FUJ00122139 - Witness Statement of Penelope Anne Thomas with comments
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a)
and 5B, MC Rules 1981, r 70)
Penny,
I’ve added in thoughts / comments as revisions in this colour.
Gareth
Brian
You asked for my comments on this witness statement — here they are. Anything
highlighted means:-
Also, OBCS is now dead and network banking has taken its place. I believe that any
witness statement relating to data since network banking started to replace OBCS (date
unknown) should have a narrative explaining that process. Any statement relating to
data after OBCS ceased (I believe end May 05) should not contain OBCS statements.
Network Banking was introduced on 1° April 2003. From that point onward, DWP went
through an exercise of moving Benefits Claimants to receiving money directly into a Bank
Account. Post Office then supported Cash Withdrawal from certain Bank Accounts
(through Network Banking). This process took about 2 years and eventually the OBCS
application stopped being used operationally in May / June 2005 and the desktop
buttons that allowed staff access to it were removed. The underlying databases are
being removed in January 2006.
Statement of Penelope Anne Thomas
Age if under 18 Over 18 (If over 18 insert ‘over 18')
This statement (consisting of I pages each signed by me) is true to the best of my knowledge and belief
and I make it knowing that, if it is tendered in evidence, I shall be liable to prosecution if I have wilfully
stated in it anything which I know to be false or do not believe true.
Dated the day of 20
Signature
A
I have been employed by Fujitsu Services, Post Office Account, formally ICL Pathway Ltd.,
since 20 January 2004 as an Information Technology (IT) Security Analyst responsible for audit
Signature Signature witnessed by
CSO11A (Side A) Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
data extractions and IT Security. I have working knowledge of the computer system known as
Horizon, which is a computerised accounting system used by Post Office Ltd. I am authorised
by Fujitsu Services to undertake extractions of audit data held on the Horizon system and to
obtain information regarding system transaction information processed on the Horizon system.
B
Horizon’s documented processes relate to each Post Office outlet. They state that at each
Post Office, there are counter positions which each have a computer terminal, a visual display
unit and a keyboard and printer. This individual system records all transactions input by the
counter clerk working at that counter position. Each clerk logs on to the system by using their
own unique password. The transactions performed by each clerk, and the associated cash and
stock level information are recorded by the computer system in a stock unit. Once logged on,
any transactions performed by the clerk must be recorded and entered on the computer and
are accounted for within the user's allocated stock unit.
Cc
erforme c n (Balancing is now done monthly rather than weekly as a
result of changes introduced by Impact for S80. The change over varied from branch to
branch but was between September and November 2005.)
D
—I have never seen a report generated by Horizon nor the method for
obtaining one Also, some reports (particularly Office reports) are produced on a single back
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
office printer rather than on the tally roll printer.
E
OSs 1 ment. — I have seen a Horizon terminal in a test environment at Bracknell but I
have never seen these applications on the system These applications do not actually appear
as separate applications. In some cases the distinction is very artificial as a result of the
wording of the original contract between ICL and POCL. OBCS has now been removed,
however we now have some new applications which you may need to be aware of:
¢ Network Banking
e Settlement to Debit / Credit cards
e Bureau de Change
As before these applications are fully integrated into the Horizon counter and are not really
visible as separate applications to the user.
F
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
I could
not describe TMS or explain how it works
G
F I'm not aware of the two audit
tracks being compared. However I agree that there are two independent audit tracks that ought
to be equivalent!
(HA)
_ This has been the situation at (INSERT PO) (FAD ) since
(INSERT INSTALLATION DATE) when the Horizon system was introduced at that particular
Post Office. May also be worth adding, that any variation in the clock time is compared with
that at the data centre and should it differ by more than 60 seconds, the clock will be corrected.
The clocks at the data Centre are kept in synchronisation with the radio controlled clocks at
Rugby (I’m not sure about the gory details of this.)
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
v I have never seen this — but presumably
most of this is no longer valid All this was correct, but as you say we removed the buttons that
invoked this functionality on counters in May / June 2005 and DWP then stopped sending
updates to the stop list (and we stopped sending them transactions!)
K
I have access to reports that monitor faults, polling failures, equipment failures and calls for
advice and guidance logged by the Horizon System Helpdesk. During the ??? to ??? , there
were ?? calls from name & fad code to the Helpdesk.
not an engineer and I have no guidelines to support this statement.
L
When information relating to individual transactions is requested, the data is extracted from the
audit archive media via the Audit Workstations (AW’s). Information is presented in exactly the
same way as the data held in the archive although it can be filtered depending upon the type of
information requested. 1
tl r 2
What are these controls? I don’t know the details. Alan Holmes would have been the person to
describe these. Perhaps Simon Fawkes can also describe this.
During audit data extractions the following controls apply : I can’t really comment on any of this.
1. Extractions can only be made through the AWs, which exist at Fujitsu Services, Forest
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Road, Feltham, Middlesex, Fujitsu Services, Lovelace Lane, Bracknell, Berkshire
ec re curity
Specifically, the Feltham and Bracknell AWs — where
most extractions take place — are located in a secure room subject to proximity pass access
within a secured Fujitsu Services site. - who has access to the AWs at the datacentres?
Who checks whether they have been used? Also, I assume the FELO1 room will soon close!
This includes
dedicated Logins, password control and the use of Microsoft Windows NT security features.
3. All extraction’s are logged on the AW and supported by documented Audit Record Queries
(ARQ’s), authorised by nominated persons within Post Office Ltd. This log can be scrutinised
on the AW.
4. Extractions are only made by authorised individuals.
5. Upon receipt of an ARQ from Post Office Ltd they are interpreted by CS Security. The
details are checked and the printed request filed.
6. The required files are identified and marked using the dedicated audit tools.
- I'm told that checksum seals are an algorithm but I
have no idea how they work
9. The specific ARQ details are used to obtain the specific data.
10.The files are copied to the AW where they are checked and converted into the file type
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
required by Post Office Ltd.
11.The requested information is copied onto removal CD media, sealed to prevent modification
and virus checked using the latest software. It is then despatched to the Post Office Ltd
Casework Manager using Royal Mail Special Delivery. This ensures that a receipt is
provided to Fujitsu Services confirming delivery.
M
ARQs 111-120/0506 were received on 18 May 2005 and asked for information in connection
with the Post Office at Rose Hill (FAD 173137). I produce a copy of ARQs 111-120/0506 as
Exhibit PT/01. On various dates and at various times between 18 May 2005 and 24 May 2005 I
undertook extractions of data held on the Horizon system in accordance with the requirements
of ARQs 111-120/0506 and followed the procedure outlined above. I produce the resultant CD
as Exhibit PT/02.
N
The report is formatted with the following headings:
ID - relates to counter position
User — Person Logged on to System
SU — Stock Unit
Date — Date of transaction
Time — Time of transaction
Sessionld — A unique string relating to current customer session
TxnId — A unique string relating to current transaction
Mode — e.g. SC which translates to Serve Customer
ProductNo — Product Item Sold
Qty — Quantity of items sold
SaleValue — Value of items sold
Entry method - Method of data capture for OBCS Transactions (0 = barcode, 1 = manually
keyed, 2 = magnetic card, 3 = smartcard, 4 = smart key)
State — Method of manual keyed Entry Method (4 = encash, 5 = non-barcode)
IOP - Order Book Number
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Result — Order Book Transaction Result (1 = OK, 2 = impound, 3 = unreadable, 4 = invalid)
Foreign Indicator — Indicates whether OBCS payment was made at a local or foreign outlet
(0- Local, 1- Foreign). The foreign indicator defaults to a ‘0’ for all manually entered
transactions.
The Event report is formatted with the following headings:
Groupid — FAD code
ID — relates to counter position
Date — Date of transaction
Time — Time of transaction
User — Person Logged on to System
SU — Stock Unit
EPOSSTransaction.T — Event Description
EPOSSTransaction.Ti — Event Result
Pp
The CD (Exhibit PT/??) was sent to the Post Office Investigation section by Special Delivery on
DATE 2005.
Q
There is no reason to believe that the information in this statement is inaccurate because of the
improper use of the computer. To the best of my knowledge and belief at all material times the
computer was operating properly, or if not, any respect in which it was not operating properly, or
was out of operation was not such as to effect the information held on it.
Ositic relatic working mpl I do not hold a responsible position in the
working of the Horizon system. I hold a responsible position in relation to the AW
Any records to which I refer in my statement form part of the records relating to the business of
Fujitsu Services. These were compiled during the ordinary course of business from information
supplied by persons who have or may reasonably be supposed to have personal knowledge of
the matter dealt with in the information supplied, but are unlikely to have any recollection of the
information or cannot be traced. As part of my duties, I have access to these records.
Signature Signature witnessed by
CSOt1A Version 3.0 11/02
FUJ00122139
FUJ00122139
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Signature Signature witnessed by
csOt1A Version 3.0 11/02