eircom’s regulatory governance model (rgm) · pdf fileeircom’s regulatory...
TRANSCRIPT
Industry Update
on
eircom’s Regulatory Governance Model
(RGM)
August 2015
Prepared by:
Head of Compliance & Equivalence (C&E)
eircom
Industry Update on eircom’s RGM August 2015
Confidential Page 2 of 106
Contents Page
1 Revision history of Report .................................................................................................................................... 3 2 Introduction ........................................................................................................................................................... 6
BACKGROUND TO THE REPORT ......................................................................................................................... 6 2.1 PURPOSE AND SCOPE OF THE REPORT ............................................................................................................. 6 2.2
3 Executive Summary .............................................................................................................................................. 7 KEY UPDATES ................................................................................................................................................. 7 3.1 KEY CONCLUSIONS AND RECOMMENDATIONS .................................................................................................. 15 3.2
4 Appendix 1 Update on Code of Practice (COP) ................................................................................................. 17 INTRODUCTION .............................................................................................................................................. 18 4.1 PROGRESS TO DATE ...................................................................................................................................... 19 4.2 COP ENHANCEMENTS ................................................................................................................................... 21 4.3 CONCLUSIONS ............................................................................................................................................... 22 4.4
5 Appendix 2 Update on BU Processes Compliance Reviews ............................................................................. 23 INTRODUCTION .............................................................................................................................................. 24 5.1 STATEMENTS OF COMPLIANCE (SOCS) ........................................................................................................... 24 5.2 ANALYSIS OF CONTROLS CONTAINED IN THE SOCS .......................................................................................... 36 5.3 ANALYSIS OF RAP CHANGE REQUEST PROCESS ............................................................................................. 39 5.4 CONCLUSION OF ANALYSIS OF RAP CHANGE REQUEST PROCESS .................................................................... 48 5.5 LIST OF EQUIVALENCE ISSUES ........................................................................................................................ 49 5.6 CONCLUSIONS OF EQUIVALENCE ISSUES ......................................................................................................... 59 5.7 LIST OF KEY DIFFERENCES WHICH ARE JUSTIFIABLE CONTAINED IN THE SOCS .................................................... 60 5.8
6 Appendix 3 Update on Key Performance Indicators .......................................................................................... 68 ANALYSIS OF KEY PERFORMANCE INDICATORS (KPIS) ..................................................................................... 69 6.1
7 Appendix 4 Update on Generic Information Flows ............................................................................................. 74 INTRODUCTION .............................................................................................................................................. 75 7.1 STRUCTURED INFORMATION FLOW .................................................................................................................. 75 7.2 UNSTRUCTURED INFORMATION FLOWS ............................................................................................................ 82 7.3 CONCLUSIONS ............................................................................................................................................... 84 7.4
8 Appendix 5 Update on Internal Compliance Reviews/Investigations ................................................................. 86 INTRODUCTION .............................................................................................................................................. 87 8.1 COMPLIANCE REVIEWS .................................................................................................................................. 87 8.2 WHISTLE-BLOWER ......................................................................................................................................... 87 8.3 OPEN C&E INTERNAL COMPLIANCE REVIEWS/ INVESTIGATIONS ........................................................................ 88 8.4 CONCLUSIONS ............................................................................................................................................... 88 8.5
9 Annex 1: Compliance Review of Change Control .............................................................................................. 89 INTRODUCTION .............................................................................................................................................. 90 9.1 SCOPE .......................................................................................................................................................... 90 9.2 APPROACH/METHODOLOGY ............................................................................................................................ 91 9.3 WHOLESALE RAP – REVIEW OF EVIDENCE OF CONTROL .................................................................................. 92 9.4 TED - REVIEW OF EVIDENCE OF CONTROL ...................................................................................................... 96 9.5 NETWORKS– REVIEW OF EVIDENCE OF CONTROL ............................................................................................ 97 9.6 EIRCOM CONSUMER – REVIEW OF EVIDENCE OF CONTROL ............................................................................... 99 9.7 CONSUMER CUSTOMER OPERATIONS – REVIEW OF EVIDENCE OF CONTROL .................................................... 100 9.8 EIRCOM BUSINESS– REVIEW OF EVIDENCE OF CONTROL ................................................................................ 101 9.9
WHOLESALE MNS – REVIEW OF EVIDENCE OF CONTROL ............................................................................... 104 9.10 CONCLUSIONS ............................................................................................................................................. 105 9.11
Industry Update on eircom’s RGM August 2015
Confidential Page 3 of 106
1 Revision history of Report
The following table will be updated each time there is a new version of this Report to record history of the Report
and for Audit purposes.
Version
No
Date Revised by: Basis for version / revision
1 10/08/2015 J Styles First Version
Industry Update on eircom’s RGM August 2015
Confidential Page 4 of 106
List of Figures Page
Figure 1: Rules on sharing Confidential Regulated information ................................................................................................... 7
Figure 2: Rules on sharing Confidential Wholesale Customer information .................................................................................. 8
Figure 3: Completion of COP Training by reporting level .............................................................................................................. 8
Figure 4: Completion of COP Training by business unit ................................................................................................................ 9
Figure 5: Business Process Reviews – Key Processes .................................................................................................................... 9
Figure 6: Source of RAP Change Requests .................................................................................................................................. 10
Figure 7: RAP Change Requests by Status ................................................................................................................................... 10
Figure 8: “Open” RAP Change Requests by Average Age ............................................................................................................ 11
Figure 9: Difference between Original & Current Target Date for Equivalence Issues ............................................................... 11
Figure 10: Supply KPIs for SB-WLR v’s PSTN ................................................................................................................................ 12
Figure 11: Repair KPIs for SB-WLR v’s PSTN ................................................................................................................................ 12
Figure 12: Supply KPIs for Bitstream v’s Broadband ................................................................................................................... 13
Figure 13: Repair KPIs for Bitstream v’s Broadband.................................................................................................................... 13
Figure 14: Progress on System Controls ...................................................................................................................................... 14
Figure 15: Overview of the operation of change controls by BU ................................................................................................ 15
Figure 16: Rules on sharing Confidential Regulated information ............................................................................................... 18
Figure 17: Rules on sharing Confidential Wholesale Customer information .............................................................................. 19
Figure 18: Completion of COP Training by reporting level .......................................................................................................... 19
Figure 19: Completion of COP Training by business unit ............................................................................................................ 20
Figure 20: Number of COP Queries received .............................................................................................................................. 21
Figure 21: Regulatory Pillars of the revised COP ......................................................................................................................... 21
Figure 22: Business Process Reviews – Key Processes ................................................................................................................ 26
Figure 23: Change Control – Key Processes ................................................................................................................................ 29
Figure 24: Source of RAP Change Requests ................................................................................................................................ 39
Figure 25: RAP Change Requests by Status ................................................................................................................................. 40
Figure 26: RAP Change Requests by Average Age (Number of days) .......................................................................................... 41
Figure 27: “Open” RAP Change Requests by Average Age .......................................................................................................... 42
Figure 28: “Closed” RAP Change Requests by Average Age ........................................................................................................ 42
Figure 29: Age of Equivalence Issues .......................................................................................................................................... 59
Figure 30: Difference between Original & Current Target Date for Equivalence Issues ............................................................. 59
Figure 31: Supply KPIs for SB-WLR v’s PSTN ................................................................................................................................ 70
Figure 32: Repair KPIs for SB-WLR v’s PSTN ................................................................................................................................ 70
Figure 33: Supply KPIs for Bitstream v’s Broadband ................................................................................................................... 71
Figure 34: Repair KPIs for Bitstream v’s Broadband.................................................................................................................... 71
Figure 35: Supply KPIs for NGA Operators v’s Downstream ....................................................................................................... 72
Figure 36: Repair KPIs for NGA Operators v’s Downstream ........................................................................................................ 73
Figure 37: Status of System Controls .......................................................................................................................................... 83
Figure 38: Overview of the operation of change controls by BU .............................................................................................. 106
Industry Update on eircom’s RGM August 2015
Confidential Page 5 of 106
List of Tables Page
Table 1: Key conclusions and mitigations ................................................................................................................................... 16
Table 2: Summary eircom Wholesale RAP PDC Process.............................................................................................................. 31
Table 3: List of Controls per Market ............................................................................................................................................ 36
Table 4: List of Controls per Business Unit .................................................................................................................................. 36
Table 5: List of Individual Controls per Business Unit ................................................................................................................. 37
Table 6: List of GAP Controls per Market .................................................................................................................................... 37
Table 7: List of GAP Controls per Business Unit .......................................................................................................................... 37
Table 8: List of Individual GAP Controls per Business Unit ......................................................................................................... 38
Table 9: “Open” RAP Change Requests > 12 months .................................................................................................................. 48
Table 10: List of Equivalence Issues ............................................................................................................................................ 58
Table 11: Key Differences contained in the SoCs ........................................................................................................................ 67
Table 12: List of Groups for the Systems Review project ............................................................................................................ 76
Table 13: List of Data Categories for the System Review project ............................................................................................... 77
Table 14: List of Risk Definitions for the System Review project ................................................................................................ 77
Table 15: List of Risks Identified in System Review project ........................................................................................................ 78
Table 16: List of Controls Identified in System Review project ................................................................................................... 81
Table 17: List of System Controls* per Business Owner ............................................................................................................. 82
Table 18: List of Open and Closed C&E Internal Reviews and Investigations ............................................................................. 88
Industry Update on eircom’s RGM August 2015
Confidential Page 6 of 106
2 Introduction
Background to the Report 2.1
One key element of eircom’s Wholesale Reform Programme is the development of an enhanced Regulatory
Governance Model. It was envisaged that this element of eircom’s Wholesale Reform programme would take three
years to complete in full before all elements are fully integrated into business as usual activity (BAU). Currently
eircom is in year three.
The Regulatory Governance Model contains three main strands as follows:
1. A Group Wide Code of Practice (COP) dealing with eircom’s Access and Non-Discrimination Obligations.
2. A Business Unit Process Compliance review programme to ensure our day to day processes are
compliant with the COP by implementing the necessary Regulatory Controls, the output of which is a
Statement of Compliance (SoC).
3. Independent Regulatory Compliance & Audit Reports prepared by the Head of C&E and the Head of IA
based on their internal reviews to the Board Wholesale Reforms Committee on a six monthly basis to
facilitate Board level oversight and direction setting of compliance.
The Wholesale Reform Programme was offered to ComReg in 2011 on a voluntary basis as part of eircom’s
strategic engagement on key regulatory and public policy issues to deliver:
1. A stronger working relationship with ComReg/Industry by ensuring our processes are non-discriminatory
thereby reducing Wholesale Customer complaints and resulting ComReg sanctions/fines
2. Behavioural change required to position eircom as a trusted and proactive supplier of Wholesale Services
3. To benefit from the EU Commission’s stated commitment that the Framework would acknowledge robust
non-discrimination arrangements with more flexible regulation in pricing and product development in the
retail market.
Purpose and Scope of the Report 2.2
The purpose of this Report is to provide evidence to Industry on how the enhanced Regulatory Governance Model
is being implemented and to highlight key trends and issues. The Report is based on the May 2015 Regulatory
Compliance & Audit Report. This Report covers the progress as at May 2015. Developments since May 2015 will
be covered in the next Report. The next report to Industry is due in January 2016
Industry Update on eircom’s RGM August 2015
Confidential Page 7 of 106
3 Executive Summary
Key Updates 3.1
3.1.1 Update on Code of Practice (COP) [See Appendix 1 for further details]
The COP and associated online training module continues to be a very effective method of how RAP
information needs to be protected. The Figures below illustrate the processes to be followed.(See Fig 1&2)
Figure 1: Rules on sharing Confidential Regulated information
Industry Update on eircom’s RGM August 2015
Confidential Page 8 of 106
Figure 2: Rules on sharing Confidential Wholesale Customer information
A high level of training take up has being achieved across the reporting levels and Business Units
generally. (See Fig 3&4)
Figure 3: Completion of COP Training by reporting level
0.00%
20.00%
40.00%
60.00%
80.00%
100.00%
End of September '14 April '15
Completion of Online COP Training by reporting level
Level 0 & 1 Level 2 & 3 Level 4, 5 & 6 Other (~contractor)
Industry Update on eircom’s RGM August 2015
Confidential Page 9 of 106
Figure 4: Completion of COP Training by business unit
Building on the lessons learned to date the COP is being expanded to cover our Transparency, Pricing
and Consumer obligations. It is planned that an updated COP is targeted for June 2015 followed by further
training.
3.1.2 Update on BU Processes Compliance Reviews [See Appendix 2 for further details]
BU Process Compliance Reviews based on the product life cycle continues to be completed. Statements of
Compliance (SoCs) are submitted to ComReg each time a new RAP product is launched or change is made to an
existing RAP. Three revised SoCs were submitted to ComReg during this period together with an update to all the
SoCs in March 2015 following the December 2014 Report.
Figure 5: Business Process Reviews – Key Processes
0.00%
20.00%
40.00%
60.00%
80.00%
100.00%
End of September '14 April '15
Completion of Online COP Training by business unit
Wholesale Consumer (Consumer & Customer Operations)
Business Technology (TED & Networks)
Central Services Contractor
Industry Update on eircom’s RGM August 2015
Confidential Page 10 of 106
The output of the reviews to-date in April 2015 can be summarised as follows:
142 Access Requests have been processed between October 2013 and April 2015 with the highest
number being received from other Operators (See Fig 6)
Figure 6: Source of RAP Change Requests
The treatment of Operator Requests compares very favourably with that of eircom Downstream Business
(See Fig 7)
Figure 7: RAP Change Requests by Status
0
10
20
30
40
50
60
Downstream Operators Upstream
Nu
mb
er
of
Re
qu
est
s
Number of Requests Oct '13 - Apr '15
0
5
10
15
20
25
30
1.Request 2.Accept asConcept
3.UnderReview
4.InDevelopment
5.Rejected 6.Delivered 7.Cancelled
Nu
mb
er
of
Re
qu
est
s
Current Status of RAP Change Requests
DownstreamOperatorsUpstream
Oct '13 - Apr '15
Industry Update on eircom’s RGM August 2015
Confidential Page 11 of 106
There are 15 Access Request open for more than 1 year which now need to be reviewed to determine if
they are being processed in a reasonable timeframe. (See Fig 8) A further analysis will be completed to
determine whether Access requests waiting to be delivered and those delivered are dealt with in a non-
discriminatory way and issues that could have a material impact on the outcome are taken into account,
such as parked time. The output of this analysis will be included in the next report in January 2016.
Figure 8: “Open” RAP Change Requests by Average Age
All Equivalence Issues (Capabilities provided to our Downstream Business not available to other
Operators) need to be closed by December 2015 to ensure a robust Regulatory Governance Model (See
Fig 9)
Figure 9: Difference between Original & Current Target Date for Equivalence Issues
0
5
10
15
20
25
30
1-3 months 4-6 months 6-9 months 10-12 months >1YEAR
Nu
mb
er
of
Re
qu
est
s
Age of Open Requests - in status "Requested", "Accept as concept", "Under
review" and "In development"
Downstream Operators Upstream
Oct '13 - Apr '15
Industry Update on eircom’s RGM August 2015
Confidential Page 12 of 106
3.1.3 Update on Key Performance Indicators [See Appendix 3 for further details]
On a quarterly basis eircom publishes KPIs on the supply and repair of RAP products supplied to Operators
compared to the equivalent inputs consumed by our Downstream Business to show they are provided on a non-
discriminatory basis. The published KPI covering July 2014 to December 2014 show the following:
The supply and repair of Wholesale SB-WLR compared with Retail PSTN is broadly similar (See Fig
10&11)
Figure 10: Supply KPIs for SB-WLR v’s PSTN
Figure 11: Repair KPIs for SB-WLR v’s PSTN
Industry Update on eircom’s RGM August 2015
Confidential Page 13 of 106
The supply of Wholesale Bitstream compared to Retail Broadband is broadly similar (See Fig 12)
Figure 12: Supply KPIs for Bitstream v’s Broadband
The 2 Day repair performance of Retail broadband were approximately 5% better compared with
Wholesale Bitstream in November 2014, and the reasons for this are currently being reviewed.(See Fig
13) The output of this review will be included in the next report in January 2016.
Figure 13: Repair KPIs for Bitstream v’s Broadband
3.1.4 Update on Generic Information Flows [See Appendix 4 for further details]
eircom continues to ensure that all Confidential Regulated Information and Confidential Wholesale Customer
Information retained by eircom in either structured or unstructured form is only disclosed in compliance with the
agreed Regulatory Governance Model.
The Structured Information Flows work stream has identified 6 generic risks where non-discrimination could take
place and 7 generic controls to mitigate these risks.
Progress is taking place to close out the risks identified. (See Fig 14)
Industry Update on eircom’s RGM August 2015
Confidential Page 14 of 106
Figure 14: Progress on System Controls
3.1.5 Update on Internal Compliance Reviews / Investigations [See Appendix 5 for further details]
Three internal Reviews/Investigations opened during the period and three closed during the period leaving five
remaining open.
In addition C&E has carried out a compliance review of Change Control and the output of this review is included in
Annex 1 of this Report. Key findings and recommendations are as follows:
Overall the key controls that were designed to ensure change requests impacting RAP adhere to the
approved processes, operated effectively in the period under review. However, there is also evidence that
controls in our Retail downstream business are operating less effectively than required (See Fig 15 below).
This may be as a result of changes in personnel or the interpretation of controls by control executors.
A briefing of Control Owners and Control Executors on the importance of eircom’s Regulatory Governance
Model and the importance of controls is essential. In other areas controls should be enhanced to improve
transparency around decisions and the analysis of output undertaken to clearly demonstrate compliance
with our non-discriminatory obligations.
C&E will work with the business units to ensure the recommendations outlined are fully implemented and
that the revised controls are included in the next six monthly update of the SoCs to ComReg scheduled for
July 2015. A follow up review will be undertaken to ensure that all controls are operating effectively.
2
3
2
Status of System Controls
Pending Close On-target Delayed
Industry Update on eircom’s RGM August 2015
Confidential Page 15 of 106
Figure 15: Overview of the operation of change controls by BU
Key Conclusions and Recommendations 3.2
Having reviewed the outputs from the work streams and internal investigations it is clear that progress has been
made in a number of areas including the following:
COP - driving a compliance culture
Robust Process to deal with Access Requests
Provisioning and Repairing RAP products being carried out on a non-discriminatory basis
Bedding in of the Regulatory Controls into BAU
It is also clear that a number of Risks are emerging that need to be addressed to ensure a robust Regulatory
Governance Model as follows:
12
6 6
1 1
5
9
2
2
11
Wholesale TED Networks Consumer CustomerOperations
eircomBusiness
Overview of the operation of change controls by BU
Operated effectively Did not operate effectively
Industry Update on eircom’s RGM August 2015
Confidential Page 16 of 106
Risk
Number
Risk to achieving robust
Regulatory Governance Model Description
1
Training on workings of
Regulatory Governance Model
There is a material Compliance Risk that eircom could fail to operate their
controls effectively caused by Control owners and Control executors not fully
understanding the Regulatory Governance Model.
This Risk is increased during periods of staff changing roles.
Mitigation eircom Senior Management Team (SMT) has agreed that all relevant L1 and
L2 managers are mandated to attend a C&E detailed briefing.
2
Access and Equivalence
Issues
There is a material Compliance Risk that eircom could be found to have failed
to respond to Access Requests and close Equivalence Issues in a timely
manner.
Mitigation
SMT has agreed that the relevant L1 owners will urgently call a meeting with
the internal stakeholders to close out these Compliance Risks and include
any revisions in the next Update to SoCs scheduled for July 2015.
3
Programmes
There is a material Compliance Risk that eircom could bypass the Regulatory
Controls caused by SMT initiating Programmes outside the normal Change
Control process for products.
Mitigation
SMT has agreed that any Programme that might have an impact on our
Statements of Compliance should first be reviewed by C&E who can advise of
any steps required to ensure compliance and that this review will be facilitated
by the SMT Programme Sponsor.
Table 1: Key conclusions and mitigations
Industry Update on eircom’s RGM August 2015
Confidential Page 17 of 106
4 Appendix 1 Update on Code of Practice (COP)
Industry Update on eircom’s RGM August 2015
Confidential Page 18 of 106
Introduction 4.1
eircom’s COP is based around the following three principles:
All of our customers – both internal and external – have the same opportunities to influence RAP products
and services.
All customers that deal with eircom Wholesale must be confident that eircom’s own downstream
businesses do not see confidential wholesale customer information.
RAP services provided externally must be of the same quality and with the same information made
available, at the same time, as the services provided to eircom’s downstream businesses which consume
RAP Services.
The COP is supported by custom built online and offline training modules together with a COP Queries help line
and a “whistle – blowing” facility. COP training is mandatory for all eircom employees, agents and contractors.
The diagrams below show:
the rules that apply when Downstream Businesses request information that is considered Confidential
Regulated information, and how the Upstream Businesses make this information available to all operators
including Downstream Businesses under the same conditions.
the rules that apply when managing Confidential Wholesale Customer Information
Figure 16: Rules on sharing Confidential Regulated information
Industry Update on eircom’s RGM August 2015
Confidential Page 19 of 106
Figure 17: Rules on sharing Confidential Wholesale Customer information
Progress to date 4.2
The COP online training has proved a very successful method of delivering the Wholesale Reforms –
Regulatory Governance message around access and non-discrimination.
See graph below re current completion of Online COP training across internal reporting levels.
Figure 18: Completion of COP Training by reporting level
0.00%
20.00%
40.00%
60.00%
80.00%
100.00%
End of September '14 April '15
Completion of Online COP Training by reporting level
Level 0 & 1 Level 2 & 3 Level 4, 5 & 6 Other (~contractor)
Industry Update on eircom’s RGM August 2015
Confidential Page 20 of 106
See graph below re current completion of Online COP training by Business Unit.
Figure 19: Completion of COP Training by business unit
Note the fall in the Consumer figure is primarily due to 94 retail resources that have not yet completed the Online
training at the time of this report.
0.00%
20.00%
40.00%
60.00%
80.00%
100.00%
End of September '14 April '15
Completion of Online COP Training by business unit
Wholesale Consumer (Consumer & Customer Operations)
Business Technology (TED & Networks)
Central Services Contractor
Industry Update on eircom’s RGM August 2015
Confidential Page 21 of 106
COP Queries
An increase of COP queries arose in Jan ‘15 when access to the OPS Site was unavailable to some
Networks Staff using their Blackberries which in turn gave rise to queries into the COP help desk. (See
graph below).
Figure 20: Number of COP Queries received
COP Enhancements 4.3
eircom is in the process of modifying the COP so that it will cover the 5 main pillars of regulation to
address the compliance risk identified with the lack of training in the December 2014 Compliance and
Audit Report.
Figure 21: Regulatory Pillars of the revised COP
COP – Training
The updated COP and associated training module is target for completion by Q4 of the 2014/2015
financial year.
Rollout of the training will commence in Q1 of the 2015/2016 financial year.
Acce
ss
No
n-D
iscri
min
atio
n
Tra
nspare
ncy
Pricin
g
Co
nsu
mer
Industry Update on eircom’s RGM August 2015
Confidential Page 22 of 106
Conclusions 4.4
Training levels for external contractors still requires close monitoring to ensure continued high levels of
take up.
Improvements need to be made to the accuracy and completeness of the eircom staff information provided
to the Online Training platform.
Rollout of the new COP training will reinforce the lessons learnt on Access and Non-discrimination, and
provide new valuable learning when dealing with Transparency, Pricing and Consumer obligations.
Industry Update on eircom’s RGM August 2015
Confidential Page 23 of 106
5 Appendix 2 Update on BU Processes Compliance Reviews
Industry Update on eircom’s RGM August 2015
Confidential Page 24 of 106
Introduction 5.1
Based on the principles of the COP eircom has carried out a review of all the processes that are used to support
regulated products provided to other Operators and the processes used to support Downstream Products that
contain regulated inputs to ensure they are non-discriminatory. These review followed the following key steps:
Identification of differences that could not be justified which were labelled as Gaps and associated
Controls were put in place to address these Gaps (Equivalence issue)
Identification of risks that could become Compliance issues and associated Controls to mitigate against
these risks
Identification of differences that were justifiable
The output of the above reviews formed the basis of the Statements of Compliance (SoCs) which were submitted
to ComReg for each of the regulated markets. These SoCs are kept up to date and submitted to ComReg as part
of business as usual. These controls are now part of business as usual with the relevant Level 1 Senior Manager
self-certifying on a Quarterly basis that the controls are operational. The controls are now also subject to
Compliance and Audit reviews on a six monthly basis.
Statements of Compliance (SoCs) 5.2
As part of the Wholesale Reforms Programme a core team was assembled involving personnel from the
Programme and Subject Matter Experts (SMEs) from eircom Wholesale (RAP), Technology Evolution and
Development (TED) and Compliance and Equivalence (C&E) to review the BU processes. As eircom had an
obligation to provide a Statement of Compliance with regard to our Next Generation Access Wholesale Broadband
Access (NGA-WBA) product by 30th September 2013, the NGA-WBA product was taken first. Subsequently eircom
engaged with IBM in order to gain access to their expertise in process discovery, analysis, and documentation,
with a view to accelerating the accurate creation of Statements of Compliance.
To date eircom has issued Statements of Compliance (SoCs) for the products/services that eircom is obliged to
offer based on SMP designations in each the relevant markets:
Market 5 Next Generation Access Wholesale Broadband Access (NGA WBA) – 30th September 2013
Market 6 Terminating Segments of Leased Lines (NGN Ethernet) – 5th June 2014
Market 1 Retail Fixed Narrowband Access (RFNA) – 4th July 2014
Market 5 Current Generation Access Wholesale Broadband Access (WBA) – 4th July 2014
Market 4 Wholesale Physical Network Infrastructure Access (WPNIA) – 4th July 2014
Market 6 Terminating Segments of Leased Lines (Non-NGN Leased Lines) - 4th July 2014
Systems Reviews (Covering each of the Regulated Markets) – 22nd
September 2014
The purpose of these SoCs is to demonstrate eircom’s compliance with its non-discrimination obligations. The
SoCs also describe how eircom is implementing transparent and verifiable monitoring of the business processes to
ensure continued compliance.
Industry Update on eircom’s RGM August 2015
Confidential Page 25 of 106
5.2.1 Submitting updated Statements of Compliance to ComReg
As part of notifying a new product or changes to an existing product eircom is required to submit a written
Statement of Compliance adequately demonstrating its compliance with its non-discrimination obligations:
in the case of any offer of a new Next Generation WPNIA / WBA product, service or facility, seven (7)
months in advance of it being made available;
in the case of any amendment or change to an existing Next Generation WPNIA / WBA product, service or
facility, three (3) months in advance of it being made available;
or otherwise as or when required by ComReg.
eircom has also committed to providing Statements of Compliance in the other regulatory markets in line with the
transparency obligations in those markets.
In addition to the original SoCs eircom has submitted a further number of Statements of Compliance to support the
following new product launches and for product changes that occurred in since these SoCs were submitted.
NGA Extended Reach – 03rd
October 2013
NGA Vectoring 15th – November 2013
NGN Ethernet >1Gb EF&AF – 12th September 2014
NGN Ethernet 10G WEIL IBH ISH 1+1 Protection – 28th October 2014
WPNIA Duct Access – 18th November 2014
NGA FTTH Upgrade – 30th January 2015
Bitstream Ethernet Connection service (BECS) via WEIL – 20th March 2015
NGA WBA VDSL Ethernet Access (VEA) – 2nd
April 2015
In Q1 2015 eircom provided ComReg with updates to the SoCs with an explanation of the key changes to the
previous SoCs. eircom has committed to providing such updates on a 6 monthly basis.
Over time some of the Control Descriptions may need to be amended to reflect changes that may have happened
since their creation. There are 3 main activities that will influence and change the Controls under BAU.
Quarterly Self Certification
Internal Audit conducts self-certification with L1 Senior Manager / Control owners every three months.
This may give rise to changes or additions to the controls – as the business processes evolve, IT
development is delivered or new risks arise.
IT end-to-end development process for Remediation requests
Remediation may be completed over a number upcoming IT releases. Once delivered, these
developments may have a bearing on the published Control. In many cases, the Control will no longer be
required. In others, the Control may need to be changed as a result of the automation.
BAU Product development, learning’s, investigations, regulatory issues, etc. A variety of changes and
incidents may arise through the on-going use of a product or process. Developments in the marketplace
may give rise to a requirement to change a Control.
Industry Update on eircom’s RGM August 2015
Confidential Page 26 of 106
The update that is provided to ComReg contains a description of the key changes to the Risks/Controls as a result
of these activities and is set out under the following headings:
New Risks and Controls
Retired Risks and Controls
Other updates
5.2.2 How the Statements of Compliance are created
In order to develop the detail required to demonstrate compliance with eircom’s non-discrimination obligations, the
following general processes are reviewed and assessed for compliance:
Change control processes
Ordering (including pre-ordering)
Provisioning
Repair (including fault reporting)
Figure 22: Business Process Reviews – Key Processes
Each of these processes was assessed with regard to:
Information
Performance
Process/Systems
Features
These processes and a summary of the controls contained within each are described in more detail below.
Change Control
(incl. new products)
Ordering
(incl. pre-ordering)
Provisioning
Fault Reporting
(incl. Fault Repair)
Industry Update on eircom’s RGM August 2015
Confidential Page 27 of 106
5.2.3 Identification of Differences & Risks
During the reviews "issues" are identified and evaluated on a case by case basis to determine whether the issue is
a risk or a GAP or not material and could be justified. The criteria for determining whether an issue becomes a
"Risk" include the following:
Is the issue in the Market? (Y/N) - If "No" the issue is dropped
Is the issue a GAP from regulatory non-discrimination perspective i.e. a potential compliance issue (e.g.
eircom Retail access to TIS information on Saturdays when the equivalent information is not available to
other operators?) - If "Yes" then any existing control is assessed to see if it is adequate and effective. If no
adequate / effective control in place then the issue becomes an Equivalence issue/GAP that needs
resolution.
Is the issue a RISK that non-discrimination could take place e.g. does the issue relate to a manual step in
a process (e.g. the repairing of faults in the network)? If "Yes" then the issue is assessed to determine if it
is material or not. - If the issue is material and cannot be justified then the Issue becomes a Risk that
needs resolution.
Is the issue a difference between the RAP and downstream processes (e.g. how the logical connectivity
is pre-configured for eircom Retail NGA but other operators need to submit orders to do so)? - If "Yes"
then the issue is assessed to determine if it is material, and if so, can the difference be justified? If the
issue is not material or can be justified then the Issue is parked.
On the basis of these reviews a number of GAPs and RISKS may be identified and Controls are put in place to
mitigate them.
The L1 Senior Manager that had responsibility for the RISK/GAP signs a Statement of Compliance that they have
completed the review and are satisfied that the process to identify the risk/gaps is reasonable and that they will
operate the Controls to mitigate the RISK/GAP as described in the Controls Description.
5.2.4 Identification of Controls
In general the controls are broken into the following categories:
Preventative (process / system change to remove the risk)
Detective (metrics/checks to identify if the risk has materialised)
Mitigation (instruction to follow particular process)
Remediation (system / process changes that will be implemented in future)
The choice of control type is dependent on the risk identified. For example
If there is a GAP e.g. that a downstream business can access network performance reports containing
RAP information which is not available to other operators - then the control implemented may be
“Preventative” to stop the supply of report until the equivalent information can be made available to all
operators;
If there is a RISK that non-discrimination can take place e.g. with the repair of faults even though the
repair processes appears to be non-discriminatory the control implemented may be “Detective” to run
Industry Update on eircom’s RGM August 2015
Confidential Page 28 of 106
reports on the fault repair performance to confirm that the equivalent level of performance is being
provided to downstream businesses as is being provided to other operators;
If there is a RISK that downstream businesses can access wholesale customer information until a system
fix has been implemented the control chosen may be a “Mitigation” for the Level 1 Senior Manager to
issue an instruction to those who may access this information to desist from doing so;
If there is a risk that a downstream business can access wholesale customer information which required
system development to rectify then the control may be a “Remediation” to identify the wholesale customer
information and to restrict inappropriate access. For different GAPs/RISKs identified there may be multiple
interim controls implemented to manage the issue until the long term remediation is completed.
5.2.5 Impact of the Statements of Compliance on Business Processes
5.2.5.1 Impact on Change Control processes
When eircom submitted its SoCs it made a commitment to ComReg that any new / changes to products or
services (by downstream or upstream businesses) that may impact the eircom Wholesale RAP products or
services must be assessed and approved by eircom Wholesale RAP and eircom Regulatory Operations prior to a
change taking place.
The processes used within eircom to develop products that require changes to be made to eircom Wholesale
Regulated Access Products have many controls in place to ensure that:
All proposed new or changes to downstream products are assessed and a determination is made whether
a RAP development is required or not.
If RAP development is required then the downstream products cannot launch until the RAP component is
already launched
RAP information about new developments or changes to existing RAP product is not provided to a
downstream business in advance of it being made available to all operators
When a downstream business has a requirement to develop a new or make a change to their existing products
they can discuss their requirement with Regulatory Operations to determine if it is clearly outside the regulated
space. If the change or new product is clearly outside the regulated space then the business unit can proceed to
develop their requirement otherwise the downstream business is advised to submit their requirement to the eircom
Wholesale RAP Change Request process.
As part of the commitment to ComReg, eircom advised that it would use the following processes to manage its
non-discrimination obligations.
RAP Change Request Process
RAP PDC Process
TED E2E & WR Processes
Downstream Business PDC Processes
Downstream Tenders and Contracts Processes
Industry Update on eircom’s RGM August 2015
Confidential Page 29 of 106
These are described in more detail below:
Figure 23: Change Control – Key Processes
5.2.5.1.1 RAP Change Request Process
eircom Wholesale RAP has put in place a process for managing changes to regulated products. This process
ensures that all requests for product/service features that may require changes to RAP Products are captured,
assessed and accepted or rejected in a non-discriminatory manner. This includes requests for new reports or
information on products/services that are based on RAP inputs.
When a request for a product/service feature is received by eircom Wholesale RAP, an acknowledge receipt is
sent to the requestor advising that their request for RAP change has been received. eircom Wholesale RAP then
log the requirement and in conjunction with Regulatory Operations and Technology follow a process to assess
each request, in accordance with our obligations:
Determine if components of the new service falls within a Regulated Market. If the request falls within a
Regulated Market then the process moves to the next step as follows:
Determine if a RAP change is technically feasible
Determine if the proposed RAP change is economically viable1
1 Note: Prior to refusing a request due to economic reasons eircom Wholesale RAP will bring the request to the relevant
industry forum where additional information could be sought from operators, including possible demand for such a request.
RAP Change Request Process
•All requests for product changes that may impact RAP
Products assessed
RAP PDC
•RAP Products developed in line with Regulatory Obligations
T&ED E2E Process
•All products brought through E2E process assessed to
confirm compliance with non-discrimination obligation
Downstream PDC
•Downstream Products developed in line with Regulatory Obligations
Downstream Tenders and Contracts Processes
•All Tenders/Contracts containing non-standard
products assessed to confirm compliance with non-
discrimination
Industry Update on eircom’s RGM August 2015
Confidential Page 30 of 106
eircom Wholesale RAP completes a Customer Response Document (CRD) template outlining eircom Wholesale
recommendation on the change request and rationale for decision. The CRD is signed off with Regulatory
Operations and Technology.
If accepting the request, eircom Wholesale RAP notify all Operators of the proposed development at the same
time through circulation and/or publication on eircom Wholesale website of the following:
Product Information Notice
Product Roadmap
Draft Product Documentation
This description may include key features, timeframe for development and an estimate of the prices. Following this
notification eircom Wholesale RAP will circulate the CRD to the requestor. The request is then progressed through
the internal processes (E2E and eircom Wholesale RAP PDC) to further develop the technical feasibility and
economic viability of developing the request. Further updates are provided to the industry forums by eircom
Wholesale RAP.
If rejecting the request, eircom Wholesale RAP will notify requestor for the reason for the rejection:
Request not in market
Request not technically feasible
Request not economically viable1
Request is already supported by the existing RAP Product portfolio
5.2.5.1.2 RAP PDC Process
eircom Wholesale RAP also operates a Product Development Council to ensure that the relevant functional areas
involved in the day to day operational management of products have input to, reviewed the necessary processes
and systems, and are satisfied that the necessary processes, people and systems are in place to support the
product post launch. The eircom Wholesale RAP PDC council focus is one of functional and operational readiness.
Commercial decisions relating to RAP products are outside the scope of its terms of reference. Launch cannot
take place without Regulatory Operations approval confirming that the product meets our regulatory obligations.
There are 4 stages involved with the eircom Wholesale RAP PDC process. These are as follows:
Industry Update on eircom’s RGM August 2015
Confidential Page 31 of 106
Gate Purpose of stage Stage approval means
Gate 1 Approve outline proposition, establish project team and utilise e2e process to assign cross functional development resources.
PDC agreement to progress to next stage. People to work on project from functional areas confirmed.
Gate 2 Confirm operational and technical feasibility of product. Confirmation of design. Utilise CAPEX and e2e Process to ensure all development & operational costs & revenues are included and signed. Utilise Reg Ops Process to ensure Compliance and Notifications are executed.
Agreement on proposed process and system design and proposal is fit to proceed to next stage.
Gate 3 Develop and test the product by customer or network/system trial/tests. Ensure product is ready for launch.
Approved Test Results are satisfactory and product ready to functionally launch. Agreement that product is ready to Commercially Launch.
PIR Review the product performance is in line with predictions
Table 2: Summary eircom Wholesale RAP PDC Process
5.2.5.1.3 TED Work Request (WR) and End to End (E2E) Processes
eircom has put in place a number of processes that governs the timing, responsibilities, activities and documents
that are involved in moving IT-related business requirements from initial ideas through to a point where they are
ready for the IT Design stage to begin. These processes are referred to as the End-to-End (E2E) Process, Work
Request (WR) process and business prioritisation process. The E2E process covers project-sized requirements
which are defined as those that will need 20 days or more of IT development effort. WR process covers those
requirements estimated to need 19 days or less of IT development effort. The initial request in the E2E process
requires the completion of an Ideation Template which includes two questions which the requestor must answer
before submitting the form:
Does this request have a RAP impact? [yes]/[no]
If yes, has RAP approval to proceed been sought and received? [yes]/[no]
The same questions are also contained on the Works Request Template. The TED account partners for the
downstream businesses review the responses to these questions. If the response to the first question is “yes”
Ideation requests cannot proceed unless the second question is also “yes”. If RAP approval has not been received
the requestor is instructed to issue their request to eircom Wholesale RAP. TED in conjunction with eircom
Wholesale RAP and Regulatory Operations review the outcome of the End to End stages so that the RAP impacts
are correct. A record is kept of all proposals submitted to Ideation, HLC and Functional Design. This record
includes whether there is RAP impact and that approval has been received.
Industry Update on eircom’s RGM August 2015
Confidential Page 32 of 106
5.2.5.1.4 Downstream Business Product Development Councils (PDCs)
The role of eircom Wholesale MNS, Consumer and Business PDCs is to ensure that the relevant functional areas
involved in the development of products have input to and reviewed the necessary processes and systems
changes and are satisfied that the necessary processes, people and systems are in place to support the product
post launch. In addition these PDCs must ensure that the product developments are launched in line with their
regulatory obligations. eircom Wholesale RAP and Regulatory Operations are required to be in attendance at the
Downstream Business PDC meetings. The responsibility of these representatives is to ensure that the RAP inputs
have been identified. Launch cannot take place without eircom Wholesale RAP and eircom Regulatory Operations
approval confirming that the product meets our regulatory obligations.
5.2.5.1.5 Downstream Tenders and Contracts containing “non-standard” products
The eircom Downstream Bids Processes enable the Account Managers and Business Development Managers
(BDM) to respond quickly to a customer’s request, for either bespoke services or procurement of a large volume of
standard products. It draws senior management attention to the opportunity and ensures relevant skills are
prioritised to produce a compelling and winning proposition to put to the client. The bid process is predicated on
an approach of “sell first, build later”. Bids may be originated in a number of ways: sometimes the customer
undertakes a formal procurement exercise and issues Request for Proposal (RFP), Request for Quotation (RFQ),
Request for Information (RFI) or Pre-Qualification Questionnaire (PQQ) etc., occasionally it can be verbal, a series
of emails. No matter which route the customer chooses, it is mandatory to adopt the bid process.
Where the Bid response relies on products that were brought through the PDC it is considered as “standard”,
however where the Bid requires changes to these products such as terms and conditions, product features, prices
etc. then the Bid is considered “non-standard”. In these circumstances a Non-Standard Solution Assessment
Document will be populated. This document details questions to ensure that all non-standard Bids obtain
Regulatory and where required eircom Wholesale RAP approval before they are issued to the customers.
When a solution which includes a “non-standard” product is proposed, sign-off by Regulatory Operations is
required and sign-off by eircom Wholesale RAP may also be necessary. If the view by RAP and Regulatory is that
the “non-standard” product might have RAP implications then eircom downstream must submit a Customer
Request Form to eircom RAP to have the “non-standard” product assessed. If a RAP development is needed or
not, then this sign-off will confirm the fact.
If successful at bid stage, eircom downstream business will sign a contract for the supply of services as outlined in
the Bid. Where a contract that includes a “non-standard” product is proposed, sign-off by Regulatory Operations
and where necessary eircom Wholesale RAP is required. The account manager / BDM must ensure that all
orders/contracts logged as “non-standard” have received Regulatory Operations and where required eircom
Wholesale RAP approval.
Industry Update on eircom’s RGM August 2015
Confidential Page 33 of 106
5.2.5.1.6 Summary of Controls in Change Control
Within Change Control it was found that the provision of RAP information posed the greatest risk where non-
discrimination could take place. Therefore the main controls in Change Control relate to the downstream
businesses and operators following defined processes which require eircom Wholesale RAP and Regulatory
Operations approval in order to obtain new RAP information for existing / new products as follows:
1. Downstream Businesses seeking new reports/information on their services based on RAP products may
contact Regulatory Operations to seek confirmation that their proposal is clearly outside the RAP space,
otherwise they must follow the RAP Change Request Process
2. Downstream Businesses wishing to develop or amend downstream services that may have an impact on
RAP product may contact Regulatory Operations to seek confirmation that their proposal is clearly outside
the RAP space, otherwise they must follow the RAP Change Request Process
3. Downstream Businesses wishing to develop products must bring them through their PDC process to
ensure that they are developed with proper regulatory governance
4. Downstream Businesses wishing to engage in technology developments must bring their projects through
Works requests / E2E process. When submitting their requirement through these processes the PM must
confirm whether or not this project is RAP impacting. If it is then the PM must confirm that they have
RAP/Regulatory approval
5. At Ideation Phase – TED, RAP & Regulatory Operations, review all candidates and confirm that the project
has / has not RAP implications
6. Tenders / Bids and Contracts that contain non-standard products require eircom Wholesale RAP and
Regulatory Operations approval before being submitted to customers.
5.2.5.2 Impact on Pre-Ordering/Ordering Processes
Pre-ordering relates to information that an operator requires to enable them to submit an order for a RAP service.
Ordering relates to the mechanism for an operator to submit an order and for eircom to validate it and to accept
and send back an order acknowledgement. These are described in more detail below.
5.2.5.2.1 Pre-Ordering
eircom provides all Operators, including eircom’s downstream businesses, with network / RAP information that
they require to enable them to order the RAP services. This information is referred to as “Pre-Order” information
and can be provided in the form of bulk information, for example in NGA:
NGA Deployment Plan
o Summary of Exchanges, Aggregation nodes, approximate number of premises in scope and
number of planned cabinets.
o Details of when individual exchange areas are forecast to be available
o Forecast and Actual Ready for Order (RFO) dates
o Indicative details of FTTC cabinets within individual exchange areas
Industry Update on eircom’s RGM August 2015
Confidential Page 34 of 106
o Confirmation that individual NGA cabinets are landed / energised / commissioned, together with
an indicative forecast RFO for each cabinet based on average timeframes.
The “Advanced Pre-Qual File”
o A per Operator file confirming the available premises where Orders can be issued
Additional information (not specific to NGA services) is also made available to operators to enable them to
determine the appropriate orders to place in order to provide their RAP service on an order by order basis. The
main inquiry or information order types that are used by operators are:
Line Enquiry (LE) Order - returns the availability of infrastructure for the POTS Based element of the
product.
Query Account (QA) Order - returns the details of what services are on the line and also provides pre-
qual information if the operator specifies as a Broadband/NGA order type.
Pre-qual Order (PQ) - return the pre-qual information on the line including whether multicast is
available along with all products types that are available to the operator.
5.2.5.2.2 Summary of Controls in Pre-Ordering
In pre-ordering the main controls related to providing equivalent RAP information in equivalent timelines to all
operators and keeping Confidential RAP information secure before it is released to all operators including
downstream businesses on a non-discriminatory basis.
5.2.5.2.3 Ordering
The Unified Gateway is eircom Wholesale’s interface gateway with Operators (including eircom’s downstream
business units for all orders in relation to the provisioning or assurance of the NGA-WBA products). The UG
processes and validates the relevant orders and provides appropriate notifications for Acceptance and Delivery for
provisioning and fault management.
Downstream Businesses have alternative ordering mechanisms for ordering non-NGA RAP services. Many of
these interfaces were built prior to eircom’s regulatory obligations. eircom has designed the UG to provide the
equivalent functionality to operators as is available through these systems.
5.2.5.2.4 Summary of Controls in Ordering
The commitments made to ComReg regarding Ordering relate primarily to ensuring that equivalent features can be
ordered by operators and downstream businesses in equivalent timelines. In the context of NGA-WBA eircom
committed to downstream businesses using the same UG ordering interface as other operators and that this
performance would be monitored on a weekly basis to demonstrate that the same level of performance was
provided to all.
Industry Update on eircom’s RGM August 2015
Confidential Page 35 of 106
5.2.5.3 Impact on Provisioning Processes
Provisioning process for a RAP services relates to the processing of an order to provide the service through to
completion and notification back to the operator that the order is delivered. Some orders can be provided
automatically without manual intervention, for example, electronic enablement of an in-situ line. Other orders
require manual intervention, for example, the provision of a new PSTN line.
5.2.5.3.1 Summary of Controls in Provisioning
The main controls in place for provisioning relate to the end-to-end delivery performance of downstream provides
with the equivalent operator provides which are captured in Key Performance Indicators (KPIs). KPIs are also
published on the www.eircomWholesale.ie website every quarter.
Other controls are in place to ensure that the same richness of information is available to all operators as is
available to downstream businesses.
5.2.5.4 Impact on Fault Reporting / Fault Repair
Fault Reporting and Fault Repair for RAP services cover the processing of a Fault Report through to resolution
and notification back to the operator that the fault is repaired. Fault Reports require manual intervention from fault
receipt through to repair. There are two main activities associated with handling of fault reports. These are
a) Screening the fault report - The screening activity resides in the Wholesale Customer Service centre for
operators while it lies in operation centres for downstream businesses. This activity reviews the reported
fault and sends it to the area in eircom Networks responsible for its resolution.
b) Repairing the fault - The repairing of the faults lies primarily in eircom Networks.
5.2.5.4.1 Summary of Controls in Repair/Fault Reporting
The main controls in place for fault reporting and fault repair relate to the end to end performance of downstream
fault repairs and the equivalent operator fault repairs, which are captured in Key Performance Indicators (KPIs).
KPIs are also published on the www.eircomWholesale.ie website every quarter. Other important controls are in
place to ensure that the same richness of information is available to all operators as is available to downstream
businesses.
5.2.6 Expansion of Business Process Reviews
Following completion of the COP training it is planned that similar business process reviews will take place to
identify risks where breaches to Transparency, Pricing and Consumer obligations could occur.
SoCs will be produced to demonstrate eircom’s compliance with its obligations. These SoCs will also describe how
eircom is implementing transparent and verifiable monitoring of the business processes to ensure continued
compliance. Planning for these reviews will commence in Q4 of the 2014/2015 financial year.
Industry Update on eircom’s RGM August 2015
Confidential Page 36 of 106
Analysis of Controls contained in the SoCs 5.3
The controls contained in the updated RACM submitted to ComReg are analysed as follows:
Controls per Market
Controls per Business Unit
These are detailed in the sections below.
5.3.1 Controls per market
The controls are split between each of the different markets as per the table below. As can be seen Change
Control contains the majority of the controls.
Life-Cycle Market
Total 1 4 5 5 6 6 SB-CPS LLU NGA WBA NGN LLL
Change Control 23 23 12 23 20 23 124
Pre-Ordering/ Ordering 6 11 7 8 7 8 47
Provisioning 7 8 2 5 3 4 29
Fault Report/ Repair 15 17 3 16 6 15 72
Total 51 59 24 52 36 50 272
Table 3: List of Controls per Market
5.3.2 Controls per Business Unit
The split of controls across business units is contained in the figure below. As can be seen eircom Wholesale RAP
contains the majority of the controls followed by Networks.
Business Unit
Life-Cycle
Total Change Control
Pre-Ordering/ Ordering
Provisioning Fault Report/
Repair
Wholesale (RAP&WCS) 23 34 14 40 111
Networks 20 8 15 22 65
TED 12 0 0 0 12
Business 34 4 0 6 44
Consumer 9 1 0 0 10
Customer Operations 4 0 0 4 8
Wholesale (MNS) 22 0 0 0 22
Total 124 47 29 72 272
Table 4: List of Controls per Business Unit
In many instance the same control covers multiple markets. The list of individual controls is contained in the table
below.
Industry Update on eircom’s RGM August 2015
Confidential Page 37 of 106
Business Unit
Life-Cycle
Total Change Control
Pre-Ordering/ Ordering
Provisioning Fault Report/ Repair
Wholesale (RAP&WCS) 11 16 9 16 52
Networks 8 7 7 10 32
TED 6 0 0 0 6
Business 16 4 0 4 24
Consumer 3 1 0 0 4
Customer Operations 1 0 0 2 3
Wholesale (MNS) 10 0 0 0 10
Total 55 28 16 32 131
Table 5: List of Individual Controls per Business Unit
5.3.3 GAP Controls per Market
The list of controls that cover Equivalence Issues or GAPs are detailed below. The majority of these reside in Fault
Reporting / Repair.
Life-Cycle
Market
Total 1 4 4 5 6 6
SB-CPS NGA LLU WBA NGN LLL
Change Control 0 0 0 0 0 0 0
Pre-Ordering/ Ordering 2 3 0 2 0 4 11
Provisioning 4 4 0 1 0 2 11
Fault Report/ Repair 9 10 0 10 3 10 42
Grand Total 15 17 0 13 3 16 64
Table 6: List of GAP Controls per Market
5.3.4 GAP Controls per Business Unit
The list of controls that cover Equivalence Issues or GAPs are detailed below. The majority of these reside in
eircom Wholesale.
Business Unit Life-Cycle
Total Change Control
Pre-Ordering/ Ordering
Provisioning Fault Report/
Repair
Wholesale (RAP&WCS) 0 9 11 32 52
Networks 0 0 0 2 2
TED 0 0 0 0 0
Business 0 2 0 5 7
Consumer 0 0 0 0 0
Customer Operations 0 0 0 3 3
Wholesale (MNS) 0 0 0 0 0
Total 0 11 11 42 64
Table 7: List of GAP Controls per Business Unit
Industry Update on eircom’s RGM August 2015
Confidential Page 38 of 106
Again, in many instance the same control covers multiple markets. The list of individual GAP controls is contained
in the table below.
Business Unit
Life-Cycle
Total Change Control
Pre-Ordering/ Ordering
Provisioning Fault Report/ Repair
Wholesale (RAP&WCS) 0 4 7 13 24
Networks 0 0 0 1 1
TED 0 0 0 0 0
Business 0 2 0 3 5
Consumer 0 0 0 0 0
Customer Operations 0 0 0 1 1
Wholesale (MNS) 0 0 0 0 0
Total 0 6 7 18 31
Table 8: List of Individual GAP Controls per Business Unit
5.3.5 Conclusion of Analysis of Controls
5.3.5.1 All Controls
Change Control contains the largest number of controls. This is very much associated with the level of risk that
now resides in this process cycle. The business process reviews analysed the “as is” i.e. the business processes
and products at a point in time and identified the controls to manage the gaps and risks identified. Any change to
the “as-is” needs to be done carefully to avoid new compliance issues arising. The main risks now relate to the
provision of RAP information to downstream businesses when the equivalent information is not available to
operators. This information could be provided when downstream businesses
offer or develop new products that may have RAP requirements, or
request new reports to create management reports or to provide reports to their customers
It is most important that the controls in Change Control are operated to avoid the potential Compliance issues.
eircom Wholesale and TED/Networks contain the vast majority of the controls. As custodians of RAP information
there is a lot of responsibility on these business units to ensure that this information is kept secure and that
equivalent information is released to all operators in equivalent timelines.
These business units need to adequately resource the operation of their controls and also to make sure that the
remediation work is completed in line with target dates.
5.3.5.2 GAP Controls
Fault Reporting / Repair contain the largest number of GAP controls. Many of these relate to the ability of
downstream businesses to leave faults in a “pending clear” state for a longer period of time that is available to
other operator faults. In the interim manual closure of faults is required until system fixes are in place to close all
faults in an equivalent fashion. The other GAP controls remedy issues associated with “richness of information”
and out of hours repair capability being made available to all operators on an equivalent basis.
Industry Update on eircom’s RGM August 2015
Confidential Page 39 of 106
Analysis of RAP Change Request Process 5.4
As described in Section 5.2.5.1.1 (RAP Change Request Process) eircom Wholesale has put in place a process
for managing requests for RAP Product changes from operators and downstream businesses on a non-
discriminatory basis. On a weekly basis a meeting is held to review all requests and proposed responses.
This analysis of the RAP Change Request Process deals with RAP Change Requests received from 20th
Oct 2013
to 14th Apr 2015 and is broken down by:
RAP Change Requests by Requestor
RAP Change Requests by Status
RAP Change Requests by Age
“Open” RAP Change Requests by Age
“Closed” RAP Change Requests by Age
A summary table of “open” requests that are greater than 12 months old is included in section 5.4.6
The graphs and tables are split by the source of the request as follows:
Downstream = eircom Wholesale MNS, Consumer, Customer Operations and Business
Operators = Operators
Upstream = eircom Wholesale RAP, WCS, TED, Networks, and
Status (Request, Accept as Concept, Under Review, In development, Rejected, Delivered or
Cancelled)
5.4.1 Source of RAP Change Requests
Figure 24: Source of RAP Change Requests
0
10
20
30
40
50
60
Downstream Operators Upstream
Nu
mb
er
of
Re
qu
est
s
Number of Requests Oct '13 - Apr '15
Industry Update on eircom’s RGM August 2015
Confidential Page 40 of 106
5.4.2 RAP Change Requests by Status
Figure 25: RAP Change Requests by Status
*Note – Requests in status 1 – 4 (Request, Accept as Concept, Under Review and In Development) are still open;
Requests in status 5 – 7 (Rejected, Delivered and Cancelled) are closed
0
5
10
15
20
25
30
1.Request 2.Accept asConcept
3.UnderReview
4.InDevelopment
5.Rejected 6.Delivered 7.Cancelled
Nu
mb
er
of
Re
qu
est
s
Current Status of RAP Change Requests
DownstreamOperatorsUpstream
Oct '13 - Apr '15
Industry Update on eircom’s RGM August 2015
Confidential Page 41 of 106
5.4.3 RAP Change Requests by Age
Figure 26: RAP Change Requests by Average Age (Number of days)
*Note: The amount of time it takes to meet the requirements contained within the requests is very much dependent
on the amount of system development required to deliver the request. Requests that only require minor process
changes or manual reports can be done relatively quickly, however, those that require system changes take more
time to schedule, design, built and test.
0
50
100
150
200
250
300
350
400
450
1.Request 2.Accept asConcept
3.Under Review 4.InDevelopment
5.Rejected 6.Delivered 7.Cancelled
Nu
mb
er
of
day
s fr
om
dat
e lo
gge
d
Average Age of RAP Change Requests DownstreamOperatorsUpstream
<-----Average days from date logged to date closed ------>
Oct '13 - Apr '15
<---Average days from date logged to NOW----->
Industry Update on eircom’s RGM August 2015
Confidential Page 42 of 106
5.4.4 “Open” RAP Change Requests by Age
Figure 27: “Open” RAP Change Requests by Average Age
*Note: A summary table of “open” requests that are greater than 12 months old is included in section 5.4.6.
5.4.5 “Closed” RAP Change Requests by Age
Figure 28: “Closed” RAP Change Requests by Average Age
0
5
10
15
20
25
30
1-3 months 4-6 months 6-9 months 10-12 months >1YEAR
Nu
mb
er
of
Re
qu
est
s Age of Open Requests - in status "Requested", "Accept as concept", "Under
review" and "In development"
Downstream Operators Upstream
Oct '13 - Apr '15
0
5
10
15
20
25
30
1-3 months 4-6 months 6-9 months 10-12 months
Nu
mb
er
of
Re
qu
est
s
Closed Requests - in status "Rejected", "Delivered" and "Cancelled"
Downstream Operators Upstream
Oct '13 - Apr '15
Industry Update on eircom’s RGM August 2015
Confidential Page 43 of 106
5.4.6 Table of “Open” RAP Change Requests > 12 months
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
Information
1 Apr-14 Downstream eircom Wholesale
Solution to address issue of non-unique addresses All operators have major difficulty placing orders for properties that do not have a unique address, for example Main Street, Listowel, Co. Kerry. There is a system available in Wholesale: AI which would potentially does provide more information so that different addresses can be more easily identified.
4.In Development
Apr ‘15
NGA RM “File that provides ARD ID, masked version of CLI and eligibility for NGA or CGA” (Comment: technically deployed)
2 Dec-13 Downstream eircom Wholesale
NGB Full Install It would be possible to request a full NGB install via the UG. This will allow for the installation of a NGB modem in the customer’s premises. From a technical perspective, perhaps a change could be made to UG for NGB orders to facilitate INSTALL_TYPE = H, H being a CPE install.
4.In Development
Aug ‘15
Bitstream RM “new order type ability to request a Bitstream order with a full install option”
3 Jan-14 Downstream eircom Wholesale
Flexible CLI. Customers (and prospective customers) want the ability to see the CLI of calls that trombone through their PBX lines. The key requirement is to turn off any A Number Validation in order to facilitate a number of use cases
2.Accept as Concept
TDC
SB-WLR RM “Displaying the "A" number when forwarded”
Industry Update on eircom’s RGM August 2015
Confidential Page 44 of 106
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
Information
4 Feb-14 Downstream eircom Wholesale
Picture for Missed Appointments / Verification of Technician Visit (ID 16) Operators are complaining that eircom technicians are incorrectly marking orders for re-appointment in cases where the Operator shows up for an appointment but customer is not available. Operators have requested that the technician takes a picture of the door to prove that they were at the location.
3.Under Review
TBC
NGA RM Under Review “Missed Appointments – Technician Feedback” (Comment: This request is expected to be cancelled but awaiting industry confirmation)
5 Apr-14 Operator eircom Wholesale
More detailed engineer notes on customer installs (all products) (ID 38) Operators would like more detailed notes delivered to them on customer installs. If the install does not happen within the standard timescales or goes “non-standard” they need these notes to update their customers and manage their expectations. RAP explained that this would take time to develop if the enriched updates were to be sent back to Operators via the UG but they are absolutely insistent they are not willing to wait for a UG update to get this. Operators have requested an interim solution followed by the UG solution
4.In Development
Dec ‘15
SB-WLR RM In development “updates to UG to ensure all provisioning information is provided via the UG”
6 Feb-14 Operator eircom Wholesale
Prioritised New Line Connection (ID 10) The product, which could be a “paid for” additional service to WLR and would offer a guaranteed install & connection time from order acceptance for both in-situ & pre-cabled lines. An additional variant could be offered for complete new installs also. The product should be available for all WLR/PSTN connections for at least in-situ and pre-cabled lines but ideally covering all connections.
2.Accept as Concept
TBC
SB-WLR RM Under Review “Request - Prioritised delivery SLA”
Industry Update on eircom’s RGM August 2015
Confidential Page 45 of 106
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
information
7 Mar-14 Operator eircom Wholesale
Request for ability to test for dial tone to be made available to Operators (ID 30) Operator has requested the facility to perform a line test for dial tone on lines that have faults. This would improve the rate of No Fault Found eircom and operators are working jointly to try and reduce the rate of NFF which is in the interest of both operators. Operators feel that if they were able to perform a line test for dial tone when the customer reports a fault, this would reduce the amount of unnecessary faults logged and have a beneficial effect on eircom’s FAO resources.
4.In Development
Apr ‘15
SB-WLR RM In development “enhanced testing capability for fault diagnosis, dial tone from exchange and ISDN testing” (Comment: technically deployed)
8 Mar-14 Operator eircom Wholesale
LNN appointment timings request (ID 26) LNN appointment timings - Request for a dialog service to allow advance appointment slot booking for LNN new provides
2.Accept as Concept
Dec ‘15
SB-WLR RM In development “development being led at NGA forum this will provide the ability to check appointment prior to order placement”
9 Feb-14 Operator eircom Wholesale
NTU Installation per Reseller (ID 15) The existing functionality for NGA ordering allows Operators to install the NTU on behalf of eircom. Operators can choose to do this at an Operator level - exchange by exchange. An Operator has requested that this functionality is extended to allow Operator make this choice for each of their resellers.
2.Accept as Concept
Q3 ‘15
NGA RM Under Review “NTU Installation per Egress Group (Full Requirement)” (Comment: Expected to be cancelled with the interim solution meeting market requirement. Awaiting industry confirmation before cancelling)
Industry Update on eircom’s RGM August 2015
Confidential Page 46 of 106
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
Information
10 Mar-14 Operator eircom Wholesale
Include previous phone number & LE response data in databases (ID 25) Requirement to include additional information (previous phone number & LE response data) in eircom address and in-situ line databases.
4.In Development
Aug ‘15
SB-WLR RM In development “Project reviewing options to improve quality of ee inventory”
11 Feb-14 Operator eircom Wholesale
Associating SEA orders with an EIL (ID 18) Rules to be applied for selecting the NGN Node to serve a SEA order for operators The original NGN Nodes installed are ESS-6 Nodes with 2x 1Gbps uplinks, which can facilitate capacities of up to 1Gbps. The newer NGN Nodes being installed are SR-12 Nodes with 2 x 10Gbps uplinks, which can facilitate capacities of up to 10Gbps. Given that multiple exchanges have more than 1 Agg Node, and that many of these will have a mix of ESS-6 and SR-12 nodes, we need to put rules in place which determine which node type we connect new SEA orders to. Operators have a specific requirement in terms of how they wish eircom to determine which of these Node types their SEA orders are associated with.
3.Under Review
Q3 ‘15
NGN RM In Development “Automate Rules for correct AGG Node selection(AMP FSS)”
12 Mar-14 Operator eircom Wholesale
Provide exchange code for an address in ARD DB file and decouple town and street fields (ID 23) Operator has observed that the exchange code is not provided for approx. 50% of the ARD ID addresses Operator needs to see the exchange code for each address to determine if the address can be serviced by LLU
4.In Development
Apr ‘15
SB-WLR RM “Provide a masked CLI with the ard key to give more detail and certainty to Operators selecting the correct address” (Comment: technically deployed)
Industry Update on eircom’s RGM August 2015
Confidential Page 47 of 106
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
Information
13 Mar-14 Operator eircom Wholesale
Configure Bitstream fault report code 242 for Line Share fault reporting (ID 22) To improve fault reporting – will reduce number of No Fault Founds which is a key objective of eircom Wholesale and GT. Will reduce resource overheads in eircom which is critical at a time when eircom is downsizing its staff numbers
4.In Development
Apr ‘15
LLU RM “Enhancements to fault diagnosis tools – further phases” (Comment: technically deployed)
14 Mar-14 Upstream eircom Wholesale / Networks
GT Dashboard (ID 32) The purpose of the next development phase of the GT Dashboard is to fix bugs and enhance functionality for GT staff that enter information on incidents/changes. GT Dashboard is an internal OSS system but requires RAP approval as it contains/provides information to downstream areas (Consumer, Business, Wholesale, and rest of departments) and OAOs on RAP and non-RAP services. As it stands, downstream areas have access to more information than OAOs on incidents/changes for RAP products. The proposal to get RAP approval and to progress with this project is to phase the development in two: Phase 1=> Balance the level of access to information for downstream areas and OAOs for incidents/changes and fix bugs related to notifications to downstream areas and OAOs. Phase 2=> Develop functionality enhancements for internal GT staff to make the system more user friendly and usable.
2.Accept as Concept
Dec-15 Not on Roadmap
Industry Update on eircom’s RGM August 2015
Confidential Page 48 of 106
“Open” RAP Change Requests > 12 months
Index Date
Raised
Source of
Request Owner Summary of Request Status
Original
Target
Date
Roadmap
Information
15 Feb-14 Upstream eircom Wholesale / Networks
DELT Test – Add H-Log (ID 14) The quality of NTU installations can be measured using functionality available on the N2510. This functionality will allow eircom to determine if there is a bridge tap (bad wiring) on the line as part of the installation post installation. However, this test is done post the completion of the service and results in a second truck roll to fix the problem. This requirement is to develop an online test that would allow technician’s to determine if the line has been installed correctly before leaving the customer premises as part of the installation process. This test would also be made available to other Operators that are installing the NTU themselves. In addition, eircom could utilise this functionality to ensure that an Operator installing the NTU has done so correctly before closing the order.
3.Under Review
Q3 ‘15
NGA RM In development “NTU Installations (DELT with H-Log value)”
Table 9: “Open” RAP Change Requests > 12 months
Conclusion of Analysis of RAP Change Request Process 5.5
A robust process has been put in place by eircom Wholesale RAP to log requests for RAP Product changes and to
continue to track them along their journey through to completion. This analysis shows that the process is widely
used internally by Upstream and Downstream businesses and also by Operators. The performance of responding
to requests and delivering capability to meet the request does not indicate that preferential treatment is provided to
downstream businesses or upstream businesses over other operators.
Industry Update on eircom’s RGM August 2015
Confidential Page 49 of 106
List of Equivalence Issues 5.6
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
1 Jun-13
eircom Consumer/Business has the ability to order Full Install in Broadband which includes the installation of a new NTU with a built in splitter. This differs from what is currently available in the RAP portfolio.
eircom Wholesale
Systems development is required to provide the ability for Operators to request a full install as part of a Bitstream and Line Share orders. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. This has been passed as the ideation phase of the Technology E2E process is now planned for delivery in August 2015. (Current Target: Aug '15)
Open Apr-15
Bitstream RM In development "new order type ability to request a Bitstream order with a full install option" Target: Aug 2015 NGA RM In development "NTU installation – Line Share" Target: Aug 2015
2 Jun-13
eircom Consumer/Business Broadband faults (&PSTN faults logged through RTM) remain in "pending clear" until they are closed manually. The retail faults and OAO faults should be treated in an equivalent manner.
eircom Wholesale
eircom Wholesale RAP has submitted a Works Request to ensure that ALL faults (RAP and downstream) are automatically closed after the ten working hours. (Current Target: Aug '15). Two interim controls are in place to ensure that pending clears are closed manually in both eircom Consumer and Business within the 10 working hours.
Open Aug-15 N/A (No impact on RAP Product)
Industry Update on eircom’s RGM August 2015
Confidential Page 50 of 106
Equivalence Log
Index Date
Opened
Description of
Issue Owner Status
Date
Closed
Original
Target Date
Roadmap
Information
3 Jul-13
eircom Consumer/Business can see all technician comments for Provisioning and Repair. The eircom Wholesale RAP products should be modified to ensure that the equivalent information is provided to downstream businesses and other operators.
eircom Wholesale
Technician comments for fault repair are available to operators through the UG since December ’13. Key provisioning comments are provided manually to operators. Provisioning comments are now available to operators for CGA products on the UG through the combined New Line & Broadband/Line Share Order. This order type has been delivered as part of UG Release in Dec ’14 and is currently on trial by operators. An update to this order is being introduced in April ’15. (Current Target: May '15). In addition a requirement has been raised to identify the differences between the systems and remedy gaps that are identified e.g. PRA Tech comments and SORTs Crew identifier codes (Current Target: Aug '15).
Open
Dec-14 Aug-15
SB-WLR & BS RM In development "ability to order a new SB-WLR line with line share for same day delivery" "Combined delivery of a Non In-situ order and Bitstream on the same day with the appointment rescheduling added." Target: May 2015 SB-WLR RM In development "Include Technician comments on PRA/FRA Faults" Target: Aug 2015 SB-WLR RM In development "updates to UG to ensure all provisioning information is provided via the UG" Target: Dec 2015
Industry Update on eircom’s RGM August 2015
Confidential Page 51 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
4 Jul-14
eircom Consumer and Business have access to richer functionality and data for customer address identification and searching than was available to other operators. This information was accessible through a system called AI (Address Interface) and enabled the agents to identify addresses for all customers connected to the eircom Network (including other operator customer details).
eircom Wholesale
An Ideation request for the Technology end to end process has been created and approved. This aims to complete a detailed analysis of the equivalent information provided to eircom downstream businesses versus other operators and put in place a solution to address any gaps that are identified (Current Target: Dec '15). In April '15 eircom Wholesale provided a Masked CLI file to all operators. This weekly file outlines extensive network information on eircom’s copper network. The file includes the exchange information, the products attached to the line and both the CGA and NGA prequal information. The file also includes details regarding the type of NTU in the customer’s premises.
Open Dec-15
NGA, SB-WLR & Bitstream RM In development “File that provides ARD ID, masked version of CLI and eligibility for NGA or CGA” Target Apr 2015 (Comment: technically deployed)
5 Jul-14
eircom Consumer and Business have access to richer fault information for their customers than is available to operators. This is caused by their native access to FHS which contains some data that is not made available to operators through the UG. This information included items such as Line signature, Capacitance Balance and Fault History prior to service commencement with the current operator.
eircom Wholesale
eircom completed a detailed analysis of the fault information provided to eircom downstream businesses versus other operators to put in place a solution to address any gaps that were identified. The first set of enhancements to fault diagnostic tools functionally was delivered in Dec '14 and switched on 19th Feb ’15 – all relevant documentation is in place to support these features. * Connection Status (Line Lockout/Auto Blocked Lines); * Line Signature; * Capacitance Balance; * Line Test History; * Conclusion Statements from Line Test Results; In addition a requirement has been raised through the eircom end-end solution delivery process to deliver * Fault History prior to service commencement with current operator; * Crew identification (Current Target: Dec '15)
Open
Dec-14 Dec-15
SB-WLR & BS RM In development "updates to UG to ensure all fault information is provided via the UG" Target: Dec 2015
Industry Update on eircom’s RGM August 2015
Confidential Page 52 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
6 Jul-14
Some eircom Retail agents have access to additional line testing capabilities via MLT client. MLT client allows dial tone, noise and overhearing tests to be performed on the line. Other operators do not have the equivalent capability.
eircom Wholesale
eircom Wholesale RAP logged a systems development to provide this additional information via the UG. This requirement was raised through eircom end-to-end solution delivery process which determined that it is only feasible to provide Dial tone from exchange and ISDN testing which are both now available via the UG. Training has also been provided to operators on how to use these tests. A review of IPM documentation is taking place to see what information needs to be included in it. Noise and Overhearing Tests to be disabled for all downstream CSRs. (Current Target: May '15)
Open Aug-15
SB-WLR, BS RMs In development "enhanced testing capability for fault diagnosis, dial tone from exchange and ISDN testing" Target: April 2015 (Comment: technically deployed)
7 Jul-14
In parallel with developing these testing capabilities for operators, eircom Wholesale will monitor the service assurance performance provided by eircom to downstream businesses and other operators. In particular the screening performance of WCCC compared with downstream businesses and end to end repair performance will be actively monitored to determine whether EOO occurs. If EOO performance cannot be managed eircom Wholesale will take the necessary corrective action which could include system, process and organisational changes.
eircom Wholesale
The outcome of the performance monitoring and plan for corrective actions (if required) was shared with ComReg in March 2015. In November 2014 eircom Wholesale extended the hours of WCC from 8am – 10pm Monday – Sunday for screening of faults. Previous WCC opening hours for screening of faults was 8am-8pm M-F, 9am - 5.30pm Sat, Closed Sunday. Resources are now in place during these extended hours to actively screen faults and to pass them into the Networks queue to be eligible for dispatch to field technicians. In addition as part of Wholesale Reforms eircom has agreed in principle to create a Centralised Fault Screening Centre for the purposes of screening faults from downstream businesses and operators. The implementation of this centre is subject to a scoping and sizing exercise which is currently underway. (Current Target: August '15.)
Open Aug-15
SB-WLR Forum on Update on fault programme (Mar 2015) Support implementation of centralised fault management Target: August 2015
Industry Update on eircom’s RGM August 2015
Confidential Page 53 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
8 Jul-14
As part of the NGA reviews, a gap was identified whereby downstream businesses had access to the Ops Site. The Ops Site is an eircom Networks site which contains network performance reports for provisioning and repair etc. In general the information is not segregated between eircom downstream and other operators and may contain a richness that is not available to other operators through the UG. A short term solution was put in place at the time involving a Warning Message on the site which restricted use of the site to Fixed Access Operations (FAO) staff and a long term solution which was designed to restrict access based on User IDs was implemented in May 2014. During this process reviews it came to light that staff from eircom Consumer / Business were accessing files on the Ops Site despite the warning message. This was caused by some eircom staff/agents bypassing the front screen security and clicking the URL link (that they had stored as bookmark or link in document etc.) to the actual report which sits on the Ops site.
eircom Networks
This issue is currently being investigated with a view to implementing a system fix to comprehensively lock down all access to the Ops Site for unauthorised staff. Ideation Request under review with Technology and Networks. (Current Target: Dec '15.)
Open Dec-14
N/A (No impact on RAP Product)
9 Jul-14
GT Dashboard is a Networks system that is updated with Outage Notifications/major faults. It also sends notifications to Operators through a ticker message on the UG. Downstream businesses don’t access UG for legacy products they have read-only access to GT Dashboard to get their outage updates. GT Dashboard contains richer information than is available to operators on the UG.
An Ideation request for the Technology end to end process has been created to complete a detailed analysis of the equivalent information provided to eircom downstream businesses versus other operators and put in place a solution to address any gaps that are identified. In addition Text Message Notification (Optional) of Major Incidents will be developed. (Current Target: Dec '15.)
Open Aug-15
NGN RM In development "Text Message Notification (Optional) of Major Incidents" Target: Q4 2015
Industry Update on eircom’s RGM August 2015
Confidential Page 54 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
10 Jul-14
eircom Retail can flag that a new line being installed will also require a broadband service in the future. This changes the threshold up to which copper will be installed as opposed to FCS from €1k to €3k. Other operators would only be offered FCS if the cost of copper was > €1k. (Compliance Case Reference: 480 - Line Provisioning)
eircom Wholesale
The option to indicate an expression of interest is now available to operators for Current Generation products on the UG through the combined New Line & Broadband Order. This order type has been delivered as part of UG Release in Dec ’14 and is currently on trial by operators. An update to this order is being introduced in April ’15 at which stage it is planned that the internal PDC process will be completed and that the relevant industry documentation will be published. (Target: May 15) An interim process has been put in place to check if installation works exceeds €1000 but not €3000, the status is changed to "check if customer requires BB", if operator confirms this is the case then the order is delivered as a copper line. In addition a requirement has been raised through the eircom end-end solution delivery process to complete a detailed analysis to determine the feasibility of adding this flag for other UG orders. (Target: Dec '15) (Comment: Wholesale RAP has advised that they plan to retire other order types - so this requirement may become redundant.)
Open Dec-14
SB-WLR & BS RM In development "ability to order a new SB-WLR line with line share for same day delivery" "Combined delivery of an Non In-situ order and Bitstream on the same day with the appointment rescheduling added." Target: May 2015 (Comment: technically deployed)
11 Jul-14
Orders submitted by operators to transfer eircom customers to them for voice products could fail to be processed where an eircom Business VPN SOC is present on the customer's eircom account. This would result in the order being rejected on the Unified Gateway ordering system. (Compliance Case Reference: 568 - VPN Removal)
eircom Wholesale
In Dec '14 eircom Wholesale RAP developed the capability to allow an Operator request through the UG the automatic transfer of a PSTN line to SB-WLR when there is a VPN service on the account. A manual process was also put in place to deal with orders that fall out from standard UG Process. eW RAP has published process documentation. *Mar 15 - C&E has advised eW RAP that this documentation should be updated to ensure operators are informed why orders on VPN lines fall out of standard process and how these orders will be handled manually. (Current Target: May ’15)
Open Apr-15 SB-WLR RM "Delivered"
Industry Update on eircom’s RGM August 2015
Confidential Page 55 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
12 Jul-14
Through accessing eTIPs (a Networks system that provides contact details for technicians) eircom Consumer and Business customer care teams directly contacted technicians and got service updates and arranged for out-of-hours repairs or installs to be carried out on an exceptional basis. This capability was not available to other operators.
eircom Wholesale
A process has been developed where all operators, including downstream businesses can request outside SLA hours that a fault be repaired. These requests are managed on a best effort basis and the associated volume is relatively small. *Dec '14 - eW has advised that it has communicated the Out of Hours process to all operators at bilateral meetings. In line with commitments made in the Statement of Compliance and in line with agreed processes, eircom C&E has advised eircom Wholesale RAP that Operators should also be informed of this process via the Industry forum.
Open Aug-14
Not on roadmap (Out of Hours Capability available)
13 Jul-14
eircom Consumer access eTIPs a Networks system that provides contact details for technicians so that they can identify the appropriate technician to resolve “Health and Safety” and “Dangerous Plant” faults that are raised by customers, operators or public service representatives (police, ambulance etc). (Linked to Equivalence Issue 12)
eircom Networks
There has been some progress on this issue. eircom has restricted the access to eTIPs in downstream businesses only to those that are required to access it for the purposes of Health and Safety reports relating to Dangerous Plant. eircom is also in the process of implementing a change so that instead of traffic being passed from Retail Agents to Field Technicians directly it will to through Networks Service Management Centre (SMC). This is subject to the transfer of resources from eircom Consumer to Networks to handle the extra volume of calls etc. This initiative will also facilitate the removal of access to the eTips tool from all non-Networks Operations staff. (Current Target*: Jul '15) *Subject to resources In the interim a banner has been put in place on the eTips homepage advising users of the appropriate usage of the tool (i.e. that non-Field Operations teams should not access or use the data, except for managing dangerous plant reports outside of working hours) and the disciplinary implications of inappropriate access.
Open Dec-14 N/A (No impact on RAP Product)
Industry Update on eircom’s RGM August 2015
Confidential Page 56 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
14 Jul-14
eircom Consumer and Business have access to RAP information for their customers that was not available to other operators. This information is accessible on a system used for Bitstream Order Tracking (BOOTs) and relates to provisioning orders.
eircom Wholesale
A requirement has been raised through the eircom end-end solution delivery process to complete a detailed analysis of the differences between the information available on BOOTs and on the UG and put in place a solution to address the gaps identified. (Current Target: Dec '15)
Open Dec-15
Bitstream RM In development "updates to UG to ensure all provisioning information is provided via the UG" Target: Dec 2015
15 Jul-14
eircom Business have access to richer information for their customers in relation to provides and faults for Leased Line Products than was available to operators. This is caused by their access to DataPlus which contains some data that is not made available to operators through the UG. This information includes items such as technician comments and status updates.
eircom Wholesale
A requirement has been raised through eircom End-to-End Process to determine how this (new) functionality to provide information will be made available to both Operators and Downstream Businesses (i.e. existing Dataplus access will be restricted to Wholesale Products and Networks). The project team is attempting to estimate the cost and timeline to deliver such a system via Web and/or UG Proxy. (Current Target: Dec '15) In the interim order and fault information is provided to operators manually on a monthly basis.
Open Apr-15 Not on Roadmap
16 Jul-14
eircom Business had access to richer information for their customers in relation to provides and faults for Leased Line Products than was available to operators. This was caused by their access to Midas which contains some data that is not made available to operators through the UG. This information included items such as technician comments and status updates.
eircom Wholesale
A requirement has been raised through eircom End-to-End solution delivery process to complete a detailed analysis of the differences between the systems and put in place a solution to address any gaps identified. IT Analysis/System Review to take place which is scheduled to be completed by April 2015 and has a target date for delivery in Dec '15. (Current Target: Dec '15).
Open Apr-15 Not on Roadmap
Industry Update on eircom’s RGM August 2015
Confidential Page 57 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
17 Jul-14
eircom downstream businesses’ faults have different start and end time for faults. This is caused by the SLA clock in fault handling systems for downstream businesses starting 30 minutes earlier (8.30am) than the SLA clock for other operators (9am). For example, this could result in the target resolution times for downstream faults being earlier than those for other operators, where faults are logged prior to 8.30am.
eircom Wholesale
Systems analysis is required to identify the systems changes required to align the SLA hours for Retail and Wholesale to 9am - 5pm. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. (Current Target: Dec '15)
Open Apr-14 N/A
18 Jul-14
eircom Business had the ability to leave legacy leased line faults in pending clear for a longer time than was available to other operators. Even though eircom Business were encouraged to close these faults promptly they could, however, leave them pending while trying to contact the end customer to confirm that the service had been restored again.
eircom Wholesale
To address this Gap, eircom Wholesale RAP brought a proposal to industry to agree a standard SLA time for pending clear. The revised proposal was a) 16 working hours for standard faults and b) 48 clock hours for premium faults. This was agreed at industry in Dec '14. Wholesale RAP to implement an IT development to ensure that faults are automatically closed after the agreed period of time. (Current Target: May '15) Note: A manual solution is in eircom Business & eircom Wholesale to close faults in pending clear accordingly.
Open Aug-15
NGN RM In development "Auto Closure of Data Fault" Target: Q2 2015
19 Jul-14
eircom downstream businesses’ have different repair parameters for PRA faults. This is caused by a misalignment of the SB-WLR PRA product and the downstream PRA product.
eircom Wholesale
Systems analysis is required to identify the systems changes required to align the time to repair for standard SLA for downstream and operator PRA faults. A requirement has been raised through eircom end-to-end solution delivery process to develop this functionality. (Current Target: Dec '15)
Open Apr-14 N/A (No impact on RAP Product)
Industry Update on eircom’s RGM August 2015
Confidential Page 58 of 106
Equivalence Log
Index Date
Opened Description of Issue Owner Status
Date
Closed
Original
Target
Date
Roadmap
Information
20 Jun-12
In 2010 eircom was directed to provide Duct Access product in the WPNIA Market. eircom provided a limited duct product as part of co-location and agreed with ComReg that they would provide Duct Access operators if requested. This requirement was re-directed in Jan 2013 as part of the NGA Decision. BT requested Duct Access in 2012, eircom has not yet provided the Duct Access product in the WPNIA Market as required.
eircom Wholesale
In 2012 eircom Wholesale RAP proposed to start the development of a Duct Access product with a duct network trial. No OAO pursued this proposal so eW RAP proceeded with the product development without the trial. In Dec 2013 eW RAP proposed to notify the Duct Access product in Feb 2014 with launch 6 months later (as required by ComReg Decision). At BT’s insistence eW RAP agreed to include a Pilot stage in the development prior to notifying the product. eW RAP notified ComReg of the Duct Access product on 14th Nov (in advance of reaching agreement on all outstanding issues) requesting approval to launch 1 month later. ComReg agreed that the product could launch in Feb '14.
Closed Feb-15
Feb-15 N/A (Delivered)
21 Jan-15
Service Management captures Martis routing data each day on network (circuit) changes that impact on the routing of downstream business. This data is analysed by Service Level Managers who use it to identify if any significant routing changes have taken place in the customers network. The Service Level Manager arranges for the customer to be notified if a significant routing change has taken place. eircom Wholesale RAP have commenced the process of making this routing report available to OAO’s if they wish to avail of it.
eircom Wholesale
The functionality is to be developed and Industry/ComReg notified as per standard process. (Target: Jul '15) A high level project timeline for this is: 1) Technology analysis phase complete 2) Update Industry via NGN forum of new product functionality on Roadmap – November ‘14 - complete 3) Updated IPM circulated to industry for review - March 2015 4) Formal notification of product change to ComReg - April 2015 5) Publication of proposed IPM - April 2015 6) Product launched - July 2015 (Current Target: Jul '15)
Jul-15
NGN RM In development "MARTIS Routing Report (Leased Lines, PPC)" Target: Q2 2015
Table 10: List of Equivalence Issues
Industry Update on eircom’s RGM August 2015
Confidential Page 59 of 106
Conclusions of Equivalence Issues 5.7
Some progress has taken place with the Equivalence Issues. A number of system developments have taken place
in Dec ’14 and April ’15 to provide part of the solution required to permanently close the issue.
1 Equivalence issue was closed during the period
1 Equivalence issue was opened during period
20 Equivalence Issues remain opened
As can be seen from the graphs below
3 are open for more than 12 months.
13 will have taken more than 1 year to remedy
3 will have taken more than 2 years to remedy
6 are still on target
2 are scheduled to be completed ahead of original target date
12 have slipped from their original target date
eircom needs to put all efforts into ensuring that there are no further slippages and that all these Equivalence
Issues are closed by the end Dec ‘15.
Figure 29: Age of Equivalence Issues
Figure 30: Difference between Original & Current Target Date for Equivalence Issues
0
5
10
15
20
<=1 year >1 year & <=2year
No
. of
Issu
es
Months from Open to now
Current age of Equivalence Issues
0
2
4
6
8
10
12
<=1 year >1 year &<=2year
>2 year
No
. of
Issu
es
From Open to Target Close
Length of time to close of Equivalence Issues
Industry Update on eircom’s RGM August 2015
Confidential Page 60 of 106
List of Key Differences which are justifiable contained in the SoCs 5.8
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
1
Pre-Order - eircom Retail access to Pre-qual eircom Retail submits orders for NGA services through the UG like all other operators. For the Current Generation Access products eircom Retail has direct access to pre-qual through their BSS front end system referred to as eCOM.
NGA WBA
eircom Retail’s access to pre-qual is a part of the existing sales process for the legacy products. The legacy products have an Equivalence of Outputs non-discrimination standard. The addition of the NGA flag does not provide eircom Retail with any material advantage as equivalent information will equally have been provided to the other Operators in the Advanced Pre-qual File.
2
Pre-Order - eircom Retail access to ANRM via CDW eircom Retail has access to ANRM which is a network system that stores network address information associated with all end users connected to the eircom network. eircom Retail queries this system to enable them locate an address in order to provide a new line. ANRM contains information which is not available to other Operators such as current telephone number, previous telephone number or the name of the occupant.
NGA WBA
eircom Retail’s access to ANRM is a part of the existing sales process for the legacy products. For provision of a new standalone NGA line all operators are required to order a SB-WLR line first, then must request that this line is transferred to a standalone NGA broadband /Bitstream Plus / VUA line. SB-WLR is a legacy product. The legacy products have an Equivalence of Outputs regime. eircom Wholesale has put in place a facility for other operators to query the ANRM for address information through the UG. If this query is not successful a manual process exists for operators to obtain the required information through Wholesale Customer Care.
3
Pre-Order - eircom Retail set up as two Operators on UG eircom Retail is set up as two operators on the UG which means they have in effect two different accesses into the UG (direct, and via ROC). By having two separate accesses onto the UG it means that eircom Retail has twice the number of simultaneous channels available than other operators do.
NGA WBA
The number of channels available to individual operators is more than adequate for NGA. The fact that eircom Retail has twice the number of channels available to them would only have an impact if there are situations where more than 10 orders are being processed absolutely simultaneously, which is very unlikely. When an operator submits more than 10 orders simultaneously a Policy Breach is issued to the operator to advise them accordingly. eircom Wholesale is monitoring the level of Policy Breaches due to operators exceeding the allowed number of simultaneous orders. If this becomes a problem they may increase the number of simultaneous orders available to all Operators.
Industry Update on eircom’s RGM August 2015
Confidential Page 61 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
4
Pre-Order - eircom Retail UG Data Contract Specific functionality has been developed on the UG to support Retail NGA. This functionality is only required for orders which are submitted via the legacy (ROC) stack and not required for orders submitted via Springboard. The functionality covers the following: Retail SOCs on UG RAP Order Types eircom Retail has a specific capability on UG NGA regulated order types to allow Retail select the relevant eircom Retail SOC associated with the service being ordered. UG passes the SOC across to TIS for billing purposes. Other Operators selects the appropriate Service Type when placing an NGA order on the UG. Capturing of Cease Reason This is an eircom Retail only field on UG and is not part of the Industry Data Contract. The cease reason will dictate whether or not a customer is billed in the context of an early cease and therefore this is essential functionality to ensure that the customer is correctly billed on TIS. Internal capability has been developed on UG to convert the Cease Reason into a Duty ID and it is the Duty ID which is passed to TIS. Early Cease Charges will be applied by TIS based on Duty ID as appropriate. Transfer of existing SOCs to new lines when migration customers This Retail specific functionality is not visible on the GUI front end as it is performed internally within UG. UG will only accept a single Retail SOC on the NGA order types. However, when a customer is migrating to ‘new line’ (e.g. Standalone NGA), there are possibly some ancillary SOCs (VoIP plans, handset rentals, etc.) associated with the old line which have to be transferred to the new line. UG will pass the existing ancillary SOCs to TIS to be added to the new line.
NGA WBA
The Wholesale Reforms Programme stated that eircom would not undertake any significant development on TIS to support NGA services and it is therefore it is not proposed to alter this Retail specific functionality on UG as it is related to billing on TIS. The alternative would be to undertake significant development on TIS and other systems (i.e. ROC).
5
Pre-Order - How WEILs connect to eircom Network WEILs connect directly to the NGN PE Node for eircom Retail Next Generation Broadband service, and to an Aggregation node for other Operators
NGA WBA
This is justified as eircom has a vertically integrated network and eircom has decided to implement the most efficient and effective network solution for Retail / White Label services. This architecture does not provide for any material differences in the functionality of the services and performance levels between Retail / White Label services and that which will be experienced by Wholesale Operators.
Industry Update on eircom’s RGM August 2015
Confidential Page 62 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
6
Pre-Order - Core Network Solutions for eircom Retail NGA Broadband The core network solution for the eircom Retail Next Generation Broadband service differs from the eircom Wholesale Next Generation Bitstream / VUA product. The eircom Retail service is built on an integrated network solution which includes subscriber management. The Unicast core network capability for the eircom Retail service is pre-configured as part of deployment of new NGN nodes to support NGA. This means that eircom Retail does not need to order Unicast per NGN Aggregation Node as other operators do. In addition it means that WEILs are not required by eircom Retail to handover Unicast Traffic.
NGA WBA
BPU are required by operators on a per exchange basis but are automatically in place for eircom Retail. This is justified as eircom has a vertically integrated network. The most efficient and effective technical design for the provision of the eircom Retail Next Generation Broadband service supported this functionality. When eircom Retail provides service to end users they do not have a second network to route their traffic instead they use the eircom network. Other operators route the Unicast traffic to their own networks via specific WEILs. As it is only the operator themselves that can determine which WEILs they would like to route their Unicast traffic to it would not be realistic for eircom to do it on their behalf. Instead eircom Wholesale has put in place a capability that PBUs per exchange are provisioned automatically on receipt on an order from an operator. Operators can submit PBU as soon as an exchange is part of the deployment plan. This ensures that operators are not disadvantaged and they have the flexibility to manage their service as they wish
7
Pre-Order - eircom White Label UG Data Contract The eircom Wholesale White Label NGA product provides operators with the ability to sell an end to end broadband service to customers without the need of having their own network. The product is built on the existing eircom Wholesale NGA Bitstream Plus product with additional capabilities developed on the UG to support business functions that other operators would carry out on their own systems.
NGA WBA
The functionality that has been built into the UG does not provide additional capability to eircom that is not already on the back end systems of other operators that provide services to end users based on the standard UG data contract. The specific developments allow White Label operators to manage the service they provide to their end users much the same as other operators who rely on the eircom Wholesale Bitstream Plus / VUA services. This service management includes end user authentication and authorisation etc.
8
Pre-Order - Core Network Solutions for eircom Wholesale NGA White Label The core network solution for the eircom Wholesale NGA White Label Bitstream Plus service differs from the eircom Wholesale Next Generation Bitstream / VUA products. Modified BPU – White Label Bitstream Plus Unicast, is the set-up of the Unicast VPLS and the connectivity between the NGN Aggregation Node and eircom’s WEIL. This connectivity need only be ordered per NGN Aggregation Node. Additional Access Nodes will be joined to each VPLS, by eircom, as the NGA Bitstream Plus footprint expands.
NGA WBA
eircom has a vertically integrated network. It is the most efficient and effective network solution. This configuration does not impact the performance of the services and similar levels of performance will be experienced.
Industry Update on eircom’s RGM August 2015
Confidential Page 63 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
9
Pre-Order - NGN Ethernet Quotation Tool eircom Retail has built their own quotation tool which ensures that the necessary margin squeeze test is passed with regard to the eircom Wholesale RAP inputs.
NGN Ethernet
Difference is not material. eircom Wholesale RAP provides a Quotation process to Operators whereby the Operator can request quotes for the WSEA service via the quotation tool (Web GUI). eircom Wholesale RAP will provide a quote with an indicative price, subject to full site survey, for the requested WSEA. eircom Wholesale MNS also use this quotation tool when inquiring about providing services to their customers.
10
Pre-Order - Desktop Survey - eircom Retail & eircom Wholesale MNS access eircom Retail and eircom Wholesale MNS submit orders for Desktop Survey requests directly to Access Networks.
NGN Ethernet
Difference is not material. eircom Wholesale RAP provides a Desktop survey process to Operators. The purpose of the Desktop Survey is to · Confirm that the exchange that the operator is quoting a price from, is the correct fibre exchange · Confirm, for placing an order, what is the correct location · Provide an indication of the additional charges that may arise Operators submit these requests to their Account Manager within eircom Wholesale. eircom Wholesale RAP submit these desktop survey requests to Access Networks to generate the responses required.
11
Pre-Order - Core Network Solutions for eircom Business NGN Ethernet services The eircom Business product is built on a vertically integrated network that sits on top of the eircom NGN. The eircom Business services require a physical access path to the end customer to be in place before the logical service is added.
NGN Ethernet
Difference is not material. The eircom Wholesale RAP NGN Ethernet products require a physical access path to the end customer to be in place before the logical service is added, the eircom Wholesale RAP product also requires the operator to have a WEIL installed.
12
Pre-Order Differences – LS v’s eC/B BB There is no pre-order information available for Line Share but there is Bitstream specific information available re rollout plans etc.
WPNIA This difference is not relevant for the WPNIA market.
13
Ordering - eircom Retail NGN Ethernet services, leased lines and PRAs eircom Business raise orders through manual order forms. These orders are entered manually on the Order management System (OMS) by CRC.
NGN Ethernet / Legacy Leased Lines
Difference is not material. Operators raise provisioning orders on the UG. These orders are entered manually on the Order management System (OMS) by WCCC. eircom MNS raise orders through manual order forms. These orders are entered manually on the Order management System (OMS) by WCCC
Industry Update on eircom’s RGM August 2015
Confidential Page 64 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
14
Ordering Differences - ULMP/GLUMP v’s eC/B PSTN When ordering PSTN from eircom Consumer through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will enter the customer’s credit details and will then select the required PSTN product, and this step also includes an option for the customer to express an interest in DSL.
WPNIA
Equivalent process available to operators. When ordering ULMP / GLUMP, the end customer will contact their Operator who will in turn contact eircom Wholesale. Providing that the customer is in a LLU exchange area, the Operator will then log a line enquiry on UG. In terms of UG categories, UG presents from ANRM and provides three options: 1. In-Situ (PUI order type) 2. Pre-pending / Pre-cabled (PUI order type) 3. Nil-cable / blank (PUS order type) With the Line Enquiry, if the customer is In-Situ, then the CSR will verify if the NTU is in place and if it is connected. If the customer is unsure, the CSR will assume it is not connected. This option is used to minimise failed EE's (Electronic Enablement). Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. The Operator can also decide to perform a Data Request for LLU (DRL). Subsequently the Operator can resubmit a line enquiry or can proceed with the order to gather the end customer details, arrange an appointment and submit the order to eircom. The order is accepted through UG.
15
Ordering Difference – LS v’s eC/B BB When ordering broadband from eircom Consumer for example through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide ADSL Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will check if the customer qualifies for broadband using eircom.net, eCom, or R6 Springboard (via UG). If the customer does qualify for broadband, the CSR will select the bundle and install type. If a self-install is available, and a modem is required, this will automatically be posted out to the customers address.
WPNIA
When ordering Line Share, the end customer will contact their Operator who will in turn contact eircom Wholesale. Providing that the customer is in a LLU exchange area, the Operator will then log a line enquiry on UG.Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. The Operator can also decide to request a Local Line Characteristic (LLC). This LLC step is generally not required for Line Share as the existing service is in-situ. The LLC order type on the Unified Gateway allows the Operator to submit a request utilising the UAN and CLI in order to run a detailed analysis of the line. The UG will initialise a test on the CLI and the completion notification will return various technical line characteristics based on the results of the test.
Industry Update on eircom’s RGM August 2015
Confidential Page 65 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
16
Ordering Difference – BS v’s eC/B BB when ordering broadband from eircom Consumer for example through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide ADSL Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will check if the customer qualifies for broadband using eircom.net, eCom, or R6 Springboard (via UG). If the customer does qualify for broadband, the CSR will select the bundle and install type. If a self-install is available, and a modem is required, this will automatically be posted out to the customers address.
WBA
When ordering Bitstream, the end customer will contact their Operator who will in turn contact eircom Wholesale. The Operator will outline and gather the mandatory information and identify the type of order required. The Operator will then enter the required information into UG. The Operator can request both a Pre-Qualification for Bitstream to be performed, and also a Data Request for Bitstream to be performed. Drop down menus on Operator version of UG will decide on suitable product. The Operator can then decide to end the enquiry or to proceed depending on the UG line enquiry results. If the Operator decides to proceed with the order and the order is a standard over PSTN, the Operator will select the Bitstream product they require and arrange an appointment at the exchange.
17
Ordering Difference – New Line PSTN v’s SB-WLR when ordering PSTN from eircom Consumer through the phone number 1901, the eircom Consumer CSR will log into eCom and select Provide Order. The CSR will search for the customers address in eCom. eCom uses Address Interface (AI) to lookup this address. Whilst the customer is still on the phone, the CSR will enter the customer’s credit details and will then select the required PSTN product
FACO
If a customer requests a new line, the Operator will submit a new line enquiry and based on the UG decision, the order will be accepted or rejected. If accepted, UG will return details with existing infrastructure such as the number of lines and whether these are in-situ or pre-cabled. In situ means that service was provided but has since been ceased, whereas pre-cabled means that cable exists but no service was ever provided. If the CSR selects “site visit required”, the LNN order can be selected even when the line enquiry returns LNI. If an appointment is required, the CSR schedules the appointment and submits the LNN order. UG will then validate both the LNN and LNI orders and the Operator will be notified of the outcome. If accepted, the order will flow through to provisioning. If rejected then the order is terminated. In the case of LNI orders, the Operator will receive the required CLI information.
Industry Update on eircom’s RGM August 2015
Confidential Page 66 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
18
Fault Reporting PSTN - eircom Retail In eircom Retail - on receipt of a call from a customer reporting a PSTN fault, the eircom agent will take the customer’s details and perform initial fault screening. The agent will then log a call in native FHS. The agent will test the line (LTS) - through FHS, and then diagnose a fault at front end and resolve where possible. If unable to resolve, they will assign the FHS ticket to the appropriate locker so an engineer can take ownership, and move the ticket on.
FACO
Wholesale Customer Fault Report arrives into the WCCC via UG / Phone Call or email, the UG performs an automated fault validation – (Check line test attempted; validate the info on the fault report form – Data Integrity). If a line test not attempted within the previous 60 minutes. Fault report is rejected. If test is attempted and validated the fault is then accepted. Fault is auto progressed in FHS. ISDN PRA– faults are Auto assigned to IPM via FHS. The following manual screening steps are performed by WCCC to establish where to assign the fault Check test results against report code/s ; Check Report History; Check Clear History; Check TIS for outstanding orders; Check Guide for Services; Check line Signatures. Based on the findings, the fault is assigned to the relevant locker so an engineer can take ownership, and move the ticket on.
19
Fault Reporting Broadband - eircom Retail On receipt of a call from a customer reporting a Broadband fault, the CRC agent will take the customer’s details and perform initial fault screening. The CRC agent will then log a call in native FHS and will test the line (LTS) - through FHS. If broadband on line, they will run a sync test. The agent will then complete Radius lookup which is the online ping test and authentication validation. Where possible, the CRC agent will diagnose a fault at front end and resolve where possible. If unable to resolve, they will assign the FHS ticket to the appropriate locker so an engineer can take ownership, and move the ticket on.
WBA
20
Fault Reporting - NGN Ethernet, Leased Lines For eircom Business Customers, an agent within the Customer Response Centre (CRC) must determine if the fault is proper to eircom. If the fault is proper to eircom, the CRC agent will log the fault either on FHS (for PRA Faults) or MIDAS (for all other LLL products).
NGN Ethenet / Legacy Leased Lines
For eircom Wholesale customers, the Other Operator must attempt to resolve the fault before submitting it to eircom. The eircom Wholesale RAP, eircom Wholesale MNS Fault Reporting processes differ slightly due to the fact that eircom Wholesale Customers may use the Unified Gateway to submit a fault as well as using phone or email. Other Operators log fault on UG which flows onto Midas/FHS or will contact the WCCC who will in turn log the fault on MIDAS or FHS, depending on the product.
21
Fault Escalations - eircom Retail If an escalation is required, eircom Consumer/Business contact networks directly for PSTN & Broadband fault and must follow the Service Assurance Fault Escalation (SAFE) process. When an escalation is raised in SAFE, eircom Works Control Centre (WCC) will check if the escalation is valid, and if so will accept the escalation. The WCC will then re-prioritise the workload, update the required works management system and assign to the Field. The Field Technician will then repair the fault report and update Advantex with the relevant clear code. eircom Consumer/Business will update their customer via phone or email when this process has ended. (Note eircom Retail can only escalate NGA Faults through the eircom Wholesale process)
FACO, WBA
If an operator wishes to escalate a fault they contact eircom Wholesale WCCC advising that an escalation is required, the WCCC must follow the same Service Assurance Fault Escalation (SAFE) process. The WCCC will then update the Operator via UG, email, and phone call.
Industry Update on eircom’s RGM August 2015
Confidential Page 67 of 106
Key Differences contained in the Statements of Compliance
Index Description of Issue Relevant Market
Justification
22
Provisioning Escalations - eircom Retail If an escalation is required, the Channel Support Services may contact networks directly - the National PCC team for assistance. The National PCC team will try to resolve the escalation so that provisioning can successfully be completed. eircom Retail will attempt to resolve the issue by contacting the Network resolver groups to get updates and to understand what is required to complete the order. (Note eircom Retail can only escalate NGA provides through the eircom Wholesale process)
FACO
If an escalation is required, operators contact WCCC who will attempt to resolve the issue by contacting the Network resolver groups to get updates and to understand what is required to complete the order. WCCC can also email the National Provision Control Centre (PCC) team who will try to resolve the escalation. If the issue is still not resolved, eircom Wholesale can engage with the Account Manager and Product Manager to ensure the order is successfully completed.
Table 11: Key Differences contained in the SoCs
Industry Update on eircom’s RGM August 2015
Confidential Page 68 of 106
6 Appendix 3 Update on Key Performance Indicators
Industry Update on eircom’s RGM August 2015
Confidential Page 69 of 106
Analysis of Key Performance Indicators (KPIs) 6.1
In June 2011 ComReg issued a Response to Consultation and Decision Notice (D05/11) directing eircom to
publish KPIs in a single place to enable explicit comparisons to be made between Wholesale outputs and the
equivalent inputs provided to eircom Retail. The purpose of this transparency was to provide an assurance to
consumers that the products and related services used by both eircom and other operators are of the same
standard. It would also reassure other operators that no discrimination in respect of eircom’s wholesale services
was occurring.
The first set of KPIs was published at the end of November 2011 covering eircom performance between July –
September 2011.
The products included in the KPI metrics are as follows:
Retail Narrowband Access Market - The products included are (i) SB-WLR, (ii) WLA and (iii) eircom’s
Retail PSTN product.
Wholesale Bitstream Access Market – The products to be included are (i) Wholesale DSL Services and
(ii) eircom Retail DSL service
Wholesale physical Network Infrastructure Access Market – The products included are (i) ULMP /
GLUMP Services and (ii) eircom Retail PSTN service and (iii) Line Share and (iv) eircom Retail DSL
service
Wholesale Terminating Segment of Wholesale Leased Lines Market – The products included are (i)
Wholesale provided traditional Leased Lines (ii) Wholesale provided NGN Ethernet Leased Lines and (iii)
eircom Retail provided traditional Leased Lines and (iv) eircom Retail provided NGN Ethernet Leased
Lines
NGA Wholesale Broadband Access Market - The products included are (i) Wholesale NGA Bitstream
Plus FTTC POTs based, (ii) Wholesale NGA Bitstream Plus Standalone and (ii) Wholesale NGA Bitstream
Plus FTTH – split between Downstream and other operators.
Review of the proposed metrics for each Market to determine:
Metrics associated with Supply of Services
o % connections in x days
o Average connection time
o Quality of supply
Metrics associated with Repair of Services
o % repairs in x days
o Average repair time
o Quality of repair
The analysis below covers the reporting period from July 2014 to December 2014.
Industry Update on eircom’s RGM August 2015
Confidential Page 70 of 106
6.1.1 SB-WLR v’s PSTN KPIs
Supply:
Figure 31: Supply KPIs for SB-WLR v’s PSTN
Repair:
Figure 32: Repair KPIs for SB-WLR v’s PSTN
Conclusion
The supply of SB-WLR exceeds PSTN for new connections that can be electronically enabled.
eircom Wholesale advised that because the volumes of new line connections for SB-WLR are low
compared to eircom Retail variations in the comparative performance between Downstream and
Operators can occur. In addition this performance is impacted by operator behaviour of a) selecting an
appointment date > 10 working days from order receipt; and b) re-appointing a significant volume of orders
Industry Update on eircom’s RGM August 2015
Confidential Page 71 of 106
to a date beyond that originally selected / provided on UG. Due to the time to manually re-appoint orders
(which include verification with the Operator) this extended the delivery time. Rollout of the combined new
line and new broadband (LNB) order will remove the requirement for manual appointment booking and
should reduce the overall supply time for operators.
The repair of SB-WLR faults exceeds the PSTN faults in 2 working days.
6.1.2 Bitstream (Wholesale) v’s Broadband (Downstream) KPIs
Supply:
Figure 33: Supply KPIs for Bitstream v’s Broadband
Repair:
Figure 34: Repair KPIs for Bitstream v’s Broadband
Industry Update on eircom’s RGM August 2015
Confidential Page 72 of 106
Conclusion
The supply of Bitstream matches Broadband for new connections that can be electronically enabled. An
issue arose in November ’14 when there were 61 Bitstream orders that were categorised as late. A sample
of these orders was investigated but no single root cause was identified. They all seemed to be systems
related where orders required manual intervention to progress. These range from Resolve the issue on
AMP and "set to auto processing", “Uncategorised error. “Consult Process Manual” and “This Account has
pending TIS Orders” etc.
The supply of Bitstream new connections matches new Broadband connections.
The repair of Bitstream faults in 2 working days is below the Broadband figure. eircom Wholesale advised
that as the volumes of faults are very low variations in the comparative performance between Downstream
and Operators can occur.
An analysis of in scope Broadband Fault Reports between July – September ’14 indicated a change in the
behaviour of retail customers in terms of time of faults logged. A higher proportion of retail faults were
logged after 5 pm in August and September than in July.
eircom Wholesale extended the hours of WCC from 8am – 10pm Monday – Sunday for screening of faults,
which started in mid-Nov ‘14. Previous WCC opening hours for screening of faults was 8am-8pm M-F,
9am - 5.30pm Saturday, Closed Sunday. WCC opening hours for dealing with Operator queries remains
8am-8pm M-F and 9am - 5.30pm Saturday. The small variation in performance in Nov ’14 may also have
been impacted by training of WCC staff required to manage screening of faults during these extended
opening hours. In addition the storm declarations in November ’14 had a greater statistical impact on
Bitstream faults than Broadband faults.
6.1.3 NGA Bitstream (Wholesale) v’s NGA Bitstream (Downstream) KPIs
Supply:
Figure 35: Supply KPIs for NGA Operators v’s Downstream
60.00%
70.00%
80.00%
90.00%
100.00%
Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14
NGA FTTC Standalone Appoints met by eircom
Downstream Operators
Industry Update on eircom’s RGM August 2015
Confidential Page 73 of 106
Repair:
Figure 36: Repair KPIs for NGA Operators v’s Downstream
Conclusion
The supply of NGA FTTC Bitstream POTs based and standalone for operators matches that of
Downstream. eircom Wholesale advised that as the volumes of faults are very low variations in the
comparative performance between Downstream and Operators can occur.
0.00%10.00%20.00%30.00%40.00%50.00%60.00%70.00%80.00%90.00%
100.00%
Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14
NGA FTTC Standalone based Fault Repair in 2 WDs
Downstream Operators
Industry Update on eircom’s RGM August 2015
Confidential Page 74 of 106
7 Appendix 4 Update on Generic Information Flows
Industry Update on eircom’s RGM August 2015
Confidential Page 75 of 106
Introduction 7.1
The security, classification and flow of Wholesale data within eircom, particularly Regulatory Access Products
(RAP) related data and Wholesale Customer Information, is a key element of the Wholesale Reforms programme
that eircom put in place to give improved standards and greater transparency to ComReg and Wholesale’s
customers on how eircom manages its non-discrimination obligations on a day to day basis.
eircom has implemented a programme to ensure that all Confidential Regulated Information and Confidential
Wholesale Customer Information retained by eircom in either structured or unstructured form is only disclosed in
compliance with the agreed Regulatory Governance Model designed to ensure compliance with eircom’s non-
discrimination obligations. The Information Flows Work stream is split into the following:
Structured Information Flows and
Unstructured Information Flows.
These are described in more detail below.
Structured Information Flow 7.2
The objective of the Structured Information Flow project was to review (from a data point of view) a list of eircom
systems that contained Confidential Regulated Information and Confidential Wholesale Customer Information
across all Markets. For systems reviewed, the existing controls were assessed to ensure that data access is
restricted to authorised user groups. Where gaps or risks were identified, controls or remediation were defined to
mitigate them. eircom engaged an external contractor Altion, to help deliver this element of the programme which
resulted in a Statement of Compliance being submitted to ComReg in September 2014.
7.2.1 Definition of the List of Systems
The full list of eircom/meteor systems is maintained by eircom Technology (TED & Networks). This master list of
336 systems was refined based on the following process:
Any system which does not contain Confidential Regulated Information or Wholesale Customer
Confidential Information was flagged. This reduced the list to 97.
Where the data manager of any system, specific to a technical area, verified that there was no
Businessunit access, the system was flagged. This reduced the list to 65 (verified). During the review it
was found that several systems from this set of 65 were duplicate, retired or used by specific groups in
IT/Networks. The full list of systems reviewed was thus 46.
7.2.2 Approach and Methodology
The system review was undertaken in stages with 2 pilot stages (with 3 and 6 systems respectively) followed by a
full phase review of remaining systems. The systems selected in the pilots were primarily systems used by larger
user groups. Additionally this involved selecting a combination of newer and older systems. The following key
parameters were used to review each system:
Data held in the system.
Different users and user groups who have access to the system.
Industry Update on eircom’s RGM August 2015
Confidential Page 76 of 106
Partitioning of the data across different users of the system.
Access Controls for a given system, i.e. how Access controls for a given system are defined and the policy
for handling staff members who leave the company or change groups within the company.
The following stakeholders within eircom were interviewed either face-to-face or by phone, with a set of questions
regarding data within a given system and user access to a system:
System Subject Matter Expert (SME)/System architect
System users from the different eircom groups listed in (include table reference here).
In certain cases several additional eircom staff members were contacted for specific queries. These included
systems administrators and managers who have access to users and user groups of systems. Where applicable,
user manuals and screenshots for systems were referenced and wherever possible, a formal script was used to
direct the discussion.
The table below lists different groups within eircom that have been reviewed from a data access point of view and
the definitions used to demarcate the groups.
Group Name Definition
Downstream Businesses
eircom Consumer eircom Consumer has been defined as the group consisting of all members within eircom Consumer excluding the CSR users who have access to a given system.
eircom Consumer CSRs
This group consists of the CSRs (sales & repair) within eircom Consumer who have access to a given system.
eircom Business eircom Business has been defined as the group consisting of all members within eircom Business excluding the CSR users who have access to a given system.
eircom Business CSRs
This group consists of the CSRs (sales & repair) within eircom Business who have access to a given system.
eircom Wholesale MNS
eircom Wholesale MNS has been defined as the group consisting of all members within eircom Wholesale MNS & Business Development Key Accounts
eircom Wholesale Sales & Marketing
This team consists of Sales and Marketing staff of eircom Wholesale (MNS & RAP) and includes Account Managers who would have access to all Wholesale products.
eircom WCS eircom WCS has been defined as the group consisting of all members within eircom Wholesale Customer Service excluding the CSR users who have access to given systems.
eircom WCS CSRs This group consists of the CSRs (provisioning & repair) within the eircom Wholesale Business Unit who handle both eircom Wholesale RAP and Downstream Businesses orders/faults.
eircom Wholesale RAP eircom Wholesale RAP has been defined as the group consisting of Product Managers and Programme Managers within the eircom Wholesale RAP group.
eircom TED and Networks This group consists of members of eircom TED and eircom Networks groups.
eircom Central Services This includes the members of Central Services, Regulatory and Public Affairs, Finance, HR, Programme Execution
Wholesale Customers This includes all the OAOs/Service Providers who form the customer base of eircom Wholesale.
Table 12: List of Groups for the Systems Review project
Industry Update on eircom’s RGM August 2015
Confidential Page 77 of 106
The table below lists the various data categories to which the different users would have access.
Data category name Definition
Confidential Wholesale Customer
Any customer-specific information related to the customers of eircom Wholesale RAP.
Confidential Regulated
This information consists of regulated data that is not public/not yet public such as : RAP strategies and plans Network build and network information Unpublished Product or Infrastructure Information e.g. product descriptions, design specifications, prices, SLAs, roadmaps Unpublished Network/Infrastructural Information regarding RAP products e.g. NGN Nodes, NGA Cabinets Unpublished Network Performance Information e.g. aggregated fault/provisioning data Unpublished Network Strategic/Implementation Plans Unpublished Network utilisation that feeds into Pricing Models Unpublished Information on how new technology applies to eircom’s fixed network
Table 13: List of Data Categories for the System Review project
The identification of risks was undertaken using the following table which lists different user groups and the data
categories they can access. Here, the shaded cells indicate no risk present regardless of whether or not the user
has access to the system. For each system hereafter, an un-shaded cell with a ‘Yes’ means a risk has been
identified - unless it is qualified with a comment.
Group accessing data ↓ Has access to the following data categories
Group Name Customers of Downstream Businesses
Customers of eircom Wholesale RAP
eircom Confidential Regulated Data
eircom Downstream Businesses No Risk If Yes, this is a Risk If Yes, this is a Risk
eircom Wholesale RAP & WCS
No Risk No Risk No Risk
eircom TED & Networks No Risk No Risk No Risk
eircom Central Services No Risk No Risk No Risk
Wholesale Customers If Yes, this is a Risk if they can view data of other customers
If Yes, this is a Risk if they can view data of other customers
If Yes, this is a Risk
Table 14: List of Risk Definitions for the System Review project
In the above table “Yes” implies user groups shown in the first column have access to the data belonging to other
groups shown in the other columns.
7.2.3 Identification of Risks
The key access risks identified through this review was that users could have or get inappropriate access to
Confidential Regulated Information or Wholesale Customer Information on eircom’s systems. This could be caused
by:
Existing users, already having inappropriate access rights to a given system.
Industry Update on eircom’s RGM August 2015
Confidential Page 78 of 106
New users, requesting access to a system being provided inappropriate access rights;
Existing users, having changed employment role or group within eircom, to one no longer requiring access
or no longer requiring the same level of access to a system, or,
Existing users, having ceased employment with eircom retaining their access profile to a system.
The table of all risks is included below:
Risk No. Description
SYS_Risk_001 There is a risk with user groups and user access across all systems whereby existing users may have inappropriate access rights to a given system.
SYS _Risk_002 There is a risk associated with user access across all systems with regard to inappropriate access rights given or maintained under the following circumstances: New staff requesting access to the system being assigned incorrect access rights. Access rights for a person changing roles in the company is not appropriately modified. Access rights for a person leaving the company is not revoked.
SYS_Risk_003 There is a risk that certain unauthorised users may gain access to the following systems because currently SAM is not used as the process for obtaining access to all systems.
SYS_Risk_004 There is a risk that where systems have Wholesale-Retail segregation, the level of segregation may not be accurate. From the analysis carried out in this study, this risk is deemed to be low. However, it was not possible to study this in detail as part of this analysis.
SYS_Risk_006 There is a risk that Wholesale MNS users could access Wholesale Customer information on some systems.
SYS_Risk_007 There is a risk that eircom Retail staff could access data of Wholesale customers on some systems, that eircom Wholesale MNS could access Wholesale Regulated information on some system and that eircom Retail could access Wholesale Regulated information on some systems.
Table 15: List of Risks Identified in System Review project
7.2.4 Identification of Controls
The key access controls identified through this review were as follows:
Business Access Review Process (BAR)
Systems logical access controls Business Access Review (BAR) and Segregation of Duties (SOD).
Management ensure that only authorised access is granted to applications and data by authenticating a
user’s identity and access profile. In order to properly restrict access to applications and data three
security elements are applied: identity/authentication, access rights and system configuration.
Identity/authentication and access rights are administered by reference to business area requirements and
responsibility for control rests with the system owner. System configuration is controlled by an independent
systems administrator and inbuilt application protocols.
The joiners, movers and leavers process manages access right changes as they arise. The Business
Access Review (BAR) is a cyclical process where business owners of systems and underlying data review
actual access based on systems outputs and confirm that individual user access is appropriate.
Segregation of Duties (SOD) is an extension of the BAR process where the business owner reviews and
confirms that the level of access (functionality) is appropriate for individual users.
System for Access Management (SAM)
The SAM, (System for Access Management) process in eircom is used to provide a formal record of
application, approval and completion of access requests to a list of specific systems in the eircom estate.
Industry Update on eircom’s RGM August 2015
Confidential Page 79 of 106
The SAM application has a web based GUI where employees or contractors apply for access to specific
systems. In addition to the system, the applicant has to select the profile they require from a predefined
list.
Each request goes through a level of line management approval and a Delegated Authority (for System
Owner) approval, before the request is passed to the relevant Sys Admin role.
Managers and Delegated Authorities are notified by email through the SAM workflow, and they approve
via a web GUI which is accessed by a link in the mail. All approver access to SAM is password controlled.
If a request is rejected at any stage in SAM, the applicant is informed, and that request goes no further.
SAM is also used for removing access for people who leave the organisation, or change roles.
Users changing groups
When staff moves from one role to another within the company, the “Who Works Where” process is
invoked. This involves the Donating Manager initiating the transfer online, and then the Receiving
Manager accepts the employee and completes the transfer process. In addition to the transfer, it is the
responsibility of the Donating Manager to remove all access of the employee to various systems relevant
to the old role. This is processed via SAM.
Users leaving the organisation
The Leavers’ Process is invoked when an employee or contractor status changes to an exit status on the
HR system. This process runs on a weekly basis and an email is generated and sent to Systems
Administrators requesting them to remove access for departing individuals.
The table below lists all controls for risks listed above.
Industry Update on eircom’s RGM August 2015
Confidential Page 80 of 106
Index Risk No.
Control Ref. No.
Owner Description Status Original Target Date
Target Date
1 SYS _Risk _001
SYS _CRM _001
eircom Wholesale / Networks
A review of all user groups on the system is undertaken to ensure only appropriate users have access to the system.
Open Apr ‘15
Jul ’15 (Following completion of SYS _CRM _002)
2 SYS _Risk _001
SYS _CRM _002
eircom TED
A User Access Review (also known as Business Access Review – BAR) of all systems is undertaken on a scheduled basis to ensure only appropriate users have access to the system, and that inappropriate access is revoked where identified.
Open Apr ‘15 Jul ‘15
3 SYS _Risk _002
SYS_ CRM _003
eircom TED
Company standard access approval (incl. joiners), movers and leaver’s processes are operated for all systems. A once off exercise is required to ensure that these controls are fully applied for all in scope systems.
Pending Close The company standard process for movers, joiners and leavers has been reviewed and is in place for all in scope systems (Awaiting Control Owner confirmation)
Apr ‘15 N/A
4 SYS _Risk _003
SYS _CRM _004
eircom Networks
The company-wide policy of using SAM as the process for obtaining access to a given system needs to be enforced for all systems.
Pending Close The original list of systems to be set up on SAM were: RTD, ASP, CIRCE, Dataplus, SAFE, infovista, CMS, ISIS Engine. RTD is now accessed via CNO Remedy which itself is set up on SAM. ISIS Engine doesn’t have a client which Users can request access to so SAM access to it is irrelevant. The other systems have been set up for access via SAM. (Awaiting Control Owner confirmation)
Dec ‘14 N/A
Industry Update on eircom’s RGM August 2015
Confidential Page 81 of 106
Index Risk No.
Control Ref. No.
Owner Description Status Original Target Date
Target Date
5 SYS _Risk _004
SYS _CRM _005
eircom Wholesale / Networks
A study to be carried out to confirm that data segregation in systems which already have Retail-Wholesale data segregation is accurate.
Open SYS_CRM_005_SAFE Pending Close (Awaiting Control Owner confirmation)
Dec ‘15 Dec ‘15
6 SYS _Risk _006
SYS_ CRM _007
eircom Wholesale / Networks
Systems development is required to further segregate Wholesale information in question into Wholesale MNS Customer information and Wholesale RAP Customer information and access to Confidential Regulated information to be restricted to users based on their user groups. A requirement to be raised through the eircom end-to-end solution delivery process to complete a detailed analysis to put in place a solution to segregate the data.
Open Dec ‘15 Dec ‘15
7 SYS _Risk _007
SYS _CRM _008
eircom Wholesale / Networks
Systems development is required to implement data segregation between eircom Customer/Business and eircom Wholesale groups. Further segregation of eircom Wholesale data into Wholesale MNS and Wholesale RAP to be implemented if Wholesale MNS continue to access the system. A requirement to be raised through the eircom end-to-end solution delivery process to complete a detailed analysis to put in place a solution to segregate the data.
Open SYS_CRM_008_ANRM & SYS_CRM_008_FIMS Pending Close (Awaiting Control Owner confirmation)
Dec ‘15 Dec ‘15
Table 16: List of Controls Identified in System Review project
7.2.5 System Stats
The majority of the controls for the System Reviews reside in Technology (TED & Networks) with a small
proportion sitting in eircom Wholesale (RAP & WCS). This is consistent with the fact the vast majority of these
systems are owned, managed and supported by Technology.
Industry Update on eircom’s RGM August 2015
Confidential Page 82 of 106
Business Owner SYS_CRM _001
SYS_CRM _002
SYS_CRM _003
SYS_CRM _004
SYS_CRM _005
SYS_CRM _007
SYS_CRM _008
Total
eircom Wholesale -RAP 6 0 0 0 4 1 0 11
eircom Wholesale - WCCC 2 0 0 0 0 0 0 2
eircom TED -CTO 0 1 1 0 0 0 0 2
eircom Networks- Design 9 0 0 0 0 0 3 12
eircom Networks- FAO 17 0 0 2 3 0 5 27
eircom Networks – Service Management
13 0 0 5 7 3 1 29
Grand Total 47 1 1* 7* 14** 4 9*** 83
Table 17: List of System Controls* per Business Owner
* SYS_CRM_003, SYS_CRM_004 Pending Close (Awaiting Control Owner confirmation)
** SYS_CRM_005_SAFE Pending Close (Awaiting Control Owner confirmation)
*** SYS_CRM_008_ANRM and SYS_CRM_008_FIMS Pending Close (Awaiting Control Owner confirmation)
Unstructured Information Flows 7.3
Unstructured Information Flows relates to the controls that are in place to protect and keep secure Confidential
Wholesale Customer Information and Confidential Regulated information that is contained in reports, emails and
documents created within eircom. The main originator of this information is eircom Wholesale and TED &
Networks. This project was run in conjunction with TED. This element of the Wholesale Reforms Programme
contained the following key elements:
Enhanced Data classification
Data Handling Guidelines
Data Register
These are detailed below.
7.3.1 Enhanced Data Classification
All information within RAP should be classified Confidential Regulated with it potentially being declassified
to Public Regulated
Confidential Regulated - An example of this is the handling of restricted Regulatory Access Products
(RAP) related data in eircom Wholesale
Public Regulated - An example of this is Regulatory Access Products (RAP) related data that has been
approved for release to Industry Fora
In addition to this other wholesale information is classified as Confidential Wholesale Customer
Information
Industry Update on eircom’s RGM August 2015
Confidential Page 83 of 106
7.3.2 Data Handling Guidelines
Both physical media (e.g. each page) and logical representations must be marked ‘CONFIDENTIAL –
REGULATED ‘.
The front page of documents must be marked “Confidential – Regulated”
Word Documents must have the footer “Confidential – Regulated”
Excel spread-sheets must have the semi-transparent watermark “Confidential – Regulated”
Access to files held on systems or manual files must be restricted to authorised staff only
Access should be restricted on a “need to know” basis.
7.3.3 Data Register
RAP related data includes:
o The technical specification of a RAP service;
o The terms and conditions under which it is to be supplied;
o The capabilities of the network supporting the service and the timing of changes in network
functionality;
o To information about risks; to access to plans for, for example, NGA deployment.
The Critical Regulated Data Asset Register will be a structured database that includes:
o A description of the Data
o The identity of the Data Owner
o The location where the data is stored
o The Categorisation of the data (confidential regulated and public regulated)
7.3.4 Progress to date
Figure 37: Status of System Controls
2
3
2
Status of System Controls
Pending Close On-target Delayed
Industry Update on eircom’s RGM August 2015
Confidential Page 84 of 106
7.3.4.1 BAR
In terms of the BAR, the bulk of the Wholesale Systems are now scheduled for review in June 2015. Actioning of
responses from managers is likely to carry over into July. Some of the Wholesale Reform systems (where they
overlap with a separate project) have been BAR reviewed, but the Wholesale Reform specific check against
business units hasn’t been carried out and won’t be done until all of the Wholesale Reform systems reviews are
completed in June /July 2015.
7.3.4.2 Data Classification
Data Classification has been completed in eircom Wholesale and has been rolled out across TED & Networks to
ensure all relevant documentation is classified either as Confidential Regulated or Confidential Wholesale
Customer Information.
The flow of RAP information is now subject to strict rules about who can request Confidential Regulated
Information and how they can request it. eircom's downstream businesses are treated like other operators when it
comes to requesting new information from RAP. The eircom Wholesale Account Management process requests
directly from all parties and submit them to RAP (through RAP Change Request Process) for their consideration. In
addition downstream businesses and other operators can request new RAP information through the ComReg led
industry fora.
Unpublished RAP information needs to be classified as “Confidential – Regulated” and kept safe, secure and
separate from eircom’s Downstream Businesses. This information can be shared outside of eircom Wholesale
RAP only where there is a legitimate need, such as people in Technology may need and be given information
relating to RAP products and services in order to support eircom Wholesale’s RAP unit with product development.
In such cases care needs to be taken. eircom Wholesale RAP must ensure that when restricted RAP information is
shared it is labelled correctly and those receiving know its nature and what they can and cannot do with it. Those
receiving this information must ensure it is not shared with eircom’s Downstream Businesses or with any other
sub-set of eircom Wholesale’s.
Conclusions 7.4
The security, classification and flow of Wholesale data within eircom, particularly Confidential Regulated
Information related data and Confidential Wholesale Customer Information, is critical to putting a robust
Regulatory Governance model in place. It is seen as a key element of the Wholesale Reforms programme that
eircom has put in place to give improved standards and greater transparency to ComReg and Wholesale’s
customers on how eircom manages its non-discrimination obligations on a day to day basis.
eircom has now implemented the programme to ensure that all Confidential Regulated Information and
Confidential Wholesale Customer Information retained by eircom in either structured or unstructured form is
only disclosed in compliance with the agreed Regulatory Governance Model designed to ensure compliance
with eircom’s non-discrimination obligations.
Industry Update on eircom’s RGM August 2015
Confidential Page 85 of 106
The Structured Information Flows workstream has identified 6 generic risks where non-discrimination could
take place and 7 generic controls to mitigate these risks. Progress is taking place to close out the risks
identified. A number of system fixes (awaiting formal signoff of Control Owner) have been completed with
more scheduled for June, August and December 2015. This good work needs to continue to ensure the
remaining controls are completed in a reasonable time to reduce the risk of eircom breaching its non-
discriminatory obligations.
The Unstructured Information Flow work stream has put in place a framework to allow staff to identify when
they are creating documentation relating to Confidential Regulated Information and Confidential Wholesale
Customer Information, to mark it appropriately and to distribute it according to strict business rules. Regular
briefings on this framework should be provided to existing and new staff to ensure that it is being followed in all
circumstances.
Industry Update on eircom’s RGM August 2015
Confidential Page 86 of 106
8 Appendix 5 Update on Internal Compliance Reviews/Investigations
Industry Update on eircom’s RGM August 2015
Confidential Page 87 of 106
Introduction 8.1
This section provides an update on Internal Compliance Reviews and Investigations initiated by C&E together with
investigations arising from Wholesale Customer Complaints
Compliance Reviews 8.2
8.2.1 Compliance Review – Change Control
As part of our Regulatory Governance Model C&E carries our internal Compliance Reviews regarding the
operation of the controls included in the SoCs sent to ComReg which cover the following areas of operation:
Change Control
Pre-Order/Ordering
Provisioning
Fault Reports/Repair
For this reporting period C&E has carried out a compliance review of Change Control - see Annex 1 to this report.
It is planned to cover the remaining controls in the next Report to Industry.
Whistle-blower 8.3
Under the Code employees are advised of the various channels in which they may raise issues including through
the Whistle-blower process. To-date no issues have been raised under this process.
Industry Update on eircom’s RGM August 2015
Confidential Page 88 of 106
Open C&E Internal Compliance Reviews/ Investigations 8.4
Index Date Opened
Description of Issue Owner Status Date Closed
1 Sept -14 Complaint from another operator in relation to alleged comments made by an eircom technician
eircom Networks
Under investigation. Additional information requested from operator but was not provided so investigation could not proceed
Closed Dec 2015
2 Sep-14
Compliance review of Customer Mandate Programme. The overall objective of the Customer Mandate Programme was to deliver a better customer experience across Billing, First Contact Resolution and Installations
eircom Customer Operations
Review completed and recommendations implemented to ensure compliance with our SoCs
Closed Mar 2015
3 Oct-14 Compliance reviews to test SoC re Change Control
All BUs Report issued in April 2015. See Annex 1 to this report
Open
4 Nov -14 Compliance Review of Fault Programme eircom Wholesale
Review completed and recommendations issued to BU in respect of using an MNS project management resource in an upstream activity -Nov 2014. Awaiting action from BU to remedy issue
Open
5 Feb 2015
Proposal to locate Business Operations within the eircom Central Finance Function. The overall objective of the Business Operations Proposal is to deliver a better end to end experience for all customers including Wholesale Customers. A key enabler for this is to set up a dedicated Programme Management team led by a Senior Manager under Business Operations
eircom Central Finance
Review completed and recommendations implemented- March 2015. Business Operations to be located in upstream business (eircom Wholesale)
Closed
Table 18: List of Open and Closed C&E Internal Reviews and Investigations
Conclusions 8.5
It is essential that when C&E, through internal Compliance Reviews/Investigations, identify remediation measures
that these are completed in a reasonable time period.
Industry Update on eircom’s RGM August 2015
Confidential Page 89 of 106
9 Annex 1: Compliance Review of Change Control
Industry Update on eircom’s RGM August 2015
Confidential Page 90 of 106
Introduction 9.1
eircom is required to submit Statements of Compliance (SoCs) to ComReg in respect of its non- discrimination
obligation in the Regulated Markets under its Regulatory Governance Model. To develop these SoC’s eircom
undertook detailed reviews of its business processes used to deliver NGA, NGN and current generation Services
to eircom’s downstream operations and to eircom Wholesale’s customers. The purpose of these reviews was to
identify any risks of non-compliance with eircom’s non-discrimination obligations. Where risks were identified,
controls were developed to mitigate against the risk of non-compliance. These controls have been recorded in a
Risk and Control Matrix (RACM) and are signed off by the relevant Senior Managers who have overall
responsibility to ensure that the controls in their area operate effectively.
In addition eircom has committed to carrying out Compliance Reviews and Audits of the operation of the Risk and
Control Metrics (RACM’s), the outputs of which will be reported to the Wholesale Reforms Committee of the Board
and to ComReg bi-annually. The Compliance and Equivalence (C&E) Unit will undertake Deep Dive Compliance
Reviews in selected areas on an on-going basis.
The objective of the Compliance Reviews is to confirm that the controls put in place to ensure non-discrimination
operated effectively during the period under review and that the controls are most likely to have prevented the
potential issues of non-compliance that arose previously.
Scope 9.2
This review is focussed on Regulated Access Product (RAP) Change Control i.e. the processes used by eircom to
develop products requiring changes to eircom Wholesale Regulated Access Products. These processes have 55
controls in place to ensure that:
All requests for new RAP products or changes to existing RAP products are assessed and a determination
is made whether a RAP development is required or not.
Where a RAP development is required then the downstream products cannot launch until the RAP
component is already launched
RAP information about new developments or changes to existing RAP product is not provided to a
downstream business in advance of it being made available to all operators
When a downstream business has a requirement to develop a new product or amend an existing product they can
discuss their requirement with Regulatory Operations to determine if it is clearly outside the regulated space. If the
change or new product is clearly outside the regulated space then the business unit can proceed to develop their
requirement otherwise they are advised to submit their requirement to the eircom Wholesale RAP Change
Request process.
eircom uses the following processes to manage its non-discrimination obligations.
RAP Change Requests
RAP PDC
TED E2E & Work Requests
Industry Update on eircom’s RGM August 2015
Confidential Page 91 of 106
Downstream Business PDC
Downstream Tenders and Contracts
The period under review is July- September 2014.
The Quarterly Self Certification process was outside the scope of this review.
Approach/Methodology 9.3
i. Review of RAP Change Request Process
C&E walk through of Change Control Process and Evidence Logs with RAP Change Process
Manager and RAP PDC PMO
Review of new Change Requests logged on the Change Control log for the period July – Sept 2014
and how these requests progressed through the end to end process. Included was a review of the
following:
Rationale for decisions to accept/ reject change requests
Evidence retained to support decisions
Notifications of decisions issued
Supporting documentation retained
Equivalence Reports issued
Reports on instances where controls did not operate
Supporting documentation for issues reported and remediation measures taken
Metrics in relation to change requests
Minutes of meetings
ii. Review of the operation of RAP PDC controls
iii. C&E walk through of Evidence Logs with Control Executors for Networks, TED and downstream
businesses to review the following:
Log of requests submitted to TED, End to End (E2E) & Work Requests (WR) Processes
and Downstream Business PDC’s
Evidence retained by the business areas to demonstrate that controls had operated during
the review period
Regulatory advice used to determine whether requests needed to follow the RAP Change
Request Process
Change requests that could have bypassed the Change Control Process
iv. Determine if controls reviewed would have prevented potential issues of non-compliance that had arisen
previously
Industry Update on eircom’s RGM August 2015
Confidential Page 92 of 106
Wholesale RAP – Review of Evidence of Control 9.4
9.4.1 Findings
i. 5 out of the 11 controls in place operated effectively during the period under review.
i. There were 22 Change Requests logged on the Change Request Log in the period under review:
A log of all new requests and supporting documentation submitted to RAP Change Process was
maintained
Customer Requirements Capture Group meetings were held to consider RAP Change requests
logged and their outputs recorded
Evidence of Control as per RACM
i. eircom Wholesale RAP record metrics on a Regulated Access Product / Regulatory Market basis for requests for Changes to RAP products to demonstrate non-discriminatory behaviour. Metrics, emails and reports are stored centrally on the shared drive and contain
• the Product Change request log, • the quarterly report demonstrating the output and • the relevant support material of Customer Requirements Capture document • the Customer Response Document and • internal emails confirming that the report has been reviewed by Director of Regulated Access Products
Equivalence Issue Reports issued to [email protected]
A log is being maintained of requests submitted for a decision on whether the development of a RAP is required or utilises a RAP input
ii. eircom Wholesale RAP PDC Project Management Office record and maintain metrics of RAP Projects eligible for PDC in a tracker (Excel worksheet). A quarterly report is produced based on the tracker data to highlight: • RAP Project notified to ComReg prior to DP3 approval • RAP Projects launched prior to DP5 approval • RAP Projects launched with RAP PDC approval Summary reports and acknowledgement email from RAP Director are stored centrally on SharePoint.
iii. eircom Wholesale RAP PDC PMO record and maintain metrics of PDC Projects. A quarterly report is sent to Director of Regulated Access Products. The report and email from the Director are stored centrally on PDC sharepoint site.
iv. Minutes of Wholesale Management Team meeting to record departure of eircom Wholesale MNS Director prior to RAP issues being discussed are stored.
Industry Update on eircom’s RGM August 2015
Confidential Page 93 of 106
In 19 of the 22 requests the rationale for decision to accept or reject was correct from a regulatory
perspective
In the other 3 cases the records did not support the decision taken or the basis for the decision
was unclear. It was noted that in some cases meetings were held or emails exchanged to provide
clarifications on the proposals before reaching a final decision. Additional information provided to
support the decisions was not recorded within the RAP Change Process. There is currently no
requirement to retain this additional information. The cases in question were as follows:
ID 54 – Request to add Additional information to wholesale roll out plan. The rationale for
the recommendation to accept was on the basis that it was for information purposes only.
This request appears to be for a RAP change and accordingly the purposes for which it
was being provided should not be caveated
ID 55 – E-Line. This request was rejected on the basis that the CES Device for
performance monitoring of the IP Traffic is not considered to be part of the regulated
market. It was not clear from the requirements document submitted that performance
monitoring was the purpose for which the device was required.
ID 71 – NGN Ethernet Performance Reporting. This request was rejected on the basis that
Wholesale does not sell products to eircom Business with Master Plan Plus SLA. As the
Ethernet metrics form part of the RAP the decision to accept/reject this request should
have been based on whether this information should be made available to all operators.
Out of 12 change requests that were accepted 10 are considered to be RAP changes and should
therefore have been submitted to RAP PDC. None of these appeared on the PDC tracker at the
time of the review. Failure to log change requests with RAP PDC could result in (a) products being
launched either without proper notifications to ComReg (b) publications requirements not being
met in contravention of eircom’s transparency obligations or (c) RAP documentation not being
updated.
Reports on RAP metrics to demonstrate non-discriminatory behaviour were generated for review
and sign off, however, the reports in themselves are not conclusive. No evidence was retained of
the assessment of the metrics or any conclusions drawn. It was noted that the control does not
currently specify the metrics to be used.
There was no evidence found of the review by the Control Owner of the quarterly metrics report
that details requests raised, opened and closed for changes to RAP products for the period under
review
2 Change Requests although logged on the Change Request log followed the Inter-Operator
Process (SOR). In this process ‘Delivered’ has a different meaning to ‘Delivered’ in Change
Process, and may lead to confusion
In 13 cases Customer Requirement/Customer Response documents were not fully completed
e.g.no relevant market specified. However, this did not appear to adversely impact the final
decision to accept or reject the request
Industry Update on eircom’s RGM August 2015
Confidential Page 94 of 106
The change process requires that the party making the request is advised of the outcome.
Notifications to requestors were issued from the RAP Customer Requirements mailbox. In 2 cases
there was no evidence of Account Managers formally notifying the end customer
Notifications regarding acceptance or rejections of requests were not retained by the RAP Change
team in all cases due to automatic system deletion
Customer Requirements Capture Documents and Response Documents submitted varied in
format, which could result in relevant information being omitted. This was as a result of changes to
templates evolving as the process was being embedded
ii. Logs recorded the date when Product Managers or Account Managers log new requests in the RAP
Change log. There is no visibility of requests that may not get logged or where delays occur before being
logged
iii. Metrics of RAP PDC Projects notified to ComReg without DP3 approval and RAP Projects notified without
DP5 approval were maintained and reviewed. There were 2 projects out of 14 that were launched prior to
DP5 approval in the period under review. An explanation for each was recorded. It was noted that the
control does not currently specify an Equivalence Issues Report is required when an issue is identified in
the reports.
iv. The minutes of Wholesale Management Team meetings for the period do not record in most cases that
the MNS Director was absent when RAP issues were being discussed
9.4.2 Recommendations and Management Comments
i. The control should specify the RAP metrics analysis that needs to be undertaken to demonstrate that non-
discrimination behaviour did not occur. See Appendix 2 of the Compliance and Audit Report for examples
Wholesale Management comment: Agreed. To review and take this approach on board for future reports
ii. All change requests impacting RAP should be notified and logged on the RAP PDC tracker
Wholesale Management comment: Agreed and confirm that this process is now being applied
iii. When further information becomes available in the course of consideration of the change request the
Customer Requirement Capture Document (CRCD) submitted should be updated accordingly to support
the decisions to accept/reject requests. In the case of rejections, in particular, the rationale recorded for
the decision should include all pertinent information
Wholesale Management comment: Agree and confirm that this approach is now being applied
iv. Control evidence for NGA, NGN and Current Generation Access products should be consistent e.g. the
requirement for the generation of Equivalence Issue Reports where issues are identified should apply in all
markets. Controls should be updated accordingly
Wholesale Management comment: Agreed
v. The rationale for recommendations currently included in the Customer Response Document (CRD) should
be expanded to include a summary of what RAP understand the request to be and the basis for its
decision
Wholesale Management comment: Agreed
vi. CRCD’s should not be accepted unless fully completed
Wholesale Management comment: Agreed
Industry Update on eircom’s RGM August 2015
Confidential Page 95 of 106
vii. Updates to Roadmaps, which track the status of Change Requests, should be retained by the Change
Control process as evidence that Industry has been notified
Wholesale Management comment: Agreed. Currently a requirement but compliance will be re-enforced
going forward
viii. The metrics of how long it takes a change request to be processed end to end should start from the date
that the customer makes the request to Product Manager/Account Manager. Consideration should be
given to how the control can be amended to ensure that this information is captured and measured
Wholesale Management comment: To consider and update control as required
ix. All notifications of decisions by the Customer Requirements Capture Group regarding acceptance or
rejections of requests should be retained as evidence
Wholesale Management comment: Agreed. An IT issue with mailbox has been rectified and all
notifications are being retained
x. The Industry Inter Operator (SOR) process in relation to access requests to be aligned with RAP Change
Request Process
Wholesale Management comment: Agreed
xi. The minutes of all WMT meetings should formally record agenda items where the MNS Director was in
attendance.
Wholesale Management comment: The Control Owner agrees that the meeting minutes as recorded do
not in most cases record that eircom Wholesale MNS Director left the meeting room when RAP items were
discussed. However, to the best of his knowledge, the eircom Wholesale MNS Director was not generally
present in the room when specific RAP items were being discussed and when items relevant to RAP PDC
and RAP Commercial Review were being presented for approval. The recording of meeting minutes will be
reviewed to ensure that this control operates effectively.
Industry Update on eircom’s RGM August 2015
Confidential Page 96 of 106
TED - Review of Evidence of Control 9.5
Evidence of Control as per RACM
i. As output from the Ideation session, a list of submitted, approved and blocked requirements are documented and stored in the E2E portfolio planning library As output from the HLC close event, a list of all projects are recorded and two additional fields are recorded for each, i.e. does this request have a RAP impact? If yes, has RAP approval to proceed been sought and received? At the end of the Functional Design phase, the projects are summarised in the Man-days spread sheet. Two columns are added to record the updated answers to the two RAP questions. The answers to the two questions are stored on the GT Requirements log on Sharepoint for both submission and pre-Delivery
9.5.1 Findings
i. The 6 controls operated effectively during the period under review i.e.
Meetings with TED, RAP and Regulatory Operations to consider projects with potential RAP
impact took place
Logs of submitted, approved and blocked requirements were retained
The rationale for decisions taken in respect of projects impacted by RAP was correct from a
regulatory perspective
9.5.2 Recommendations
None
9.5.3 Management Comments
Noted
Industry Update on eircom’s RGM August 2015
Confidential Page 97 of 106
Networks– Review of Evidence of Control 9.6
9.6.1 Networks (Fixed Access Operations)
Evidence of Control as per RACM
i. Process Change Log maintained by Networks Head of Process.
9.6.1.1 Findings
i. The 2 controls in place did not operate effectively in the period under review i.e.
A Process Change Log was maintained and report issued to the Control Owner for review in the
period under review.
The Log recorded changes that had a RAP impact and where RAP approval had been received
A project (ID 3235) was not logged on the Change Request Log by the RAP Product Manager.
Failure to log a Change Request can result in eircom Wholesale RAP developing/changing its
products/processes without the necessary regulatory inputs (products / information / ComReg
approvals etc.) being in place.
Process changes not requiring IT development were not logged on the Process Change Log
9.6.1.2 Recommendations
i. All process changes with potential RAP implications, including those not requiring IT development,
should be submitted to the RAP Change Request Process
ii. Evidence should be retained by the Networks Control Executor that Networks process changes
impacting RAP have been recorded on the RAP Change Log
9.6.1.3 Management Comments
Agreed
9.6.2 Networks (Service Management)
Evidence of Control as per RACM i.
A Process Change Log maintained by each L2 in charge of the listed areas within Service Management (Networks).
• Incident & Event Management • Service Control • Service Management eBusiness & Consumer • Service Management Wholesale This Change Log can be found on centralised Sharepoint site
ii. On a quarterly basis, the Service Management (Networks) L2 Managers in charge of Incident & Event Management, Service Control, Service Management eBusiness &
Industry Update on eircom’s RGM August 2015
Confidential Page 98 of 106
Consumer and Service Management Wholesale review the reporting process for their area and create a report for the Director of Service Management (Networks). The Director of Service Management (Networks) signs off on a Statement of Compliance. The Statement of Compliance states that all reports containing RAP information are being sent to eircom Wholesale, for distribution to downstream businesses and OAO’s. Both the quarterly report and the Statement of Compliance documents are securely archived for three years on a centralised Sharepoint site
iii. Quarterly sign-off of a Statement of Compliance document by Director of Service Management (Networks). The Statement of Compliance states that :
(a) all Service Management (Networks) reports based on RAP inputs are being classified as RAP Confidential (b) Copies of Service Management (Networks) reports are being stored securely for a period of three years. (c) Service Management (Networks) documents are labelled to comply with eircom’s data classification policy. This report is stored on the Sharepoint site.
iv. On a quarterly basis, the Service Reporting and Support Manager reviews the reporting process and creates a report for the Head of Service Control. The Head of Service Control signs off on a Statement of Compliance. The Statement of Compliance states that all reports containing RAP information are being sent to an agreed email mailbox in Wholesale Customer Services, for distribution to downstream businesses. Both the quarterly report and the Statement of Compliance documents are securely archived for three years on the following Sharepoint site:
v. ( Quarterly sign-off of a Statement of Compliance document by Head of Service Control. The Statement of Compliance states that :
(a) all Service Control reports based on RAP inputs are being classified as RAP Confidential (b) all Service Control copies of the reports are being stored securely for a period of three years. (c) Service Control documents are labelled to comply with eircom’s data classification policy. This report is stored on a centralised Sharepoint site
vi. Process Change Log maintained by each L2 in charge of the listed areas within Service Control. This Change Log is stored on a centralised Sharepoint site
9.6.2.1 Findings
i. The 6 controls operated effectively in the period under review
ii. Equivalence Reports generated identified two new reports for remediation and were logged in Change
Requests process
9.6.2.2 Recommendations
None
Industry Update on eircom’s RGM August 2015
Confidential Page 99 of 106
9.6.2.3 Management Comments
Noted
eircom Consumer – Review of Evidence of Control 9.7
Evidence of Control as per RACM
i. eircom Consumer PDC Office maintains a log of relevant products brought through the
PDC process. For these products a quarterly report identifies:
• Products that received PDC approval after launch
• Products launched with Consumer PDC3 approval.
This report and acknowledgement email from Director of TV & Fixed is stored centrally
ii. All requests for new reports from eircom Consumer Product Management are stored on
Sharepoint
iii. The minutes of the eircom Consumer PDC contain records of all confirmed approvals to
launch. These minutes are stored on Sharepoint
9.7.1 Findings
i. 2 out of the 3 controls did not operate effectively in the period under review i.e.
A record of PDC approvals obtained was maintained
Reports for Consumer Projects that launched prior to PDC3 approval were not generated for
review and sign off by Control Owner
No evidence of quarterly reports for new performance reports being submitted to Control Owner
for review even though a request for a new report was submitted during the period
9.7.2 Recommendations
i. Quarterly Reports for Consumer Projects that launched prior to PDC3 approval should be sent to
Control Owner for review and sign off. Associated Reports and sign offs should be stored centrally on
Sharepoint
ii. Quarterly reports for new performance reports should be prepared and submitted to Control Owner
each quarter for review and sign off. Associated Reports and sign offs should be stored centrally on
Sharepoint
9.7.3 Management Comments
Reports in question will be generated for review and sign off by Control Owner going forward
Industry Update on eircom’s RGM August 2015
Confidential Page 100 of 106
Consumer Customer Operations – Review of Evidence of Control 9.8
Evidence of Control as per RACM
i. All requests for new reports from eircom Consumer Customer Operations are stored on
Sharepoint
9.8.1 Findings
i. The control did not operate in period under review i.e. no evidence could be found of a log of new
requests for network performance reports being maintained on Sharepoint site. The Control Owner is
no longer with the company and name of Control Executor was not contained in the Risk and Control
matrix (RACM).
9.8.2 Recommendations
i. Control should operate going forward.
ii. Names of current Control Owner and Control Executor to be included in RACM
9.8.3 Management Comments
Recommendations agreed
Industry Update on eircom’s RGM August 2015
Confidential Page 101 of 106
eircom Business– Review of Evidence of Control 9.9
9.9.1 eircom Business (SME Market)
Evidence of Control as per RACM i.
Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.
9.9.1.1 Findings
i. The 3 controls in place did not operate effectively in the period under review i.e. Reports on “non-
standard” contracts for SME Markets were being generated for review by Control Owner but no
associated emails/records verifying that the report had been reviewed
9.9.1.2 Recommendations
i. The Control Executor should send an email/alert on a quarterly basis to Control Owner outlining
that the “non-standard” contract report is available for review and sign off. Sign off by Control
Owner to be stored centrally on Sharepoint
9.9.1.3 Management Comments
Findings understood. The controls are implemented and achieving the desired outcome by ensuring we
are adhering to RAP guidelines and controls. Noted that the email/alert to be activated and stored to be
implemented.
9.9.2 eircom Business (Enterprise Market)
Evidence of Control as per RACM i.
Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.
9.9.2.1 Findings
i. The 3 controls did not operate effectively in the period under review i.e. no evidence found of reports
on “non-standard” contracts for Enterprise Market or associated emails verifying that the report had
been reviewed by Control Owner. Reports should indicate that Regulatory and RAP approval has
been obtained for non-standard contracts
9.9.2.2 Recommendations
i. Reports on “non-standard” contracts for Enterprise Market (i.e. where non-standard product included
in the contract has not been through the eB PDC) together with associated emails verifying that the
reports have been reviewed should be generated every 3 months. These Reports should indicate that
Industry Update on eircom’s RGM August 2015
Confidential Page 102 of 106
Regulatory and RAP approvals have been received. Reports, emails, RAP and regulatory approvals
should be stored centrally. If no such contracts arise in a quarter a nil report should be generated,
reviewed and signed off.
9.9.2.3 Management Comments
Recommendations agreed
9.9.3 eircom Business (Design and Pre-Sales)
Evidence of Control as per RACM
i. The decisions identifying “non-standard” bids are made at each of the Pre-sales and Design bimonthly meetings are recorded in minutes, and these are available, together with the report and associated email verifying that the report has been reviewed and the results are acceptable are stored on a centralised Sharepoint site
ii. The control executor submits a report to the control owner for review and signoff. The report and signoff emails are stored. This report is created from information stored on Salesforce. It contains a list of all opportunities containing eircom Business services that are connected to the fixed network (i.e. based on RAP products) that also contain “non-standard” elements (i.e. that have not been through the PDC). It also contains a “status” to show that these opportunities do not make it through to an active stage (and are either cancelled or abandoned) until they have been approved through the RAP Change Control process.
9.9.3.1 Findings
i. The 3 controls did not operate effectively in the period under review i.e.
The output of the Pre-sales and Design bimonthly meetings did not record “non-standard” bids
that were identified in the period under review
The control procedure requires that where a solution that includes a non-standard product is
proposed, sign-off by both Regulatory and RAP is required. The Report on “non-standard bids” did
not indicate if approval had been received from Regulatory Operations or the RAP Change Control
Process.
No evidence found of reports on “non-standard” bids being submitted to the Control Owner for
review and sign off or signoff emails being stored
9.9.3.2 Recommendations
i. The outputs of Pre-sales and Design bimonthly meetings should record where decisions identifying
“non-standard” bids are taken
ii. Controls in respect of Reports on “non-standard” bids should indicate whether approval has been
received from Regulatory Operations or RAP Change Request Process
Industry Update on eircom’s RGM August 2015
Confidential Page 103 of 106
iii. Quarterly Reports on “non-standard” bids should be generated for review and signed off by Control
Owner and evidence stored on Salesforce
9.9.3.3 Management Comments
Remedial action has been initiated on foot of the findings and the proposed changes are being reviewed for sign off.
9.9.4 eircom Business (Products & Programmes)
Evidence of Control as per RACM i. The minutes of the eircom Business PDC contain records of all confirmed approvals to launch. These minutes are stored on a centralised Sharepoint site eircom Business PDC Office maintains a log of relevant Products brought through the PDC process. For these Products a quarterly report will identify: • NGA Products that received PDC approval after launch • NGA Products launched with Business PDC3 approval. This report and acknowledgement email from Director of Business Products will be stored on a centralised Sharepoint site
ii. All requests for new reports from eircom Business Products and Programmes are stored on a centralised Sharepoint site
9.9.4.1 Findings
i. The 5 controls operated effectively in the period under review
9.9.4.2 Recommendations
i. None
9.9.4.3 Management Comments
Noted
9.9.5 eircom Business (Assure & Customer Service)
Evidence of Control as per RACM i.
All requests for new reports from eircom Business are stored on a centralised Sharepoint site
Industry Update on eircom’s RGM August 2015
Confidential Page 104 of 106
9.9.5.1 Findings
i. The 2 Controls did not operate effectively in the period under review i.e. no evidence found of reports
on new performance requests being generated for review and sign off by Control Owner.
9.9.5.2 Recommendations
i. Quarterly Reports on new performance requests should be generated for review and sign off by
Control Owner. Verifying emails to be retained and stored centrally. Where no new requests for
reports arise in the quarter a nil report should be generated and signed off by Control Owner
9.9.5.3 Management Comments
The findings and recommendations above are accepted, these controls were not executed as it was
wrongly understood that they were being operated by the Product & Programme area, remediation will be
put in place immediately.
Wholesale MNS – Review of Evidence of Control 9.10
Evidence of Control as per RACM i.
eircom Wholesale MNS PDC Project Management Office record and maintain metrics of MNS Projects eligible for MNS PDC in a tracker (Excel worksheet). A quarterly report is produced based on the tracker data to highlight: • MNS Projects launched with MNS PDC approval • MNS Projects launched prior to DP5 approval Summary reports and acknowledgement emails from Director of Managed Network Services are stored centrally on SharePoint.
ii. The decisions made at each meeting of the Wholesale Management Team meetings in relation to non-standard solutions are recorded in minutes, and these are available, together with the report and associated email verifying that the report has been reviewed and the results are acceptable.
iii. Where a solution that includes a non-standard product is proposed a report is generated every three months for review and sign off by Control Owner
iv. Reports on “non-standard” contracts and associated emails verifying that the report has been reviewed are stored on a Sharepoint site.
v. All requests for new performance reports from eircom Wholesale MNS are stored centrally
9.10.1 Findings
i. 7 out of the 10 controls operated effectively in the period under review i.e.
MNS PDC log of MNS projects and Minutes maintained showing attendance by RAP and
Regulatory Operations representatives
Industry Update on eircom’s RGM August 2015
Confidential Page 105 of 106
The MNS PDC Report indicated that no MNS projects were launched in the period prior to
receiving DP5 approval and the report was reviewed by Control Owner
A log of standard and non-standard bids was maintained. However, no evidence was found of
associated emails verifying that the quarterly report on non-standard bids had been circulated for
review and signed off by Control Owner at the time
2 bids with non- standard solutions, which were part of a Framework Bid that received regulatory
approval in August 2013, were submitted in the period under review. Further regulatory approval
was not sought for these mini bids.
No evidence was found of a quarterly report on non-standard contracts being maintained or
reviewed for sign off by Control Owner. MNS confirmed that no relevant contracts were signed in
the period.
Minutes of WTM recorded updates on MNS bids
Control owner and Control Executor is the same individual for NGAWBA_CRM_029, which is not
desirable
MNS confirmed that no new requests for performance reports for products based on RAP inputs
arose in the period
9.10.2 Recommendations
i. Evidence of the quarterly review and sign off of reports on non-standard bids by Control Owner to be
retained on central Sharepoint site
ii. Evidence of review and sign off of quarterly reports on non-standard contracts by Control Owner to be
retained on central Sharepoint site
iii. In relation to mini bids made under a Framework Agreement where regulatory approval was obtained
for the Framework Agreement clarification needs to be sought as to whether any further approval is
required for the mini bids. The control should be updated on foot of this clarification
iv. Control Owner to appoint separate Control Executors for NGAWBA_CRM_029 control
v. Where no new requests for performance reports arise in a period a nil report should be issued to
Control Owner for sign off
9.10.3 Management Comments
Recommendations agreed
Conclusions 9.11
It is evident from the review that a significant body of work has been undertaken by eircom to develop and
implement new controls in relation to the RAP Change Control process to ensure that eircom complies
with its non-discrimination obligations.
Overall the key controls designed to ensure change requests impacting RAP adhere to the approved
processes operated effectively in the period under review. However, there is also evidence that controls in
our downstream business are operating less effectively than required. This may be as a result of changes
in personnel or the interpretation of controls by control executors.
Industry Update on eircom’s RGM August 2015
Confidential Page 106 of 106
A briefing of Control Owners and Control Executors on the importance of eircom’s Regulatory Governance
Model and controls is recommended. In other areas controls should be enhanced to improve transparency
around decisions and the analysis of metrics undertaken to demonstrate compliance with our non-
discriminatory obligations.
In the past eircom was the subject of a number of breach findings and compliance investigations by
ComReg in relation to bids in the context of compliance with our non-discrimination obligations. It was
alleged that eircom downstream businesses had tendered solutions impacting RAP where the RAP
capability had not been made available to other operators in an equivalent manner. It is evident from the
Compliance Review of Change Control that the effective operation of the controls now in place will
significantly reduce the risk of similar incidents recurring in the future.
C&E will work with business units to ensure the recommendations outlined are fully implemented and that
the revised controls are included in the next six monthly update of the SoCs to ComReg scheduled for July
2015. A follow up review will be undertaken to ensure that all controls are operating effectively.
Figure 38: Overview of the operation of change controls by BU
12
6 6
1 1
5
9
2
2
11
Wholesale TED Networks Consumer CustomerOperations
eircomBusiness
Overview of the operation of change controls by BU
Operated effectively Did not operate effectively