POL00024817
POL00024817
Message
From: Loraine, Paul [/O=EXCHANGE-ORG/OU=EXCHANGE ADMINISTRATIVE GROUP
(FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=055399B5033149C9A2206B4E5E402FCO-LORAINE, PA]
Sent: 05/04/2017 09:11:48
To: Rodric Williams (redric.williams! } [rodric.william:
cc: Mark UnderwoodeImark.underwoo }Imark.underwood Parsons, Andrew
[/o=Exchange-Org/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=ad9ed344815e47 e4aaa3c0e7e1740919-Andrew Pars]; Gribben, Jonathan
[/o=Exchange-Org/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=ea64a893cedd463ea82d76a4b08032dd-Gribben, Jo]; Prime, Amy
[/o=Exchange-Org/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=ab7222dda3a9453eaed5751238a59562-Amy Prime]
Subject: Fujitsu - list of priorities [BD-4A.FID26896945]
Attachments: RE: CCRC - draft email to FJ [BD-4A.FID26896945]
Rod,
I have been speaking to Andy and Jonny about the various strands of work POL need Fujitsu to feed into.
Since my email of 20 January (attached), I understand there has been a relatively high level meeting between POL and
FJ and following that meeting FJ have been focused primarily on producing a technical paper on the remote access
question.
Given that FJ have a lot on their plate, we thought it would be sensible to draw up a priority list for them. We have pulled
together a draft email to go from you to Chris Jay at FJ (see below) setting out this list and proposing a call with you to
agree a plan of action.
Are you happy with this approach? If so, please can you let us know your thoughts on the priority list sketched out in the
draft email below?
Thanks,
Paul
DRAFT
Dear Chris
I hope you are well.
I am conscious there are various strands of work on which we are asking you for input at the moment. I wonder whether it
may be helpful to both FJ and POL to agree a priority list.
I have set out my thoughts below but I suggest we have a call to discuss the practicalities and timeframes.
To my mind, the list below seems a sensible order of priority but to the extent any of these points can be dealt with quickly
without prejudicing deadlines for the group action (1 am thinking particularly of numbers 4 and 5 below), perhaps they
could be moved up the list accordingly. Depending on who the relevant person is to deal with these points, it may also be
possible to have the different strands running in parallel (I know Pete Newsome has been helpful on the KEL-related
points previously).
1. Group Action. The remote access paper (follow up questions sent to FJ by Bond Dickinson on 28 March);
2. Group Action. Investigating whether there are any gaps in the controls around non-counter initiated transactions
that could call into question the integrity of the data generated in relation to these transactions and if there are
gaps, whether they could cause discrepancies in a branch's accounts; and
POL-0021296
POL00024817
POL00024817
3. Group Action. Working out why the analytics performed by Deloitte show that a small number sessions were out
of balance.
4. CCRC investigation. The CCRC have asked various questions about the Known Error Log and Transaction Logs
(detailed below in red).
5. Freedom of Information Act requests. It would be helpful for POL's FOI team to understand how often (if at all)
the contents of the Known Error Log are shared with POL and who, in particular, it is shared with.
Please can you let me know when you would be free for a call to discuss this.
Kind regards
Rodric
QUESTIONS ASKED BY THE CCRC ON KEL / TRANSACTION LOGS
Known Error Log
The foliowing are questions from Amanda Pearce at the CCRC about the KEL. Pete Newsome at FJ has fieided previous
questions about the KEL.
*® How far back does the available KEL go?
« How easy is it to search? For example, is it searchable by branch, by area or by date parameters?
¢ sit searchable by issue? We have already explained to the CCRC that most of the entries are not
connected to branch accounting. Is it possible to say how many entries are related to branch
accounting?
e What is the retention policy that's applied to the KEL?
Transaction Logs
By way of some context, further to a call between Shirley Hailstones and Rodric Williams from POL and Amanda Pearce
of the CCRC on 9 January, Shirley asked FU the following questions:
(a) Sometimes ‘Session Id’ and ‘Txnid’ columns don't appear to be sequential: what is the reason for this?
(b) In this exampie of a session ID: 44-167427-1-1318040-2 - what does the 44 at the start & the 2 at the end refer
to? I'm assuming the 44 is maybe something to do with UK phone line? But I don’t know what the 2 is for?
Farzin Farbali from FJ responded on 11 and 12 January:-
e« The explanation provided for Session ids not being sequential (in Farzin’s 11 January email) is that “session ids
are also allocated to logon and logoff events but these events do not appear on the file which lists the transaction
details”.
e® The explanation provided for Transaction ids not being sequential (in Farzin’s 12 January email) is that “there is
no requirement for these to be in sequence so they can go: 4,2,3,7 etc. The missing sequence numbers are a
result of transactions being added to a session and then removed so only the Transaction Ids used in the
completed session are shown’.
We have two follow up questions:-
« are the JSN numbers which are central to Horizon’s Core Audit process contained in the Session Ids or the
Transaction Ids?
e are the JSN numbers visible in data available to the branch?
Paul Loraine
Associate
Bond Dickinson LLP
POL-0021296
POL00024817
POL00024817
OVERALL BEST
LEGAL ADVISER
POL-0021296