FUJ00122134
FUJ00122134
Page I of 3
Thomas Penny
From: Jenkins Gareth GI I I I I
Sent: 28 November 2005 12:43 _. POH-379 oD
To: Lowther Neneh; Thomas Penny
Subject: RE: CS Witness Statement
Neneh / Penny,
I've added in some comments.
Not really sure how to progress this any further. I suggest we wait until we have a case that actually requires
analysis of Network Banking etc and worry about it then rather than trying to put together something generic
now.
Regards
Gareth
This e-mail is only for the use of its intended recipient. Its contents are confidential and may be privileged. Fujitsu Services does not guarantee
that this e-mail has not been intercepted and amended or that itis virus-free.
Gareth Jenkins
Distinguished Engineer
Applications TDA
Post Office Account
Fujitsu Services
Lovelace Road, Bracknell, Berkshire, RG12 8SN
Tel:
Mobile:
email:
Web:
Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A ISL
From: Lowther Neneh
Sent: 22 November 2005 10:50
To: Jenkins Gareth GI
Subject: CS Witness Statement issues
&)
Hi, Gareth,
As per our discussion.
PSA copy of our current WS. Penny Thomas has marked up some areas that need attention for us to
be able to provide further WS to the PO. It has only come to our notice that quite a few things have
changed eg OBCS, TMS since June 05 and we would like the WS to reflect these.
Please could you look at this when you've got some time and let me know when it's convenient for
you to discuss.
Kind regards,
29/11/05
Neneh
29/11/05
FUJ00122134
FUJ00122134
Page 2 of 3
nooo Original Message-----
From: Jenkins Gareth GI
Sent: 17 November 2005 14:53
To: Lowther Neneh
Subject: RE: CS Witness Statement Amendment
Neneh,
I've updated the Witness Statement as discussed.
I'm left some of the Networking bit highlighted in Blue, since I can’t say that I know it is true
(but it probably is). It may be OK just to delete that bit. What is left in that section may be
sufficient (I guess it depends upon what the issue is!) I've removed the blue highlighting from
the rest of the document.
I've used “Revisions” so that you can see what I've changed. I've highlighted the Date etc in
yellow to remind us to update it for the final version.
Happy to discuss further.
Regards
Gareth
This e-mail is only for the use of its intended recipient. Its contents are confidential and may be privileged. Fujitsu Services
does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
Gareth Jenkins
Distinguished Engineer
Applications TDA
Post Office Account
Fujitsu Services
Lovelace Road, Bracknell, Berkshire, RG12 8SN
Tel:
Mobite:
email: Gareth.Jenkins:
Web: http://uk.fujitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL
From: Lowther Neneh
Sent: 15 November 2005 13:40
To: Jenkins Gareth GI
Subject: CS Witness Statement Amendment
Hi, Gareth,
Just a little note to remind you of the above for sometime on Thursday or Friday.
Thank you
Kind regards,
Neneh Lowther
29/11/05
FUJ00122134
FUJ00122134
Page 3 of 3
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Fettham, Middlesex, TW13 7HJ
Py Tet: P
Mob:
Fax:
neneh:lowther$.
‘Web: <http://services.fujitsu.com>
Fujitsu Services Limited, Registered in England no 96056; Registered Office 26, Finsbury Square, London, EC2A
48L
This e-mail is only for the use of its intended recipient. Its contents are subject to’a duty of confidence and may be
privileged. Fujitsu Services does not guarantee that this e-mail has not been intercepted and amended or that it is,
virus-free.
FUJ00122134
FUJ00122134_
Witness Statement
(CJ Act 1967, 59; MC Act 1980, ss 5A(3)(a)
and 58, MC Rules 1981, r 70)
Penny.
I've added in thoughts / comments as revisions in this colour.
Gareth
Brian
You asked for my comments on this witness statement — here they are. Anything
highlighted means:-
have read this, but { have no firsthand or background knowledgd
I have made some comment in the text
Also, OBCS is now dead and network banking has taken its place. I believe that any
witness statement relating to data since network banking started to replace OBCS (date
unknown) should have.a narrative explaining that process. Any statement relating to data
after OBCS ceased (I believe end May 05) should not contain OBCS statements.
Network Banking was introduced on 1* April 2003. From that point onward, DWP went
through an exercise of moving Benefits Claimants to receiving money directly into a Bank
Account. Post Office then supported Cash Withdrawal from certain Bank Accounts
(through Network Banking). This process took about 2 years and eventually the OBCS
application stopped being used operationally in May / June 2005 and the desktop buttons
that allowed staff access to it were removed. The underlying databases are being
removed in January 2006.
Statement of Penelope Anne Thomas
Age if under 18 Over 18 (If over 18 insert ‘over 18')
This statement (consisting of I pages each signed by me) is true to the best of my knowledge and belief
and I make it knowing that, if it is tendered in evidence, I shall be liable to prosecution if I have wilfully
stated in it anything which I know to be false or do not believe true.
Dated the day of 20
Signature
A
I have been employed by Fujitsu Services, Post Office Account, formally ICL Pathway Ltd.,
Signature Signature witnessed by
CSO11A (Side A) Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas.
since 20 January 2004 as an Information Technology (IT) Security Analyst responsible for audit
data extractions and IT Security. I have working knowledge of the computer system known as
Horizon, which is a computerised accounting system used by Post Office Ltd. I am authorised
by Fujitsu Services to undertake extractions of audit data held on the Horizon system and to
obtain information regarding system transaction information processed on the Horizon system.
B
Horizon’s documented processes relate to each Post Office outlet. They state that at each
Post Office, there are counter positions which each have a computer terminal, a visual display
unit and a keyboard and printer. This individual system records all transactions input by the
counter clerk working at that counter position. Each clerk logs on to the system by using their
own unique password. The transactions performed by each clerk, and the associated cash and
stock level information are recorded by the computer system in a stock unit. Once logged on,
any transactions performed by the clerk must be recorded and entered on the computer and
are accounted for within the user's allocated stock unit.
c
[The Horizon system provides a number of daily and weekly records of all transactions input intd
[t_Tt enables Post Office users to obtain computer summaries for individual clients of Post
Office Limited e.g. National Savings Bank, Girobank, Driving Vehicle Licence Agency and thd
Pepartment of Working Pensions (DWP). The Horizon system also enables the clerk td
produce a woetbe periodic balance of cash and stock on hand combined with the othed
fransactions performed in that accounting period] (Balancing is now done monthly rather than
weekly as a result of changes introduced by Impact for S80._ The change over varied from
branch to branch but was between September and November 2005.)
D
Where local reports are required these are accessed from an icon on the desktop menu. thd
[user is presented with a parameter driven menu, which enables the report to be customised td
Fequirements. The report is then populated from transaction data that is held in the local
Hatabase and is printed out on the tally roll printer. The system also allows for information to bd
transferred fo the main accounting department at Chesterfield in order for the office accounts td
be balanced] ¢Thave never seen a report generated by Horizon nor the method for obtaining
Signature Signature witnessed by
eso1tA Version 3.0 1102
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
‘oné_Also, some reports (particularly Office reports) are produced on a single back office printer
father than on the tally roll printer.
E
he Post Office counter processing functions are provided through a series of counteq
Bpplications: the Order Book Control Service (OBCS) that ascertains the validity of DWP ordeq
books before payment is made; the Electronic Point of Safe Service (EPOSS) that enabled
Postmasters to conduct general retail trade at the counter and sell products on behaif of thei]
klients; the Automated Payments Service (APS) provides support for utility companies and
fbthers who provide incremental in-payment mechanisms based on the use of cards and othel
fokens and the Logistics Feeder Service (LFS) which supports the management of cash and
{elue-stock movements to and from the outlet, principally to minimise cash held overnight in]
butlets. The counter desktop service and the office platform service on which it runs provided
Various Common functions for iransaction recording and settlement as well as user accesg
ontrol and session management] I have seen a Horizon terminal in a test environment at
Bracknell but I have never seen these applications on the system_These applications do not
actually appear as separate applications. _In some cases the distinction is very artificial as a
result of the wording of the original contract between ICL and POCL. OBCS has now been
removed, however we now have some new applications which you may need yf:
o__Network Banking
2 Settlement to Debit / Credit cards
I o Bureau de Change
As before these applications are fully integrated into the Horizon counter and are not really
visible as separate applications to the user.
F
Information from counter transactions Is written into a local database and then replicated
futomatically to databases on all other counters within a Post Office outlet. The information ig
fhen forwarded over ISDN (or other communication service) to databases on a set of central
(Correspondence Servers at the Fujitsu Services data centres. This is undertaken by 4
messaging transport system within the Transaction Management Service (TMS), Various
ystems then transfer information to Central Servers that control the flow of information td
Signature Signature witnessed by
cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 58, MC Rules 1981, r: 70)
Continuation of statement of Penelope Anne Thomas
various support services. Details of outlet transactions are normally sent at least daily via thd
i A Detailg I
fare then fonvarded daily via a file transfer service to the Post Office accounting department aq
——
(Chesterfield and also, where appropriate, to other Post Office Clients] 1 could not describe
(TMS or explain how it works
G
(An audit of all information handled by the TMS is taken daily by copying alk new messages td
archive media. This creates a record of all original outlet transaction details including its origin ]
utlet and counter, when it happened, who caused it to happen and the outcome, The TMG
fournal is maintained at each of the Fujitsu Services Data Centre sites and is created by
$ecurely replicating all transaction records that occurred in every Outlet. They therefore providd
the ability to compare the audit track record of the same’ transaction recorded in two places td
Werify that systems were operating correctly. All exceptions are investigated and reconciled]
Records of ail transactions are written to audit archive media] _I'm not aware of the two audit
tracks being compared. However I agree that there are two independent audit tracks that ought
to be equivalent!
(HA)
he system clock incorporated into the desktop application on the counter visual display units i
fonfigured to indicate local time] This has been the situation at (INSERT PO) (FAD ) since
(INSERT INSTALLATION DATE) when the Horizon system was introduced at that particular
Post Office._May also be worth adding, that any variation in the clock time is compared with that
at the data centre and should it differ by more than 60 seconds, the clock will be corrected. The
clocks at the data Centre are kept in synchronisation with the radio controlled clocks at Rugby
('m not sure about the gory details of this.)
j
{fhe Order Book Control System (OBCS) software, linked to the Horizon system was developed
fn conjunction with the DWP. OBCS provides details of DWP order books on the national stog
payment list, and, enables data regarding the movement of order books, and, encashments td
Signature Signature witnessed by
CSOT1A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, 89; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
be captured on their behalf. Each Horizon terminal at a Post Office counter has access to thd
hational stop list through OBCS, when a barcoded DWP order book is scanned at thé PosI
[Office counter, or the order book details are manually keyed into Horizon at the Post Officd
Eounter. Each night, the national stop payment list is updated from information supplied
klectronically from the DWP computer centre. National stop payment list data is held centrally
Within the Horizon system, and is available to ail Post Offices. However, certain information from
the national stop payment list is also downloaded to individual Post Offices for faster access]
this download process is called polling. The polling of individual Post Offices also involved
feceiving details of order book movements and encashments at Post Offices, centrally within
Harizon, for onward transmission to the DWP] F I i
of this is no longer valid All this was correct, but as you say we removed the buttons that
invoked this functionality on counters in May / June 2005 and DWP then stopped sending
updates to the stop list (and we stopped sending them transactions!)
it presumably most
K
I have access to reports that monitor faults, polling failures, equipment failures and calls for
advice and guidance logged by the Horizon System Helpdesk. During the ??? to ???, there
were ?? calls from name & fad code to the Helpdesk. Klone of these calls relate to faulty
.I Which would have hao®2n effect on the integrifgstthe information held on the system]—1 am not
‘an engineer and I have no guidelines to support this statement!
L
When information relating to individual transactions is requested, the data is extracted from the
audit archive media via the Audit Workstations (AW’s). Information is presented in exactly the
same way as the data held in the archive although it can be filtered depending upon the type of
information requested. [The integrity of audit data is guaranteed at all times from its origination]
ftorage and retrieval to subsequent despatch to the requester. Controls have been established
fhat provide assurances to Post Office Internal Audit (POIA) that this integrity is maintained] 4
What are these controls?_I don't know the details. Alan Holmes would have been the person to
describe these. Perhaps Simon Fawkes can also describe this.
Signature Signature witnessed by
cSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, 89; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
During audit data extractions the following controls apply :_I can’t really comment on any of this.
1. Extractions can only be made through the AWs, which exist at Fujitsu Services, Forest Road,
Feltham, Middlesex, Fujitsu Services, Lovelace Lane, Bracknell, Berkshire
Fujitsu Services Data Centres. These are all subject to rigorous physical security controlg
ropriate to that location] Specifically, the Feltham and Bracknell AWs — where most
extractions take place — are located in a secure room subject to proximity pass access within
a secured Fujitsu Services site. I who has access to the AWs at the datacentres?
Checks whether they have been used? Also, I assume the FELO1 room will soon close!
2. Eegical_access to the AW and its functionality is managed in aceordance with the Fujitsd
Bervices, Post Office Account Security Policy and the principles of [SQ 17799] This includes
dedicated Logins, password control and the use of Microsoft Windows NT security features.
3. All extraction’s are logged on the AW and supported by documented Audit Record Queries
(ARQ's), authorised by nominated persons within Post Office Ltd. This log can be scrutinised
on the AW.
4. Extractions are only made by authorised individuals.
5. Upon receipt of an ARQ from Post Office Ltd they are interpreted by CS Security. The details
are checked and the printed request filed.
6. The required files are identified and marked using the dedicated audit tools.
[7 Checksum seals are calculated for audit data files when they are written to audit archivd
fedia afd re-caictilated when the tiles are retrieved}
8. [fo assure the integrity of the audit data while on the audit archive media the checksum seal
for the file is re-calculated by the Audit Track Sealer and compared to the original valud
falculated when the file was originally written to the audit archive media. The result ig
fhaintained in a Check Seal Table] — I'm told that check: in algori
no idea how they work
ithm but I have
Signature Signature witnessed by
cSOttA Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penetope Anne Thomas
9. The specific ARQ details are used to obtain the specific data.
10.The files are copied to the AW where they are checked and converted into the file type
required by Post Office Ltd.
11.The requested information is copied onto removal CD media, sealed to prevent modification
and virus checked using the latest software. It is then despatched to the Post Office Ltd
Casework Manager using Royal Mail Special Delivery. This ensures that a receipt is provided
to Fujitsu Services confirming delivery.
M
ARQs 111-120/0506 were received on 18 May 2005 and asked for information in connection
with the Post Office at Rose Hill (FAD 173137). I produce a copy of ARQs 111-120/0506 as
Exhibit PT/01. On various dates and at various times between 18 May 2005 and 24 May 2005 I
undertook.extractions of data held on the Horizon system in accordance with the requirements
of ARQs 111-120/0506 and followed the procedure outlined above. I produce the resultant CD
as Exhibit PT/02.
N
The report is formatted with the following headings:
ID - relates to counter position
User — Person Logged on to System
SU — Stock Unit
Date — Date of transaction
Time — Time of transaction
Sessionld — A unique string relating to current customer session
Txnld — A unique string relating to current transaction
Mode — e.g. SC which translates to Serve Customer
ProductNo — Product Item Sold
Qty - Quantity of items sold
SaleValue — Value of items sold
Entry method - Method of data capture for OBCS Transactions (0 = barcode, 1 = manually
Signature Signature witnessed by
csottA Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
keyed, 2 = magnetic card, 3 = smartcard, 4 = smart key)
State —- Method of manual keyed Entry Method (4 = encash, 5 = non-barcode)
IOP - Order Book Number
Result —- Order Book Transaction Result (1 = OK, 2 = impound, 3 = unreadable, 4 = invalid)
Foreign Indicator — Indicates whether OBCS payment was made at a local or foreign outlet
(0- Local, 1- Foreign). The foreign indicator defaults to a ‘0’ for all manually entered
transactions.
The Event report is formatted with the following headings:
Groupid — FAD code
ID — relates to counter position
Date — Date of transaction
Time — Time of transaction
User — Person Logged on to System
SU — Stock Unit
EPOSSTransaction.T - Event Description
EPOSSTransaction.Ti — Event Result
Pp
The CD (Exhibit PT/??) was sent to the Post Office Investigation section by Special Delivery on
DATE 2005.
Q
There is no reason to believe that the information in this statement is inaccurate because of the
improper use of the computer. To the best of my knowledge and belief at all material times the
computer was operating properly, or if not, any respect in which it was not operating properly, or
was out of operation was not such as to effect the information held on it{_I hold a responsiblg
Position in relation to the working of the computer] - 1 do not hold ar
working of the Horizon system. I hold a resI
Any records to which I refer in my statement form part of the records relating to the business of
Fujitsu Services. These were compiled during the ordinary course of business from information
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 58, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
supplied by persons who have or may reasonably be supposed to have personal knowledge of
the matter dealt with in the information supplied, but are unlikely to have any recollection of the
information or cannot be traced. As part of my duties, I have access to these records.
Signature Signature witnessed by
cSOt1A Version 3.0 11/02
Thomas Penny
FUJ00122134
FUJ00122134
From: Thomas Penny
Sent: 23 November 2005.11:51
To: ‘graham.c.ward:
Ce: Pinder Brian
Subject: RE: Another statement please
Hi Graham
Hope you are well.
Just to let you know that we are currently updating the witness statements to accommodate the demise of OBCS and
to update any other necessary information. As soon as we've done this we will send you a copy for review - bearing in
mind the move to Bracknell this will probably the mid-back end of next week.
Kind regards
Penny
Morning all
Can I please request a statement for the following 4 ARQ's (Dumfries)
(Embedded image moved to file: pic27401 jpg)
omit para's H(b) J and K
Thankyou
Regards
Graham
Casework Manager
Post Office Ltd Investigation Team
PO BOX 1, CROYDON, CR9 1WN
This email and any attachments are confidential and intended for the
addressee only. If you are not the named recipient, you must not use,
disclose, reproduce, copy or distribute the contents of this communication.
If you have received this in error, please contact the sender and then
delete this email from your system.
FU.
Thomas Penny
FUJ00122134
1J00122134
From: Thomas Penny
Sent: 22 November 2005 12:17
To: . Pinder Brian
Ce: Sewell Peter (FELO1); Lowther Neneh
Subject: FW: Another statement please
Importance: High
pic27401.Jpg
Hi Brian
Another request for a witness statement here - the timeframes are 25 Aug to 7 Sep 04 and 14 Feb to 18 Apr 05.
Kind regards
Penny
-----Original Message--:
c.
“Sen ZIN
To: Fujitsut”
Subject: Another statement please
Morning all
Can I please request a statement for the following 4 ARQ's (Dumfries)
(Embedded image moved to file: pic27401 jpg)
omit para's H(b) J and K
Thankyou
Regards
Graham
Casework Manager
Post Office Ltd Investigation Team
PO BOX 1, CROYDON, CR9 1WN
VoiceMail:
N/A, Mobex:
External Email
Seren Ce enter ete tent nerce terete attrac et enereeteccerreretttaed
This email and any attachments are confidential and intended for the
addressee only. If you are not the named recipient, you must not use,
disclose, reproduce, copy or distribute the contents of this communication.
If you have received this in error, please contact the sender and then
delete this email from your system.
FUJ00122134
FUJ00122134
Thomas Penny
From: Thomas Penny
" Sent: 15 November 2005 11:16
To: Pinder Brian
Subject: FW: Witness Statement Mark-up
Importance: High
Hi Brian
I know you get a lot of mail -.I just wanted to bring this to the top again.
Kind regards
Penny
anny Original Message——
From: Thomas Penny
Sent: 08 November 2005 10:03
To: Pinder Brian
Subject: RE: Witness Statement Mark-up
Thanks, Brian. But please note that the replacement description for OBCS is needed now - this should be applied to
the next witness statement requested.
Kind regards
Penny
Original Message-——
Fro Pinder Brian
Sent: 04 November 2005 08:31
To: Thomas Penny
Co: Sewell Peter (FELO1); Lowther Neneh
Subject: RE: Witness Statement Mark-up
Penny
Noted, I will review this in slow time see what we can do to resolve.
Regds Brian
From: Thomas Penny
Sent: 31 October 2005 09:00
To: Pinder Brian
Ce: Sewell Peter (FELO1); Lowther Neneh
Subject: Witness Statement Mark-up
Hi Brian
You asked me to mark up the standard witness statement with any concerns/comments I may have. This I have
done and attach.
<< File: Penny's template - marked.doc >>
Kind regards
Penny
Penny Thomas
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
cy
ay
(a
FUJ00122134
FUJ00122134
Web: <<http://services. fuji >>
Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL.
This e-mail is only for the use of its intended recipient. Its contents are subject:to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
FUJ00122134
FUJ00122134
Thomas Penny
Thomas Penny
08 November S005 10:03
Pinder Brian
Subject: RE: Witness Statement Mark-up
Thanks, Brian. But please note that the replacement description for OBCS is needed now - this should be applied to
the next witness statement requested.
Kind regards
Penny
riginal Message~—
Pinder Brian
04 November 2005 08:31
Thomas Penny
Ce: Sewell Peter (FELON); Lowther Neneh
Subject: RE: Witness Statement Mark-up
Penny
Noted, I will review this in slow time see what we can do to resolve.
Regds Brian
From: Thomas Penny
Sent: 31 October 2005 09:00
To: Pinder Brian
Ce: Sewell Peter (FELO1); Lowther Neneh
Subject: Witness Statement Mark-up
Hi Brian
You asked me to mark up the standard witness statement with any concerns/comments I may have. This I have
done and attach.
<< File: Penny's template - marked.doc >>
Kind regards
Penny
Penny Thomas
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
Thomas Penny
FUJ00122134
FUJ00122134
cose os
From: graham.c.ward: ° Ri
Sent: 28 November. 2005 13:43 ~~~
To: Fujitsu_ {o) i
Subject: Statement request
pic05180.jpg
All
Please provide a statement in respect of ARQ (Embedded image moved to file:
pic05180.jpg) - Camberwell. Usual please omitting just para's H(b) and K.
Thankyou
Regards
Graham
Casework Manager
Post Office Ltd Investigation Team
PO BOX 1, CROYDON, CR9 1WN
This email and any attachments are confidential and intended for the
addressee only. If you are not the named recipient, you must not use,
disclose, reproduce, copy or distribute the contents of this communication.
If you have received this in error, please contact the sender and then
delete this email from your system.
FUJ00122134
FUJ00122134
Page I of I
file://C:\TEMP\pic0'5180.jpg 29/11/05
FUJ00122134
FUJ00122134
Page 1 of 2
iS
Thomas Penny
From: Thomas Penny
Sent: 24 November 2005 11:53
To: Jenkins Gareth GI
Ce: Lowther Neneh, Pinder Brian; Sewell Peter
Subject: FW: CS Witness Statement Amendment
Hi Gareth
Neneh has said that you have kindly agreed to look at my mark up of the witness statement.
A lot of my comments relate to my general ignorance of how things work - Brian Pinder is dealing with these
issues.
My immediate concerns are that I am not convinced that the statement is factually correct. I know about the
demise of OBCS, but I dont know when it was rolled out to the estate, did it happen overnight or was there are
phasing out period? I don't understand how network banking works (I did look at the procedures you
suggested but I was unable to put the picture together) let alone provide the narrative. Is this something you
could help us with?
Someone mentioned to me that reporting to the accounts department was no longer happening as we state -
do you know if this is the case?
If you could highlight anything in the statement which is not factually correct you would be doing us a great
service.
Kind regards and many thanks
Penny
ones Original Message-----
From: Lowther Neneh
Sent: 22 November 2005 10:25
To: Thomas Penny
Subject: FW: CS Witness Statement Amendment
-----Original Message-----
From: Jenkins Gareth GI
Sent: 17 November 2005 14:53
To: Lowther Neneh :
Subject: RE: CS Witness Statement Amendment
Neneh,
I've updated the Witness Statement as discussed.
I'm left some of the Networking bit highlighted in Blue, since I can't say that I know it is true (but it probably
is). It may be OK just to delete that bit. What is.left in that section may be sufficient (I guess it depends upon
what the issue is!) I’ve removed the blue highlighting from the rest of the document.
I've used “Revisions” so that you can see what I've changed. I've highlighted the Date etc in yellow to remind
us to update it for the final version.
Happy to discuss further.
Regards
24/11/05
FUJ00122134
FUJ00122134
Page 2 of 2
Ss
Gareth
This e-mail is only for the use of its intended recipient. Its contents are confidential and may be privileged. Fujitsu Services does not guarantee
that this e-mail has not been intercepted and amended or that it is virus-free.
Gareth Jenkins
Distinguished Engineer
Applications TDA
Post Office Account
Fujitsu Services
Lovelace Road, Brac!
Tel: L
Mobile:
email:
Web:
Fujitsu Services Limited, Registered in Englancho 96056, Registered Office 26, Finsbury Square London, EC2A ISL.
From: Lowther Neneh
Sent: 15 November 2005 13:40
To: Jenkins Gareth GI
Subject: CS Witness Statement Amendment
Hi, Gareth,
Just a little note to remind you of the above for sometime on Thursday or Friday. Thank you. my
Kind regards,
Neneh Lowther
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
Web: <http:/services fujitsu.com>
Fujitsu Services Limited, Registered inEngland no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this:e-mail has not been intercepted and amended or that it is virudree.
24/11/05
FUJ00122134
FUJ00122134
Page 1 of 2
Thomas Penny
From: Lowther Neneh
Sent: 22 November 2005 10:25
To: Thomas Penny
Subject: FW: CS Witness Statement
Penny,
PSA from Gareth. Let me know what you think.
Gareth’s just called me back. He's on his way to Sheffield for meetings at the moment and won't be back till
Thursday.
He'll be picking up his mails so I've sent him a copy of ur ‘marked up WS’ to look at when he’s got some time
and he’s promised to discuss further by Friday.
Kind regards,
Neneh
-----Original Message-----
From: Jenkins Gareth GI
Sent: 17 November 2005 14:53
To: Lowther Neneh
Subject: RE: CS Witness Statement Amendment
Neneh,
I've updated the Witness Statement as discussed.
V'm left some of the Networking bit highlighted in Blue, since I can’t say that I know it is true (but it probably =>
is). It may be OK just to delete that bit. What is left in that section may be sufficient (I guess it depends upon
what the issue is!) I've removed the blue highlighting from the rest of the document.
lve used “Revisions” so that you can see what I've changed. I've highlighted the Date etc in yellow to remind
us to update it for the final version.
Happy to discuss further.
Regards
Gareth
This e-mail is only for the use of its intended recipient. Its contents are confidential and may be privileged. Fujitsu Services does not guarantee
that this e-mail has not been intercepted and amended or that it is virus-free.
Gareth Jenkins
Distinguished Engineer
Applications TDA
Post Office Account
Fujitsu Services
Lovelace Ri
Tel:
Mobile:
email:
Web:
22/11/05
FUJ00122134
FUJ00122134
Page 2 of 2
Fujitsu Services Limited, Registered in Englandno 96056, Registered Office 26, Finsbury Square London, EC2A ISL
From: Lowther Neneh
Sent: 15 November 2005 13:40
To: Jenkins Gareth GI
Subject: CS Witness Statement Amendment
Hi, Gareth,
Just a little note to remind you of the above for sometime on Thursday or Friday. Thank you
Kind regards,
Neneh Lowther
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
Web: <huip:/services.fujitsu.com> ~
Fujitsu Services Limited, Registered inEngland no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged: Fujitsu a
Services does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
22/11/05
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a)
and 5B, MC Rules 1981, r 70)
Statement of Beatrice NenehLowtherGareth Idris Jenkins
Age if under 18 Over 18 (If over 18 insert ‘over 18’)
This statement (consisting of 07 pages each signed by me) is true to the best of my knowledge and
belief and I make it knowing that, if it is tendered in evidence, I shall be liable to prosecution if I have
wilfully stated in it anything which I know to be false or do not believe true.
Datedthe 3d day of 2005
Signature
I have been employed by Fujitsu Services, working on the Post Office
Account, formally ICL Pathway Ltd., since 1996 as a Customer Solutions ‘
Architect, involved in many aspects of design and implementation -O*- June ‘
computer system known as Horizon, which is a computerised accounting
system used by Post Office Ltd. am-authorised-byFujitsuSenices-to
ndertake-e chons-otaudit-dataheldontheHornzer PENA)
Horizon’s documented processes relate to each Post Office outlet. They
state that at each Post Office, there are counter positions which each have
a computer terminal, a visual display unit and a keyboard and printer. This
individual system records all transactions input by the counter clerk working
Signature Signature witnessed by
CS011A (Side A) Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
at that counter position. Each clerk logs on to the system by using their
own unique password. The transactions performed by each clerk, and the
associated cash and stock level information are recorded by the computer
system in a stock unit. Once logged on, any transactions performed by the
clerk must be recorded and entered on the computer and are accounted for
within the user's allocated stock unit.
The Post Office counter processing functions are provided through a series
of counter applications: the Order Book Control Service (OBCS)is-was one
of these applications and it ascertaineds the validity of DWP order books
before payment is-was made. The counter desktop service and the office *
platform service on which it ¢uas-ran provides various common functions for
transaction recording and settlement as well as user access control and
session management.
Note that the Order Book Control Service was withdrawn from Live use in
June 2005.
Information from counter transactions is-was written into a local database
and then replicated automatically to databases on all other counters within
a Post Office outlet. The information is-was then forwarded over Internet
Services Digital Network (ISDN) (or other communication service) to
databases on a set of central Correspondence Servers at the Fujitsu
Services data centres. This is-was undertaken by a messaging transport
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
system within the Transaction Management Service (TMS). Various
systems then transfered information to Central Servers that controled the
flow of information to various support services. Details of outlet
transactions are-were normally sent at least daily via the system. Details
relating to the outlet's stock holding and cash account are—were_ sent
weekly. Details are-were then forwarded daily via a file transfer service to
the Post Office accounting department at Chesterfield and also, where
appropriate, to other Post Office Clients. In this respect DWPis-was a Post
Office Client.
The Order Book Control System (OBCS) software, linked to the Horizon
system was developed in conjunction with the DWP. OBCS provideds
details of DWP order books on the national stop payment list, and,
enableds data regarding the movement of order books, and, encashments
to be captured on their behalf. Each Horizon terminal at a Post Office
counter hads access to the national stop list through OBCS, when a
barcoded DWP order book is-was scanned at the Post Office counter, or
the order book details are-were manually keyed into Horizon at the Post
Office counter. Each night, the national stop payment list is-was updated
from information supplied electronically from the DWP computer centre.
National stop payment list data is-was held centrally within the Horizon
system, and is—was available to all Post Offices. However, certain
Signature Signature witnessed by
csot1A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
information from the national stop payment list is-was also downloaded to I
individual Post Offices for faster access; this download process is called
polling. The polling of individual Post Offices also involveds receiving I
details of order book movements and encashments at Post Offices,
centrally within Horizon, for onward transmission to the DWP.
All OBCS transactions are—were normally initiated by scanning in the
barcode from the Order Book. Each Order Book is-was associated with a
National Insurance Number (NINO) which identifies the person to whom the
Order Book hads been (or is-was about to be) issued. The Horizon Central
database maintaineds a list of every Post Office outlet at which that NINO
hads been used by the OBCS application. This information is-was also
held in the local outlet database. All information received from DWP
associated with withdrawn or stopped Order Books is-was passed to all
branches at which the associated NINO hasd-been used (if any). If an
OBCS transaction is-was carried out in an outlet and the NINO associated
with the Order Book is-was not found in the local database, an enquiry is
was _ made to the Central database as to the state of all Order Books
associated with the NINO. That outlet is-was then registered as being
associated with that NINO for all future Order Book control information.
Thus over a period of time a number of branches becaeme associated with
each NINO. If the NINO is-was not found in the local system the enquiry for
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and’5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
OBCS information associated with that NINO is-was carried out in real time.
Such an enquiry wit-would only happen once for any NINO in a given
outlet. All other OBCS transactions are-were batch.
Post Office outlets are identified by Post Office Ltd with a FAD Code.
These identifiers are passed from Post Office Ltd to Horizon when a Branch
is first Opened (or migrated to Horizon in many cases). When a Branch is
first opened (or migrated to Horizon), Post Office defines the number of
Counter Positions required (including any Back Office positions). These
are then allocated Counter positions from 1 (which is the gateway counter
used to communicate to the Data Centre) up to the number of counters.
The Counter position is fixed and is associated with a Physical terminal
when it is installed in an outlet.
Post Office branches are mainly connected to the BT public wide area
network using either the Analog Digital Subscriber Line (ADSL) or Internet
Services Digital Network (ISDN) technologies. In addition there aret4Za
number of branches connected to the Hughes satellite dish network using
Virtual Satellite (VSAT) technology. The ADSL, ISDN and VSAT traffic is
then transported across the Energis network-which-is-sharedumith-their
deparments-and B&Q-supersteres. The Energis network traffic is delivered
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
via dedicated links to Fujitsu's datacentres in Wigan and Bootle. [Site
ins a eit sSabsS2 susingIRamputan eticryption.
ihe algorithms) i 3 fniques Used.are those
SpprORSEES Vy, Her ———— IG) Communications
Electronie Security Groupi(CESG). Hardware.andsoftware based
Sneryption technology, is sBetivfere a appropriate, to,proVidelntegrity anc
Gonfidentialityiprotectionion links betw Zon
partners.) Softwareencrypti — ORAMNSTETE veer Ou
campusés' The key Uséd,to encrypt trafficito-and from a particular outlet
has theladditional benefit’fiacting. 2s an cufribhiitation oPME a
Eneryptioniisialso used to Seal’ important data items thatimay be
tratisferred/over several sinks, oo -to-éndtefthe datalis
important, The recipient. ET verify’ thes
using an appropriate public Key.IMost file transfers are sent from Wigan
and Bootle datacentres across authenticated ISDN connections directly to
3
integrity ofthe sealed data by
Fujitsu servers in the destination buildings. The data is then passed across
a local area network to the recipient's server.
A check is carried out at the end of the day in each Post Office Outlet, that
all counters are communicating with the “gateway” counter that
communicates with the datacentre. Should this check be successful and
End of Day record is written to the local database identifying all records
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
associated with that day’s trading. The Horizon Central systems will only
process data from Post Office outlets for which an End of Day record has
been successfully replicated to the datacentre. Missing End of Day records
can occur for one of two reasons:
1/ The End of Day record was not produced in the outlet — usually due to
the gateway being unable to communicate with one of the other counters —
for example it has failed or been switched off.
2/ The end of Day record has not been successfully replicated from the
Post Office outlet to the datacentre — usually due to a communications
problem.
End of Day Records will eventually be generated and communicated to the
I datacentre when the initial problems are resolved and the transactions
associated with these “late End of Day” records will be communicated to
other systems when they are available. In such cases the data transmitted
to clients (such as DWP) will be more than 24 hours old. Such transactions
will have the original timestamps from when they took place.
Signature Signature witnessed by
CSO1tA Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Beatrice Neneh Lowther
Signature Signature witnessed by
CSON1A Version 3.0 11/02
FUJ00122134
FUJ00122134
a
ra
Thomas Penny
From: Pinder Brian
Sent: 06 November 2005 18:26
To: Thomas Penn
Ce: Sewell Peter (FELO1)
Subject: FW: Witness Statement Mark-up
Penny
Apologies I seem to have missed you from this one, please note for your awareness of my views on the way ahead
with prosecution support / ARQ's / witness statements etc.
It is basically in response to Neneh's email to you re her comment to "cover for your absences and nothing more." and
in view of this comment I may need to fine tune the role however (see below) although I will add I do not envisage
anything major here or contentious arising from this, as we must cater for all eventuallities.
Regds Brian
From: Pinder Brian
Sent: 04 November 2005 08:29
To: Lowther Neneh
Cc: Sewell Peter (FELO1)
Subject: RE: Witness Statement Mark-up
Neneh ci Peter for info only
I note your concerns and agree we do need to review our liabilities particularly regarding submission of these
statements, but as per the Org Chart which Bill Mitchell produced to all some months ago, most roles are geared to
overlap to Cater for leave and sickness and any increased workload.
However in both yours & Penny's areas (which are of particular importance) I do envisage some job sharing as the . -
workload dictates, it is only prudent to be multitasking in areas of such importance and visability to the customer and
obviously this will be made easier once we are all based at Bracknell.
Hope this is helpful and beneficial but happy to discuss.
Regds Brian
Post Office Account Security -
FUJ00122134
FUJ00122134
Brian Pinder
‘Security Manager
Pete Sewell
Deputy Security
Manager & Projects
Manual Key Management
Pin Pad Security
Attalla Card Management
Trust Model Management
Service Introduction (Sy Co-ord)
Secure Code Signing Server
Risk Management
Information Security Audits
Physical Security
BS ISONEC 17799
Security Clearances
Security Pass Management
Security Project Management
Change Management
Fault Reporting - Peaks,
Incident Management
Penny Thomas
Prosecution
‘Support
Audit Retrieval Queries
NBX Queries
‘Ad Hoc Queries
Prosecution Support
Customer Liaison (POL Inv)
Security Clearance Requests
Security Pass Management
Subject Matter Requests
(DPA & FO!)
Change Management
Fault Reporting - Peaks,
Incident Management
Andy Dunks
Key Manager &
Vulnerability
Management
Neneh Lowther
Security
Administration &
User Management
Automated Key Management
KMA Event Management
Certificate Authority
SecurlD Management
Event Monitoring
Firewall Monitoring
BS ISO/EC 17799
Anti Virus
Vulnerability Management
Change Management
Fault Reporting - Peaks,
Incident Management
Security Administration
SecurlD Administration
Security Awareness and Tr
Security Documentation
Policy & Legal Compliance
Audit Retrieval Queries
NBX Queries
Ad Hoc Queries
BS ISO/IEC 17799
Vulnerability Management
Deputy Key Manager ~
Change Management
Fault Reporting - Peaks,
Incident Management
7 © Fujitsu Services 2004 April 2008 Post Office ~ Horizon Explained
From: Lowther Neneh
Sent 01 November 2005 11:28
To: Thomas Penny; Pinder Brian
Ce: Sewell Peter (FELO1)
Subject: RE: Witness Statement Mark-up
Hi, Penny,
I have looked at the WS and basically there is a lot of it you have issues it.
As you are the person doing the job now, I am happy to work with the final product when the amendments have been
made as I'm only hoping to cover for your absences and nothing more.
Kind regards,
Neneh
seer Original Message-
From: Thomas Penny
Sent: 31 October 2005 09:00
To: Pinder Brian
Cc
ewell Peter (FELO1); Lowther Neneh
Subject: Witness Statement Mark-up
Hi Brian
FUJ00122134
FUJ00122134
You asked me to mark up the standard witness statement with any concerns/comments I may have. This I
have done and attach.
<< File: Penny's template - marked.doc >>
Kind regards
Penny
Penny Thomas
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
Bite
a Fax:
I
Web: __<<http://services.fujitsu.com>>
Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this e-mail has not been intercepted and amended or that itis virus-free.
FUJ00122134
FUJ00122134
Thomas Penny
From: Thomas Penny
Sent: 31 October 2005 09:00
To: Pinder Brian
Ce: Sewell Peter (FELO1); Lowther Neneh
Subject: Witness Statement Mark-up
Hi Brian
You asked me to mark up the standard witness statement with any concerns/comments I may have. This I have done
and attac! .
w
Penny's template -
marked.doc
Kind regards
Penny
Penny Thomas
Customer Services - Post Office Account- Security
Fujitsu Services, Forest Road, Feltham, Middlesex, TW13 7HJ
Tel:
Fax:
es) penny.thomas¢
Web: shi =
ttp://services. fujitsu.com>
Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu:Services Ra
does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free. -
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a)
and 5B, MC Rules 1981, r 70)
Brian
You asked for my comments on this witness statement — here they are. Anything
highlighted means:-
! have made some comment in the text
Also, OBCS is now dead and network banking has taken its place. I believe that any
witness statement relating to data since network banking started to replace OBCS (date
unknown) should have a narrative explaining that process. Any statement relating to
data after OBCS ceased (I believe end May 05) should not contain OBCS statements.
Statement of Penelope Anne Thomas
Age if under 18 Over 18 (If over 18 insert ‘over 18')
This statement (consisting of I pages each signed by me) is true to the best of my knowledge and belief
and I make it knowing that, if it is tendered in evidence, I shall be liable to prosecution if I have wilfully
stated in it anything which I know to be false or do not believe true.
Dated the day of 20
Signature
A
I have been employed by Fujitsu Services, Post Office Account, formally ICL Pathway Ltd.,
since 20 January 2004 as an Information Technology (IT) Security Analyst responsible for audit
data extractions and IT Security. I have working knowledge of the computer system known as
Horizon, which is a computerised accounting system used by Post Office Ltd. I am authorised
by Fujitsu Services to undertake extractions of audit data held on the Horizon system and to
obtain information regarding system transaction information processed on the Horizon system.
B
Horizon’s documented processes relate to each Post Office outlet. They state that at each Post
Office, there are counter positions which each have a computer terminal, a visual display unit
Signature Signature witnessed by
CS011A (Side A) Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
and a keyboard and printer. This individual system records all transactions input by the counter
clerk working at that counter position. Each clerk logs on to the system by using their own
unique password. The transactions performed by each clerk, and the associated cash and
stock level information are recorded by the computer system in a stock unit. Once logged on,
any transactions performed by the clerk must be recorded and entered on the computer and
are accounted for within the user's allocated stock unit.
Signature Signature witnessed by
cso11A, Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Signature Signature witnessed by
cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
sHo¢altime] This has been the situation at (INSERT PO) (FAD ) since
(INSERT I INSTALLATION DATE) when the Horizon system was introduced at that particular
Post Office.
longer valid
K
I have access to reports that monitor faults, polling failures, equipment failures and calls for
advice and guidance logged by the Horizon System Helpdesk. During the ??? to ??? , there
an engineer and.I have no guidelines to support this statement.
L
When information relating to individual transactions is requested, the data is extracted from the
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
audit archive media via the Audit Workstations (AW’s). Information is presented in exactly the
same way as the data held in the archive although it can be filtered depending upon the type 0 of
What are these controls?
During audit data extractions the following controls apply :
1. Extractions can only be made through the AWs, which exist at Fujitsu Services, Forest Road,
Feltham, Middlesex, Fujitsu Services, Lovelace Lane, Bracknell, Berkshire Andithe stwd
fl Specifically, the Feltham and Bracknell AWs — where most
sporesra SATE
extractions take place — are located in a secure room subject to proximity pass access within
a secured Fujitsu Services site. - who has access to the AWs at the datacentres? Who
checks whether they have been used?
dedicated Logins, password control and the use of Microsoft Windows NT security features.
3. All extraction’s are logged on the AW and supported by documented Audit Record Queries
(ARQ’s), authorised by nominated persons within Post Office Ltd. This log can be scrutinised
on the AW.
4. Extractions are only made by authorised individuals.
5. Upon receipt of an ARQ from Post Office Ltd they are interpreted by CS Security. The details
are checked and the printed request filed.
6. The required files are identified and marked using the dedicated audit tools.
Signature Signature witnessed by
cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
no idea how they work
9. The specific ARQ details are used to obtain the specific data.
10.The files are copied to the AW where they are checked and converted into the file type
required by Post Office Ltd.
11.The requested information is copied onto removal CD media, sealed to prevent modification
and virus checked using the latest software. It is then despatched to the Post Office Ltd
Casework Manager using Royal Mail Special Delivery. This ensures that a receipt is provided
to Fujitsu Services confirming delivery.
M
ARQs 111-120/0506 were received on 18 May 2005 and asked for information in connection
with the Post Office at Rose Hill (FAD 173137). 1 produce a copy of ARQs 111-120/0506 as
Exhibit PT/01. On various dates and at various times between 18 May 2005 and 24 May 2005 I
undertook extractions of data held on the Horizon system in accordance with the requirements
of ARQs 111-120/0506 and followed the procedure outlined above. I produce the resultant CD
as Exhibit PT/02.
N
The report is formatted with the following headings:
ID — relates to counter position
User — Person Logged on to System
SU — Stock Unit
Signature Signature witnessed by
Cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Date — Date of transaction
Time — Time of transaction
Sessionld — A unique string relating to current customer session
Txnid — A unique string relating to current transaction
Mode — e.g. SC which translates to Serve Customer
ProductNo — Product Item Sold
Qty — Quantity of items sold
SaleValue — Value of items sold
Entry method - Method of data capture for OBCS Transactions (0 = barcode, 1 = manually
keyed, 2 = magnetic card, 3 = smartcard, 4 = smart key)
‘State — Method of manual keyed Entry Method (4 = encash, 5 = non-barcode)
!OP - Order Book Number
Result — Order Book Transaction.Result (1 = OK, 2 = impound, 3 = unreadable, 4 = invalid) *
Foreign Indicator — Indicates whether OBCS payment was made at a local or foreign outlet
(0- Local, 1- Foreign). The foreign indicator defaults to a ‘0’ for all manually entered
transactions.
The Event report is formatted with the following headings:
Groupid - FAD code :
ID - relates to counter position
Date — Date of transaction
Time — Time of transaction
User — Person Logged on to System
SU — Stock Unit
EPOSSTransaction.T — Event Description
EPOSSTransaction.Ti - Event Result
P
The CD (Exhibit PT/??) was sent to the Post Office Investigation section by Special Delivery on
DATE 2005.
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Q
There is no reason to believe that the information in this statement is inaccurate because of the
improper use of the computer. To the best of my knowledge and belief at all material times the
computer was operating properly, or if not, any respect in which it was not operating properly, or
was out of operation was not such as to effect the information held on if thold?a: resp
position in relationito: the! working®of the computen —I do not hold a responsible position in the
working of the Horizon system. I hold a responsible position in relation to the AW
Any records to which I refer in my statement form part of the records relating to the business of
Fujitsu Services. These were compiled during the ordinary course of business from information
supplied by persons who have or may reasonably be supposed to have personal knowledge of
the matter dealt with in the information supplied, but are unlikely to have any recollection of the
information or cannot be traced. As part of my duties, I have access to these records.
Signature Signature witnessed by
CSo11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, 89; MC Act 1980, ss 5A(3)(a)
and 5B, MC Rules 1981, r 70)
Brian
You asked for my comments on this witness statement — here they are. Anything
highlighted means:-
I have read this, but I have no firsthant ckground knowledge
I have made some comment in the text
Also, OBCS is now dead and network banking has taken its place. I believe that any
witness statement relating to data since network banking started to replace OBCS (date
unknown) should have a narrative explaining that process. Any statement relating to
data after OBCS ceased (I believe end May 05) should not contain OBCS statements.
Statement of Penelope Anne Thomas
Age if under 18 Over 18 (If over 18 insert ‘over 18')
This statement (consisting of I pages each signed by me) is true to the best of my knowledge and belief
and I make it knowing that, if it is tendered in evidence, I shall be liable to prosecution if I have wilfully
stated in it anything which I know to be false or do not believe true.
Dated the day of 20
Signature
A
I have been employed by Fujitsu Services, Post Office Account, formally ICL Pathway Ltd.,
since 20 January 2004 as an Information Technology (IT) Security Analyst responsible for audit
data extractions and IT Security. I have working knowledge of the computer system known as
Horizon, which is a computerised accounting system used by Post Office Ltd. I am authorised
by Fujitsu Services to undertake extractions of audit data held on the Horizon system and to
obtain information regarding system transaction information processed on the Horizon system.
B
Horizon’s documented processes relate to each Post Office outlet. They state that at each
Post Office, there are counter positions which each have a computer terminal, a visual display
unit and a keyboard and printer. This individual system records all transactions input by the
Signature Signature witnessed by
CS011A (Side A) Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
counter clerk working at that counter position. Each clerk logs on to the system by using their
own unique password. The transactions performed by each clerk, and the associated cash and
stock level information are recorded by the computer system in a stock unit. Once logged on,
any transactions performed by the clerk must be recorded and entered on the computer and
are accounted for within the user's allocated stock unit.
c
‘The Horizon system provides a number of daily and weekly
n enables Post Office users to 0 comput
ail transaction
summaries
ividual clients of Post
pI balance of cas
performed in that accounting period:
database and is printe
to the main accounting:departrient at Chesterfield
to be balanced: — I have never seen a report generated by Horizon nor the method for
obtaining one
E
The Post
applicatio
stions are provided through a series
ertains the validity of DWP order
é counter processin
Postmasters to Conduct general retail trade at the counter and sell pr
Clients; the Automated Payments Service (APS) provides support for utility companies and
mechanisms based on the: ind
let, principally to minimise cash held overnight in
outlets: The counter desktop service fice platform service on which itruns provides
Signature Signature witnessed by
cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
yarious common functions for transaction ‘recording an cissttiortient as well as.user access
ectly. All exceptions are investigated
udit archive media
(INSERT INSTALLATION DATE) when the Horizon system was introduced at that particular
Post Office.
Signature Signature witnessed by
sora, Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
ji
Office counter, or the order book details are.manually keyed into Horizon at the. Post Office
h _the national stop payment. lis
i is available to all Post Offices. However, certain: infor
top _payment listiis also downloaded to individue t_ Off ia
K
I have access to reports that monitor faults, polling failures, equipment failures and calls for
advice and guidance logged by the Horizon System Helpdesk. During the ??? to ??7, there
were ?? calls from name & fad code to the Helpdesk. None: of these calls relate to faults
which would I
not an engineer and I have no guidelines to support this statement.
egrity_of the information held on the system! - I am
L
When information relating to individual transactions is requested, the data is extracted from the
audit archive media via the Audit Workstations (AW’s). Information is presented in exactly the
same way as the data held in the archive although it can be filtered depending upon the type of
information requested.
Storage 4 rieval to subsequent despatch to the requester. Controls
Signature Signature witnessed by
cso11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
What are these controls?
During audit data extractions the following controls apply :
1. Extractions can only be made through the AWs, which exist at Fujitsu Services, Forest
Road, Feltham, Middlesex, Fujitsu Services, Lovelace Lane, Bracknell, Berkshire and
most extractions take place — are located in a secure room subject to proximity pass access
within a secured Fujitsu Services site. - who has access to the AWs at the datacentres?
Who checks whether they have been used?
cand the ples. ; This includes
dedicated Logins, password control and the use of Microsoft Windows NT security features.
3. All extraction’s are logged on the AW and supported by documented Audit Record Queries
(ARQ's), authorised by nominated persons within Post Office Ltd. This log can be scrutinised
on the AW.
4. Extractions are only made by authorised individuals.
5. Upon receipt of an ARQ from Post Office Ltd they are interpreted by CS Security. The
details are checked and the printed request filed.
6. The required files are identified and marked using the dedicated audit tools.
calculated when the files are retrieved!
f ie by the. ind
talculated -when:the file Was. originally written to the au
fia. The result is
fnaintained in a Check Seal Table. - I’m told that checksum seals are an algorithm but I
Signature Signature witnessed by
csot1A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
have no idea ‘how they work
9. The specific ARQ details are used to obtain the specific data.
I 10.The files are copied to the AW where they are checked and converted into the file type
required by Post Office Ltd.
11.The requested information is copied onto removal CD media, sealed to prevent modification
and virus checked using the latest software. It is then despatched to the Post Office Ltd
Casework Manager using Royal Mail Special Delivery. This ensures that a receipt is
provided to Fujitsu Services confirming delivery.
M
ARQs 111-120/0506 were received on 18 May 2005 and asked for information in connection
with the Post Office at Rose Hill (FAD 173137). I produce a copy of ARQs 111-120/0506 as
Exhibit PT/01. On various dates and at various times between 18 May 2005 and 24 May 2005 I
undertook extractions of data held on the Horizon system in accordance with the requirements
of ARQs 111-120/0506 and followed the procedure outlined above. I produce the resultant CD
as Exhibit PT/02.
N
The report is formatted with the following headings:
ID — relates to counter position
User — Person Logged on to System
SU — Stock Unit
Date — Date of transaction
Time — Time of transaction
Sessionld — A unique string relating to current customer session
Txnid — A unique string relating to current transaction
Mode — e.g. SC which translates to Serve Customer
ProductNo — Product Item Sold
Qty — Quantity of items sold
SaleValue — Value of items sold
Signature Signature witnessed by
CSO11A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Entry method - Method of data capture for OBCS Transactions (0 = barcode, 1 = manually
keyed, 2 = magnetic card, 3 = smartcard, 4 = smart key)
State — Method of manual keyed Entry Method (4 = encash, 5 = non-barcode)
IOP - Order Book Number
Result — Order Book Transaction Result (1 = OK, 2 = impound, 3 = unreadable, 4 = invalid)
Foreign Indicator — Indicates whether OBCS payment was made at a local or foreign outlet
(0- Local, 1- Foreign). The foreign indicator defaults to a ‘0’ for all manually entered
transactions.
The Event report is formatted with the following headings:
Groupid — FAD code
ID - relates to counter position
Date — Date of transaction
Time — Time of transaction
User — Person Logged on to System
SU — Stock Unit
EPOSSTransaction.T — Event Description
EPOSSTransaction.Ti — Event Result
p
The CD (Exhibit PT/??) was sent to the Post Office Investigation section by Special Delivery on
DATE 2005.
Q
There is no reason to believe that the information in this statement is inaccurate because of the
improper use of the computer. To the best of my knowledge and belief at all material times the
computer was operating properly, or if not, any respect in which it was not operating properly, or
Se
was out of operation was not such as to effect the information held on it. I hdld a resI
) the Working of the computer: — I do not hold a responsible position in the
working of the Horizon system. I hold a responsible position in relation to the AW
Any records to which I refer in my statement form part of the records relating to the business of
Signature Signature witnessed by
cson1A Version 3.0 11/02
FUJ00122134
FUJ00122134
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of Penelope Anne Thomas
Fujitsu Services. These were compiled during the ordinary course of business from information
supplied by persons who have or may reasonably be supposed to have personal knowledge of
the matter dealt with in the information supplied, but are unlikely to have any recollection of the
information or cannot be traced. As part of my duties, I have access to these records.
Signature Signature witnessed by
cSo11A Version'3.0 11/02