FUJ00152226 - Audit Data Extraction Process - v2.1
AU!
FUJ00152226
FUJ00152226
DIT DATA EXTRACTION PROCESS
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Document Title:
Document Reference:
Document Type:
Release:
Abstract:
Document Status:
Author & Dept:
External Distribution:
Security Risk
Assessment Confirmed
Approval Authorities:
AUDIT DATA EXTRACTION PROCESS
SVM/SEC/PRO/0018
Process
Not applicable
This document establishes the process undertaken by the Royal
Mail Group Account, Customer Service, Security Litigation Support
Section to provide audit data for despatch to authorised requesters
DRAFT
Kumudu Amaratunga
Jane Owen, POL Security Team
Yes
Name
Signature
See Dimensions for record
Keith Smiths
cS CISO
‘See HING-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on who should approve.
© Copyright Fujitsu Services Limited
2014
FUJITSU RESTRICTED (COMMERCIAL IN f
CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 1 of 10
FUJ00152226
FUJ00152226
oO AUDIT DATA EXTRACTION PROCESS
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0 Document Control
0.1 Table of Contents
0 DOCUMENT CONTROL.
0.1 Table of Contents.
0.2 Document History.
0.3 Review Details.
0.4 Associated Documents (Internal & External
0.5 Abbreviations.
0.6 Glossary...
0.7. Changes Expected.
0.8 Accuracy...
0.9 Security Risk Assessmen
1 INTRODUCTION
2
3
3.1 Audit Data Integ:
3.2. Archive Requirements and Support.
3.3 Retrieval of Audit Data..
3.4 Audit System Audit Trai
3.5 Retention of Retrieved Audit Data
4 AUTHORISED REQUESTS FOR AUDIT DATA......
4.1 Audit Record Query...
4.14 Specific Audit Record Query Request Detail
4.2 Banking Record Queries (BQs).
4.2.1 Specific BQ Request Detail
4.3 Internal (Fujitsu) Requests fo
4.3.1 Specific Internal (Fujitsu) Request Detai
4.4 Finalising and Returning the Audit Data.
441 Encryption of Data.......
44.2 Returning ARQ Requests.
4.4.3 Returning BQ Requests..
4.44 Returning Internal (Fujitsu) Requests.
4.5 Retention of Records...
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 2of10
FUJ00152226
FUJ00152226
oO AUDIT DATA EXTRACTION PROCESS
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0.2 Document History
Version No. Date Summary of Changes and Reason for Issue Associated Change -
CP/PEAK/PPRR
Reference
0.1 27-Oct-2009 —_I Initial Draft
02 25-Aug-2010 I For Review
03 13-SEP-2010 _ I Revised in response to comments
1.0 01-Mar-2011 I Approval version
14 14 Feb 12 For Review
2.0 23-Apr-2012 I Approval version. Includes additional section on Unauthorised
Requests inserted following review.
24 03 Sep 2014 I Annual review, name changes only.
0.3 Review Details
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on completing the lists below. You
may include additional reviewers if necessary, but you should generally not exclude any of the mandatory
reviewers shown in the matrix for the document type you are authoring.
Review Comments by
Review Comments to Kumudu.amaratung:
POADocumentManagement
Mandatory Review
Role Name
Security Operations Manager Kumudu Amaratunga
POA Quality Manager Bill Membery
Role Name
Andy Dunks Security Operations
Rajinder Bains Security Operations
Christine Philips Security Operations
Jason Muir Security Operations
distribution list to a minimum
Position/Role Name
(*) = Reviewers that returned comments
0.4 Associated Documents (Internal & External)
Reference Version Date
PGM/DCM/TEM/0001 I 7.0 3 Jun 2011 POA HNG-X Generic Document Dimensions
(DO NOT REMOVE) Template
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN.
oc CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 2.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2014
STORED PageNo: 30f10
FUJ00152226
FUJ00152226
oO AUDIT DATA EXTRACTION PROCESS
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
DEV/GEN/MAN/0015 I 3.1 8 Feb 2011 Audit Extraction Client User Manual Dimensions
SVM/SDM/SD/0017 3.1 Service Description for the Security I Dimensions
Management Service
SVM/SEC/POL/0003 I 5.2 POAA Information Security Polity Dimensions
SVM/SEC/PRO/0017 I 1.1 14 Feb 2012 Management of the Litigation I Dimensions
Support Service
CRIFSP/006 Audit Trail Functional Specification Dimensions
DEV/APP/SPG/0020 I 2.5 HNG-X Audit Server Support Guide Dimensions
DEV/APP/SPG/0016 I 3.1 8 Feb 2011 Audit Extraction Client Support Guide I Dimensions
Unless a specific version is referred to above, reference should be made to the current approved
versions of the documents.
0.5 Abbreviations
Abbreviation
Definition
ARQ An Audit Record Query that is not a Banking Transaction Record Query and
which relates to Transactions
AUW Audit Workstation
BQ Banking Record Query
cs Customer Services
POL Post Office Limited
POLIA Post Office Limited Internal Audit
POA Post Office Account
0.6 Glossary
Term
Audit Record Query
(ARQ)
Definition
An Audit Record Query that is not a Banking Transaction Record Query and
which relates to Transactions.
Audit Record Query
Form
The form used by POL to request detailed transaction data.
Banking Record Query
A Record query in respect of a Banking Transaction which the Data
Reconciliation Service has reconciled or has reported as an exception, the
result or records of which are subsequently queried or disputed by Post
Office Ltd or a third party.
Branch Code
A Post Office outlet unique identifier
Prosecution
Civil or criminal court or statutory tribunal proceedings related to
transactions or fraudulent actions conducted at a Post Office Outlet
0.7 Changes Expected
‘© Copyrignt Fujitsu
2014
eTVICE:
Timited
FUJITSU RESTRICTED (COMMERCIAL IN F
CONFIDENCE) Re SVM/SEC/PRO/0018
Version; 2.1
UNCONTROLLED IF PRINTED OR LOCALLY Date: 03-Sep-2014
STORED PageNo: 4 0f10
FUJ00152226
FUJ00152226
AUDIT DATA EXTRACTION PROCESS .
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0.8 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.9 Security Risk Assessment
Security risks have been assessed and it is considered that there are no security risks relating specifically to this
document.
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 5 of10
FUJ00152226
FUJ00152226
AUDIT DATA EXTRACTION PROCESS .
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
1 Introduction
The Horizon and Horizon Online system generates transaction data that is of interest to Post Office Ltd
Internal Audit (POLIA) and other groups. Subject to certain constraints the audit data must be made
available to POLIA or other authorised groups within timescales established in the Service Description
for the Security Management Service, SVM/SDM/SD/0017.
This document establishes the process for requesting audit data extractions and subsequent activities
undertaken to provide to authorised requesters.
This document is without prejudice to any of the parties and nothing contained herein shall be deemed or
construed as affecting contractual obligations or creating new contractual obligations between any of the
parties.
2 Scope
If future releases of Horizon Online introduce changes to the way that data is requested or extracted this
process will be updated to reflect those changes.
This process applies to all audit data extraction requests, namely:
e Audit Record Queries ( ARQs)
e Banking Record Queries (BQs)
e Internal Fujitsu requests
3 Audit Data
3.1 Audit Data Integrity
The integrity of audit data must be guaranteed at all times from its origination, storage and retrieval to
subsequent despatch to the requester. Controls have been established to provide assurances to POLIA
that this integrity is maintained.
During audit data extractions the following controls apply:
e Extractions can only be made via dedicated Audit Workstations (AUWs) which exist at Bracknell
and Lewes. The AUWs are subject to rigorous physical security controls, located in secure
rooms, in secure areas, subject to proximity pass access within a secured Fujitsu (UK & Ireland)
site.
e Logical access to the AUWs and their functionality is controlled by dedicated logins, 2-factor
authentication password control and is in accordance with the POA Information Security Policy,
SVM/SEC/POL/0003.
« All extractions are logged on the Audit System and supported by documented ARQs, BQs or
internal requests, all authorised by nominated persons within POL and Fujitsu. This log can be
scrutinised on the AUWs.
e Extractions will only be undertaken by individuals previously notified to POLIA. Currently this is
limited to the POA CS Security Litigation Support and the POA Audit Development personnel.
Any additions will be notified to POLIA in advance.
« Checksum seals are calculated for audit data files when they are written to audit archive and re-
calculated when the files are retrieved. The result is maintained in a check seal table.
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 6 of 10
FUJ00152226
FUJ00152226
oO AUDIT DATA EXTRACTION PROCESS
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
e Windows events generated by the counters within the branch/timeframe in question are checked
to ensure the counters were functioning correctly
e Agreement has been reached with POLIA regarding their rights to witness extractions without
warning or to request repeat extractions that they can witness.
3.2 Archive Requirements and Support
Historic Horizon and Horizon Online transaction data is held securely on the Audit Servers in accordance
with CR/FSP/006, Audit Trail Functional Specification. Audit data is archived in accordance with HNG-X
Audit Servicer Support Guide, DEV/APP/SPG/0020 and the audit extraction client is supported in
accordance with DEV/APP/SPG/0016, Audit Extraction Client Support Guide.
3.3 Retrieval of Audit Data
Archive audit data is retrieved in accordance with instructions contained in Audit Extraction Client User
Manual, DEV/GEN/MAN/0015.
3.4 Audit System Audit Trail
The audit trail records the date and time of each audit request process carried out on the Horizon Audit
System. The search criteria and request identifier shall be used to create the directory structure of each
audit trail. An audit trail is produced only when an audit request is marked as completed on the Extractor
Client. (The audit trail is not the Prosecution Support Database).
The Prosecution Support Databases hold information relating to when an ARQ, BQ or internal PEAK was
received, the SLA return date (if appropriate), who completed and checked the return.
3.5 Retention of Retrieved Audit Data
Retrieved data is held securely on the AUWs.
4 Authorised Requests for Audit Data
4.1 Audit Record Query
An AR@Q is a request to the Post Office Account (POA) for transaction data required to support a POL
investigation or litigation activity. The transaction data provided is held on the Audit Archive. The
request is received from the POL Casework Manager, or his nominated representative, and contains
specific search criteria. The stipulated criteria and the format of the returned data are as referenced in
the document Security Management Service - Service Description, SVM/SDM/SD/0017.
The agreed annual quotas and return timeframes for ARQ requests are as referenced in the document
Security Management Service - Service Description, SVM/SDM/SD/0017.
4.1.1 Specific Audit Record Query Request Detail
When creating a new request for a formal ARQ on the Audit Extraction Client the ‘requester’ selected is
‘POLIA’. This identifies the retrieval as a formal ARQ request from POL Casework Team.
4.2 Banking Record Queries (BQs)
ABQ is a request to POA for confirmation of transaction detail due to a query or dispute by POL or a
third party. Requests are only received from nominated representatives of Product & Branch
Accounting, Banking & Financial Services or Revenue Protection Departments.
Requests are received via e-mail.
The agreed annual quotas and return timeframes for BQ requests are as referenced in the document
Security Management Service - Service Description, SVM/SDM/SD/0017.
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED
PageNo: 7 of 10
FUJ00152226
FUJ00152226
oO AUDIT DATA EXTRACTION PROCESS
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
4.2.1 Specific BQ Request Detail
When creating a new request for a BQ on the Audit Extraction Client the ‘requester’ selected is ‘POCL
Other’. This identifies the retrieval as a formal BQ request from POL Financial Departments. The
stipulated criteria and the format of the returned data are as referenced in the document Security
Management Service - Service Description, SVM/SDM/SD/0017.
4.3 Internal (Fujitsu) Requests for Audit Data
Other internal agencies may require copies of historic records which are held only on the Audit Archive.
Requests are made via the internal PEAK system. The specific details required include outlet, branch
code, timeframe, output file, etc.
4.3.1 Specific Internal (Fujitsu) Request Detail
When creating a new request for an Internal (Fujitsu) request on the Audit Extraction Client the
‘requester’ selected is ‘Pathway SSC’. This identifies the retrieval as a formal Internal (Fujitsu) request.
4.4 Unauthorised Requests
In the event that direct contact is made with the Litigation Service from an external party, including, but
not limited to, the Police, Solicitors or Defence Teams, for audit data records they shall be referred to the
Post Office Limited Fraud Team at Salford.
4.5 Finalising and Returning the Audit Data
4.5.1 Encryption of Data
It is a mandatory requirement that all sensitive data communicated either by disc or e-mail is to be
encrypted. The PGP SDA Encryption tool has been selected for this use. The sender uses the
functionality of PGP encryption, producing an sda.exe file, which requires only the password for access
and decryption by the recipient. The recipient does not need PGP functionality.
See separate process, attached.
PGP SDA Encryption
Process. doc
4.5.2, Returning ARQ Requests
ARQ requests are burnt to CD and the CD prevented from accepting further files or records. The CD is
labelled and the relevant detail relating to the original request is written on it. The transaction data on
the CD is checked by another member of the team to ensure completeness of the return. The CD is also
checked for viruses before being sent via Royal Mail’s Special Delivery Service to the notified contact as
detailed in SVM/SEC/PRO/0017.
4.5.3 Returning BQ Requests
BQ requests are checked by another member of the team to ensure completeness of the return. The
response is then returned via e-mail to approved contacts.
4.5.4 Returning Internal (Fujitsu) Requests
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 8 of 10
FUJ00152226
FUJ00152226
AUDIT DATA EXTRACTION PROCESS .
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Files/records are returned to the requestor via the internal PEAK system.
4.6 Retention of Records
Detailed records are maintained on the Prosecution Support Databases relating to when an ARQ, BQ or
internal PEAK was received, the SLA return date (if appropriate), who completed and checked the
return, and when and how it was returned.
© Copyright Fujitsu Services Limited FUJITSU RESTRICTED (COMMERCIAL IN f
2014 CONFIDENCE) Ref SVM/SEC/PRO/0018
Version: 24
UNCONTROLLED IF PRINTED OR LOCALLY __ Date’ 03-Sep-2014
STORED PageNo: 9 of 10