oO
FUJITSU
FUJITSU SERVICES
MANAGEMENT OF THE PROSECUTION
SUPPORT SERVICE FOR AUDIT RECORD
QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2.1
Date: 6/06/07
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Distribution:
External Distribution:
MANAGEMENT OF THE PROSECUTION SUPPORT
SERVICE FOR AUDIT RECORD QUERIES
Procedure
N/A
This document outlines the end-to-end procedures required to
manage and deliver the Prosecution Support Service for Audit
Record Queries
Draft
Penny Thomas (CS Security)
Neneh Lowther, Alan Holmes
Pete Sewell, Neneh Lowther, Andy Dunks
Graham Ward, Post Office Limited, Security Team
Approval Authorities: (See PA/PRO/010 for Approval roles)
Name Position Signature Date
Naomi Elliott CS Director
Pete Sewell CS Deputy Security Manager
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 1 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJITSU
FUJITSU SERVICES
MANAGEMENT OF THE PROSECUTION
SUPPORT SERVICE FOR AUDIT RECORD
QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2.1
Date: 6/06/07
0.0 Document Control
0.1 Document History
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Version No. I Date Reason for Issue Associated
CP/Peak
0.1 11/02/02 Initial Draft
0.2 24/10/02 Incorporation of comments afier initial review.
Amendment to signed contract.
03 15/11/02 Incorporate comments afier review
1.0 26/11/02 Version for approval
Ll 02/02/05 Update to reflect current changes
2.0 29/02/05 Version for approval
21 6/06/07 For approval after review
0.2 Review Details
Review Comments by : I Date
Review Comments to: I Originator
Mandatory Review
CS Deputy Security Manager Pete Sewell
Horizon and HNG-X Principal Security I Jim Sweeting
Architect
Optional Review
Audit Alan Holmes
Senior Commercial Manager Hilary Forrest
Issued for Information — Please restrict this
distribution list to a minimum
Position Name
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 2 of 24
FUJ00122366
FUJ00122366
oO. MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
(*) = Reviewers that returned comments
0.3 Associated Documents
Reference Version I Date Title Source
PA/TEM/001 8.0 19/12/02 Fujitsu Services Document PVCS
Template
CR/FSP/006 Audit Trail Functional
Specification
NB/SDS/004 System Design Specification
for Network Banking
Reconciliation
TA/PRO/004 Audit Data Extraction Process
Unless a specific version is referred to above, reference should be made to the current
approved versions of the document
0.4 Abbreviations/Definitions
Abbreviation
Definition
Audit Record Query
(ARQ)
A Record Query that is not a Banking Transaction Record Query
and which relates to Transactions.
cs Customer Services
Banking Transaction I A Record Query in respect of a Banking Transaction which the Data
Record Query Reconciliation Service has reconciled or has reported as an
exception, the result or records of which are subsequently queried or
disputed by Post Office Ltd or a third party
Branch Code A Post Office outlet unique identifier.
HSH Horizon System Helpdesk
Prosecution Civil or criminal court or statutory tribunal proceedings related to
Transactions or fraudulent actions conducted at a Post Office Outlet
Old Format Queries
The extraction of records created before commencement of
Network Banking Pilot (Soft Launch) relating to Transactions
(other than Banking Transactions) meeting the Search Criteria, such
extraction being limited to the following specific types of
information/data fields: the ID for the user logged-on, Counter
Position ID, stock unit reference, Transaction ID, Transaction start
time and date, Customer Session ID, mode (e.g. serve customer),
product number and quantity, and sales value
POL
Post Office Limited
©Copyright Fujitsu Services Ltd 2007
(Security Classification) Page: 3 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
oO. MANAGEMENT OF THE PROSECUTION Ref: ~NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
PSS Royal Mail Group Account Prosecution Support Section
PSS Day Between 09:00 and 17:30 Monday to Friday excluding English
Bank Holidays.
Record Query The extraction of records created after commencement of Network
Banking Pilot (Soft Launch) in accordance with the terms paragraph
7.3 of NOI relating to Banking Transactions and, in the case of
Audit Record Queries relating to all Transactions meeting the
Search Criteria, such extraction being limited to specific types of
information/data fields.
Audit Record Query I The form used by POL to request detailed transaction data.
Form
Rolling Year Any Record Queries received over the yearly limit shall be seen as
the following year’s requests and as such will not be processed until
the following year. In other words, they will be rolled over in to the
following year’s requests.
Search Criteria Means either of:
(a) date range (not exceeding 31 consecutive days),
Outlet and PAN(or equivalent identifier); or
(b) date range (not exceeding 31 consecutive days), and
Outlet,
which may be specified for an Audit Record Query.
0.5 Changes in this Version
Version Changes
2.0 Update to reflect new ARQ contract details
Minor typo errors
Minor changes to internal work processes
2.1 For approval after review
0.6 Changes Expected
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 4 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
food MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
Changes
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 5 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
2. MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
Table of Contents
1.0 INTRODUCTION...
2.0 SCOPE...
3.0 AUDIT RECORD QUERIES
3.3. SEARCH CRITERIA.. wn
3.4 FORMAT FOR AUDIT RECORD QUERY REQ
3.5 EXCLUSIO!
4.0 PROSECUTION SUPPORT......
4.1 SCOPE.
5.0. NOTIFICATION PROCESS....
51 CONTACT POINTS......
1.1 Post Office Ltd...............
1.2 The Royal Mail Group Account
5
5
2 REQUEST PROCESS...
5
6.0 MANAGEMENT PROCESS.....
6.1 CONTINUITY OF EVIDENCE .....
6.2 PROSECUTION SUPPORT DATABASE.
7.0 PROSECUTION SUPPORT PROCESS...
7.1. AUDIT RECORD QUERY.
7.1.1 Identify Search Criteria
7.1.2 Create Audit trail of request
7.1.3 Search for files required to comp!
7.1.4 — Select and retrieve file:
7.1.5 Generate messagestore.
7.1.6 Rquery to spreadsheet.
7.1.7 Burn closed CD-W...
Virus and Data chec!
2.1 Check Horizon System Helpdesk Logs
7.2.2 Analysis of Non-polling reports.
7.2.3 Analysis of Fault logs........
7.24 Complete Witness Statement of Fact
7241 Witness Statement of Fact
7.24.2 Court attendance in support of a Witness Statement of Fact......
7.2.5 Provision of Exhibits .
7.2.6 Exhibit Labels.......
7.2.7 Despatch ..
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 6 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
fo] MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
7.3 PROSECUTION SUPPORT RESOLUTION TIME SCALES
8.0 ADDITIONAL PROSECUTION SUPPORT ....
8.1 AUDIT RECORD QUERIES,
8.2. EXPERT WITNESS STATEMENT.
8.3. COURT ATTENDANCE IN SUPPOI
9.0 APPENDICES...
9.1 APPENDIX 1
9.2 APPENDIX 2
9.3. APPENDIX 3
9.4 APPENDIX 4
[ OF AN EXPERT WITN!
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 7 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
1.0 Introduction
The Network Banking Prosecution Support Service was introduced in response to Network
Banking Requirements 260 and 315. The scope of the Service is outlined in Schedule NO1 of
the Codified Agreement in the Section entitled “Jnformation Retrieval and Audit”.
This document was intended to assist the management and delivery of the service necessary
to support Post Office Ltd in respect of criminal prosecution or civil litigation for the Horizon
solution.
Audit Record Query requests are received, documented, extracted from the Audit Archive
and progressed to resolution, as is the production of evidence and witness statements in
support of prosecutions.
This document is without prejudice to any of the parties and nothing contained herein shall be
deemed or construed as affecting contractual obligations or creating new contractual
obligations between any of the parties.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 8 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
. MANAGEMENT OF THE PROSECUTION Ref; NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
2.0 Scope
This document sets out the procedures to be adopted by the Royal Mail Group Account’s
Prosecution Support Section (PSS) for managing and dealing with Audit Record Queries
(ARQs) for investigation and prosecution support purposes, including the:
e Undertaking of ARQs;
e Presentation of transaction records extracted by ARQs;
e Analysis of appropriate records and logs;
¢ Preparation of witness statements of fact in relation to ARQs;
e Attendance at Court by relevant employees to give evidence in respect of witness
statements;
e Undertaking of additional litigation/prosecution support activities as may be requested on
a case-by-case basis on the instruction of Legal Counsel.
It is recognised that it is not always possible to deliver a standardised response to all
prosecution related ARQs. However, a comprehensive set of standard data information
requests have been agreed and have proven to satisfy the majority of cases. The exceptions
are dealt with on a case by case basis. These procedures can therefore provide a flexible
approach to the provision of prosecution support.
ARQs in support of potential prosecutions will be obtained solely from the Horizon System
Audit Archive / Server. The method by which the integrity of this data is protected is
described in the Audit Trail Functional Specification. Evidence in support of data integrity
will be sourced from Audit Archive / Server and the Royal Mail Group Account’s business
logs. All access to audit data is restricted to named individuals via dedicated workstations
located in a secure environment. Supporting evidence is sourced from relevant business
records and logs.
Requests for Information will fall into two general categories:
a Audit Record Query
This involves the extraction from the audit archive of records relating to data for a
particular outlet.
a Witness Statement.
This request requires the provision of a witness statement of fact in support of data
extracted or records reviewed.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 9 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
3.0 Audit Record Queries
3.1 Scope
An ARQ is an extraction from the Audit Archive of records relating to transactions which
meet specific search criteria. ARQs may be undertaken to provide transaction and other
details required to facilitate an investigation or in support of a prosecution.
Throughout this document the term Audit Record Query is used to refer to an extraction of
data from the Audit Archive.
3.2 Limits on Audit Record Queries.
The number of ARQs requested by Post Office Ltd in connection with investigation or
prosecution shall be as referenced in the Service Description for the Security Management
Service CS/SER/-16.
3.3 Search Criteria
The search criteria for ARQs in support of prosecution are either:
(a) Date or dates (not exceeding 31 consecutive days), Outlet and PAN (or equivalent
identifier)
Or;
(b) Date or dates (not exceeding 31 consecutive days), and Outlet.
which may be specified for an ARQ.
Each ARQ shall cover a date range of up to and including 31 consecutive days. Individual
dates or multiple date ranges can be accommodated provided that the overall timeframe
requested does not exceed 31 consecutive days for each ARQ.
Each ARQ shall relate only to an individual Outlet.
Originally, ARQs were limited to ten data fields, the Royal Mail Group Account has
developed the requests made by POL and has significantly enhanced the original provision.
3.4 Format for Audit Record Query Requests
ARQs in connection with prosecutions shall be made via the Audit Record Query Form.
Post Office Ltd will specify the following details for each ARQ:
a Date of request
a Outlet name and Branch code
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 10 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
Date range, the maximum date range for each ARQ is 31 consecutive days.
General requirements. This includes the required attributes associated with the ARQ.
Q Output format required. This is normally a standard Excel 97 version with separate
columns for each attribute requested.
Each ARQ shall be allocated a unique identifier to facilitate the logging and monitoring of
work carried out. The identifier shall be “ARQ” followed by a sequential number starting
from 1 (1 to nnnn) for each financial year. This will provide the audit trail information
necessary to ensure continuity of evidence if required later at a court or tribunal.
The agreed Audit Record Query (ARQ) Form is at Appendix 1.
3.5 Exclusions
ARQs in connection with Disputed Banking Transactions are not covered in this document.
Refer to NB/PRO/002.
3.6 Audit Record Query Resolution Time Scales
The resolution timeframes for ARQs shall be as referenced in the Service Description for the
Security Management Service CS/SER/-16.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 11 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
food MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.4
FUJITSU SERVICES QUERIES °
(Security Classification) Date: 6/06/07
4.0 Prosecution Support
4.1 Scope
The Royal Mail Group Account shall, in relation to an ARQ and at the request of Post Office
Ltd:
a Analyse appropriate Horizon Help Desk calls, as requested
Q_ Provide witness statements of fact in relation to an ARQ
a Attend Court in order to give evidence in support of a witness statement.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 12 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
5.0 Notification Process
5.1. Contact Points
5.1.1 Post Office Ltd
All ARQs in conjunction with investigation and or prosecution must be authorised by the
Post Office Ltd Security Team.
Requests will be accepted only from the Post Office Ltd’s Casework Manager or his deputy.
The Post Office Ltd Casework Manager will advise the Royal Mail Group Account’s
Prosecution Support of named deputies, authorised to request ARQs.
5.1.2 The Royal Mail Group Account
Post Office Ltd will submit all requests for ARQs in connection with investigation and
prosecution to:
Customer Service Prosecution Support Section,
Fujitsu Services
Lovelace Road
Bracknell
Berkshire RG12 8SN
The Audit Record Query will be sent via email to the nominated team.
5.2 Request Process
Post Office Ltd will complete an ARQ form and email it to the nominated team. The details
of the request and the date of receipt shall be recorded in the Prosecution Support Database.
Post Office Ltd will also keep a log of all requests made to the PSS.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 13 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
2 MANAGEMENT OF THE PROSECUTION
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD
FUJITSU SERVICES QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2.1
Date: 6/06/07
6.0 Management Process
6.1 Continuity of Evidence
Where possible a member of the PSS Team will undertake the entire end to end prosecution
support process.
6.2 Prosecution Support Database
The Database shall track when the request was received, the SLA return timeframe, who
completed the request, when it was started and when it was completed, who checked the data
and when the disc was posted to POL.
©Copyright Fujitsu Services Ltd 2007 (Security Classification)
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Page: 14 of 24
2 MANAGEMENT OF THE PROSECUTION
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD
FUJITSU SERVICES QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2,1
Date: 6/06/07
©Copyright Fujitsu Services Ltd 2007 (Security Classification)
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Page: 15 of 24
FUJITSU
FUJITSU SERVICES
QUERIES
(Security Classification)
MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
SUPPORT SERVICE FOR AUDIT RECORD
Version: 2,1
Date: 6/06/07
7.0 Prosecution Support Process
Audit Record
Query request
Identify Search Criteria
Create Audit Trail of Request.
‘orm
Audit Record Query
Fe
Request
Check Horizon System Helpdesk
calls, if required
I
Search for files required to
complete request
System automatically
logs date and time of
each process to an
“Audit Trail”
Check non-polling reports, if
required
I
Select and retrieve files
Generate Message Store
Rquery to spreadsheet
Bum ‘closed’ CD
Anti Virus and cheek CD.
Despatch of CD
Check appropriate Peak logs, if
required.
I
Complete witness statement of fact
I
Complete Exhibit Labels
I
Despatch to PO Lid
©Copyright Fujitsu Services Ltd 2007
(Security Classification)
Page: 16 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
7.1 Audit Record Query
TAA Identify Search Criteria
The team member allocated to the request shall identify the search criteria from the ARQ
form.
712 Create Audit trail of request
The Horizon Audit System provides an audit trail. The audit trail records the date and time of
each process carried out on the Horizon Audit System to complete the ARQ. The search
criteria and ARQ identifier shall be used to create the directory structure of each audit trail.
An audit trail is produced only when an ARQ is marked as completed on the Extractor Client.
(The audit trail is not the Prosecution Support Database). The audit trail is used to attest to
the integrity of data held on the Horizon Audit System and data extracted for ARQs.
The Prosecution Support Database holds information relating to when the ARQ was received,
the SLA return date, who completed the request, when they started and completed the
request, who checked the data and when the disc was sent to POL.
TAS Search for files required to complete request
A search for files required to complete the request shall be initiated using the audit extractor
GUL.
7.14 Select and retrieve files
Once the search has completed and returned the results each required file shall be marked for
selection and then selection will be initiated. Files extracted to the server shall be seal
checked as they are extracted. This check confirms that the data has not been altered from
the time the transaction first originated to the time it was stored. After the files have been
extracted the operator shall check the seal status and ensure all seals match.
TAS Generate messagestore
A messagestore of the selected files shall be initiated on the operator’s local machine using
the files extracted to the audit server.
7.16 Rquery to spreadsheet
Once the messagestore has been successfully generated, the Rquery tool shall be used to
select the files as per the search criteria set out in the ARQ. The Transaction records
extracted for the ARQ are exported by the Rquery tool to an Excel 97 Format.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 17 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
717 Burn closed CD-W
Once the data is complete and formatted it shall be burnt to ‘closed’ CD-W along with a word
document that shall provide an explanation of the format in which the data is provided. The
CD-W will be labelled, and written on the label shall be the ARQ reference number, the
Branch name and code, the SLA due date, the name of the PSS employee who compiled the
data and the date it was completed, the date range requested and the name of the PSS
employee who checked the data and the date on which it was checked.
718 Virus and Data check
The word document held in the ARQ directory on the CD-W shall also contain reference to
the anti virus software used to check the CD-W. The CD-W shall be checked for viruses
after the data has been written to it and before sending it to Post Office Ltd. The retrieved
data is checked by another member of the PSS team prior to despatch.
79 Despatch
The CD-W shall be sent to the POL Casework Manager by Royal Mail’s Special Delivery
Service. Appropriate packaging for the CD-W will be used to help protect against damage in
transit.
7.2 Prosecution Support
Quotas for all Prosecution Support activities shall be as referenced in the Service Description
for the Security Management Service CS/SER/-16.
7.21 Check Horizon System Helpdesk Logs
Problems or faults at a Post Office outlet logged with the Horizon System Helpdesk may be
required by POL and if so, logs will be examined using the search criteria specified in an
ARQ to assess whether the outlet was functioning effectively.
The logs are accessed through the web-based program, Powerhelp. PSS shall use the
specified outlet and date range as requested in the ARQ search criteria to search Powerhelp
for any calls logged for the outlet in the date range required. The log of calls to the Horizon
System Helpdesk details incidents of error, inaccuracy or malfunction pertaining to individual
sites, the equipment, services and those individuals concerned.
7.2.2 Analysis of Non-polling reports
Non-polling reports may be required and if so they shall be reviewed for the outlet in
question, for all days within the date range specified.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 18 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
7.2.3 Analysis of Fault logs
If requested, all relevant Powerhelp calls will be reviewed to identify any recorded faults, that
might affect the integrity or admissibility of the audit archive from which the ARQs are
extracted.
7.24 Complete Witness Statement of Fact
PSS will provide witness statements to support data or records retrieved, as requested.
7241 Witness Statement of Fact
Any material or otherwise pertinent information shall be recorded and included in the
relevant witness statement of fact.
Requirements for witness statements explaining the extraction of audit data from Horizon in
response to an ARQ shall, where possible, be completed by the individual from PSS who
completed the request.
The statement shall follow the standard format and layout for witness statements of fact
provided in evidence. The contents of these statements may vary depending on the specific
requirements of the case and the knowledge of the witness providing the statement.
However, a standard witness statement of fact has been agreed with POL and is provided at
Appendix 2. The standard ‘Side B’ document which accompanies all witness statements is
provided at Appendix 3.
7.2.4.2 Court attendance in support of a Witness Statement of Fact
The author of a witness statement of fact may be required to attend Court in order to bear
testimony to the facts.
7.25 Provision of Exhibits
Evidence provided in support of prosecutions generally comprise one or more of the
following:
a CD-W containing transaction data
Copies of relevant ARQ request forms
a
a Horizon System Helpdesk logs
a Non-polling reports
a
Fault logs
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 19 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
7.26 Exhibit Labels
All evidence referred to in the witness statement of fact will require an Exhibit Label. This
allows for the evidence to be clearly identified. An example is provided at Appendix 4.
7.2.7 Despatch
Evidence from Horizon System Helpdesk logs, non-polling reports, fault and event logs shall
be given an exhibit number and, along with the witness statements of fact, be posted to the
Post Office Ltd Casework Manager via Royal Mail’s Special Delivery Service. Appropriate
packaging of the statements, reports etc. will be used to help protect against damage in
transit.
7.3 Prosecution Support Resolution Time Scales
Prosecution Support is not subject to resolution timeframes but The Royal Mail Group
Account shall use reasonable endeavours to meet dates notified by Post Office Ltd for the
production of this material.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 20 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
8.0 Additional Prosecution Support
There may be occasions when information is requested which exceed that provided by the
standard Prosecution Support Service. This shall be dealt with on a case by case basis and in
accordance with the Change Control Procedure.
8.1 Audit Record Queries
ARQ retrievals beyond that specified under contract shall be agreed on a case-by-case basis
and shall be dealt with in accordance with Change Control Procedures.
8.2 Expert Witness Statement
To offer all the available evidence without it being requested would only serve to flood the
courtroom with documentation. For this reason expert in depth analysis and detailed “expert”
witness statements (as opposed to witness statements of fact) are rarely required.
It is however conceivable that in certain cases the prosecution may require detailed analysis
of a certain issue or function of the system and, given the size and complexity of the Horizon
System, it may be necessary to call upon the assistance of an expert in that field. In these
cases additional, granular detail about the technical working and integrity of various systems
that constitute the Horizon System may be required.
Expert witnesses could comprise anyone within the Royal Mail Group Account or it’s
approved contractors who could be called upon to provide and testify to this additional
evidence.
Expert witnesses could be called upon to provide for example:
Q Operational logs and shift hand over documentation to demonstrate consistent operation
and availability of the service;
Secure NT, Dynix and SecurID definitions;
Details of information flows throughout the system;
Details of cryptographic key controls and other confidentiality, integrity and availability
issues;
Q Provision of specific Tivoli and other system security event files;
a Subsequent analysis of this data.
Whilst this type of detail is specifically excluded from the standard evidential requirements
included at paragraphs 7.2.1 to 7.2.4, the Royal Mail Group Account will endeavour to
provide support of this granular level of evidence on an agreed case by case basis and shall be
dealt with in accordance with the Change Control Procedure. Again, The Royal Mail Group
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 21 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJ00122366
FUJ00122366
eo MANAGEMENT OF THE PROSECUTION Ref: NB/PRO/003
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD Version: 2.1
FUJITSU SERVICES QUERIES *
(Security Classification) Date: 6/06/07
Account shall use reasonable endeavours to meet dates notified by Post Office Ltd for the
production of this material.
8.3. Court Attendance in support of an Expert Witness
Statement
Attendance at Court in support of an expert witness statement shall also be considered on
production of an appropriate Change Request. The Royal Mail Group Account’s charges for
assistance in this respect shall be calculated on the basis of the rates set out in Schedule A12.
©Copyright Fujitsu Services Ltd 2007 (Security Classification) Page: 22 of 24
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
FUJITSU
FUJITSU SERVICES
MANAGEMENT OF THE PROSECUTION
SUPPORT SERVICE FOR AUDIT RECORD
QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2.1
Date: 6/06/07
9.0 Appendices
9.1 Appendix 1
La
ARQ Form blank.doc
9.2 Appendix 2
‘Standard Witness
Staterrent V6 .doc
9.3. Appendix 3
Witness Statement
‘Standard Side B.doc
9.4 Appendix 4
Exhibit Label.doc
©Copyright Fujitsu Services Ltd 2007
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
(Security Classification)
Page: 23 of 24
2 MANAGEMENT OF THE PROSECUTION
FUJITSU SUPPORT SERVICE FOR AUDIT RECORD
FUJITSU SERVICES QUERIES
(Security Classification)
FUJ00122366
FUJ00122366
Ref: NB/PRO/003
Version: 2,1
Date: 6/06/07
©Copyright Fujitsu Services Ltd 2007 (Security Classification)
(CONTRACT CONTROLLED - Leave Blank if Not Applicable)
Page: 24 of 24