FUJ00238073
FUJ00238073
Po)
FUJITSU
shaping tomorrow with you
Horizon Integrity
14/08/2014
James Davidson
FUJ00238073
FUJ00238073
Exec Summary FUJITSU
There have been a series of allegations by sub-postmasters regarding Horizon data integrity
on both the old Horizon system and post HNGX roll out in 2010
A lobby group called the Justice for Sub-Postmasters alliance was formed in 2009
(http://www. jfsa.org.uk/Origin.aspx) to lobby the Post Office and MP’s for a formal
investigation into Horizon
Over the period Post Office have successfully prosecuted a number of sub-postmasters
following their own detailed investigations and, in some cases, with support from Fujitsu
expert witnesses
In 2012 the lobbying by the JFSA resulted in local MP’s, lead by James Arbuthnot,
approaching the Post Office board to demand an investigation
In early 2013 Post Office agreed to appoint Second-Sight forensic auditors to undertake an
independent review of cases where the JFSA alleged that Horizon was at fault
The report was published in July 2013 and stated that the system performed ‘as designed’,
Joe Swinson stated in parliament that Horizon was ‘as good as it gets’
The external reporting, however, focussed on 2 bugs that were identified in normal operations
as evidence that the system was faulty (http://www.computerworlduk.com/news/it-
business/3456672/investigation-reveals-software-defects-in-post-office-horizon-system/)
POI subsequently agreed to set up a ‘mediation’ process chaired by Sir Anthony Hooper to
continue case investigations which are still ongoing
FUJ00238073
FUJ00238073
Exec Summary FUJITSU
In late 2013, Cartwright King, POL external counsel, advised POL that they could no longer
prosecute Sub-postmasters until a further independent review of Horizon was undertaken.
Imperial College London have been appointed to undertake this review
@ This review is to designed to provide the assurance needed to underpin future prosecutions
@ In parallel and in early 2014, Fujitsu were approached by POL to work with Deloitte’s to
support an audit of the key design features of Horizon
This was requested by the POL board who came under further legal and political pressure to
ensure that they had their ‘house in order’
This took place in a background where periodic audits took place covering IAS 3402, ISO
27001 controls
No issues were raised with Fujitsu as a result of this review and POL stated they were
delighted with the support given and no further action was required
The challenge for the next period is to agree a terms of reference for Imperial College London,
suitable governance and commercial cover and to closely manage the engagement
FUJ00238073
FUJ00238073
Horizon Integrity - POL Engagement FUJITSU
= Deloitte Integrity Review
Focussed support given to Deloitte auditors during April / May 2014 following a request from Lesley Sewell and Chris
Ojeud
Report went to POL board week commencing 26/05, update from POL legal team stated no issues of concern had
been raised
A further detailed / evidence gathering audit may take place in the future but no decision from POL to date
ACR will be raised if this goes ahead
@ Mediation Process
Excellent progress on data retrieval requests to support Post Office in providing case responses to Second Sight
30 cases current have had no audit retrieval requests raised by POL so project timeline is unclear at present
Teams collaborating well, positive feedback from Post Office sponsor, Andy Holt
= Imperial College London — Independent External Investigation
Andy Holt confirmed 22/05 that POL have engaged experts from Imperial College London to undertake a review of
Horizon Integrity in support of future litigation
Current view from POL’s external counsel (Cartwright King) is that confirmation of integrity from an external expert is
necessary to underpin future prosecutions
Scoping phase prolonged due to POL internal discussions, draft TOR shared by POL problematic and needs
significant work
Commercial cover of £50k provided by POL
4 COMMERCIAL IN CONFIDENCE
FUJ00238073
FUJ00238073
Ro)
FUJITSU
shaping tomorrow with you
Horizon On Line Fujitsu proposed
Scope For External Expert
FUJ00238073
FUJ00238073
Exec Summary FUJITSU
The Horizon Application has been designed to ensure that accurate and auditable
records are kept of all sub-postmaster transactions
When a transaction is conducted at a counter, an auditable mechanism has been
built in to ensure these transactions are taken from the counter, stored in the
Horizon main branch database and then copied to an audit database
This mechanism can be considered a ‘closed loop’ where information is securely
exchanged from the counter to the Horizon branch database and then on to the
audit database
Whilst copies of transaction data are provided to numerous external systems from
the main Horizon database, once an audit record is created, it becomes security
sealed and time stamped. Audit records cannot then be accessed or altered
without detection and the creation of further auditable events
The Core Audit Process is designed to provide a definitive log of all transactions.
As such it is the “base” upon which any assessment as to “what was entered at the
counter” should be derived from to the exclusion of all other systems that may take
a feed of data from the Branch Database
= A number of ‘assertions’ can be independently examined to test the robustness of
the Core Audit Process
Horizon Online Core Audit Process
Other
Systems
Data I Copy
FUJ00238073
FUJ00238073
BAL
Branch
Access Layer
Message
Oracle
Write
Branch
Database
Audit System
t
Extract
Audit Write
Audit Store
Audit Retrieval
—— > Closed Loop