POL00113136
POL00113136
POST OFFICE LTD.
PROPOSED MEMORANDUM OF UNDERSTANDING
POL and FUJITSU
1. We are asked to provide a draft Memorandum of Understanding between POL and
any third party supplier of its IT system, (presently Fujitsu Services Ltd. (“the
supplier”)), along with an explanation of why it is essential to POL that the integrity of
the Horizon audit data is not compromised as part of any storage replacement
programme. We are instructed that the draft Memorandum of Understanding should:
a. Ensure that the supplier retains all Horizon data; and
b. Set out the duties and obligations Post Office Ltd has as a prosecutor;
c. Identify the nature and scope of the data that Post Office Ltd necessarily
relies upon for the prosecution of its cases;
d. Seek the supplier’s understanding and agreement to revealing any and all
material or information that might undermine the integrity of the system;
and to the requirement for the disclosure of such material or information
in the course of criminal proceedings, as may be required.
2. It seems to us that we are being asked to protect POU’s position in relation to their
criminal law prosecution and disclosure duties vis a vis Fujitsu and Horizon. For that
reason we have taken a necessarily prescriptive approach to the document. We Page
propose the Memorandum of Understanding be adopted by POL and Fujitsu. 1
3. It will be noted that we have avoided straying into the highly technical area of
methods and systems of compliance: such matters are for the I.T. experts. What we
are concerned with is the fact of retention, access and disclosure.
Simon Clarke 4 February
2014
1029
POL00113136
POL00113136
MEMORANDUM OF UNDERSTANDING
Between Post Office Ltd. and Fujitsu Services Ltd. for the Recording, Retention and
Migration of Audit data which may be subject to duties of disclosure
In adopting this Memorandum of Understanding, Fujitsu Services Ltd. (the Supplier)
indicates their understanding of both the need for Post Office Ltd. to have access to data
relevant to the conduct of criminal prosecutions of those who offend against Post Office
Ltd., and the legal duties placed upon Post Office Ltd. as a prosecutor in the criminal
courts.
These two requirements concern the identification, seizure, retention and storage of all
material or information which might assist with the prosecution of offenders, or which
might undermine or appear to undermine, the integrity of the Horizon system.
Post Office Ltd. have placed upon them as prosecutors a non-delegable legal duty to
disclose any material or information which meets the Test for Disclosure! to those
charged with criminal offences said to have been committed against Post Office Ltd. and
their employees, agents etc., in the course of criminal proceedings. Those duties are set
out in paragraph 3 of this Memorandum of Understanding.
Interpretation
1. This Memorandum of Understanding is intended to ensure that Post Office Ltd. meets
its duties of disclosure fully and in every case.
2. The following words or phrases have the meanings ascribed in this paragraph:
2.1. Supplier: Fujitsu Services Ltd. or any successor thereto,
2.2. Horizon: includes but is not limited to all of the:
i, Hardware and software of the Horizon Online system;
ii. Equipment, interfaces and third-party connections associated with or
connected to any part of the Horizon Online system as described in this
clause;
iii. Third-party systems connected to or being part of the overall Horizon
Online system or associated with or connected to any part of the Horizon
Online system;
! The Criminal Procedure and Investigations Act 1996, Part II; the Code of Practice issued under Part II of
the 1996 Act; the Memorandum of Understanding for the Control and Management of Unused Material in
the Crown Court; and the Attorney-General’s Guidelines on Disclosure all apply to material which “...might
reasonably be considered capable of undermining the case for the prosecution ...or of assisting the case for
the accused...”
Page
2
1030
POL00113136
POL00113136
iv. Systems which provides data to or receive data from, any part of the
Horizon Online system as described in this clause;
v. Communication and connectivity hardware and software associated with
or connected to any part of the Horizon Online system as described in
this clause;
vi. Security, detection and correction hardware and software associated
with or connected to any part of the Horizon Online system as described
in this clause;
2.3. Audit Data: All data entered into, generated, processed or stored by the Horizon
system and relating to the conduct of any activity carried out by any person in
connection with that or any other person’s duties, services or activities as an
employee, agent, contractor, franchisee or servant of Post Office Ltd. whether
authorised or not; and any data entered into, generated, processed or stored by
any third-party, any third-party system or any system mentioned in paragraph
2.2 above, where such data relates to the conduct of any business function of
Post Office Ltd. For the purposes of clarity, this definition is deemed to include
any data generated by the Supplier in accordance with their fault detection and
elimination processes.
2.4. Migration Strategy: A binding agreement between Post Office Ltd. and the
Supplier and which sets out the migration process to be applied.
2.5. Person: includes legal persons, e.g. Bodies Corporate, Partnerships etc.; the
singular or plural; male or female.
2.6. Prosecutor: Post Office Ltd. or any person or organization instructed or retained
by Post Office Ltd. to prosecute those charged with criminal offences on behalf of Post
Office Ltd. or any other prosecuting authority charged with the prosecution of offences
committed against Post Office Ltd., or their employees, agents, property etc.”
2.7. Suspect: a person who is not the subject of formal criminal proceedings but is
under investigation for the possible commission of criminal offences. Page
2.8. Defendant: a person who has been summonsed to appear in a criminal court in 3
answer to a criminal charge or charged with a criminal offence.
2.9. Offender: a person who has admitted guilt to a criminal offence in a criminal
court or who has been found guilty of such an offence by a criminal court.
? E.g. the Crown Prosecution Service; the Crown Office of the Procurator-Fiscal in Scotland; the Northern
Ireland Public Prosecutor erc.
1031
POL00113136
POL00113136
Duties and Obligations of Post Office Ltd as a prosecutor
3. Asa prosecutor, Post Office Ltd. is under the following legal duties, namely:
3.1. To gather and present to a court such evidence of criminal misconduct as is
sufficient to prove to the criminal standard? the guilt of any defendant;
3.2. To identify, record and retain any information which might assist a defendant in
preparing or presenting his case or which might undermine the prosecution case
against him.‘ The duty extends to:
3.2.1. information held by the prosecutor; or
3.2.2. to which the prosecutor may have access>; and
3.2.3. to information which came into existence before any crime was detected
but which nevertheless meets the test for disclosure;
3.2.4. to information which comes into existence after a defendant has been
convicted of an offence but which may undermine that conviction;
3.3. These duties extend to material which may come into existence or come to the
notice of the prosecutor after an individual has been convicted of an offence.
4, “Information” in this context includes, but is not limited to, Audit data.
5. The Supplier understands, and agrees with, the proposition that Post Office Ltd. will,
where their duties require, release such information to a third-party holding a
legitimate interest in such material.®
The Retention of and Access to Horizon data
6. The Supplier will retain all Audit data for a period of not less than 7 years (“the
retention period”), Page
7. All such data must be held securely (i.e. with assured confidentiality, integrity and 4
availability) for the retention period.
5 The tribunal hearing the case must be “satisfied so that they are sure” of guilt before they can convict a
defendant.
4 Supra, footnote 1
5 So-called “third-party material”, e.g. that held by the police, CPS, Post Office Ltd. suppliers e.g. Fujitsu
ete.
6 E.g. Prosecution or defence Expert witnesses; Prosecution or defence counsel or solicitors efc.; the Court
1032
8.
POL00113136
POL00113136
The Supplier will make available to Post Office Ltd. or any person who is authorised by
Post Office Ltd. to receive such data,’ all such Audit data as may be required in
connection with or pertaining to: (i) the investigation or prosecution of criminal
offences and (ii) Post Office Ltd.’s obligations and duties as a Prosecutor and set out in
paragraph 3 above:
8.1. Within a reasonable period;
8.2. In such form as may be readily interpreted by a non-expert;
8.3. In such form as to may be required by a court for presentation to that court.
Migration of Audit data to replacement storage systems
9.
10.
11.
12.
Post Office Ltd. understands and acknowledges that the migration process necessarily
requires the production of a copy of the original data and that the material stored in
the new media at the conclusion of the migration process will be an exact copy of the
original data.
The Supplier will ensure that all data to be migrated to replacement storage will be
copied and moved:
10.1. only after a complete and uncorrupted copy of the data to be moved is
securely stored and readily available to Post Office Ltd.;
10.2. in such a way as to ensure that no data is compromised, corrupted, lost or
rendered beyond retrieval;
10.3. only in accordance with a Migration Strategy approved by Post Office Ltd.
and their independent consultants.
The Supplier will certify to Post Office Ltd. that the requirements of paragraph 8.1 are
complied with and will only proceed to migrate data in accordance with this
Memorandum of Understanding after Post Office Ltd. have indicated in writing to the
Supplier that they are satisfied with such compliance.
Upon completion and satisfactory testing of the migration of Audit data to
replacement media the Supplier will certify to Post Office Ltd. that no migrated data
has been compromised, corrupted, lost or rendered beyond retrieval. Where any such
migrated data is a copy of the original, the certificate provided under this paragraph
will indicate that all such data is an exact and identical copy of the original.
7 Supra, footnote 6.
Page
1033
POL00113136
POL00113136
Page
1034