Wma
FAxED
EMMeED
POSTED
Gxtoo
Telephone\ OS
Facsimile! SOINN TtHor
hutp:/howw.ielcom Hoh
Keith Baines 19" September 2001
Head of Horizon Commercial
Post Office Counters Limited
2™ Floor
Calthorpe House
15-20 Phoenix Place
London WC1X 0DG Our Ref: CLS/jla/293
Dear Keith,
RE: LOSS DATA & AUDIT REQUESTS
Thank you for your letter dated 29" August in response to my letter dated 7" August
and earlier correspondence. Your letter has raised a number of concerns that I shall
address in the order that you have raised them.
I would like to confirm that ‘read after write’ checks were introduced with the S10
upgrade over the weekend of 8"V9" September.
The practice you describe as ‘parent’ and ‘grandparent’ copies is designed to ensure
that there is always more than one copy of an archive from which recovery can be
made in the event of a disaster. However, your comment suggests that you believe
there to be only one copy of the audit archive. This is not the case as two copies are
maintained, one at each Data Centre. This regime was explained in some detail to
Gary Potts and Charles Leighton at our Audit and Security Panel meeting on the 18"
June.
We are not in a position to know that we cannot recover data from either of the two
archives until such time that we attempt the action. This was also explained to Gary
and Charles at the 18" June meeting. Once a data file has been written to a tape it is
only accessed for one of two reasons; 1) to position the tape for the next file to be
appended; 2) to retrieve the file on request. Any delay in notifying POCL on this
occasion was the result of our attempts to recover the situation without raising undue
concem in POCL. The unprecedented set of circumstances, including a protracted
search by TNT for the lost tape, introduced a greater delay. The CS Problem
Management Database is the agreed way in which ICL Pathway notifies and
progresses problems with POCL.
As you know an agreement was reached in May 2000 between POCL and Pathway
that established a limit of 50 RFs in a rolling 12-month period. This cycle started in
September 2000. By June 2001 we had received 45 RFs, in July 2001 we received 11
FUJ00176290
FUJ00176290
(CL
a Fujitsu company
FS
continuation page 2
RFis and in August a further 7, bringing the total to 63. We have continued to work
on existing RFIs through August and will schedule new RFIs into September and
beyond. We would be willing to re-schedule should you wish to prioritise RFIs to
meet requirements that POCL may have. This does not represent a refusal to support
POCL, more the implementation of an agreed method of working.
Unfortunately there are no ‘alternative methods’ that can be easily implemented in the
short term. The current technical solution is based on retrieval scenarios and volumes,
presented to Pathway by POCL during 1997, and is limited by the technology used to
meet those requirements. The current explosion in previously unspecified retrieval
types, for example Security Investigation, AP Clients and PON AP Service
Management, all have to be met through a solution designed to service 10s of requests
per year. This history is well known to POCL and was the subject of lengthy debate
and exchanges between POCL and ICL Pathway and our respective lawyers during
1999 and 2000.
There are three potential sources for retrieving data :
1. The Data Warehouse. POCL BSM uses this extensively, in conjunction
with Pathway BSM, primarily to deal with reconciliation issues. It
contains transformed and aggregated transaction data but does not contain
the ClerkID, a key field for security and audit purposes.
2. The SSC Support Database. This was established to accommodate the 3
line support needs for the live system. Previously requests for data were
being dealt with through the audit solution but were eventually rejected as
they were interfering with the RFI process for POCL Audit. This database
holds a rolling ~3months of data.
3. The Audit Archive. This was established to provide an archive of all
Horizon transactions and events in accordance with the contract for the
agreed period of time. It is fully secure, duplicated across two locations
and contains special integrity features to provide assurances that data
written to DLT, and subsequently retrieved, have not been amended during
storage. It is considered the only source capable of being presented in
Court and the only one that Pathway would be prepared to use in those
circumstances.
The underlying issue is the suitability of the source for the purposes that you wish to
use the data for. Our experience of RFIs suggests that most require data >3 months
old and invariably the ClerkID is a key field. This tends to restrict the source to the
audit archive.
We believe that POCL are agreeable to funding a study into their overall data retrieval
requirements which would allow ICL Pathway to consider all aspects of this difficult
FUJ00176290
FUJ00176290
(CL
Fujitsu company
continuation page 3
area, including data sources, timescales, volumes, audiences, use and turnaround
times. The fact that ICL Pathway continues to provide witness statements on demand,
pending receipt of an associated CR, attests to the commitment to POCL’s statutory
obligations,
In relation to Network Banking, ICL Pathway has prepared a requirement document,
which takes into account the volumes and expectations expressed in the POCL
requirements catalogue, and which is now expressed in the SRS and SDS.
I believe this letter addresses the concerns raised and confirms that ICL Pathway is
dealing with audit data and data retrieval requests in a professional and competent
manner.
Yours sincerely
Colin Lenton-Smith
Director, Commercial and Finance
FUJ00176290
FUJ00176290
(CL
a Fujitsu company