"A risk assessment of the Piql Services" by FFI

during the storage of the piqlFilms. The two systems are linked, as the information is transferred electronically between them.

In figure 5.4, the entirety of the internal Piql IT system is condensed into one frame which shows the metadata and the corresponding reel ID still stored in the system, and the corresponding client data in its offline physical form ready to be transported to the piqlVault. The only logical information shared between the Piql IT system and the piqlVault IT system is, as also shown in figure 5.3, the unique reel IDs stored on a shared hard disk with the control system of the piqlVault system, the EWMS. The physical information, the piqlFilms containing the client data, is transported from the production site to the piqlVault after being properly packed in piqlBoxes and labelled. Once the piqlBoxes containing the piqlFilms arrive at the piqlVault, they are manually ingested into the piqlVault system. During this process, operators link the piqlFilms- and Boxes to the digital reel ID which is already stored in the EWMS and insert them into the grid at the operator ports for the robots to pick up and store at designated locations. The main purpose of the piqlVault IT system is to control the movement of the piqlFilms, i.e. the processes related to their ingestion and retrieval on demand. As figure 5.4 shows, the piqlVault IT system operates on three separated networks: the C network, which is the Piql IT network; the B network, which is the interface network; and the A network, which is the piqlVault system network where most of the processes related to the workflows of the piqlVault system are handled. reel IDs is placed on the EWMS. Its server is password protected, and the different user accounts also have restricted access to the contents on the server. When a specific piqlFilm is requested for retrieval, the EWMS locates the correct piqlBox identified by the unique reel ID in its system. As an example to illustrate the process, we can image a reel ID with the signifier reel ID P.367. After having located this reel ID, the EWMS then matches it to the local piqlVault ID A.102, another imagined example. These local IDs were created when the piqlBoxes were ingested into the PiqlVault system, and signifies its position in the piqlVault grid. In figure 5.4 the local ID is shown in purple. The EWMS then forwards the request to be processed further on the A network. The A network exists completely separated from the two other networks to avoid any signal interference from other processes going on simultaneously in the IT system as a whole [9]. It is used solely for the operations of the piqlVault system, and its separation is vital both for the effectiveness of these operations and the security of the system. A highly important component of the piqlVault system is placed on the A network, the piqlVault system Controller, whose only job is to manage the movements of the robots on the piqlVault grid. It must be placed onsite in order to communicate with the robots. The Controller houses no information about the piqlFilms, neither their contents or their metadata, nor their reel ID. It only has a registry of the local IDs and information about the location of the piqlBoxes connected to the local IDs, both The C network is the Piql IT network described above. The B network serves to connect the Piql IT network (C) and the piqlVault system IT network (A). This is where the shared catalogue of

43

FFI-RAPPORT 16/00707