FUJ00152235
FUJ00152235
MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Document Title:
MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
Document Reference: SVM/SEC/PRO/0017
Release:
Abstract:
Document Status:
Author & Dept:
Not Applicable
This document describes the Management of the Litigation Support
Service
WITHDRAWN
Penny Thomas, CS Security
External Distribution: Jane Owen, POL Security Team
Security Risk
Yes
Assessment Confirmed
Approval Authorities:
Name Role Signature Date
Peter Thompson POA Hosting and Networks
Howard Pritchard CcISO
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on who should approve.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 1 of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE .
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0 Document Control
0.1 Table of Contents
0 DOCUMENT CONTROL.........cccssssssseessssseseseesessseessssessesescessssnscsenensneesesseetseasasees
0.1 Table of Contents.
0.2 Document History.
0.3. Review Details..
0.4 Associated Documents (Internal & External).
0.5 Abbreviations.
0.6 Glossary...
0.7. Changes Expecte
0.8 Accuracy.....
0.9 Security Risk Assessment.
1 INTRODUCTION........cccsssssssseseseseecsssessscsnssssssssssesesseseacasaenensaearesssensasseseeneenetees
2 — SCOPE... sesesesscsesssssesssesssssseseseesesensscscscsesseecscsssssnsneseasasacsveneneanesersensaeesesassneseasasens
3 AUDIT RECORD QUERIES (ARQS).....:::sssssssssssssessesensseeeeeenserecesesessesenesesseneeeserer
3.1 Format for ARQ Requests.
3.2. Exclusions... eee
4 AUDIT DATA RETRIEVAL.........ccccsscssssssssessessenessseassnsessescasseensesenseansessensasanseseeess
41 Despattch........ccceccceeceeeeee
5 LITIGATION SUPPORT SERVICE........cccsssssssssssseseesesseretsereesensseesessnsnesacaseneeeenen
5.1 Witness Statement of Fact............
5.2 Court Attendance in support of a Wi
5.3. Provision of Exhibits......
5.4 Litigation Support Resol: n Time Scales.
5.5 Contact from External Parties.
ess Statement of Fact.
6 DETAIL RETENTION/LITIGATION SUPPORT DATABASE
6.1 Process for ARQ CancellationS...........+:+0
7 ADDITIONAL LITIGATION SUPPORT.
7.1 ARQ Requests...
7.2 Expert Witness
7.3. Court Attendance in support of an Exper!
8 NOMINATED CONTACT........ccscscssssesssesesesessssssssssssssssseseassesescseenensesneeeneseeeaseseeee 9
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY _ Date: 23-Apr-2012
STORED PageNo: 2of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
8.1
8.2
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 30f 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
0.2 Document History
Version No. Date Summary of Changes and Reason for Issue Associated Change -
CP/PEAK/PPRR
Reference
4 20 Oct 2009 Initial Draft
1.0 27 Oct 2009 For Approval
14 14 Feby2012 Review
2.0 23-Apr-2012 _I Approval version
wo 03-Aug-2020 I WITHDRAWN: refer to SVM/SDM/SD/0017 and
SVM/SEC/PRO/0018. Jason Muir, 05-Jun-2020
0.3 Review Details
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on completing the lists below. You
may include additional reviewers if necessary, but you should generally not exclude any of the mandatory
reviewers shown in the matrix for the document type you are authoring.
Review Comments by
POADocumentmanagement!
Review Comments to
Mandatory Review
Role Name
CS Security Operations Manager Donna Munro
POA Quality Manager Bill Membery
Role Name
Commercial Manager Tim Healy
Security Operations Andy Dunks
Security Operations Rajbinder Bains
Issued for Information — Please re
distribution list to a minimum
Position/Role Name
(*) = Reviewers that returned comments
0.4 Associated Documents (Internal & External)
Reference Versior Date Title Source
PGM/DCM/TEM/0001 I 7.0 03 June 2011 POA HNG-X Generic Document Dimensions
(DO NOT REMOVE) Template
CR/FSP/006 Audit Trail Functional Specification
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY __ Date: 23-Apr-2012
STORED PageNo: 4of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
SVM/SDM/SD/0017 Service Description for the Security I Dimensions
Management Service
SVM/SEC/PRO/0018 Audit Data Extraction Process Dimensions
POA Change Control Procedure Dimensions
Unless a specific version is referred to above, reference should be made to the current approved
versions of the documents.
0.5 Abbreviations
Abbreviation
Definition
ARQ A Record Query that is not a Banking Transaction Record Query and which
relates to Transactions
cs Customer Services
POL Post Office Limited
POA Post Office Account
0.6 Glossary
Term
Audit Record Query
(ARQ)
Definition
A Record Query that is not a Banking Transaction Record Query and which
relates to Transactions.
Audit Record Query
Form
The form used by POL to request detailed transaction data.
Banking Record Query
A Record query in respect of a Banking Transaction which the Data
Reconciliation Service has reconciled or has reported as an exception, the
result or records of which are subsequently queried or disputed by Post
Office Ltd or a third party.
Prosecution
Civil or criminal court or statutory tribunal proceedings related to
Transactions or fraudulent actions conducted at a Post Office Outlet
0.7 Changes Expected
0.8 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.9 Security Risk Assessment
© Copyright Fujitsu Service Limited 2012
FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 5 of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Security risks have been assessed and it is:considered that there are no security risks relating specifically to this
document.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 6 of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
1 Introduction
This document is intended to assistin the management and delivery of the service required to support
Post Office Limited (ROL) in respect of criminal and/or civil litigation for the Horizon and Horizon Online
solutions. This service was introduced in response to Network Banking Requirements 260 and 315 and
this document is derived fromthe Horizon document NB/PRO/003
The defined detail of the Service is outlined in SVM/SDM/SD/0017.
This document is without prejudice to any of the parties and nothing contained herein shall be deemed or
construed as affecting contractual obligations or creating new contractual obligations between any of the
parties.
2 Scope
Audit Record Query (ARQ) requests are received, documented, interpreted and transaction data is
extracted from the Audit Archive and progressed to resolution.
Accomprehensive set of standard data information requests has been created and agreed with POL. In
the majority of cases these returns satisfy POL requests for transaction data and exceptions are dealt
with on a case by case basis. These procedures can therefore provide a flexible approach to the
provision of litigation support.
ARQ requests in support of potential litigation will be obtained solely from the Audit Archive / Server.
The method by which the integrity of this data is protected is described in the Audit Trail Functional
Specification, CRFSP6.
Requests for evidence and witness statements in support of litigation activity are received and provided.
3 Audit Record Queries (ARQs)
An AR@Q is a request to the Post Office Account (POA) for transaction data required to support a POL
investigation or litigation activity. This transaction data is held on the Audit Archive. The request is
received from the POL Casework Manager, or his nominated representative, and contains specific
search criteria. The stipulated criteria and the format of the returned data are as referenced in the
document Security Management Service - Service Description, SVM/SDM/SD/0017.
The agreed annual quotas and return timeframes for ARQ requests are as referenced in the document
Security Management Service - Service Description, SVM/SDM/SD/0017.
3.1 Format for ARQ Requests
ARQ requests in connection with litigation activity are made via an ARQ Form; the agreed detail of the
request is as referenced in the document Security Management Service - Service Description,
SVM/SDM/SD/0017.
POL will allocate a unique identifier to each request. This number will be retained by POA and will form
the basis of an audit trail for each request.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 7 of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
3.2 Exclusions
Transaction requests in connection with Disputed Banking Transactions are not covered in this
document.
4 Audit Data Retrieval
The process for.retrieval of audit data through to production of CD is described in the process
SVM/SEC/PRO/0018 Audit Data Extraction Process.
4.1 Despatch
The CD shall be sent to the POL Casework Manager via Royal Mail's Special Delivery Service.
5 Litigation Support Service
The full service provided by POA is as referenced in the document Security Management Service -
Service Description, SVM/SDM/SD/0017.
5.1 Witness Statement of Fact
POA will provide witness statements of fact to support data or records retrieved, as referenced in the
document Security Management Service - Service Description, SVM/SDM/SD/0017.
Requirements for witness statements explaining the retention and extraction of audit data from Horizon
and Horizon Online in response to an ARQ shall be, where possible, completed by the individual from
POA who filled the ARQ request.
5.2 Court Attendance in support of a Witness Statement of
Fact
The author of a witness statement of fact may be required to attend Court to give evidence relating to
the detail contained in the witness statement provided.
Agreed quotas for Court attendance are as referenced in the document Security Management Service -
Service Description, SVM/SDM/SD/0017
5.3 Provision of Exhibits
If a case goes to Court all evidence provided by POA in support of the prosecution will be required as.
Exhibits.
5.4 Litigation Support Resolution Time Scales
Litigation Support is not subject to resolution timeframes but POA shall use reasonable endeavours to
meet dates notified by POL for the production of this material.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 8 of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
5.5 Contact from External Parties
In the event that direct contact is made with the Litigation Service from an external party, including, but
not limited to, the Police, Solicitors or Defence Teams, for information concerning the Post Office
litigation activity, they shall be referred to the Post Office Limited Fraud Team at Salford.
If it is necessary for Fujitsu employees'to converse with such parties in relation to any litigation activity
being undertaken by the Post Office, the Post Office Fraud Team will advise the Litigation Service in
advance of contact being made.
6 Detail Retention/Litigation Support Database
The detail of all requests will be recorded in the Litigation Support database. This database will be used
as a register and all relevant information and dates will be recorded therein.
POL will also keep a log of requests made to POA.
The duplication of records will ensure that POL and POA meet contractual requirements on the number
of requests issued and returned.
6.1 Process for ARQ Cancellations
Once an ARQ has been received by POA and the unique identifier allocated the reference number will
not be reused, even if the request is later withdrawn.
7 Additional Litigation Support
Where additional information to that described in the standard litigation support service is requested
POA shall view each request on a case by case basis, and in accordance with the Change Control
Procedure.
7.1 ARQ Requests
ARQ requests beyond that specified under contract shall be agreed on a case by case basis and shall be
dealt with in accordance with Change Control Procedures.
7.2 Expert Witness Statement
Expert, in depth, analysis and detailed “expert” witness statements (as opposed to witness statements of
fact) are rarely required.
However, in the event of such a request POA will endeavour to provide “expert” witnesses who are able
to give more detailed and specific evidence to support POL’s litigation activity. This “expert” activity
shall be provided on a case by case basis and shall be dealt with in accordance with the Change Control
Procedure.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 9of 10
FUJ00152235
FUJ00152235
oO MANAGEMENT OF THE LITIGATION SUPPORT SERVICE
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN CONFIDENCE)
Again, POA shall use reasonable endeavours.to meet dates notified by POL for the production of this
material and support.
7.3 Court Attendance in support of an Expert Witness
Statement
Attendance at Court inisupport of an “expert” witness statement shall also be considered on production
of an appropriate Change Request. The POA's charges for assistance in this respect shall be calculated
on the basis of the rates set out in Schedule A12.
8 Nominated Contacts
8.1 POL
All ARQ requests for the purpose of investigation and/or litigation are to be authorised by and channelled
through the POL Security Team.
POA will only accept requests from the POL Casework Manager or his nominated deputy.
The POL Casework Manager will advise the POA’s Security Analyst, or their nominated representative,
of named deputies, authorised to submit ARQ requests.
POA will post all returns to:-
POL Casework Manager
Post Office Limited
Security Team, Royal Mail Group.
3° Floor, Clippers House
Clippers Quay
Salford M50 3NW
8.2 POA
POL will submit all ARQ requests which support investigation or litigation to:
Litigation Support Section,
CS Security, POA
Fujitsu
Lovelace Road
Bracknell
Berkshire RG12 8SN
The completed ARQ form will be sent via email to the nominated team.
© Copyright Fujitsu Service Limited 2012 FUJITSU RESTRICTED (COMMERCIAL IN 7
CONFIDENCE) Ref: SVM/SEC/PRO/0017
Version: 2.0
UNCONTROLLED IF PRINTED OR LOCALLY Date: 23-Apr-2012
STORED PageNo: 10 of 10