POL00149655
POL00149655
From: Mark Underwood!i
Sent: Tue 25/11/2014 2:49:35 PM (UTC)
To: Parsons, André
Ce: Tom Wechsler,
Subject: RE: Remote access - papers and plan [BD-4A.FID26231777]
Thanks Andy — I will forward on.
Mark
From: Parsons, Andrew [mailta
Sent: 25 November 2014 14:37
To: Mark Underwood1
Cc: Tom Wechsler; Patrick Bourke
Subject: RE: Remote access - papers and plan [BD-4A.FID26231777]
Mark
I'm happy with the draft paper. I haven't received any comments from Andy H — probably best to send on to FJ as
they will pick up any technical points anyway.
Kind regards
Andy
Andrew Parsons
Managing Associate
Direct: }
movie: GRO
Fax:
Follow Bond Dickinson:
www.bonddickinson.com
From: Mark Underwood! [mailto?
Sent: 20 November 2014 13:42
To: Parsons, Andrew
Cc: Tom Wechsler; Patrick Bourke
Subject: FW: Remote access - papers and plan
Hi Andy — Sorry for the delay with this, things have been a bit manic recently.
Please see the below email trail for context and a plan of action for putting this to bed. With respect to the plan
detailed in the below email, are you able to:
e Take a look at the attached papers and see if you agree with:
o The track changes I have made to your paper, which by the way I thought was excellent — particularly
the definition going forward for the question being posed.
POL00149655
POL00149655
o The Q&A in my high level bullets
¢ Could you also incorporate any changes Andy Holt may have sent you as I remember you requesting him to
do so a few weeks ago.
Then I will forward on to FJ and try and get this finalised asap.
The only additional detail I intend to include in your paper is a short reference to standard operating procedures in
branch in relation to sharing user ID’s and passwords . Though the content will be similar to the below extract, Iam
just waiting on being sent over a copy of the latest manual so will incorporate at a later stage.
The Security Operations Manual v2 from January 2008 states;
“All users of the Horizon system must never:
- log on as another person
- allow anyone else to use their User ID and password
- use an informal name, pseudonym or nickname as an identity
- continue to use Horizon or the data on it if you or they are no longer authorised to do so
- allow a User ID or password to be re-used by another person (ie, if you replace a current user with another, the new “
Many thanks
Mark
From: Mark Underwood1
Sent: 20 November 2014 10:49
To: Tom Wechsler
Cc: Patrick Bourke
Subject: Remote access - papers and plan
Hi Tom,
Note drafted to get my mind straight and to try and agree a process to push this to conclusion.
I have attached two docs:
1) A paper produced by AP with my proposed track changes. PB envisages this as the all-encompassing paper,
that going forward we can refer to in response to claims in, for example, draft CRRs of transactions
mysteriously appearing in SPMRs accounts.
2) Amuch shorter bulleted high level list of what can / cannot be done with regards to remote access. To be
used in, for example public rebuttals.
Whenever we have spoken to FJ about this issue, they seem puzzled as to why we are so concerned citing ‘data
integrity’ However I think we are now of the opinion it is a semantics issue. By ‘data integrity’ FJ are, I think, referring
to ‘audit trail’ — in that, whatever is done leaves a clear and identifiable audit trail behind it and thus — if there is no
‘remote access car’ in the branch’s data — it simply did not happen. This therefore allows us to prove the negative.
On a call — FJ confirmed they already had downloaded all the branch data available for the 150 scheme cases and
performed searches for any such ‘scars’.
POL00149655
POL00149655
As such, everything appears to be golden. We just need FJ to confirm this once and for all.
In terms of process, I would think it seems sensible to:
1) Send the attached papers to AP for his approval — particularly as I have changed his paper in parts. We also
need to incorporate any changes Andy Holt sent AP.
2) Then, with the below disclaimer (crafted by AP) — send to FJ to answer the questions posed in the attached
wrhis aren aoeanienteanaany
3) Send to SS for their approval as they are quoted as agreeing AP’s paper (or remove that reference as,
although nice to have, we don’t need their approval)
4) Finalise
Once you have digested — lets catch up
Mark
Mark Underwood
Initial Complaint and Mediation Scheme
This email and any attachments are confidential and intended for the addressee only. If you are not the named
recipient, you must not use, disclose, reproduce, copy or distribute the contents of this communication. If you have
received this in error, please contact the sender by reply email and then delete this email from your system. Any views
or opinions expressed within this email are solely those of the sender, unless otherwise specifically stated.
POST OFFICE LIMITED is registered in England and Wales no 2154540. Registered Office: 148 OLD STREET,
LONDON EC1V 9HQ.
Please consider the environment! Do you need to print this email?
2 only is authorised to
ble and delete any
The information in this e-m ial and may b
and any attachments is confide: be legally priv
6 SOON as pos
access this e-mail and any n
copies. Unauthorised use, dissemination, distribution, publication or c awful
Any ed to this e-mail will have been checked by us w cepts no liability for any loss or
which may be caused by sol ruses and you should carry 0 ment
number OC317661. Our reg
fhe term partner to refer to a member of
ames is open to inspection,
employee or consultant who is of equivalent standing. Our VAT registration number is GB123393627,
the LLP, ora
Bond Dickinson LLP is authorised and regulated by the Solicitors Regulation Authority
POL00149655
POL00149655
This email and any attachments are confidential and intended for the addressee only. If you are not the named recipient, you
must not use, disclose, reproduce, copy or distribute the contents of this communication. If you have received this in error,
please contact the sender by reply email and then delete this email from your system. Any views or opinions expressed within
this email are solely those of the sender, unless otherwise specifically stated.
POST OFFICE LIMITED is registered in England and Wales no 2154540. Registered Office: 148 OLD STREET, LONDON
EC1V 9HQ.