FUJ00155206 - Draft Witness Statement for Fujitsu’s IT Security Analyst with tracked changes comments
Witness Statement : ll I lll
Statement of
Age if under 18 Over 18 . (If over 18 insert ‘over 18')
Couple
This statement (consisting of pages each signed by me) is true to the best of my knowledge and belief
and I make .it knowing that, if it is tendered in evidence, I'shall be liable to prosecution if I have wilfully
stated in it anything which I know to be false or do not believe true.
Dated the day of i 2008
Signature
I have been. employed by Fujitsu Services, Post Office Account, formally ICL Pathway Ltd
since DATE as an Information Technology (IT) Security Analyst responsible for audit data
extractions and IT Security. I have working knowledge of the computer system known as
Horizon, which is ‘a computerised accounting system used by Post Office Ltd. I am authorised
by Fujitsu Services to undertake extractions of audit archived data and to obtain information
regarding system transactions recorded on the Horizon system.
Horizon's documented procedures stipulate how the Horizon System operates, and while I am
not involved with any of the technical aspects of the Horizon System, these documented
processes allow me to provide a general overview.
At each Post Office there are counter positions that have a computer terminal,.a visual display
unit and a keyboard and printer. This individual system records all fransactions input by the
counter clerk working at that counter position. Clerks log on to the system by using their own
unique password. The transactions performed by each clerk, and the associated cash and
all entered on the computer and are
4ccounted for within the user's allocated stock unit.
The Horizon system provides a-number of daily and weekly records of
Signature Signature witnessed by
CSO11A (Side A) Version 7.0 0308,
FUJ00155206
FUJ00155206
tom plucte
_-{ Formatted: Marching Red
~~~ [ants, Highlight
2 Formatted: Marching Red
<~ Lants, Highlight
Witness Statement
(CJ Act 1967, 89; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of S
into it. It enables Post Office users to obtain computer summaries for individual clients of Post
Office Limited e.g. Alliance & Leicester. The Horizon system also enables the clerk to produce
a periodic balance of cash and stock on hand combined with the other transactions performed
in that accounting period, known as a trading period.
Where-local reports are required these are accessed from a button on the desktop menu. The
user is presented with a parameter driven menu, which enables the report to be customised to
requirements. The reportis then populated from transaction data that is held in the local
database and is printed out on the printer. The system also allows for information to be
transferred to the main accounting department at Chesterfield
The Post Office counter processing functions are provided through a series of counter
applications: the Order Book Control Service (OBCS) that ascertained the validity of DWP
order books before payment was made, this application ceased in June 2005; the Electronic
Point of Sale Service (EPOSS) that enables Postmasters to conduct general retail trade at the
counter and sell products on behalf of their clients; the Automated Payments Service (APS)
which provides support for utility companies and others who provide incremental in and out
payment mechanisms based on the use of cards and other tokens and the Logistics Feeder
Service (LFS) which supports the management of cash and value stock movements to and
from the outlet, principally to minimise cash held overnight in outlets. The counter desktop
service and the office platform service on which it runs provides various common functions for
transaction recording and settlement as well as user access control and session management.
information from counter transactions is written into a local database and then replicated
automatically to databases on all other counters within a Post Office outlet. The inform
then forwarded over ADSL (Asymmetric Digital Subscriber Line)or other communication
service, to databases on a set of central Correspondence Servers at the Fujitsu Services data
centres. This is undertaken by a messaging transport system within the Transaction
Management Service (TMS). Various systems then transfer information to Central Servers that
control the flow of information to various support services. Details of outlet transactions are
normally sent at least daily via the system. Details are then forwarded daily via a file transfer
‘Signature Signature witnessed by
cotta Version 6.0 08106
FUJ00155206
FUJ00155206
_-{ Formatted: Marching Red
=7 7 (Ants, Highlight
FUJ00155206
FUJ00155206
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, 7 70)
Continuation of statement of
service to the Post Office accounting department at Chesterfield and also, where appropriate,
to other’ Post Office Clients. Cm 1 Lokxo/.
- outlet and counter, when it happened, who caused it to happen and the outcome. The TMS
journal is maintained at each of the Fujitsu Services Data Centre sites and is created by
_{ Formatted: Marching Red
[Lants, Highlight
2 f Formatted: Marching Red
~~ [Ants, Highlight
archive media.
The system clock incorporated into the desktop application on the counter visual display units.
is configured to indicate local time. This has been the situation at (INSERT PO), Branch Code
(INSERT) since (INSTALLATION DATE) when the Horizon system was introduced at that
particular Post Office.
The Horizon system records time in GMT and takes no account of Civil Time Displacements,
thus during British Summer Time (BST) (generally the last Sunday in March to the last Sunday
in October), system record timings are shown in GMT — one hour earlier thari total time (BST).
There was, however, one exception which related to the category of transactions ‘Transfer In}
(where events recorded in the Transaction Logs, were shown in local time. This me
uring the designated summer months ‘Transfer in’ log entries were recorded in BST instead
tecorded in the logs. This anomaly was corrected during ‘the winter months prior to
anaaet
Since when ‘Transfer In’ log eniries have been recorded in GMT. consistent with all other
fransactions being recorded in the logs!
_-[Forriiatted: Font color: Red
When information relating to individual transactions is requested, the data is extracted from the
Signature . Signature witnessed by
csor1A, Version 6.0 09/06 .
FUJ00155206
FUJ00155206
Witness Statement ' .
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70).
eo Continuation of statement of
at )
oe archive media via the Audit Workstations {Avy S). Unformation i is presented in exactly the ee
[same way asthe data held in the archive eaihouyt i.can be fitered depending upon the type of 7
information requested {The integrity of a ofe audit-dete is quarantoedI atalltimes from ie-ofigination!
Storage and retrieval to subsequent despatch to the réquester. Controls have been
established that provide assurances to Post Office Internal Audit (POIA) that this integrity is
m 1d
During audit data extractions the following controls apply :
1. Extractions can only be made through the AWs which exist at Fujitsu Services,
Lovelace Lane, Bracknell, Berkshire and Fujitsu Services, Sackville House, Brooks
Close, Lewes, East Sussex. These sites are both subject to rigorous physical security
controls appropriate to each location. All AWs are located in a secure room subject to
proximity pass access within a secured Fujitsu Services site.
2. Logical access to the AW and its functionality is managed in accordance with the
Fujitsu Services, Post Office Account Security Policy and the principles of ISO 17799.
This includes dedicated Logins, password control and the use of Microsoft Windows NT
security features.
3. All extractions are logged on the AW and supported by documented Audit Record
Queries (ARQ's), authorised by nominated persons within Post Office Ltd. This log can
be scrutinised on the. AW.
4. Extractions are only made by authorised individuals.
5. Upon receipt of an ARQ from Post Office Ltd they are interpreted by CS Security. The
details are checked and the printed request filed.
6. The required files are identified and marked using the dedicated audit tools.
7. Checksum seals are calculated for audit data files when they are written to audit
archive media and re-calculated when the files are retrieved.
8. To assure the integrity of the audit data while on the audit archive media the checksum
seal for the file.is re-calculated by the Audit Track Sealer and compared to the original
value calculated when the file was originally written to the audit archive media. The
result is maintained in a Check Seal Table.
Signature Signature witnessed by
sorta Version 6.0 09/06
FUJ00155206
FUJ00155206
Witness Statement
(C4 Act 1967, 59; MC Act 1980, ss 5A(3)(a) and 58, MC Rules 1981, 70)
Continuation of statement of
9. The specific’ ARQ details are used to obtain the specific data.
10. The files are copied to the AW where they are checked and converted into the file type
required by Post Office Ltd.
11. The requested information is copied onto removal CD media, sealed to prevent
modification and virus checked using the latest software. It is then despatched tothe
Post Office Ltd Casework Manager using Royal Mail Special Delivery. This ensures
that a receipt is provided to Fujitsu Services. confirming delivery.
ARQ(NUMBER) was received on (DATE) and asked for information in connection with the Post
Office at (NAME), Branch code (NUMBER). I produce a copy of ARQ(NUMBER) as Exhibit
(INITIAL/NUMBER). I undertook extractions of data held on the Horizon system in accordance
with the requirements of ARQ(NUMBER) and followed the procedure outlined above, I
produce the resultant CD as Exhibit (INITIALINUMBER). This CD, Exhibit (INITIALINUMBER),
was sent to the Post Office Investigation section by Special Delivery on (DATE).
The report is formatted with the following headings:
ID — relates to counter position
User — Person Logged on to System
SU —Stock Unit
Date — Date of transaction
Time — Time of transaction :
Sessionld — A unique string relating to current customer session
Txnid — A unique string relating to current transaction
Mode — e.g. SC which translates to Serve Customer.
ProductNo — Product Item Sold
Qty — Quantity of items sold
SaleValue — Value of items sold
Entry method - Method of data capture for Transactions (0 = barcode, 1 = manually
keyed, 2 = magnetic card, 3 = smartcard, 4.= smart key)
State — Relates to OBCS
Signature Signature witnessed by
csotA, Version 6.0 08/06
FUJ00155206
FUJ00155206 _
Witness Statement ? 3
(CJ.Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of
IOP - Order Book Number — OBCS only
Result — Order Book Transaction Result - OBSC only
Foreign’ Indicator — Indicates whether OBCS payment was made at a local or foreign
outlet (0- Local, 1- Foreign). The foreign indicator defaults to a ‘0’ for all manually
entered transactions - OBCS only
The Event report is formatted with the following headings:
Groupid ~ FAD code
ID - relates to counter position
Date — Date of transaction
Time — Time of transaction
User — Person Logged on to System
SU — Stock Unit
EPOSSTransaction.T — Event Description
EPOSSTransaction.Ti— Event Result
(FROM ARQ562/0506) INCLUDE THE FOLLOWING PARAGRAPH. FOR DATA
PROVIDED WEF 24 JANUARY:2006 AND FROM ARQS562/0506 DELETE THIS PARA
BUT INCLUDE THE ADDITIONAL HEADINGS BELOW )
nuaryz2006 at wi fo fo thie’ original ext iSry.to include additlor
ords from. the I dit data._Ii icufar, this refined ‘now Includes detail
[hactivity, kogouts, Authority Cogouts and Failed Logins. it should-be noted that nd
ere jo to the onginal’Audit dai the selection of records’
16 Audit for preséntation to Pos! imited In the ARQ Spraadshe ARQs LI:
thority — User who fo ut the accou
curityEvent. User —"Ui ino failed to-log I
Sigriature Signature witnessed by
CSOi1A : Version 6.0 09/06
Witness Statement
(CJ Act 1967, s9; MC Act 1980, ss 5A(3)(a) and 5B, MC Rules 1981, r 70)
Continuation of statement of
There is no reason to believe that the information in this statements inaccurate because of
LOPE use of the computes Wo the best of my knowledge and belief at all material times
properly, or was out of operation was not such as to effect the information held-en it!
Any records to which I refer in my statement form part of the records relating to the business of
Fujitsu Services. These were compiled during the ordinary course of business from
information supplied by persons who have, or may reasonably be supposed to have, personal
knowledge of the matter dealt with in the information supplied, but are unlikely to have any
recollection of the information or cannot be traced. As part of my duties, I have access to
these records. Pa
Sighature Signature witnessed by
csor1a, Version 6.0 09/08
FUJ00155206
FUJ00155206