POL00117551
POL00117551
From: Belinda Croweft
Sent: Fri 04/04/2014 8:31:20 AM (UTC)
To: Rodric Williams: “GRO James, Gareth \(UK -
Manchester\)[é. GRO
Ce:
i esley J
Belinda Crowef”
Subject: RE: Strictly Private & Confidential - Subject to Legal Privilege
Attachment: FJS_2013_BVcert_27001 1.pdf
Attachment: PCI AOC 2013 signed. pdf
Attachment: ISMF POL ISAG_FS Minutes Action Points 15 01 2014 vfinal.doc
Attachment: FJS Security Report 2014 02.xIsx
Attachment: PO-HNGX_PCI Report on Compliance_2013_V1 1.pdf
Attachment: ISMF POL ISAG_FS Minutes Action Points 11 02 2014 v final.doc
Attachment: ISMF ISAG_FS) Minutes Action Points 27 11 2013 vfinal.doc
Attachment: FJS Security Report 2014 03.xIsx
Attachment: FJS Security Report 2014 01.xIsx
Attachment: FJS POA ISMS SOA 1.xIs
Further to Rod’s email below, and our call yesterday (and with apologies that these did not get through last night, I
attach the further documents in relation to Horizon.
These relate to Information Security.
They are:
Current Fujitsu POA 1SO27001 certification (Fujitsu have advised us in the past this is not to be shared with
third parties but I'll leave that to your discretion),
The associated Fujitsu POA ISMS Statement of Applicability,
The Post Office Horizon PCI DSS certificate,
The Post Office Horizon PCI DSS signed AOC,
The Post Office Horizon PCI DSS ROC (password on separate email),
The last 3 published Post Office ISMF minutes with Fujitsu,
The last 3 Fujitsu Security Ops Reports.
Gareth, I sent you the password separately for the ROC document.
If anyone else requires the password please let me know.
Best wishes
Belinda
Belinda Crowe
148 Old Street, LONDON, EC1V 9HQ,
POL00117551
POL00117551
From: Rodric Williams
Sent: 02 April 2014 18:58
To: James, Gareth (UK - Manchester)
Cc: Belinda Crowe; Chris Aujard; cdesourdy’
Subject: Strictly Private & Confidential - Subject to Legal Privilege
Lesley J Sewell
Gareth,
As discussed earlier today, Post Office Limited is responding to allegations that the “Horizon” IT system used to record
transactions in Post Office branches is defective and/or that the processes associated with it are inadequate.
In order to respond to these allegations (which have been, and will in all likelinood continue to be, advanced in the
courts), Post Office wants to demonstrate that the Horizon system is robust, fit for purpose, and/or operates within an
appropriate control framework.
In order to determine whether or not Deloittes can help us in this regard, I attach the following documents:
1. “Horizon Core Audit Process” which outlines how Horizon has been designed to operate;
2. “Draft Factfile” which deals with how Post Office uses Horizon in our branch network;
3. “Description of Fujitsu’s System of IT Infrastructure Services supporting Post Office Limited’s POLSAP and
HNG-X applications”;
4. Atable of the themes which underlie some of the allegations that Horizon is deficient; and
5. “Note on Horizon Report” which outlines of the type of report we may require.
Could you please review these so that we can advance our discussions on a further call (or meeting) during the course
of tomorrow.
Kind regards, Rodric
Rodric Williams I Litigation Lawyer
~
@ 148 Old Street, LONDON, EC1V 9HQ
Post Office stories
@postofficenews