FUJ00156153
FUJ00156153
From: Lillywhite Tom[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=LILLYWHITET]
Sent: Wed 02/06/2010 10:23:07 AM (UTC)
To: Thomas Penny[Penny. Thomas:
Ce: Miller Kevin[Kevin.Milleri
Wright Mark[Mark.Wright2:
Parker Steve (PostOfficeA«
Subject: RE: Events Analysis via PEAK
_Simpkins John[John.Simpkins
Jenkins Gareth Gl[Gareth.Jenki
PF
I will call in and speak with you this Pm and see what we should be thinking to do
Tom Lillywhite
Principal Security Consultant
Information & Security Services
Web: http://uk.fyjitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office: 22 Baker Street, London W1U 3BW.
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does
not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
From: Thomas Penny
Sent: 02 June 2010 11:20
To: Lillywhite Tom; Parker Steve (PostOfficeAccount)
Cc: Miller Kevin; Simpkins John; Wright Mark; Jenkins Gareth GI
Subject: RE: Events Analysis via PEAK
I am not convinced there is, Tom.
While Anne has been helping us she has been fully shielded from any form of POL litigation. Why would we
specifically identify the checking of events as more vulnerable than any other part of the process considering the total
end-to-end process employed here? The names of those checking events for us are not notified to POL and we have
the ability to identify and select any expert witness we consider appropriate to support POL’ s prosecutions. No one in
the company can be forced to sign a witness statement if they do not want to; and POL cannot cherry pick our staff.
Gareth has taken the responsibility of covering transaction records for all litigation facing activity until now and there
has been no issue. Do we need to identify a suitable ‘expert’ to cover event filtration and analysis? That's another
question.
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
E-Mail: penny-t
FUJ00156153
FUJ00156153
Web: _ http://uk.fujitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does
not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: Lillywhite Tom
Sent: 02 June 2010 10:44
To: Parker Steve (PostOfficeAccount)
Cc: Thomas Penny; Miller Kevin; Simpkins John; Wright Mark
Subject: RE: Events Analysis via PEAK
If there is indeed legal implications, and you are all agreed on that then I think we seek advice from our legal
department...it is too important to get wrong!
Tom Lillywhite
Principal Security Consultant
Information & Security Services
FUJITSU
22 Baker Street, London W1U 3BW
Tel: i -
Mob: GRO Jor Internally {.
E-mail: tom.lilywhitd,,
Web: http://uk.fyjtsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office: 22 Baker Street, London W1U 3BW
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does
not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
From: Parker Steve (PostOfficeAccount)
Sent: 02 June 2010 10:42
To: Lillywhite Tom
Cc: Thomas Penny; Miller Kevin; Simpkins John; Wright Mark
Subject: FW: Events Analysis via PEAK
Tom
Any comment on this please?
It is important for the ARQ process that SSC examine the events generated and then comment on their potential
impact on the financial status of the branch. This has been done in the past on an informal basis (email to Anne
Chambers normally!) but that informal process leads to requests being lost when someone may be on leave etc.
We need to formalise this but I’m concerned about the legal implications. SSC staff are not trained on evidential
requirements or as witnesses in court. If there is any possibility of a court appearance or witness statement being
required then we have to refuse to process the ARQ requests.
DO you know what the legal situation is here?
Steve
From: Thomas Penny
Sent: 02 June 2010 10:35
To: Parker Steve (PostOfficeAccount)
Cc: Lillywhite Tom; Miller Kevin; Simpkins John; Wright Mark
Subject: RE: Events Analysis via PEAK
FUJ00156153
FUJ00156153
OK, Steve, I'll continue requesting via email until you are fully satisfied that SSC are protected.
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Tel: ~-
Hob GRO
Fox: b panini
E-Mail: penny.thomas}
Web: _ http://uk.fujitst
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW.
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does
not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: Parker Steve (PostOfficeAccount)
Sent: 02 June 2010 10:32
To: Thomas Penny
Cc: Lillywhite Tom; Miller Kevin; Simpkins John; Wright Mark
Subject: RE: Events Analysis via PEAK
Penny,
Yes, I’d like to change it as well so that we get formal Peaks raised for ARQs as discussed last week, establish audit
trail, spread the work etc.
Before I can do this we may need to talk to Tom as well. I’m concerned that if we put this on a formal level like this it
may mean that further down the line random members of the SSC get a subpoena and have to testify. If there is any
chance of this happening then we (SSC) will not be giving guidance on the events. We need guidance from Tom (or
Fujitsu legal) on how we protect ourselves from the possibility of court appearance before we formalise the process?
Steve
From: Thomas Penny
Sent: 02 June 2010 10:22
To: Parker Steve (PostOfficeAccount)
Subject: Events Analysis via PEAK
Hi Steve
You wanted to change the way we request these checks to PEAK and I think we need to agree the format; have you
got a few minutes to agree process?
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Tel
Mob:
Fax:
FUJ00156153
FUJ00156153
E-Mail: penny.thomas{=
Web: _ http://uk fujitsu.co
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does
not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.