing infrastructure such as the number of lines and whether these are in-situ or pre-cabled. In situ means that service was provided but has since been ceased, whereas pre-cabled means that cable exists but no service was ever provided. If the CSR selects “site visit required”, the LNN order can be selected even when the line enquiry returns LNI. If an appointment is required, the CSR schedules the appointment and submits the LNN order. UG will then validate both the LNN and LNI orders and the Operator will be notified of the outcome. If accepted, the order will flow through to provisioning. If rejected then the order is terminated. In the case of LNI orders, the Operator will receive the required CLI information.


Confidential of 106



Justification

18

Fault Reporting PSTN - eircom Retail In eircom Retail - on receipt of a call from a customer reporting a PSTN fault, the eircom agent will take the customer’s details and perform initial fault screening. The agent will then log a call in native FHS. The agent will test the line (LTS) - through FHS, and then diagnose a fault at front end and resolve where possible. If unable to resolve, they will assign the FHS ticket to the appropriate locker so an engineer can take ownership, and move the ticket on.

FACO

Wholesale Customer Fault Report arrives into the WCCC via UG / Phone Call or email, the UG performs an automated fault validation – (Check line test attempted; validate the info on the fault report form – Data Integrity). If a line test not attempted within the previous 60 minutes. Fault report is rejected. If test is attempted and validated the fault is then accepted. Fault is auto progressed in FHS. ISDN PRA– faults are Auto assigned to IPM via FHS. The following manual screening steps are performed by WCCC to establish where to assign the fault Check test results against report code/s ; Check Report History; Check Clear History; Check TIS for outstanding orders; Check Guide for Services; Check line Signatures. Based on the findings, the fault is assigned to the relevant locker so an engineer can take ownership, and move the ticket on.

19

Fault Reporting Broadband - eircom Retail On receipt of a call from a customer reporting a Broadband fault, the CRC agent will take the customer’s details and perform initial fault screening. The CRC agent will then log a call in native FHS and will test the line (LTS) - through FHS. If broadband on line, they will run a sync test. The agent will then complete Radius lookup which is the online ping test and authentication validation. Where possible, the CRC agent will diagnose a fault at front end and resolve where possible. If unable to resolve, they will assign the FHS ticket to the appropriate locker so an engineer can take ownership, and move the ticket on.

WBA

20

Fault Reporting - NGN Ethernet, Leased Lines For eircom Business Customers, an agent within the Customer Response Centre (CRC) must determine if the fault is proper to eircom. If the fault is proper to eircom, the CRC agent will log the fault either on FHS (for PRA Faults) or MIDAS (for all other LLL products).

NGN Ethenet / Legacy Leased Lines

For eircom Wholesale customers, the Other Operator must attempt to resolve the fault before submitting it to eircom. The eircom Wholesale RAP, eircom Wholesale MNS Fault Reporting processes differ slightly due to the fact that eircom Wholesale Customers may use the Unified Gateway to submit a fault as well as using phone or email. Other Operators log fault on UG which flows onto Midas/FHS or will contact the WCCC who will in turn log the fault on MIDAS or FHS, depending on the product.

21

Fault Escalations - eircom Retail If an escalation is required, eircom Consumer/Business contact networks directly for PSTN & Broadband fault and must follow the Service Assurance Fault Escalation (SAFE) process. When an escalation is raised in SAFE, eircom Works Control Centre (WCC) will check if the escalation is valid, and if so will accept the escalation. The WCC will then re-prioritise the workload, update the required works management system and assign to the Field. The Field Technician will then repair the fault report and update Advantex with the relevant clear code. eircom Consumer/Business will update their customer via phone or email when this process has ended. (Note eircom Retail can only escalate NGA Faults through the eircom Wholesale process)

FACO, WBA

If an operator wishes to escalate a fault they contact eircom Wholesale WCCC advising that an escalation is required, the WCCC must follow the same Service Assurance Fault Escalation (SAFE) process. The WCCC will then update the Operator via UG, email, and phone call.


Confidential of 106



Justification

22

Provisioning Escalations - eircom Retail If an escalation is required, the Channel Support Services may contact networks directly - the National PCC team for assistance. The National PCC team will try to resolve the escalation so that provisioning can successfully be completed. eircom Retail will attempt to resolve the issue by contacting the Network resolver groups to get updates and to understand what is required to complete the order. (Note eircom Retail can only escalate NGA provides through the eircom Wholesale process)

FACO

If an escalation is required, operators contact WCCC who will attempt to resolve the issue by contacting the Network resolver groups to get updates and to understand what is required to complete the order. WCCC can also email the National Provision Control Centre (PCC) team who will try to resolve the escalation. If the issue is still not resolved, eircom Wholesale can engage with the Account Manager and Product Manager to ensure the order is successfully completed.

Table 11: Key Differences contained in the SoCs


Confidential of 106

6 Appendix 3 Update on Key Performance Indicators


Confidential of 106

Analysis of Key Performance Indicators (KPIs) 6.1

In June 2011 ComReg issued a Response to Consultation and Decision Notice (D05/11) directing eircom to

publish KPIs in a single place to enable explicit comparisons to be made between Wholesale outputs and the

equivalent inputs provided to eircom Retail. The purpose of this transparency was to provide an assurance to

consumers that the products and related services used by both eircom and other operators are of the same

standard. It would also reassure other operators that no discrimination in respect of eircom’s wholesale services

was occurring.

The first set of KPIs was published at the end of November 2011 covering eircom performance between July –

September 2011.

The products included in the KPI metrics are as follows:

Retail Narrowband Access Market - The products included are (i) SB-WLR, (ii) WLA and (iii) eircom’s

Retail PSTN product.

Wholesale Bitstream Access Market – The products to be included are (i) Wholesale DSL Services and

(ii) eircom Retail DSL service

Wholesale physical Network Infrastructure Access Market – The products included are (i) ULMP /

GLUMP Services and (ii) eircom Retail PSTN service and (iii) Line Share and (iv) eircom Retail DSL

service

Wholesale Terminating Segment of Wholesale Leased Lines Market – The products included are (i)

Wholesale provided traditional Leased Lines (ii) Wholesale provided NGN Ethernet Leased Lines and (iii)

eircom Retail provided traditional Leased Lines and (iv) eircom Retail provided NGN Ethernet Leased

Lines

NGA Wholesale Broadband Access Market - The products included are (i) Wholesale NGA Bitstream

Plus FTTC POTs based, (ii) Wholesale NGA Bitstream Plus Standalone and (ii) Wholesale NGA Bitstream

Plus FTTH – split between Downstream and other operators.

Review of the proposed metrics for each Market to determine:

Metrics associated with Supply of Services

o % connections in x days

o Average connection time

o Quality of supply

Metrics associated with Repair of Services

o % repairs in x days

o Average repair time

o Quality of repair

The analysis below covers the reporting period from July 2014 to December 2014.


Confidential of 106

6.1.1 SB-WLR v’s PSTN KPIs

Supply:

Figure 31: Supply KPIs for SB-WLR v’s PSTN

Repair:

Figure 32: Repair KPIs for SB-WLR v’s PSTN

Conclusion

The supply of SB-WLR exceeds PSTN for new connections that can be electronically enabled.

eircom Wholesale advised that because the volumes of new line connections for SB-WLR are low

compared to eircom Retail variations in the comparative performance between Downstream and

Operators can occur. In addition this performance is impacted by operator behaviour of a) selecting an

appointment date > 10 working days from order receipt; and b) re-appointing a significant volume of orders


Confidential of 106

to a date beyond that originally selected / provided on UG. Due to the time to manually re-appoint orders

(which include verification with the Operator) this extended the delivery time. Rollout of the combined new

line and new broadband (LNB) order will remove the requirement for manual appointment booking and

should reduce the overall supply time for operators.

The repair of SB-WLR faults exceeds the PSTN faults in 2 working days.

6.1.2 Bitstream (Wholesale) v’s Broadband (Downstream) KPIs

Supply:

Figure 33: Supply KPIs for Bitstream v’s Broadband

Repair:

Figure 34: Repair KPIs for Bitstream v’s Broadband


Confidential of 106

Conclusion

The supply of Bitstream matches Broadband for new connections that can be electronically enabled. An

issue arose in November ’14 when there were 61 Bitstream orders that were categorised as late. A sample

of these orders was investigated but no single root cause was identified. They all seemed to be systems

related where orders required manual intervention to progress. These range from Resolve the issue on

AMP and "set to auto processing", “Uncategorised error. “Consult Process Manual” and “This Account has

pending TIS Orders” etc.

The supply of Bitstream new connections matches new Broadband connections.

The repair of Bitstream faults in 2 working days is below the Broadband figure. eircom Wholesale advised

that as the volumes of faults are very low variations in the comparative performance between Downstream

and Operators can occur.

An analysis of in scope Broadband Fault Reports between July – September ’14 indicated a change in the

behaviour of retail customers in terms of time of faults logged. A higher proportion of retail faults were

logged after 5 pm in August and September than in July.

eircom Wholesale extended the hours of WCC from 8am – 10pm Monday – Sunday for screening of faults,

which started in mid-Nov ‘14. Previous WCC opening hours for screening of faults was 8am-8pm M-F,

9am - 5.30pm Saturday, Closed Sunday. WCC opening hours for dealing with Operator queries remains

8am-8pm M-F and 9am - 5.30pm Saturday. The small variation in performance in Nov ’14 may also have

been impacted by training of WCC staff required to manage screening of faults during these extended

opening hours. In addition the storm declarations in November ’14 had a greater statistical impact on

Bitstream faults than Broadband faults.

6.1.3 NGA Bitstream (Wholesale) v’s NGA Bitstream (Downstream) KPIs

Supply:

Figure 35: Supply KPIs for NGA Operators v’s Downstream

60.00%

70.00%

80.00%

90.00%

100.00%

Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14

NGA FTTC Standalone Appoints met by eircom

Downstream Operators


Confidential of 106

Repair:

Figure 36: Repair KPIs for NGA Operators v’s Downstream

Conclusion

The supply of NGA FTTC Bitstream POTs based and standalone for operators matches that of

Downstream. eircom Wholesale advised that as the volumes of faults are very low variations in the

comparative performance between Downstream and Operators can occur.

0.00%10.00%20.00%30.00%40.00%50.00%60.00%70.00%80.00%90.00%

100.00%

Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14

NGA FTTC Standalone based Fault Repair in 2 WDs

Downstream Operators


Confidential of 106

7 Appendix 4 Update on Generic Information Flows


Confidential of 106

Introduction 7.1

The security, classification and flow of Wholesale data within eircom, particularly Regulatory Access Products

(RAP) related data and Wholesale Customer Information, is a key element of the Wholesale Reforms programme

that eircom put in place to give improved standards and greater transparency to ComReg and Wholesale’s

customers on how eircom manages its non-discrimination obligations on a day to day basis.

eircom has implemented a programme to ensure that all Confidential Regulated Information and Confidential

Wholesale Customer Information retained by eircom in either structured or unstructured form is only disclosed in

compliance with the agreed Regulatory Governance Model designed to ensure compliance with eircom’s non-

discrimination obligations. The Information Flows Work stream is split into the following:

Structured Information Flows and

Unstructured Information Flows.

These are described in more detail below.

Structured Information Flow 7.2

The objective of the Structured Information Flow project was to review (from a data point of view) a list of eircom

systems that contained Confidential Regulated Information and Confidential Wholesale Customer Information

across all Markets. For systems reviewed, the existing controls were assessed to ensure that data access is

restricted to authorised user groups. Where gaps or risks were identified, controls or remediation were defined to

mitigate them. eircom engaged an external contractor Altion, to help deliver this element of the programme which

resulted in a Statement of Compliance being submitted to ComReg in September 2014.

7.2.1 Definition of the List of Systems

The full list of eircom/meteor systems is maintained by eircom Technology (TED & Networks). This master list of

336 systems was refined based on the following process:

Any system which does not contain Confidential Regulated Information or Wholesale Customer

Confidential Information was flagged. This reduced the list to 97.

Where the data manager of any system, specific to a technical area, verified that there was no

Businessunit access, the system was flagged. This reduced the list to 65 (verified). During the review it

was found that several systems from this set of 65 were duplicate, retired or used by specific groups in

IT/Networks. The full list of systems reviewed was thus 46.

7.2.2 Approach and Methodology

The system review was undertaken in stages with 2 pilot stages (with 3 and 6 systems respectively) followed by a

full phase review of remaining systems. The systems selected in the pilots were primarily systems used by larger

user groups. Additionally this involved selecting a combination of newer and older systems. The following key

parameters were used to review each system:

Data held in the system.

Different users and user groups who have access to the system.


Confidential of 106

Partitioning of the data across different users of the system.

Access Controls for a given system, i.e. how Access controls for a given system are defined and the policy

for handling staff members who leave the company or change groups within the company.

The following stakeholders within eircom were interviewed either face-to-face or by phone, with a set of questions

regarding data within a given system and user access to a system:

System Subject Matter Expert (SME)/System architect

System users from the different eircom groups listed in (include table reference here).

In certain cases several additional eircom staff members were contacted for specific queries. These included

systems administrators and managers who have access to users and user groups of systems. Where applicable,

user manuals and screenshots for systems were referenced and wherever possible, a formal script was used to

direct the discussion.

The table below lists different groups within eircom that have been reviewed from a data access point of view and

the definitions used to demarcate the groups.

Group Name Definition

Downstream Businesses

eircom Consumer eircom Consumer has been defined as the group consisting of all members within eircom Consumer excluding the CSR users who have access to a given system.

eircom Consumer CSRs

This group consists of the CSRs (sales & repair) within eircom Consumer who have access to a given system.

eircom Business eircom Business has been defined as the group consisting of all members within eircom Business excluding the CSR users who have access to a given system.

eircom Business CSRs

This group consists of the CSRs (sales & repair) within eircom Business who have access to a given system.

eircom Wholesale MNS

eircom Wholesale MNS has been defined as the group consisting of all members within eircom Wholesale MNS & Business Development Key Accounts

eircom Wholesale Sales & Marketing

This team consists of Sales and Marketing staff of eircom Wholesale (MNS & RAP) and includes Account Managers who would have access to all Wholesale products.

eircom WCS eircom WCS has been defined as the group consisting of all members within eircom Wholesale Customer Service excluding the CSR users who have access to given systems.

eircom WCS CSRs This group consists of the CSRs (provisioning & repair) within the eircom Wholesale Business Unit who handle both eircom Wholesale RAP and Downstream Businesses orders/faults.

eircom Wholesale RAP eircom Wholesale RAP has been defined as the group consisting of Product Managers and Programme Managers within the eircom Wholesale RAP group.

eircom TED and Networks This group consists of members of eircom TED and eircom Networks groups.

eircom Central Services This includes the members of Central Services, Regulatory and Public Affairs, Finance, HR, Programme Execution

Wholesale Customers This includes all the OAOs/Service Providers who form the customer base of eircom Wholesale.

Table 12: List of Groups for the Systems Review project


Confidential of 106

The table below lists the various data categories to which the different users would have access.

Data category name Definition

Confidential Wholesale Customer

Any customer-specific information related to the customers of eircom Wholesale RAP.

Confidential Regulated

This information consists of regulated data that is not public/not yet public such as : RAP strategies and plans Network build and network information Unpublished Product or Infrastructure Information e.g. product descriptions, design specifications, prices, SLAs, roadmaps Unpublished Network/Infrastructural Information regarding RAP products e.g. NGN Nodes, NGA Cabinets Unpublished Network Performance Information e.g. aggregated fault/provisioning data Unpublished Network Strategic/Implementation Plans Unpublished Network utilisation that feeds into Pricing Models Unpublished Information on how new technology applies to eircom’s fixed network

Table 13: List of Data Categories for the System Review project

The identification of risks was undertaken using the following table which lists different user groups and the data

categories they can access. Here, the shaded cells indicate no risk present regardless of whether or not the user

has access to the system. For each system hereafter, an un-shaded cell with a ‘Yes’ means a risk has been

identified - unless it is qualified with a comment.

Group accessing data ↓ Has access to the following data categories

Group Name Customers of Downstream Businesses

Customers of eircom Wholesale RAP

eircom Confidential Regulated Data

eircom Downstream Businesses No Risk If Yes, this is a Risk If Yes, this is a Risk

eircom Wholesale RAP & WCS

No Risk No Risk No Risk

eircom TED & Networks No Risk No Risk No Risk

eircom Central Services No Risk No Risk No Risk

Wholesale Customers If Yes, this is a Risk if they can view data of other customers

If Yes, this is a Risk if they can view data of other customers

If Yes, this is a Risk

Table 14: List of Risk Definitions for the System Review project

In the above table “Yes” implies user groups shown in the first column have access to the data belonging to other

groups shown in the other columns.

7.2.3 Identification of Risks

The key access risks identified through this review was that users could have or get inappropriate access to

Confidential Regulated Information or Wholesale Customer Information on eircom’s systems. This could be caused

by:

Existing users, already having inappropriate access rights to a given system.


Confidential of 106

New users, requesting access to a system being provided inappropriate access rights;

Existing users, having changed employment role or group within eircom, to one no longer requiring access

or no longer requiring the same level of access to a system, or,

Existing users, having ceased employment with eircom retaining their access profile to a system.

The table of all risks is included below:

Risk No. Description

SYS_Risk_001 There is a risk with user groups and user access across all systems whereby existing users may have inappropriate access rights to a given system.

SYS _Risk_002 There is a risk associated with user access across all systems with regard to inappropriate access rights given or maintained under the following circumstances: New staff requesting access to the system being assigned incorrect access rights. Access rights for a person changing roles in the company is not appropriately modified. Access rights for a person leaving the company is not revoked.

SYS_Risk_003 There is a risk that certain unauthorised users may gain access to the following systems because currently SAM is not used as the process for obtaining access to all systems.

SYS_Risk_004 There is a risk that where systems have Wholesale-Retail segregation, the level of segregation may not be accurate. From the analysis carried out in this study, this risk is deemed to be low. However, it was not possible to study this in detail as part of this analysis.

SYS_Risk_006 There is a risk that Wholesale MNS users could access Wholesale Customer information on some systems.

SYS_Risk_007 There is a risk that eircom Retail staff could access data of Wholesale customers on some systems, that eircom Wholesale MNS could access Wholesale Regulated information on some system and that eircom Retail could access Wholesale Regulated information on some systems.

Table 15: List of Risks Identified in System Review project

7.2.4 Identification of Controls

The key access controls identified through this review were as follows:

Business Access Review Process (BAR)

Systems logical access controls Business Access Review (BAR) and Segregation of Duties (SOD).

Management ensure that only authorised access is granted to applications and data by authenticating a

user’s identity and access profile. In order to properly restrict access to applications and data three

security elements are applied: identity/authentication, access rights and system configuration.

Identity/authentication and access rights are administered by reference to business area requirements and

responsibility for control rests with the system owner. System configuration is controlled by an independent

systems administrator and inbuilt application protocols.

The joiners, movers and leavers process manages access right changes as they arise. The Business

Access Review (BAR) is a cyclical process where business owners of systems and underlying data review

actual access based on systems outputs and confirm that individual user access is appropriate.

Segregation of Duties (SOD) is an extension of the BAR process where the business owner reviews and

confirms that the level of access (functionality) is appropriate for individual users.

System for Access Management (SAM)

The SAM, (System for Access Management) process in eircom is used to provide a formal record of

application, approval and completion of access requests to a list of specific systems in the eircom estate.


Confidential of 106

The SAM application has a web based GUI where employees or contractors apply for access to specific

systems. In addition to the system, the applicant has to select the profile they require from a predefined

list.

Each request goes through a level of line management approval and a Delegated Authority (for System

Owner) approval, before the request is passed to the relevant Sys Admin role.

Managers and Delegated Authorities are notified by email through the SAM workflow, and they approve

via a web GUI which is accessed by a link in the mail. All approver access to SAM is password controlled.

If a request is rejected at any stage in SAM, the applicant is informed, and that request goes no further.

SAM is also used for removing access for people who leave the organisation, or change roles.

Users changing groups

When staff moves from one role to another within the company, the “Who Works Where” process is

invoked. This involves the Donating Manager initiating the transfer online, and then the Receiving

Manager accepts the employee and completes the transfer process. In addition to the transfer, it is the

responsibility of the Donating Manager to remove all access of the employee to various systems relevant

to the old role. This is processed via SAM.

Users leaving the organisation

The Leavers’ Process is invoked when an employee or contractor status changes to an exit status on the

HR system. This process runs on a weekly basis and an email is generated and sent to Systems

Administrators requesting them to remove access for departing individuals.

The table below lists all controls for risks listed above.


Confidential of 106

Index Risk No.

Control Ref. No.

Owner Description Status Original Target Date

Target Date

1 SYS _Risk _001

SYS _CRM _001

eircom Wholesale / Networks

A review of all user groups on the system is undertaken to ensure only appropriate users have access to the system.

Open Apr ‘15

Jul ’15 (Following completion of SYS _CRM _002)

2 SYS _Risk _001

SYS _CRM _002

eircom TED

A User Access Review (also known as Business Access Review – BAR) of all systems is undertaken on a scheduled basis to ensure only appropriate users have access to the system, and that inappropriate access is revoked where identified.

Open Apr ‘15 Jul ‘15

3 SYS _Risk _002

SYS_ CRM _003

eircom TED

Company standard access approval (incl. joiners), movers and leaver’s processes are operated for all systems. A once off exercise is required to ensure that these controls are fully applied for all in scope systems.

Pending Close The company standard process for movers, joiners and leavers has been reviewed and is in place for all in scope systems (Awaiting Control Owner confirmation)

Apr ‘15 N/A

4 SYS _Risk _003

SYS _CRM _004

eircom Networks

The company-wide policy of using SAM as the process for obtaining access to a given system needs to be enforced for all systems.

Pending Close The original list of systems to be set up on SAM were: RTD, ASP, CIRCE, Dataplus, SAFE, infovista, CMS, ISIS Engine. RTD is now accessed via CNO Remedy which itself is set up on SAM. ISIS Engine doesn’t have a client which Users can request access to so SAM access to it is irrelevant. The other systems have been set up for access via SAM. (Awaiting Control Owner confirmation)

Dec ‘14 N/A


Confidential of 106

Index Risk No.

Control Ref. No.

Owner Description Status Original Target Date

Target Date

5 SYS _Risk _004

SYS _CRM _005


A study to be carried out to confirm that data segregation in systems which already have Retail-Wholesale data segregation is accurate.

Open SYS_CRM_005_SAFE Pending Close (Awaiting Control Owner confirmation)

Dec ‘15 Dec ‘15

6 SYS _Risk _006

SYS_ CRM _007


Systems development is required to further segregate Wholesale information in question into Wholesale MNS Customer information and Wholesale RAP Customer information and access to Confidential Regulated information to be restricted to users based on their user groups. A requirement to be raised through the eircom end-to-end solution delivery process to complete a detailed analysis to put in place a solution to segregate the data.

Open Dec ‘15 Dec ‘15

7 SYS _Risk _007

SYS _CRM _008


Systems development is required to implement data segregation between eircom Customer/Business and eircom Wholesale groups. Further segregation of eircom Wholesale data into Wholesale MNS and Wholesale RAP to be implemented if Wholesale MNS continue to access the system. A requirement to be raised through the eircom end-to-end solution delivery process to complete a detailed analysis to put in place a solution to segregate the data.

Open SYS_CRM_008_ANRM & SYS_CRM_008_FIMS Pending Close (Awaiting Control Owner confirmation)

Dec ‘15 Dec ‘15

Table 16: List of Controls Identified in System Review project

7.2.5 System Stats

The majority of the controls for the System Reviews reside in Technology (TED & Networks) with a small

proportion sitting in eircom Wholesale (RAP & WCS). This is consistent with the fact the vast majority of these

systems are owned, managed and supported by Technology.


Confidential of 106

Business Owner SYS_CRM _001

SYS_CRM _002

SYS_CRM _003

SYS_CRM _004

SYS_CRM _005

SYS_CRM _007

SYS_CRM _008

Total

eircom Wholesale -RAP 6 0 0 0 4 1 0 11

eircom Wholesale - WCCC 2 0 0 0 0 0 0 2

eircom TED -CTO 0 1 1 0 0 0 0 2

eircom Networks- Design 9 0 0 0 0 0 3 12

eircom Networks- FAO 17 0 0 2 3 0 5 27

eircom Networks – Service Management

13 0 0 5 7 3 1 29

Grand Total 47 1 1* 7* 14** 4 9*** 83

Table 17: List of System Controls* per Business Owner

* SYS_CRM_003, SYS_CRM_004 Pending Close (Awaiting Control Owner confirmation)

** SYS_CRM_005_SAFE Pending Close (Awaiting Control Owner confirmation)

*** SYS_CRM_008_ANRM and SYS_CRM_008_FIMS Pending Close (Awaiting Control Owner confirmation)

Unstructured Information Flows 7.3

Unstructured Information Flows relates to the controls that are in place to protect and keep secure Confidential

Wholesale Customer Information and Confidential Regulated information that is contained in reports, emails and

documents created within eircom. The main originator of this information is eircom Wholesale and TED &

Networks. This project was run in conjunction with TED. This element of the Wholesale Reforms Programme

contained the following key elements:

Enhanced Data classification

Data Handling Guidelines

Data Register

These are detailed below.

7.3.1 Enhanced Data Classification

All information within RAP should be classified Confidential Regulated with it potentially being declassified

to Public Regulated

Confidential Regulated - An example of this is the handling of restricted Regulatory Access Products

(RAP) related data in eircom Wholesale

Public Regulated - An example of this is Regulatory Access Products (RAP) related data that has been

approved for release to Industry Fora

In addition to this other wholesale information is classified as Confidential Wholesale Customer

Information


Confidential of 106

7.3.2 Data Handling Guidelines

Both physical media (e.g. each page) and logical representations must be marked ‘CONFIDENTIAL –

REGULATED ‘.

The front page of documents must be marked “Confidential – Regulated”

Word Documents must have the footer “Confidential – Regulated”

Excel spread-sheets must have the semi-transparent watermark “Confidential – Regulated”

Access to files held on systems or manual files must be restricted to authorised staff only

Access should be restricted on a “need to know” basis.

7.3.3 Data Register

RAP related data includes:

o The technical specification of a RAP service;

o The terms and conditions under which it is to be supplied;

o The capabilities of the network supporting the service and the timing of changes in network

functionality;

o To information about risks; to access to plans for, for example, NGA deployment.

The Critical Regulated Data Asset Register will be a structured database that includes:

o A description of the Data

o The identity of the Data Owner

o The location where the data is stored

o The Categorisation of the data (confidential regulated and public regulated)

7.3.4 Progress to date

Figure 37: Status of System Controls

2

3

2

Status of System Controls

Pending Close On-target Delayed


Confidential of 106

7.3.4.1 BAR

In terms of the BAR, the bulk of the Wholesale Systems are now scheduled for review in June 2015. Actioning of

responses from managers is likely to carry over into July. Some of the Wholesale Reform systems (where they

overlap with a separate project) have been BAR reviewed, but the Wholesale Reform specific check against

business units hasn’t been carried out and won’t be done until all of the Wholesale Reform systems reviews are

completed in June /July 2015.

7.3.4.2 Data Classification

Data Classification has been completed in eircom Wholesale and has been rolled out across TED & Networks to

ensure all relevant documentation is classified either as Confidential Regulated or Confidential Wholesale

Customer Information.

The flow of RAP information is now subject to strict rules about who can request Confidential Regulated

Information and how they can request it. eircom's downstream businesses are treated like other operators when it

comes to requesting new information from RAP. The eircom Wholesale Account Management process requests

directly from all parties and submit them to RAP (through RAP Change Request Process) for their consideration. In

addition downstream businesses and other operators can request new RAP information through the ComReg led

industry fora.

Unpublished RAP information needs to be classified as “Confidential – Regulated” and kept safe, secure and

separate from eircom’s Downstream Businesses. This information can be shared outside of eircom Wholesale

RAP only where there is a legitimate need, such as people in Technology may need and be given information

relating to RAP products and services in order to support eircom Wholesale’s RAP unit with product development.

In such cases care needs to be taken. eircom Wholesale RAP must ensure that when restricted RAP information is

shared it is labelled correctly and those receiving know its nature and what they can and cannot do with it. Those

receiving this information must ensure it is not shared with eircom’s Downstream Businesses or with any other

sub-set of eircom Wholesale’s.

Conclusions 7.4

The security, classification and flow of Wholesale data within eircom, particularly Confidential Regulated

Information related data and Confidential Wholesale Customer Information, is critical to putting a robust

Regulatory Governance model in place. It is seen as a key element of the Wholesale Reforms programme that

eircom has put in place to give improved standards and greater transparency to ComReg and Wholesale’s

customers on how eircom manages its non-discrimination obligations on a day to day basis.

eircom has now implemented the programme to ensure that all Confidential Regulated Information and

Confidential Wholesale Customer Information retained by eircom in either structured or unstructured form is

only disclosed in compliance with the agreed Regulatory Governance Model designed to ensure compliance

with eircom’s non-discrimination obligations.


Confidential of 106

The Structured Information Flows workstream has identified 6 generic risks where non-discrimination could

take place and 7 generic controls to mitigate these risks. Progress is taking place to close out the risks

identified. A number of system fixes (awaiting formal signoff of Control Owner) have been completed with

more scheduled for June, August and December 2015. This good work needs to continue to ensure the

remaining controls are completed in a reasonable time to reduce the risk of eircom breaching its non-

discriminatory obligations.

The Unstructured Information Flow work stream has put in place a framework to allow staff to identify when

they are creating documentation relating to Confidential Regulated Information and Confidential Wholesale

Customer Information, to mark it appropriately and to distribute it according to strict business rules. Regular

briefings on this framework should be provided to existing and new staff to ensure that it is being followed in all

circumstances.


Confidential of 106

8 Appendix 5 Update on Internal Compliance Reviews/Investigations


Confidential of 106

Introduction 8.1

This section provides an update on Internal Compliance Reviews and Investigations initiated by C&E together with

investigations arising from Wholesale Customer Complaints

Compliance Reviews 8.2

8.2.1 Compliance Review – Change Control

As part of our Regulatory Governance Model C&E carries our internal Compliance Reviews regarding the

operation of the controls included in the SoCs sent to ComReg which cover the following areas of operation:

Change Control

Pre-Order/Ordering

Provisioning

Fault Reports/Repair

For this reporting period C&E has carried out a compliance review of Change Control - see Annex 1 to this report.

It is planned to cover the remaining controls in the next Report to Industry.

Whistle-blower 8.3

Under the Code employees are advised of the various channels in which they may raise issues including through

the Whistle-blower process. To-date no issues have been raised under this process.


Confidential of 106

Open C&E Internal Compliance Reviews/ Investigations 8.4

Index Date Opened

Description of Issue Owner Status Date Closed

1 Sept -14 Complaint from another operator in relation to alleged comments made by an eircom technician

eircom Networks

Under investigation. Additional information requested from operator but was not provided so investigation could not proceed

Closed Dec 2015

2 Sep-14

Compliance review of Customer Mandate Programme. The overall objective of the Customer Mandate Programme was to deliver a better customer experience across Billing, First Contact Resolution and Installations

eircom Customer Operations

Review completed and recommendations implemented to ensure compliance with our SoCs

Closed Mar 2015

3 Oct-14 Compliance reviews to test SoC re Change Control

All BUs Report issued in April 2015. See Annex 1 to this report

Open

4 Nov -14 Compliance Review of Fault Programme eircom Wholesale

Review completed and recommendations issued to BU in respect of using an MNS project management resource in an upstream activity -Nov 2014. Awaiting action from BU to remedy issue

Open

5 Feb 2015

Proposal to locate Business Operations within the eircom Central Finance Function. The overall objective of the Business Operations Proposal is to deliver a better end to end experience for all customers including Wholesale Customers. A key enabler for this is to set up a dedicated Programme Management team led by a Senior Manager under Business Operations

eircom Central Finance

Review completed and recommendations implemented- March 2015. Business Operations to be located in upstream business (eircom Wholesale)

Closed

Table 18: List of Open and Closed C&E Internal Reviews and Investigations

Conclusions 8.5

It is essential that when C&E, through internal Compliance Reviews/Investigations, identify remediation measures

that these are completed in a reasonable time period.


Confidential of 106

9 Annex 1: Compliance Review of Change Control


Confidential of 106

Introduction 9.1

eircom is required to submit Statements of Compliance (SoCs) to ComReg in respect of its non- discrimination

obligation in the Regulated Markets under its Regulatory Governance Model. To develop these SoC’s eircom

undertook detailed reviews of its business processes used to deliver NGA, NGN and current generation Services

to eircom’s downstream operations and to eircom Wholesale’s customers. The purpose of these reviews was to

identify any risks of non-compliance with eircom’s non-discrimination obligations. Where risks were identified,

controls were developed to mitigate against the risk of non-compliance. These controls have been recorded in a

Risk and Control Matrix (RACM) and are signed off by the relevant Senior Managers who have overall

responsibility to ensure that the controls in their area operate effectively.

In addition eircom has committed to carrying out Compliance Reviews and Audits of the operation of the Risk and

Control Metrics (RACM’s), the outputs of which will be reported to the Wholesale Reforms Committee of the Board

and to ComReg bi-annually. The Compliance and Equivalence (C&E) Unit will undertake Deep Dive Compliance

Reviews in selected areas on an on-going basis.

The objective of the Compliance Reviews is to confirm that the controls put in place to ensure non-discrimination

operated effectively during the period under review and that the controls are most likely to have prevented the

potential issues of non-compliance that arose previously.

Scope 9.2

This review is focussed on Regulated Access Product (RAP) Change Control i.e. the processes used by eircom to

develop products requiring changes to eircom Wholesale Regulated Access Products. These processes have 55

controls in place to ensure that:

All requests for new RAP products or changes to existing RAP products are assessed and a determination

is made whether a RAP development is required or not.

Where a RAP development is required then the downstream products cannot launch until the RAP

component is already launched

RAP information about new developments or changes to existing RAP product is not provided to a

downstream business in advance of it being made available to all operators

When a downstream business has a requirement to develop a new product or amend an existing product they can

discuss their requirement with Regulatory Operations to determine if it is clearly outside the regulated space. If the

change or new product is clearly outside the regulated space then the business unit can proceed to develop their

requirement otherwise they are advised to submit their requirement to the eircom Wholesale RAP Change

Request process.

eircom uses the following processes to manage its non-discrimination obligations.

RAP Change Requests

RAP PDC

TED E2E & Work Requests


Confidential of 106

Downstream Business PDC

Downstream Tenders and Contracts

The period under review is July- September 2014.

The Quarterly Self Certification process was outside the scope of this review.

Approach/Methodology 9.3

i. Review of RAP Change Request Process

C&E walk through of Change Control Process and Evidence Logs with RAP Change Process

Manager and RAP PDC PMO

Review of new Change Requests logged on the Change Control log for the period July – Sept 2014

and how these requests progressed through the end to end process. Included was a review of the

following:

Rationale for decisions to accept/ reject change requests

Evidence retained to support decisions

Notifications of decisions issued

Supporting documentation retained

Equivalence Reports issued

Reports on instances where controls did not operate

Supporting documentation for issues reported and remediation measures taken

Metrics in relation to change requests

Minutes of meetings

ii. Review of the operation of RAP PDC controls

iii. C&E walk through of Evidence Logs with Control Executors for Networks, TED and downstream

businesses to review the following:

Log of requests submitted to TED, End to End (E2E) & Work Requests (WR) Processes

and Downstream Business PDC’s

Evidence retained by the business areas to demonstrate that controls had operated during

the review period

Regulatory advice used to determine whether requests needed to follow the RAP Change

Request Process

Change requests that could have bypassed the Change Control Process

iv. Determine if controls reviewed would have prevented potential issues of non-compliance that had arisen

previously


Confidential of 106

Wholesale RAP – Review of Evidence of Control 9.4

9.4.1 Findings

i. 5 out of the 11 controls in place operated effectively during the period under review.

i. There were 22 Change Requests logged on the Change Request Log in the period under review:

A log of all new requests and supporting documentation submitted to RAP Change Process was

maintained

Customer Requirements Capture Group meetings were held to consider RAP Change requests

logged and their outputs recorded

Evidence of Control as per RACM

i. eircom Wholesale RAP record metrics on a Regulated Access Product / Regulatory Market basis for requests for Changes to RAP products to demonstrate non-discriminatory behaviour. Metrics, emails and reports are stored centrally on the shared drive and contain

• the Product Change request log, • the quarterly report demonstrating the output and • the relevant support material of Customer Requirements Capture document • the Customer Response Document and • internal emails confirming that the report has been reviewed by Director of Regulated Access Products

Equivalence Issue Reports issued to [email protected]

A log is being maintained of requests submitted for a decision on whether the development of a RAP is required or utilises a RAP input

ii. eircom Wholesale RAP PDC Project Management Office record and maintain metrics of RAP Projects eligible for PDC in a tracker (Excel worksheet). A quarterly report is produced based on the tracker data to highlight: • RAP Project notified to ComReg prior to DP3 approval • RAP Projects launched prior to DP5 approval • RAP Projects launched with RAP PDC approval Summary reports and acknowledgement email from RAP Director are stored centrally on SharePoint.

iii. eircom Wholesale RAP PDC PMO record and maintain metrics of PDC Projects. A quarterly report is sent to Director of Regulated Access Products. The report and email from the Director are stored centrally on PDC sharepoint site.

iv. Minutes of Wholesale Management Team meeting to record departure of eircom Wholesale MNS Director prior to RAP issues being discussed are stored.


Confidential of 106

In 19 of the 22 requests the rationale for decision to accept or reject was correct from a regulatory

perspective

In the other 3 cases the records did not support the decision taken or the basis for the decision

was unclear. It was noted that in some cases meetings were held or emails exchanged to provide

clarifications on the proposals before reaching a final decision. Additional information provided to

support the decisions was not recorded within the RAP Change Process. There is currently no

requirement to retain this additional information. The cases in question were as follows:

ID 54 – Request to add Additional information to wholesale roll out plan. The rationale for

the recommendation to accept was on the basis that it was for information purposes only.

This request appears to be for a RAP change and accordingly the purposes for which it

was being provided should not be caveated

ID 55 – E-Line. This request was rejected on the basis that the CES Device for

performance monitoring of the IP Traffic is not considered to be part of the regulated

market. It was not clear from the requirements document submitted that performance

monitoring was the purpose for which the device was required.

ID 71 – NGN Ethernet Performance Reporting. This request was rejected on the basis that

Wholesale does not sell products to eircom Business with Master Plan Plus SLA. As the

Ethernet metrics form part of the RAP the decision to accept/reject this request should

have been based on whether this information should be made available to all operators.

Out of 12 change requests that were accepted 10 are considered to be RAP changes and should

therefore have been submitted to RAP PDC. None of these appeared on the PDC tracker at the

time of the review. Failure to log change requests with RAP PDC could result in (a) products being

launched either without proper notifications to ComReg (b) publications requirements not being

met in contravention of eircom’s transparency obligations or (c) RAP documentation not being

updated.

Reports on RAP metrics to demonstrate non-discriminatory behaviour were generated for review

and sign off, however, the reports in themselves are not conclusive. No evidence was retained of

the assessment of the metrics or any conclusions drawn. It was noted that the control does not

currently specify the metrics to be used.

There was no evidence found of the review by the Control Owner of the quarterly metrics report

that details requests raised, opened and closed for changes to RAP products for the period under

review

2 Change Requests although logged on the Change Request log followed the Inter-Operator

Process (SOR). In this process ‘Delivered’ has a different meaning to ‘Delivered’ in Change

Process, and may lead to confusion

In 13 cases Customer Requirement/Customer Response documents were not fully completed

e.g.no relevant market specified. However, this did not appear to adversely impact the final

decision to accept or reject the request


Confidential of 106

The change process requires that the party making the request is advised of the outcome.

Notifications to requestors were issued from the RAP Customer Requirements mailbox. In 2 cases

there was no evidence of Account Managers formally notifying the end customer

Notifications regarding acceptance or rejections of requests were not retained by the RAP Change

team in all cases due to automatic system deletion

Customer Requirements Capture Documents and Response Documents submitted varied in

format, which could result in relevant information being omitted. This was as a result of changes to

templates evolving as the process was being embedded

ii. Logs recorded the date when Product Managers or Account Managers log new requests in the RAP

Change log. There is no visibility of requests that may not get logged or where delays occur before being

logged

iii. Metrics of RAP PDC Projects notified to ComReg without DP3 approval and RAP Projects notified without

DP5 approval were maintained and reviewed. There were 2 projects out of 14 that were launched prior to

DP5 approval in the period under review. An explanation for each was recorded. It was noted that the

control does not currently specify an Equivalence Issues Report is required when an issue is identified in

the reports.

iv. The minutes of Wholesale Management Team meetings for the period do not record in most cases that

the MNS Director was absent when RAP issues were being discussed

9.4.2 Recommendations and Management Comments

i. The control should specify the RAP metrics analysis that needs to be undertaken to demonstrate that non-

discrimination behaviour did not occur. See Appendix 2 of the Compliance and Audit Report for examples

Wholesale Management comment: Agreed. To review and take this approach on board for future reports

ii. All change requests impacting RAP should be notified and logged on the RAP PDC tracker

Wholesale Management comment: Agreed and confirm that this process is now being applied

iii. When further information becomes available in the course of consideration of the change request the

Customer Requirement Capture Document (CRCD) submitted should be updated accordingly to support

the decisions to accept/reject requests. In the case of rejections, in particular, the rationale recorded for

the decision should include all pertinent information

Wholesale Management comment: Agree and confirm that this approach is now being applied

iv. Control evidence for NGA, NGN and Current Generation Access products should be consistent e.g. the

requirement for the generation of Equivalence Issue Reports where issues are identified should apply in all

markets. Controls should be updated accordingly

Wholesale Management comment: Agreed

v. The rationale for recommendations currently included in the Customer Response Document (CRD) should

be expanded to include a summary of what RAP understand the request to be and the basis for its

decision


vi. CRCD’s should not be accepted unless fully completed



Confidential of 106

vii. Updates to Roadmaps, which track the status of Change Requests, should be retained by the Change

Control process as evidence that Industry has been notified

Wholesale Management comment: Agreed. Currently a requirement but compliance will be re-enforced

going forward

viii. The metrics of how long it takes a change request to be processed end to end should start from the date

that the customer makes the request to Product Manager/Account Manager. Consideration should be

given to how the control can be amended to ensure that this information is captured and measured

Wholesale Management comment: To consider and update control as required

ix. All notifications of decisions by the Customer Requirements Capture Group regarding acceptance or

rejections of requests should be retained as evidence

Wholesale Management comment: Agreed. An IT issue with mailbox has been rectified and all

notifications are being retained

x. The Industry Inter Operator (SOR) process in relation to access requests to be aligned with RAP Change

Request Process


xi. The minutes of all WMT meetings should formally record agenda items where the MNS Director was in

attendance.

Wholesale Management comment: The Control Owner agrees that the meeting minutes as recorded do

not in most cases record that eircom Wholesale MNS Director left the meeting room when RAP items were

discussed. However, to the best of his knowledge, the eircom Wholesale MNS Director was not generally

present in the room when specific RAP items were being discussed and when items relevant to RAP PDC

and RAP Commercial Review were being presented for approval. The recording of meeting minutes will be

reviewed to ensure that this control operates effectively.


Confidential of 106

TED - Review of Evidence of Control 9.5


i. As output from the Ideation session, a list of submitted, approved and blocked requirements are documented and stored in the E2E portfolio planning library As output from the HLC close event, a list of all projects are recorded and two additional fields are recorded for each, i.e. does this request have a RAP impact? If yes, has RAP approval to proceed been sought and received? At the end of the Functional Design phase, the projects are summarised in the Man-days spread sheet. Two columns are added to record the updated answers to the two RAP questions. The answers to the two questions are stored on the GT Requirements log on Sharepoint for both submission and pre-Delivery

9.5.1 Findings

i. The 6 controls operated effectively during the period under review i.e.

Meetings with TED, RAP and Regulatory Operations to consider projects with potential RAP

impact took place

Logs of submitted, approved and blocked requirements were retained

The rationale for decisions taken in respect of projects impacted by RAP was correct from a

regulatory perspective

9.5.2 Recommendations

None

9.5.3 Management Comments

Noted


Confidential of 106

Networks– Review of Evidence of Control 9.6

9.6.1 Networks (Fixed Access Operations)


i. Process Change Log maintained by Networks Head of Process.

9.6.1.1 Findings

i. The 2 controls in place did not operate effectively in the period under review i.e.

A Process Change Log was maintained and report issued to the Control Owner for review in the

period under review.

The Log recorded changes that had a RAP impact and where RAP approval had been received

A project (ID 3235) was not logged on the Change Request Log by the RAP Product Manager.

Failure to log a Change Request can result in eircom Wholesale RAP developing/changing its

products/processes without the necessary regulatory inputs (products / information / ComReg

approvals etc.) being in place.

Process changes not requiring IT development were not logged on the Process Change Log

9.6.1.2 Recommendations

i. All process changes with potential RAP implications, including those not requiring IT development,

should be submitted to the RAP Change Request Process

ii. Evidence should be retained by the Networks Control Executor that Networks process changes

impacting RAP have been recorded on the RAP Change Log

9.6.1.3 Management Comments

Agreed

9.6.2 Networks (Service Management)

Evidence of Control as per RACM i.

A Process Change Log maintained by each L2 in charge of the listed areas within Service Management (Networks).

• Incident & Event Management • Service Control • Service Management eBusiness & Consumer • Service Management Wholesale This Change Log can be found on centralised Sharepoint site

ii. On a quarterly basis, the Service Management (Networks) L2 Managers in charge of Incident & Event Management, Service Control, Service Management eBusiness &


Confidential of 106

Consumer and Service Management Wholesale review the reporting process for their area and create a report for the Director of Service Management (Networks). The Director of Service Management (Networks) signs off on a Statement of Compliance. The Statement of Compliance states that all reports containing RAP information are being sent to eircom Wholesale, for distribution to downstream businesses and OAO’s. Both the quarterly report and the Statement of Compliance documents are securely archived for three years on a centralised Sharepoint site

iii. Quarterly sign-off of a Statement of Compliance document by Director of Service Management (Networks). The Statement of Compliance states that :

(a) all Service Management (Networks) reports based on RAP inputs are being classified as RAP Confidential (b) Copies of Service Management (Networks) reports are being stored securely for a period of three years. (c) Service Management (Networks) documents are labelled to comply with eircom’s data classification policy. This report is stored on the Sharepoint site.

iv. On a quarterly basis, the Service Reporting and Support Manager reviews the reporting process and creates a report for the Head of Service Control. The Head of Service Control signs off on a Statement of Compliance. The Statement of Compliance states that all reports containing RAP information are being sent to an agreed email mailbox in Wholesale Customer Services, for distribution to downstream businesses. Both the quarterly report and the Statement of Compliance documents are securely archived for three years on the following Sharepoint site:

v. ( Quarterly sign-off of a Statement of Compliance document by Head of Service Control. The Statement of Compliance states that :

(a) all Service Control reports based on RAP inputs are being classified as RAP Confidential (b) all Service Control copies of the reports are being stored securely for a period of three years. (c) Service Control documents are labelled to comply with eircom’s data classification policy. This report is stored on a centralised Sharepoint site

vi. Process Change Log maintained by each L2 in charge of the listed areas within Service Control. This Change Log is stored on a centralised Sharepoint site

9.6.2.1 Findings

i. The 6 controls operated effectively in the period under review

ii. Equivalence Reports generated identified two new reports for remediation and were logged in Change

Requests process


None


Confidential of 106


Noted

eircom Consumer – Review of Evidence of Control 9.7


i. eircom Consumer PDC Office maintains a log of relevant products brought through the

PDC process. For these products a quarterly report identifies:

• Products that received PDC approval after launch

• Products launched with Consumer PDC3 approval.

This report and acknowledgement email from Director of TV & Fixed is stored centrally

ii. All requests for new reports from eircom Consumer Product Management are stored on

Sharepoint

iii. The minutes of the eircom Consumer PDC contain records of all confirmed approvals to

launch. These minutes are stored on Sharepoint

9.7.1 Findings

i. 2 out of the 3 controls did not operate effectively in the period under review i.e.

A record of PDC approvals obtained was maintained

Reports for Consumer Projects that launched prior to PDC3 approval were not generated for

review and sign off by Control Owner

No evidence of quarterly reports for new performance reports being submitted to Control Owner

for review even though a request for a new report was submitted during the period


i. Quarterly Reports for Consumer Projects that launched prior to PDC3 approval should be sent to

Control Owner for review and sign off. Associated Reports and sign offs should be stored centrally on

Sharepoint

ii. Quarterly reports for new performance reports should be prepared and submitted to Control Owner

each quarter for review and sign off. Associated Reports and sign offs should be stored centrally on

Sharepoint


Reports in question will be generated for review and sign off by Control Owner going forward


Confidential of 106

Consumer Customer Operations – Review of Evidence of Control 9.8


i. All requests for new reports from eircom Consumer Customer Operations are stored on

Sharepoint

9.8.1 Findings

i. The control did not operate in period under review i.e. no evidence could be found of a log of new

requests for network performance reports being maintained on Sharepoint site. The Control Owner is

no longer with the company and name of Control Executor was not contained in the Risk and Control

matrix (RACM).


i. Control should operate going forward.

ii. Names of current Control Owner and Control Executor to be included in RACM


Recommendations agreed


Confidential of 106

eircom Business– Review of Evidence of Control 9.9

9.9.1 eircom Business (SME Market)


Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.

9.9.1.1 Findings

i. The 3 controls in place did not operate effectively in the period under review i.e. Reports on “non-

standard” contracts for SME Markets were being generated for review by Control Owner but no

associated emails/records verifying that the report had been reviewed


i. The Control Executor should send an email/alert on a quarterly basis to Control Owner outlining

that the “non-standard” contract report is available for review and sign off. Sign off by Control

Owner to be stored centrally on Sharepoint


Findings understood. The controls are implemented and achieving the desired outcome by ensuring we

are adhering to RAP guidelines and controls. Noted that the email/alert to be activated and stored to be

implemented.

9.9.2 eircom Business (Enterprise Market)


Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.

9.9.2.1 Findings

i. The 3 controls did not operate effectively in the period under review i.e. no evidence found of reports

on “non-standard” contracts for Enterprise Market or associated emails verifying that the report had

been reviewed by Control Owner. Reports should indicate that Regulatory and RAP approval has

been obtained for non-standard contracts


i. Reports on “non-standard” contracts for Enterprise Market (i.e. where non-standard product included

in the contract has not been through the eB PDC) together with associated emails verifying that the

reports have been reviewed should be generated every 3 months. These Reports should indicate that


Confidential of 106

Regulatory and RAP approvals have been received. Reports, emails, RAP and regulatory approvals

should be stored centrally. If no such contracts arise in a quarter a nil report should be generated,

reviewed and signed off.



9.9.3 eircom Business (Design and Pre-Sales)


i. The decisions identifying “non-standard” bids are made at each of the Pre-sales and Design bimonthly meetings are recorded in minutes, and these are available, together with the report and associated email verifying that the report has been reviewed and the results are acceptable are stored on a centralised Sharepoint site

ii. The control executor submits a report to the control owner for review and signoff. The report and signoff emails are stored. This report is created from information stored on Salesforce. It contains a list of all opportunities containing eircom Business services that are connected to the fixed network (i.e. based on RAP products) that also contain “non-standard” elements (i.e. that have not been through the PDC). It also contains a “status” to show that these opportunities do not make it through to an active stage (and are either cancelled or abandoned) until they have been approved through the RAP Change Control process.

9.9.3.1 Findings

i. The 3 controls did not operate effectively in the period under review i.e.

The output of the Pre-sales and Design bimonthly meetings did not record “non-standard” bids

that were identified in the period under review

The control procedure requires that where a solution that includes a non-standard product is

proposed, sign-off by both Regulatory and RAP is required. The Report on “non-standard bids” did

not indicate if approval had been received from Regulatory Operations or the RAP Change Control

Process.

No evidence found of reports on “non-standard” bids being submitted to the Control Owner for

review and sign off or signoff emails being stored


i. The outputs of Pre-sales and Design bimonthly meetings should record where decisions identifying

“non-standard” bids are taken

ii. Controls in respect of Reports on “non-standard” bids should indicate whether approval has been

received from Regulatory Operations or RAP Change Request Process


Confidential of 106

iii. Quarterly Reports on “non-standard” bids should be generated for review and signed off by Control

Owner and evidence stored on Salesforce


Remedial action has been initiated on foot of the findings and the proposed changes are being reviewed for sign off.

9.9.4 eircom Business (Products & Programmes)

Evidence of Control as per RACM i. The minutes of the eircom Business PDC contain records of all confirmed approvals to launch. These minutes are stored on a centralised Sharepoint site eircom Business PDC Office maintains a log of relevant Products brought through the PDC process. For these Products a quarterly report will identify: • NGA Products that received PDC approval after launch • NGA Products launched with Business PDC3 approval. This report and acknowledgement email from Director of Business Products will be stored on a centralised Sharepoint site

ii. All requests for new reports from eircom Business Products and Programmes are stored on a centralised Sharepoint site

9.9.4.1 Findings

i. The 5 controls operated effectively in the period under review


i. None


Noted

9.9.5 eircom Business (Assure & Customer Service)


All requests for new reports from eircom Business are stored on a centralised Sharepoint site


Confidential of 106

9.9.5.1 Findings

i. The 2 Controls did not operate effectively in the period under review i.e. no evidence found of reports

on new performance requests being generated for review and sign off by Control Owner.


i. Quarterly Reports on new performance requests should be generated for review and sign off by

Control Owner. Verifying emails to be retained and stored centrally. Where no new requests for

reports arise in the quarter a nil report should be generated and signed off by Control Owner


The findings and recommendations above are accepted, these controls were not executed as it was

wrongly understood that they were being operated by the Product & Programme area, remediation will be

put in place immediately.

Wholesale MNS – Review of Evidence of Control 9.10


eircom Wholesale MNS PDC Project Management Office record and maintain metrics of MNS Projects eligible for MNS PDC in a tracker (Excel worksheet). A quarterly report is produced based on the tracker data to highlight: • MNS Projects launched with MNS PDC approval • MNS Projects launched prior to DP5 approval Summary reports and acknowledgement emails from Director of Managed Network Services are stored centrally on SharePoint.

ii. The decisions made at each meeting of the Wholesale Management Team meetings in relation to non-standard solutions are recorded in minutes, and these are available, together with the report and associated email verifying that the report has been reviewed and the results are acceptable.

iii. Where a solution that includes a non-standard product is proposed a report is generated every three months for review and sign off by Control Owner

iv. Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.

v. All requests for new performance reports from eircom Wholesale MNS are stored centrally

9.10.1 Findings

i. 7 out of the 10 controls operated effectively in the period under review i.e.

MNS PDC log of MNS projects and Minutes maintained showing attendance by RAP and

Regulatory Operations representatives


Confidential of 106

The MNS PDC Report indicated that no MNS projects were launched in the period prior to

receiving DP5 approval and the report was reviewed by Control Owner

A log of standard and non-standard bids was maintained. However, no evidence was found of

associated emails verifying that the quarterly report on non-standard bids had been circulated for

review and signed off by Control Owner at the time

2 bids with non- standard solutions, which were part of a Framework Bid that received regulatory

approval in August 2013, were submitted in the period under review. Further regulatory approval

was not sought for these mini bids.

No evidence was found of a quarterly report on non-standard contracts being maintained or

reviewed for sign off by Control Owner. MNS confirmed that no relevant contracts were signed in

the period.

Minutes of WTM recorded updates on MNS bids

Control owner and Control Executor is the same individual for NGAWBA_CRM_029, which is not

desirable

MNS confirmed that no new requests for performance reports for products based on RAP inputs

arose in the period


i. Evidence of the quarterly review and sign off of reports on non-standard bids by Control Owner to be

retained on central Sharepoint site

ii. Evidence of review and sign off of quarterly reports on non-standard contracts by Control Owner to be

retained on central Sharepoint site

iii. In relation to mini bids made under a Framework Agreement where regulatory approval was obtained

for the Framework Agreement clarification needs to be sought as to whether any further approval is

required for the mini bids. The control should be updated on foot of this clarification

iv. Control Owner to appoint separate Control Executors for NGAWBA_CRM_029 control

v. Where no new requests for performance reports arise in a period a nil report should be issued to

Control Owner for sign off



Conclusions 9.11

It is evident from the review that a significant body of work has been undertaken by eircom to develop and

implement new controls in relation to the RAP Change Control process to ensure that eircom complies

with its non-discrimination obligations.

Overall the key controls designed to ensure change requests impacting RAP adhere to the approved

processes operated effectively in the period under review. However, there is also evidence that controls in

our downstream business are operating less effectively than required. This may be as a result of changes

in personnel or the interpretation of controls by control executors.


Confidential of 106

A briefing of Control Owners and Control Executors on the importance of eircom’s Regulatory Governance

Model and controls is recommended. In other areas controls should be enhanced to improve transparency

around decisions and the analysis of metrics undertaken to demonstrate compliance with our non-

discriminatory obligations.

In the past eircom was the subject of a number of breach findings and compliance investigations by

ComReg in relation to bids in the context of compliance with our non-discrimination obligations. It was

alleged that eircom downstream businesses had tendered solutions impacting RAP where the RAP

capability had not been made available to other operators in an equivalent manner. It is evident from the

Compliance Review of Change Control that the effective operation of the controls now in place will

significantly reduce the risk of similar incidents recurring in the future.

C&E will work with business units to ensure the recommendations outlined are fully implemented and that

the revised controls are included in the next six monthly update of the SoCs to ComReg scheduled for July

2015. A follow up review will be undertaken to ensure that all controls are operating effectively.

Figure 38: Overview of the operation of change controls by BU

12

6 6

1 1

5

9

2

2

11

Wholesale TED Networks Consumer CustomerOperations

eircomBusiness

Overview of the operation of change controls by BU

Operated effectively Did not operate effectively