WBONO0000274
WBON0000274
e: URGENT: Bug 28 - Drop and Go Bug [WBDUK-AC.FID 123822914]
Date: Wed, 8 May 2019 15:38:49 +0000
Importance: Normal
Inline-Images: image001.png; image002.png; image003.png; image004.png; image005.png;
image006.png; image007.png; image008.png; image009.png; image010.png;
image011.png; image012.png; image013.png; image8c6cfce.PNG; image8bf23c.PNG;
image0c776d.PNG
Hi Katie,
To put the response below into context, AP-ADC (Automated Payment - Additional Data Capture) are a
series of modular functions that are provided with the Horizon codeset. The APADC functions allow control
of the user interface and allow transaction designers to build an 'APADC transaction script' which calls a
series of APADC functions to capture transactional data. For example; a 'NameLong' function displays a GUI
on Horizon to capture all of the individual elements of a Name (e.g. Title, forename, middle initial,
surname) ona single screen. Adding NameLong, along with various other functions, to a transaction
script allows us to build complex transactions without requiring counter code changes by Fujitsu.
The fix deployed in April 2018 corrected the issue with two known Drop & Go functions, namely;
1) OpenAccount - An APADC transaction script that captures and transmits data when a Customer wants to
Open a Drop & Go Account. As part of the Account Opening journey, the APADC script displays a prompt to
ask the customer if they want to top up the balance of their account at the same time, and if so, processes
the account top up.
2) Balance&TopUp - An APADC transaction script that captures and transmits data when a Customer wants
to Top Up the balance of a Drop & Go Account.
From the keystroke log evidence in PC0273234 (which I have seen for the first time today), I can see that
the transaction being attempted is a different Drop & Go Function, namely;
3) Count Mails - An APADC transaction script that captures the number of items that a Customer wants to
leave with the branch to process later.
From the keystroke logs I can see that the Count Mails script also offers the Customer the opportunity to
Top Up their account as part of the Count Mails transaction. Atos were unaware of this additional
mechanism to perform a top up at the time the fix was deployed in April 2018, therefore no changes were
made to the Count Mails APADC transaction script. Atos responded to an original incident relating to the
Balance&TopUp journey. A fixed was identified and this was also applied to the OpenAccount script as we
were aware that OpenAccount also offered Top Up facilities. We missed the fact that Count Mails also offers
Top Up facilities, and therefore the fix will also need to be deployed to the Count Mails transaction as a
matter of urgency. The original author of the suite of Drop & Go transaction scripts was a Post Office
Business Analyst who has since left the business. There is no documentation available that would
have clearly identified a link to Top Up within the Count Mails transaction.
The statement in the test report alludes to the fact that there are existing issues with Recovery which were
still evident after the fix to the Top Up problem was implemented. As the fix successfully resolved the
Account Opening and Top up issue, and did not introduce additional issues during recovery, the fix was
deployed. For context, Recovery is a process that is triggered whenever the Horizon counter system has
problems, specifically;
a) the counter PC crashes midway through a transaction or
WBD_000144.000001
WBONO0000274
WBON0000274
b) loss of network connectivity occurs and the counter PC cannot communicate with the data centre. In this
instance Horizon automatically logs the user out.
On Horizon PC restart and/or user log in - Horizon checks to see if any transactions were in progress at the
point of PC/comms failure (by checking for incomplete transaction records in a 'recovery' transaction table
held within the data centre). If records are found, Horizon then triggers a Recovery APADC transaction
script. The transaction designer can create bespoke recovery scripts for each transaction type. The purpose
of the script is to make online calls to third party systems if required, and prompt the clerk for input (e.g.
‘was cash payment taken for the transaction before failure’? or 'was a receipt produced?'). Based on the
information received from the clerk or third party, the recovery script can then complete the original
transaction if required, or finish cleanly if no recovery actions are required. The clerk can then continue
with their business.
I've just received a separate call relating to recovery last week and have been provided keystroke logs that
detail the issue. This issue was originally raised as a Service Incident, but the resolving team (Information
Services) were unable to identify the issue. As I have some awareness of the Drop & Go transaction scripts, I
agreed to look into the issue amongst other workload. I will prioritise this now and will work with
the resolving team to implement a fix to the Count Mails transaction.
Regards
James
From: Katie Simmonds { GRO. i
Sent: 08 May 2019 15:08
To: Brett, James
Cc: Cooke, David; Jonathan Gribben
Subject: URGENT: Bug 28 - Drop and Go Bug [WBDUK-AC.FID123822914]
Hi James
Thank you for sending through the test report and for your time during our call last month, both of which have been
really useful. I have a couple of very important, but hopefully small, follow-on questions that I'd be grateful if ATOS
could come back to us on this week, ideally tomorrow:
Peak PC0273234, attached, indicates that a further instance of the issue occurred in August 2018, four months after
the changes to the scripts were released to live on 19 April 2018. Can ATOS please confirm:
a. If this was a further instance of the problem or an unrelated problem.
b. If this was a further instance of the problem, why it occurred after the earlier fix? Was it the case that
the script didn't go live in April 2018? Was it the case that it wasn't released to all branches?
We need a full response to these points, together with relevant supporting documentation to evidence how ATOS dealt
with the August 2018 issue, as currently it looks as though a fix was implemented that didn't work in practice.
What does the APADC script do?
What does the Open Account script do?
Section 3 of the Test Report, extract below, is confusing and implies as though there is a separate issue here. Can you
explain the below note please as simply as possible for us?
Note: Recovery scenarios working same as earlier. We observed that with the transaction
where cash was not taken from the customer horizon behaved correctly, processing the zero
value transaction. But the customers Drop & Go account has the increased the balance. This
is the live behaviour and not connected with this fix.
Whilst writing, a separate query has arisen that you may be able to help me with. This relates to an issue involving the
ATOS recovery script. I may need to send you some more information but I wondered as an initial point whether you
would be able to explain what the recovery script does please?
Kind regards
Katie
WBD_000144.000002
Katie Simmonds
Associate
Womble Bond Dickinson (UK) LLP
Manage your e-alert preferences
WOMBLE womblebonddickinson.com
BOND
DICKINSON &) (in)
From: Brett, James [mailto
Sent: 02 April 2019 16:25
To: Cooke, David; Katie Simmonds
Subject: RE: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Hi Katie,
WBONO0000274
WBON0000274
Attached is the test report issued by a member of my team at the time of the issue resolution.
Following review of the test report, the Information Services Team released the change as follows;
These script versions were processed as a single change RADC/1804/006, which was submitted, processed
and loaded by Fujitsu on 11/04/18.
This change was released to live on 19/04/18 (ver18065)
Kind regards,
James Brett
H
9st Office Account
Atos 1020 Eskdale Road — Winnersh Triangle RG41 STS - UK
atos.net
From: Cooke, David
Sent: Tuesday, April
To: Brett, Jame: Q
Subject: FW: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Thanks,
David
David Cooke
Atos
WBD_000144.000003
WBONO0000274
WBON0000274
From: Cooke, David
Sent: Tuesday, April 02, 2019
To: 'Katie Simmonds' <{.
Cc: Michael Wharton ¢_ Mark Underwood1
H GRO >; Barry Lumsden ¢ GRO >; Angus
McDonald GRO. i
Subject: RE: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Katie,
I have spoken to the person who made the change and here are summary answers. If you want to call to
talk these through with us please do call me.
an
. How the issue was fixed
Atos were alerted to the error by Fujitsu on 2 March 2018.
Previous errors had occurred but this was the first time that Fujitsu were able to capture the key logs.
This enabled Atos to recreate the error and identify the bug.
Once this was identified a fix was developed, tested and delivered into production using the normal
change management processes.
Delivery to live took place on 19 April 2018.
2. An explanation of the issue
The underlying issue was that the system did not manage time-outs for Drop and Go properly. When
a message was sent to a banking system and no reply was received the Horizon transaction carried on
‘assuming’ that a reply had been received.
The fix ensured that the Horizon system waited for the response and where none was received put up
and error message so that the transaction could be safely redone.
Kind regards,
David
David Cooke
Client Executive —- Government Sector
Atos
orn, London WC1V 6EA — United Kingdom
To: Cooke, David {
Cc: Michael Wharton -} Mark Underwood1
H GRO. >; Barry Lumsden I.
McDonald { GRO H
Subject: RE: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
David
WBD_000144.000004
WBONO0000274
WBON0000274
Thank you for your email. We're looking to complete the attached bug note and largely need your help with the points
highlighted in yellow, including:
1. How the issue was fixed.
2. A simple explanation of the issue — currently we have " Reconciliation between the Horizon feed and the
Accenture CDP system identified that only one top-up had been received by Accenture CDP but two were being
shown it the Horizon Batch Feed. The second Horizon transaction matched the CDP transaction, confirming
the problem was with the first transaction." — it would be helpful if this could be expanded on/ explained as fully
as possible.
Happy to have a call if the above and attached are still unclear — I can be free for a call between 3.30 and 4.30 today if
you let me know when is best for you.
Kind regards
Katie
Katie Simmonds
Associate
Womble Bond Dickinson (UK) LLP
d:
" GRO
Stay informed: sign up to our e-alerts
DICKINSON (J) (in)
From: Cooke, David [mailto
Sent: 02 April 2019 14:46
To: Katie Simmonds
Cc: Michael Wharton; Mark Underwood1; Barry Lumsden; Angus McDonald
Subject: RE: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Katie,
I have done some digging on this and it doesn’t look like we have a lot of information relating to this issue.
It would be helpful to understand what you are looking for so we can see if there is anything that could be
useful.
If you want to discuss this please do give me a call.
Kind regards,
David
David Cooke
Client Executive - Government Sector
Tel{” GRO I
naunninnanmmnnnnnnnnns
Atos
MidCity Place, 71 High Holborn, London WC1V 6EA — United Kingdom
atos.net
Hono
WBD_000144.000005
From: Katie Simmonds ¢__
Sent: Friday, March.
To: Cooke, Davidi. GRO.
Michael Wharton;
GRO
McDonald}
Subject: RE: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Hi David
WBONO0000274
WBON0000274
Further to the helpful introduction from Angus below, I wanted to reach out with copies of the relevant documents. If
you consider it would be useful to discuss any points by telephone, please let me know when works best for you and
we can get a call set up.
Kind regards
Katie Simmonds
Associate
Womble Bond Dickinson (UK) LLP.
‘Stay informed: sign up to our e-alerts
DICKINSON (J) (in)
From: Angus McDonald [mailto
Sent: 29 March 2019 11:28
To: Cooke, David
Cc: Katie Simmonds; Michael Wharton; Mark Underwood1; Barry Lumsden
Subject: Bug 28 Drop and Go Bug [WBDUK-AC.FID123822914]
Importance: High
Hi David
Barry is out of the office today, I've been asked to communicate to you directly. Barry has been in touch with your team
separately on this
I wondered if you would be able to come back to me today in terms of an ETA for a full response from atos please on
the Bug 28 response for the ongoing litigation? The plan is currently to include these bug summaries as part of the
Counsel team’s written closings in the Horizon Issues Trial so we just want to be sure on timings of response.
Who’s the lawyer?
Katie Simmonds
Associate
Womble Bond Dickinson (UK) LLP
‘Stay informed: sign up to our e-alerts
WBD_000144.000006
WBONO0000274
WBON0000274
What’s this all about?
. One of the bugs that we need atos' support with has been called the 'Drop and Go' bug. Fujitsu have confirmed they
are not aware of the Drop and Go business process and are therefore unable to comment on whether the issue was
caused by user error or a fault with the APADC script. Ideally we want to understand what happened in this particular
instance, if it is a known issue with the script and, if so, how this was resolved. In terms of relevant documents, please
find attached:
Draft Drop and Go Bug summary
Relevant KEL and Peak
The experts’ second joint statement
Kind regards
Katie
“Post Office Limited is committed to protecting your privacy. Information about how we do this can be
found on our website at www.postoffice.co.uk/privacy”
JES EOS SISOS SECIS ODORS ICI OCOEIOROCIEOSIOROCAOCICCCI RIOR ICI OIC ICI
This email and any attachments are confidential and intended for the addressee only. If you are not the
named recipient, you must not use, disclose, reproduce, copy or distribute the contents of this
communication. If you have received this in error, please contact the sender by reply email and then delete
this email from your system. Any views or opinions expressed within this email are solely those of the
sender, unless otherwise specifically stated.
POST OFFICE LIMITED is registered in England and Wales no 2154540. Registered Office: Finsbury
Dials, 20 Finsbury Street, London EC2Y 9AQ.
FS See ence dice ec cinco dc icici dcr GRC AGI ICR GE ACE AI a AS Aca ac cA ca ok ak a
“Post Office Limited is committed to protecting your privacy. Information about how we do this can be
found on our website at www.postoffice.co.uk/privacy”
Please consider the environment! Do you need to print this email?
soon as possible and delete any copies. Unauthorised
se, dissemination, distribution, publication or copying of this communication or attachments is prohibited and may be unlawful. Information about how we use personal
data is in our Privacy Policy, on our website.
Any files attached to this e-mail will have been checked by us with virus detection software before transmission. Womble Bond Dickinson (UK) LLP accepts no liability for any
loss or damage which may be caused by software viruses and you should carry out your own virus checks before opening any attachment,
Content of this email which does not relate to the official business of Womble Bond Dickinson (UK) LLP, is neither given nor endorsed by it.
This email is sent by Womble Bond Dickinson (UK) LLP which is a limited liability partnership registered in England and Wales under number 0317661. Our registered office
is 4 More London Riverside, London, SE1 2AU, where a list of members’ names is open to inspection. We use the term partner to refer to a member of the LLP, or an
employee or consultant who is of equivalent standing. Our VAT registration number is GB123393627.
Womble Bond Dickinson (UK) LLP is a member of Womble Bond Dickinson (International) Limited, which consists of independent and autonomous law firms providing
services in the US, the UK, and elsewhere around the world. Each Womble Bond Dickinson entity isa separate legal entity and is not responsible for the acts or omissions of,
nor can bind or obligate, another Womble Bond Dickinson entity. Womble Bond Dickinson (International) Limited does not practice law. Please see
www.womblebonddickinson.com/legal notices for further details
Womble Bond Dickinson (UK) LLP is authorised and regulated by the Solicitors Regulation Authority
ATOS WARNING !
This message contains attachments that could potentially harm your computer.
Please make sure you open ONLY attachments from senders you know, trust and is in an e-mail
that you are expecting.
WBD_000144.000007
WBONO0000274
WBON0000274
AVERTISSEMENT ATOS !
Ce message contient des piéces jointes qui peuvent potentiellement endommager votre
ordinateur.
Merci de vous assurer que vous ouvrez uniquement les piéces jointes provenant d’emails que
vous attendez et dont vous connaissez les expéditeurs et leur faites confiance.
AVISO DE ATOS !
Este mensaje contiene datos adjuntos que pudiera ser que dafiaran su ordenador.
Asegurese de abrir SOLO datos adjuntos enviados desde remitentes de confianza y que
procedan de un correo esperado.
ATOS WARNUNG !
Diese E-Mail enthalt Anlagen, welche mdglicherweise ihren Computer beschadigen kénnten.
Bitte beachten Sie, daf§ Sie NUR Anlagen offnen, von einem Absender den Sie kennen,
vertrauen und vom dem Sie vor allem auch E-Mails mit Anlagen erwarten.
Atos, Atos Consulting, Worldline and Canopy The Open Cloud Company are trading names used by the
Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK
Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380), Atos
Worldline UK Limited (registered number 08514184) and Canopy The Open Cloud Company Limited
(registration number 08011902). The registered office for each is at Second Floor, Mid City Place, 71 High
Holborn, London, WC1V 6EA. The VAT No. for each is: GB232327983.
This e-mail and the documents attached are confidential and intended solely for the addressee, and may
contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to
copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems.
As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for
any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant
that this transmission is virus-free and can accept no liability for any damages resulting from any virus
transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email.
ATOS WARNING !
This message contains attachments that could potentially harm your computer.
Please make sure you open ONLY attachments from senders you know, trust and is in an e-mail
that you are expecting.
AVERTISSEMENT ATOS !
Ce message contient des piéces jointes qui peuvent potentiellement endommager votre
ordinateur.
Merci de vous assurer que vous ouvrez uniquement les piéces jointes provenant d’emails que
vous attendez et dont vous connaissez les expéditeurs et leur faites confiance.
AVISO DE ATOS !
Este mensaje contiene datos adjuntos que pudiera ser que dafiaran su ordenador.
Asegurese de abrir SOLO datos adjuntos enviados desde remitentes de confianza y que
procedan de un correo esperado.
WBD_000144.000008
WBONO0000274
WBON0000274
ATOS WARNUNG !
Diese E-Mail enthalt Anlagen, welche mdglicherweise ihren Computer beschadigen kénnten.
Bitte beachten Sie, da Sie NUR Anlagen offnen, von einem Absender den Sie kennen,
vertrauen und vom dem Sie vor allem auch E-Mails mit Anlagen erwarten.
Atos, Atos Consulting, Worldline and Canopy The Open Cloud Company are trading names used by the
Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK
Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380), Atos
Worldline UK Limited (registered number 08514184) and Canopy The Open Cloud Company Limited
(registration number 08011902). The registered office for each is at Second Floor, Mid City Place, 71 High
Holborn, London, WC1V 6EA. The VAT No. for each is: GB232327983.
This e-mail and the documents attached are confidential and intended solely for the addressee, and may
contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to
copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems.
As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for
any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant
that this transmission is virus-free and can accept no liability for any damages resulting from any virus
transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email.
ATOS WARNING !
This message contains attachments that could potentially harm your computer.
Please make sure you open ONLY attachments from senders you know, trust and is in an e-mail
that you are expecting.
AVERTISSEMENT ATOS !
Ce message contient des piéces jointes qui peuvent potentiellement endommager votre
ordinateur.
Merci de vous assurer que vous ouvrez uniquement les piéces jointes provenant d’emails que
vous attendez et dont vous connaissez les expéditeurs et leur faites confiance.
AVISO DE ATOS !
Este mensaje contiene datos adjuntos que pudiera ser que dafiaran su ordenador.
Asegurese de abrir SOLO datos adjuntos enviados desde remitentes de confianza y que
procedan de un correo esperado.
ATOS WARNUNG !
Diese E-Mail enthalt Anlagen, welche mdéglicherweise ihren Computer beschadigen kénnten.
Bitte beachten Sie, da Sie NUR Anlagen 6ffnen, von einem Absender den Sie kennen,
vertrauen und vom dem Sie vor allem auch E-Mails mit Anlagen erwarten.
Atos, Atos Consulting, Worldline and Canopy The Open Cloud Company are trading names used by the
Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK
Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380), Atos
Worldline UK Limited (registered number 08514184) and Canopy The Open Cloud Company Limited
(registration number 08011902). The registered office for each is at Second Floor, Mid City Place, 71 High
Holborn, London, WC1V 6EA. The VAT No. for each is: GB232327983.
This e-mail and the documents attached are confidential and intended solely for the addressee, and may
contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to
copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems.
WBD_000144.000009
WBONO0000274
WBON0000274
As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for
any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant
that this transmission is virus-free and can accept no liability for any damages resulting from any virus
transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email.
WBD_000144.000010