FUJ00176537
FUJ00176537
From: Gauntlett, Paul[/o=ExchangeLabs/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=20fad69c 1 be54161 9bbf58bbefdae198-Gauntlett,]
Sent: Fri 03/12/2021 10:00:12 AM (UTC)
To: Browell, Steve ; Boardman, Phi
Barnes, Gerald[,_
Subject: RE: PCI meeting where audit archive gaps was raised
Hi Steve
* This week we have been running daily sessions with POL to discuss requirements the “Tactical” PCI Audit
solution — the migration of Belfast Audit to AWS Card Data Environment
* The issue was first raised on Monday in the 13:00 session with John Nelis POL PM and Alex Wood POL Tech
Lead
© The context was discussing the scope of the data migration due to audit data over 10 years old being
inconsistent across the two Belfast Servers.
© This requirement had been identified as an output of a requirement capture session between myself
and Gerald last week
* On the Tuesday session @ 14:00 Dean Bessel joined the call. I had no prior warning he would be on the call
© Also present were myself, Gerald and John Nelis and Andy Frodsham an amazon Cloud Architect.
0 John asked Andy to drop off the call temporarily which he did.
© Dean then explained he was head of horizon risk controls and wanted to get more background detail on
the issue
© Interestingly at that juncture I said it would be sensible to record the call, and started the recording,
however Dean said his preference was not to record at this juncture and so I obliged by stopping the
recording
© Ihave 15 seconds of recording confirming this request. BA Tactical PCI Audit Requirements - Session 3-
20211130 140210-Meeting Recording.mp4
oO At the time we had documented a couple of sentences in this document ARC PC! Migration -
Requirements Capture - WIP - Cloud Office - Confluence (atlassian.net) which lacked depth.
© The subsequent conversation covered the issue in a lot more substance with Gerald providing historical
background
© Asaresult at the end of the discussion it was agreed Fujitsu needed to document the
history/background in more detail.
© We were told this could be done in the requirement doc or in an email
© John mentioned producing a “problem statement” but it wasn’t a firm request.
© John it was his intention to take the statement, once received, to POL legal so a decision could be made
on the scope of data that was required to be migrated
© No minutes were taken. Other subjects were discussed after Dean left the call. To be clear the purpose
of the meeting was to discuss ALL requirements.
© The historical data issue was discussed first and Dean dropped off once he had enough verbal detail
« After that Gerald and I got together to produce the statement I sent you.
© This was sent to you and Phil Boardman on Wednesday, December 1, 2021 11:51 AM
Regards Paul
From: Browell, Steven
Sent: Friday, December 3, 2021
To: Gauntlett, Paul i>; Barnes, Gerald
Subject: PCI meeting where audit archive gaps was raised
Do any of you know more info on the PCI meeting where the audit archive gaps came up?
I’m hoping to better understand
. When was the meeting?
. Who attended the meeting?
. What was said on this subject in the meeting?
. Who described this subject from Fujitsu at the meeting?
. Are there any documented minutes from the meeting?
. Have there been any subsequent emails or call since the meeting on this subject?
. What actions were assigned at the meeting in relation to this subject?
Steve Browell
Post Office Account
Management Consultant & CISO
Fujitsu Enterprise & Cyber Security
Fujitsu Services, Trafalgar House, Temple Court, Risley, Warrington, Cheshire, WA3 6GD, United Kingdom
Planned leave: 18 December 2021 — 04 January 2022
FUJ00176537
FUJ00176537