2 Deo
FUJ00176297
FUJ00176297
FUJITSU SERVICES FUJITSU
15 August 2002
Keith Baines
Head of IS Services Our Ref.: CLS/dp/384
Change and IS
IS Services
Calthorpe House
15-20 Phoenix Place
London WC1X 0DG
Dear Keith
Lost Data and Audit Requests
I refer to your letter of 17 July 2002 relating to the lost data incident.
You have asked for a full and detailed response to the issues raised in your letter of 6 February 2002.
As you will recall, my letter of the 15 February 2002 described the circumstances leading to the
incident and the action taken by Pathway as a result. However, I am willing to reiterate the position.
The information relating to the period specified in RFI 8 was held on four DLT tapes. Retrieval of data
from one of these tapes at Wigan failed because Legato was unable to read the tape. At that time it was
unclear whether the tape or a combination of that tape and the ‘Legato reader was responsible for the
data loss. The tape was therefore dispatched from the data centre to Pathway’s offices at Feltham in
order to analyse the problem more closely using reference equipment and to retrieve the data there. It
was not possible to take a copy of the tape at the data centre, prior to dispatch, because at that stage it
could not be read. The tape was sent to Feltham using TNT, Pathway’s normal courier, and track and
trace facilities were employed. However, as the tape was not received at Feltham, this was queried
with TNT,.and we were advised that the package could not be located. Entries in the Problem
Management Database (PMD) during the period record the exhaustive, but ultimately fruitless, efforts
made to locate the missing tape (including offers to assist TNT’s depot searches). As you know, the
tape has never been located.
As soon as the delivery problem with the Wigan tape was recognised, Pathway attempted to source the
outstanding data from the corresponding Bootle tape that covered the same period. This tape also
proved impossible to read on local Legato readers.
However, subsequent analysis of the Bootle tape by Pathway enabled us to recover a substantial
portion of the lost data, reducing the break in the audit trail from 6 days to 1 day (19.27 Sunday 6
August 2000 to 16.09 Monday 7 August 2000).
In a further attempt to recover the remaining data, the tape was referred to Vogon (which is a
recognised industry expert in the field of data retrieval services). Investigations by Vogon identified
that the tape media contained a physical flaw, which prevented some of the data being read. Vogon
could not confirm the specific cause of this flaw but did not rule out manufacturing defect. Vogon
concluded that it would be possible to recover up to 85% of the data from the tape. However, through
its continued efforts Pathway did achieve this level of data retrieval. As a result of the various
Fuiltsu Services Limited, Registered in England no. 96056. Redistere office’ 26 Finsbury Sauare. London EC2A 1S
a
investigations Pathway was able to conclude that the root-cause of the data loss in the Bootle tape was
failure of the third party media.
The failure of the second DLT was exceptional and Pathway’s response to recover the data was
equally exceptional. Appropriate action was taken by Pathway at all times during and after the
incident to minimise the impact of the data loss and all possible options for recovery of the data were
explored. However, as you can see, the loss of the Wigan tape and the media flaw in the Bootle tape
were events over which Pathway had no control. I therefore strongly deny your assertion that Pathway
demonstrated poor implementation of the audit trail and failed to exercise appropriate management
control,
The complete loss of the Wigan tape means that it is impossible for us to determine the root cause of
its failure or to confirm there was a link to the failure of the Bootle tape. The fact that both tapes
originated from different batches and were written on different drives in two separate locations
indicates no conceivable association between these two failures. Consequently, there appears to be no
common cause that would make the holding of duplicate copies ineffective as a resilience measure, as
you suggest.
What is also clear, contrary to your conclusion, is that data corruption is not a common occurrence.
Well over 100 requests for information have so far been serviced efficiently, completely and to Post
Office Limited’s satisfaction. These have involved data accesses, hundreds of tape changes and
thousand of hours of use. The loss of data in this particularly unusual situation has been the only
occasion where Post Office Ltd has felt it necessary to raise issues about the servicing of a Request
For Information.
As a result of our analysis of this incident, two additional security measures were implemented.
Firstly, “read after write” checks were introduced at both Bootle Sd Wigan sites to ensure that in the
unlikely event of a media flaw, this will be identified at the time the data is written to tape. The new
process therefore protects against accidental use of flawed media. Secondly, tape cloning was
introduced, ensuring that there are two copies of all audit data at each datacentre, to further mitigate
against future data loss.
You comment at length in your letter of 6 February on the potential impact of the incident upon the
Network Banking negotiations and Post Office Limited’s concerns about the platforms. As the
Network Banking negotiations have been successfully concluded, I assume you require no further
comment on this aspect.
Finally, [ restate that we do not consider that Fujitsu Services (Pathway) Limited is in breach of the
various contractual obligations and clauses set out in your letters referred to above.
Yours sincerely
GRO
Colin Lenton-Smith
Commercial and Finance Director, Pathway
Fujitsu Services Limited, Registered in England no. 96056. Registered office: 26 Finsbury Square, London EC2A 1St,
FUJ00176297
FUJ00176297
°