POL00139650
POLO0139650
WOMBLE
CONFIDENTIAL AND LEGALLY PRIVILEGED BOND
POST OFFICE GROUP LITIGATION
17 July 2019 DICKINSON
41
1.2
1.3
1.4
21
Decision paper: Preservation of POLSAP
INTRODUCTION
In March 2019, a decision was sought from Post Office as to whether the copy of POLSAP held
by Fujitsu should be deleted or maintained for the duration of the Group Action. A copy of this
paper is enclosed at Schedule 1.
Further background details are set out in the previous paper, but in summary:
1.2.1 POLSAP was historically hosted by Fujitsu and Post Office have undertaken an
exercise of copying the data from Fujitsu to Accenture.
1.2.2 For this process, POLSAP has been taken out of use and the data has been
transferred and now stored on Accenture's azure platform in read-only mode.
1.2.3 Fujitsu continue to hold a copy of the historic data until confirmation is given by Post
Office that it can be deleted.
1.2.4 The data in POLSAP is relevant to the Group Action and therefore needs to be
preserved for the purposes of the Group Action. If POLSAP data is deleted from
Fujitsu's system, Post Office would be reliant on the migration to Accenture's azure
platform being correct.
1.2.5 The cost of Fujitsu continuing to host the data is around £1.3 million for a further 12
months (circa. £110,000 per month).
The previous decision paper provided a number of options to Post Office, and a decision was
taken to obtain a third party report to certify that the migration has been carried out effectively
(option 3), following which further consideration would be given the deletion of data from
Fujitsu's systems and rely upon the data in Accenture's platform (option 1).
The third party report has been completed and this paper now seeks a decision on whether in
light of this report the data should be deleted, or continue to be maintained for the duration of the
Group Action.
MIGRATION ASSURANCE REPORT
PA Consulting were engaged to produce a migration assurance report into the transfer of
POLSAP data from Fujitsu to Accenture (the Report). The Report considered the following
matters:
2.1.1 The extraction of the Data by Fujitsu to include confirmation as to whether or not:
(a) there were sufficient controls around the completeness and accuracy of data
being extracted; and
(b) the data extracted by Fujitsu matches the original data.
2.1.2 The upload of the Data by Accenture into the new platform, to include confirmation as
to whether or not:
AC_156835357_1 1
POL00139650
POL00139650
(a) there were sufficient controls around the completeness and accuracy of data
being migrated;
(b) there were sufficient controls around the completeness and accuracy of data
being uploaded; and
(c) the data uploaded by Accenture matches the data extracted by Fujitsu.
2.1.3 Confirmation as to whether or not the Data remains accessible, in particular:
(a) whether there any issues with unreadable data or the integrity of the data which
may impact on the completeness, accuracy and accessibility of the Data; and
(b) reviewing the access rights in the Azure system to ensure there are sufficient
controls to preserve data integrity.
2.1.4 Confirmation as to whether or not any further validations should be undertaken so as
to ensure that the Data has been preserved.
2.2 A copy of the Report is embedded below.
r
de
POST OFFICE
POLSAP MIGRATION
2.3 The Report concluded:
“Overall it is concluded that an industry best practice approach has been followed in performing a
direct system copy. This method ensures that the relocation will result in a like for like recreation
of the POLSAP instance and is the optimum way to prevent any discrepancies within the system
either in system architecture or data held within.
The parties involved were Fujitsu, Accenture and the Post office. From the documentation and
input PA Consulting received from the parties it is concluded that the process has been executed
to a high standard and during all steps of the process the data has been secure and protected by
both a high level of encryption and secure physical transport arrangements.
The new POLSAP archive is managed by Accenture. The assessment on the data in the new
archive has not uncovered any discrepancies in the financial data held in the new system.
Specifically, financial balances, vendor and customer balances in the new archive have all been
confirmed to be identical to the balances as recorded in the original Fujitsu hosted POLSAP.
Direct data assessment at database level carried out by PA Consulting on the POLSAP archive
managed by Accenture have not brought to light any material changes compared to the state at
time of migration. Within the recommendations, PA Consulting has noted some additional
aspects regarding system administration and system access which, if implemented, would further
increase the level of continued integrity assurance of the POLSAP archive managed by
Accenture."
24 The Report did however flag a number of points/recommendations which should be noted:
2.4.1 Project Bramble — at the time of producing the Report, data was being extracted from
Accenture's copy of POLSAP for the purposes of a legally privileged report being
produced by Deloitte concerning the reconciliation of Post Office's suspense accounts.
If the Report is to be disclosed to the Claimants (ie. to provide them with assurances
that the migration was successful), then it will be necessary to redact the reference to
Deloitte on the basis of privilege. This may cause the Claimants to raise queries.
‘AC_156835357_1 2
POL00139650
POL00139650
2.4.2 Financial Balance Verification — PA Consulting's financial balance verification was
conducted in respect of data from 2014 and 2018. Verification of financial balances
from other years was not undertaken. PA Consulting have confirmed "Data
verification on financial balances for GL accounts, Vendors and Customers has been
completed for financial years 2014 & 2018. As the court case focuses on other
financial years, Post Office could also check balances from other years also, however
having checked the table counts and tested the system in general not finding any
corruption it’s highly unlikely that these locked past periods would differ."
Whilst PA Consulting have confirmed that it is "high unlikely" that verification of other
years which raise any migration concerns, it should be noted that a full test of all data
from the years for which the Group Litigation concerns has not been undertaken and
this could be raised as a concern by the Claimants / Court.
2.4.3 NAS Drives — PA Consulting have recommended that Post Office maintain copies of
the NAS Drives, being the drives onto which Fujitsu placed the original copy of their
instance of POLSAP for the purposes of transferring the data to Accenture. We
understand from Accenture and Ben Cooke (Post Office IT) that the NAS Drives which
contain these data no longer exist.
2.4.4 System checks - PA Consulting have recommended that comparisons of the
configuration tables are undertaken.
We understand from Ben Cooke that comparing the configuration tables is not
relevant for these purposes since Post Office are not intending to use the system for
processes, and the configuration settings may well be different now from the period
that the case refers to in any event.
2.4.5 Authorisations - PA Consulting have recommended that the transaction codes for
change/write authorisations from display roles such as XD02, XDO1 FBO2, FBO1
should be removed.
Further, PA Consulting's analysis of display role Z:PPM:CPTINVENTORY_ROLE
found multiple change access rights remaining. It is recommended by PA Consulting
that a full authorization review takes place which could include: verify whether all 742
user accounts remain needed; check role assignment to all user accounts; verify
authorisations available within all active roles; perform negative authorisation testing
on all critical processes.
We understand from Ben Cooke that since the Accenture instance of POLSAP is
locked for changes, no matter the authorisation provided, unless the central technical
team have unlocked the system, no user can change anything.
25 PA Consulting have not been commissioned to undertake further work in respect of their
recommendations on the basis of the assurances given above.
3. OPTIONS
3.1 This is ultimately a business decision on whether Post Office is willing to accept the litigation
risks vs. the ongoing costs of hosting.
3.2 Parties to litigation must take reasonable steps to preserve documents which may be relevant to
the matters in issue. Parties are expected to suspend routine document destruction policies
when litigation is afoot, although a duty to preserve can be complied with by making copies of
sources and documents and storing them. Failure to comply with the Court rules on preserving
documents could lead to the Court drawing adverse inferences if any disclosable documents are
destroyed. Further, in light of the criticisms from the Common Issues Trial, whilst this judgment
remains in place the disclosure and preservation of documents by Post Office will be under
heightened scrutiny.
‘AC_156835357_1 3
3.3
3.4
3.5
3.6
3.7
44
4.2
POL00139650
POL00139650
If the preservation of this data is challenged in the litigation, a member of Post Office IT,
Accenture, Fujitsu and PA Consulting may need to provide witness statements explaining what
happened. We may also require a further witness statement from a senior employee explaining
why the decision to delete the data was made.
Post Office options are:
3.4.1 Option 1 - Delete the data from Fujitsu's systems and rely upon the data in
Accenture's platform. This option is now supported by the conclusions in the Report.
3.4.2 Option 2 - Continue to instruct Fujitsu to host the data for a further 12 months.
3.4.3 Option 3 - Approach Freeths to seek agreement that they are satisfied that the
migration has been carried out effectively and that Post Office can rely on the data
stored on Accenture's platform.
If Option 1 is followed, we recommend producing and signing witness statements from the
relevant individuals before the data is deleted. This would require a witness statement from PA
Consulting, as well as witness statements from Fujitsu and Accenture in respect of the original
data transfer.
If Option 2 is followed, we recommend re-assessing this decision in 12 months' time when the
landscape of the litigation has evolved.
For Option 3, if Freeths agree to the deletion of the data this would provide Post Office with the
maximum level of protection, although not complete as the Judge may still raise concerns in any
event. However, it is unlikely Freeths would agree to Post Office deleting the data. In these
circumstances, Post Office will still need to make a decision of whether to delete or retain the
data, with the additional factor that Freeths have objected to the deletion. For this reason,
although Option 3 provides the greatest cost benefit, we would not recommend this approach.
RECOMMENDATION
The data which is held in POLSAP is relevant to the Claimants' case in the Group Action
concerning reconciliation and breach, being matters which have not yet been pleaded but will be
covered in the scope of the Further Issues Trial in March 2020. There is currently an ongoing
work stream with Accenture and Deloitte to understand how data which is held in POLSAP can
be extracted and disclosed for the purposes of Further Issues Trial. This work is due to be
completed in 6 to 8 weeks.
Whilst we appreciate that the cost of continuing to host the Fujitsu instance of POLSAP is high,
on balance our recommendation is that the decision to delete the Fujitsu instance of POLSAP is
deferred for 2 months' until after the completion of Accenture's and Deloitte's work. This will
provide Post Office with an option to revert to the Fujitsu instance of POLSAP if necessary to
extract and disclose data for the Further Issues Trial.
‘AC_156835357_1
POL00139650
POL00139650
CONFIDENTIAL AND LEGALLY PRIVILEGED WOMBLE
POST OFFICE GROUP LITIGATION BOND
22 MARCH 2019 DICKINSON
Decision paper: POLSAP data hosted by Fujitsu
1. BACKGROUND
44 Post Office has copied the POLSAP data hosted by Fujitsu to a platform hosted by Accenture.
Fujitsu would now like to delete the data which they hold. This paper seeks a decision on
whether the data should be deleted, or maintained for the duration of the Group Action.
2. THE PROCESS
24 POLSAP was historically hosted by Fujitsu and Post Office have undertaken an exercise of
copying the data from Fujitsu to Accenture. For this process, POLSAP has been taken out of
use and the data has been transferred and now stored on Accenture's azure platform in read-
only mode. This has effectively placed a litigation hold on the data which should prevent the
deletion of this data from the new platform. Fujitsu continue to hold a copy of the historic data
until confirmation is given by Post Office that it can be deleted
2.2 The cost of Fujitsu continuing to host the data is around £1.3 million for a further 12 months
(circa. £110,000 per month).
2.3 Fujitsu and Accenture have undertaken a number of checks to confirm that the data extracted
and uploaded matches and that Post Office can still access the same data as before. The
enclosed paper from Post Office IT explains the checks which have been undertaken.
24 Whilst Post Office can take some comfort from the checks and validations produced by Post
Office IT, we as lawyers cannot confirm whether there have been any issues with the data
migration or whether there will be any issues with accessing the data going forward.
3. RISKS OF DELETING THE DATA
3.1 Parties to litigation must not destroy any documents which might be relevant to the matters in
issue. Parties are expected to suspend all routine document destruction policies when litigation
is afoot. Failure to comply with the court rules on preserving documents could lead to the court
drawing adverse inferences if any disclosable documents are destroyed.
3.2 The data in POLSAP is relevant to the Group Action and therefore needs to be preserved for the
purposes of the Group Action. POLSAP is a document repository which we have not had cause
to search yet as part of the disclosure exercises for the Common Issues and Horizon Issues
Trials. We estimate that access to POLSAP will be needed for Trial 3 and so access will be
necessary for at least the next 12 months (if not longer).
‘AC_156835357_1 5
POL00139650
POL00139650
3.3 If POLSAP data is deleted from Fujitsu's system, Post Office would be reliant on the migration to
Accenture's azure platform being correct. If the migration has not been successful this will
cause risks for the Group Action.
3.4 In light of the criticisms from the Common Issues Trial, whilst this judgment remains in place the
disclosure and preservation of documents by Post Office will be under heightened scrutiny. The
ongoing attitude of the Judge is that anything that looks like Post Office failing to preserve
materials is likely to be heavily criticised. Adverse inferences could be drawn that Post Office is
hiding something and risks feeding into the Judge's current perception of Post Office.
3.5 If the preservation of POLSAP data is challenged in the litigation, a member of Post Office IT
(probably Ben Cooke) will need to provide a witness statement explaining what happened. We
may also require a second witness statement from a senior employee explaining why the
decision to delete the data was made.
4. OPTIONS
41 This is ultimately a business decision on whether Post Office is willing to accept the litigation
risks vs. the ongoing costs of hosting POLSAP by Fujitsu.
42 Post Office options are:
4.2.1 Option 1 - Delete the data from Fujitsu's systems and rely upon the data in
Accenture's platform.
4.2.2 Option 2 - Continue to instruct Fujitsu to host the data for a further 12 months.
4.2.3 Option 3 - Obtain a third party report to certify that the migration has been carried out
effectively (which could be carried out alongside Option 1 and 4). We understand that
Ben Cooke of Post Office IT is currently looking into this matter.
4.2.4 Option 4 - Approach Freeths to seek agreement that they are satisfied that the
migration has been carried out effectively and that Post Office can rely on the data
stored on Accenture's platform.
43 If Option 1 is followed, we recommend producing and signing witness statements from the
relevant individuals before the data is deleted.
44 If Option 2 is followed, we recommend re-assessing this decision in 12 months’ time when the
landscape of the litigation has evolved.
45 Option 3 does not remove the risks that the court makes an adverse finding against Post Office
if data is destroyed. However, it will help lay an evidence trail of internal considerations if Option
1 is selected.
46 If Option 4 is followed, we recommend obtaining the third party report first to give assurances to
Freeths. If Freeths agree to the deletion of the data this would provide Post Office with the
maximum level of protection, although not complete as the Judge may still raise concerns in any
event. However, it is unlikely Freeths would agree to Post Office deleting the data. In these
circumstances, Post Office will still need to make a decision of whether to delete or retain the
data, with the additional factor that Freeths have objected to the deletion. For this reason,
although Option 4 provides the greatest cost benefit, we would not recommend this approach.
‘AC_156835357_1 6