POL00023442
POL00023442
Message
From: Gribben, Jonathan Uonathan.Gribbent
Sent: 28/03/2017 10:32:06
To: Rodric Williams [rodric.william: i
ce: Parsons, Andrew [Andrew.Parsons_ GRO } Mark Underwood{mark.underwood1..
Subject: FW: Post Office/Horizon- SUBJECT TO PRIVILEGE - DO NOT FORWARD [BD-4A.FID26940628]
Attachments: _DOC_35450532(1)_Database SecurityvO 2 Fujitsu Final Draft (Post Office ....docx; _DOC_35464601(1)_NDA - Post
Rod,
Office Limited & Fujitsu Services_ 28 March ....docx
Updated to cover the NDA.
Many thanks
Jonny
Dear Chris,
Please find attached a final version of the NDA for signature.
Thank you for providing the Report last week. We have reviewed it carefully and added a number of questions/requests
for clarification as comments — please see attached. I'd be grateful if Fujitsu were able to address each of these
comments and produce an updated version of the Report. It would be very helpful for us to have that this week — please
do let me know if you do not think this will be possible.
As noted in my email of 17 March, Deloitte are engaged with us on a related piece of work - examining the key controls
that protect the integrity of non-counter transaction data. They have been asked to provide answers to the following
questions:
1
2.
Are there any gaps in the controls around non-counter initiated transactions that could call into question the
integrity of the data generated in relation to these transactions?
if there are gaps:
a. Could they be the cause of discrepancies in branch accounts (or could they mean that errors in Horizon
would not be revealed and those errors could then be the cause of discrepancies in branch accounts); and
b. What is the risk of those gaps (or resulting discrepancies) materialising?
In order to be able to provide answers to these questions, Deloitte have proposed performing the following procedures:
1.
a workshop to verify Deloitte's understanding of data flows and validate the existence and completeness of
controls over the current reconciliation process, including how Transaction Acknowledgments are utilised;
2.
3.
reviewing and testing the key reconciliation controls between key data sources within the data flow as
highlighted within the table below; and
an analytics pilot to assess feasibility and then perform reconciliation between raw data files received by PODG
and the interpretation of these non-counter transactions into the BRDB transaction files.
Naturally, these will require some input from Fujitsu. I'd be grateful if you would let me know who Deloitte should
contact to progress the matter.
Kind regards,
POL-0019921
POL00023442
POL00023442
Rodric
Summarise Control Wording
1 External transactions sent via PODG such that the External Transaction files that are currently sent from
Ingenico (PAYSTATION) and Wincor Nixdorf (POST&GO) are routed to the Branch Database as well as
sending the data to the Credence system. There is a reconciliation between Credence & BRDB.
2 For each Transaction Acknowledgement generated, a new transaction pair is created for POLSAP. The
transaction delivered to POLSAP will have a Reference number that matches the reference number used in
the Transaction Acknowledgement record generation. This allows POLSAP to match with the Transaction
Acknowledgement once the TA has been accepted by the Postmaster.
30 AP Client File Reconciliation
APSS2222.ksh will reconcile the data in the files that it delivered to a Client with the data in the files that
Credence delivered to a Client.
31 TPS to AP Reconciliation
TPSC227 writes APS transaction data to a formatted file that will later be used by the APS host program
APSC2051 to reconcile data from TPS with that from APS.
From: Defence Legal (Chris Jay) [:
Sent: 22 March 2017 16:40
To: Rodric Williams; Mark Underwoot
Cc: Newsome Pete
Subject: Post Office/Horizon- SUBJECT TO PRIVILEGE - DO NOT FORWARD
Dear Rodric,
Please find attached the Fujitsu Report on “Database Security in Horizon Online”, as requested.
Could you kindly acknowledge receipt.
Many thanks.
Best regards,
Chris
Christopher Jay, Senior Counsel
FUJITSU
Jays Close, Viables Business Park, Basingstoke, Hampshire, RG22 4BY
E-mail: Legal. Defence!
Web: http://uk.fujitsu.com
Fujitsu is proud to partner with Action for Children.
Reshaping ICT, Reshaping Business in partnership with FT.com
bai Please consi
ent ~ de you real
POL-0019921
POL00023442
POL00023442
Unless otherwise stated, this email has been sent from Fujitsu Services Limited (registered in England No
96056); Fujitsu EMEA PLC (registered in England No 2216100) both with registered offices at: 22 Baker
Street, London W1U 3BW; PFU (EMEA) Limited, (registered in England No 1578652) and Fujitsu
Laboratories of Europe Limited (registered in England No. 4153469) both with registered offices at: Hayes Park
Central, Hayes End Road, Hayes, Middlesex, UB4 8FE.
This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may
be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-
free.
224 221K 2K Rf R28 2 A 212 28 2 2 F292 28 ff 43128 29 2 AK 08 ff BR
This email and any attachments are confidential and intended for the addressee only. If you are not the named
recipient, you must not use, disclose, reproduce, copy or distribute the contents of this communication. If you
have received this in error, please contact the sender by reply email and then delete this email from your system.
Any views or opinions expressed within this email are solely those of the sender, unless otherwise specifically
stated.
POST OFFICE LIMITED is registered in England and Wales no 2154540. Registered Office: Finsbury Dials,
20 Finsbury Street, London EC2Y 9AQ.
2A I 2 RR Rf FINK 2 fA 0 2 A 0 0 0 0 of BE 0 0 CG
Jonathan Gribben
Managing Associate
skinson LLP
@»
<>
LL BEST
LEGAL ADVISER
POL-0019921