FUJ00000087
CONFIDENTIAL
4.1.4.1 “Social Security IT Security Standards” to the extent applicable to
OBCS and to the Post Office Infrastructure Services necessary to
deliver OBCS;
4.1.4.2 “Post Office Counters Information Systems Security Policy”; and
4.1.4.3 “ACode of Practice for Post Office Information Systems Security”.
4.1.5 Data Security
The confidentiality, integrity, validity and completeness of data shall be
maintained throughout all storage, processes and transmissions, including
during periods of Service Failure and recovery from Service Failure.
4.1.6 Prosecution Support
Fujitsu Services shall ensure that all relevant information produced by the
Horizon Service Infrastructure at the request of Post Office shall be evidentially
admissible (and, where relevant capable of certification) in accordance with the
requirements of the law in relation to criminal proceedings.
At the direction of Post Office, audit trail and other information necessary to
support live investigations and prosecutions shall be retained for the duration of
the investigation and prosecution irrespective of the normal retention period of
that information.
5. CONTRACTOR'S POLICIES AND STANDARDS
5.1 Quality Management System
5.1.1 Fujitsu Services shall operate a quality management system which complies
with BS EN ISO 9001:2000 for all its activities within the scope of this
Agreement.
5.1.2 The quality management system shall be applied to all aspects of the delivery of
Services hereunder.
5.1.3. The quality management system shall be audited and certified by a BSI
accredited auditor, who is independent of both Fujitsu Services and Post Office:
5.1.3.1 in any event, at intervals of not longer than twelve (12) months; and
5.1.3.2 in addition, within twenty (20) Working Days of any such request.
5.1.4 Fujitsu Services shall within one (1) month of each audit:
5.1.4.1 provide Post Office with copies of all reports produced by the auditor
on the quality management system; and
Schedule 2
Page 15 of 19
FUJ00000087_0119