WITN10480100
WITN10480100
Witness Name: Steven Michael Denham
Statement No.: WITN10480100
Dated: 19th January 2024
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF STEVEN MICHAEL DENHAM
I, Steven Michael Denham, will say as follows:
Introduction
1. I am a former employee of Fujitsu Services UK and held the position of Head
of Service Management, Royal Mail Group Account.
2. This witness statement is made to assist the Post Office Horizon IT Inquiry
(the “Inquiry”) with the matters set out in the Rule 9 Request dated 30"
November 2023 (the “Request’).
Background
3. My professional background, qualifications, and positions that I held with
Fujitsu Services UK are as follows.
Page 1 of 16
WITN10480100
WITN10480100
I can confirm that I have worked in the field of Information Communications
Technology for 23 years, with professional qualifications City & Guilds
Certificate 7261/344, Micro-Computer Systems Installation & Maintenance
Level Ill, Information Technology Information Library (ITIL) V 2, 3, 4. 2008. I
commenced my career in January 2000 with Fujitsu Services UK as a field
engineer and held the following other positions.
a) 2001 — 2002 Operations Team Manager Service Desk
b) 2002 — 2004 Operations Service Delivery Manager — Mobile
engineering
c) 2004 - 2007 National Operations Manager — Mobile Engineering
d) 2007 — 2009 Head of Service Management — Royal Mail Group
Account.
In respect of my position as Head of Service Management between 2007 —
2009, Royal Mail Group Account, I led and managed a team of service
management professionals, which were responsible for the contractual
obligations in regard to the delivery of infrastructure services, namely of Data
Centres, Post Office branch network and branch office hardware support,
change management, other IT service management functions, and Service
Desk services to Post Office Limited. Key functions of my role were Business
Relationship management, Customer satisfaction, Service Level
performance management, financial performance of the Account and the
associated governance to ensure compliance to the contract.
Application development and support services responsibilities were owned
by my peer Mick Peach, and we both reported into Wendy Warham,
Operations Director. My team operated entirely on the 4th floor of Fujitsu
Page 2 of 16
10.
WITN10480100
WITN10480100
Services UK offices in Lovelace Road, Bracknell Berkshire. The Application
development and support services were completely isolated on level 6, which
was a secure floor with essential access only, due to the nature of the
application being both Retail Point of Sale (POS) and banking, and the
security requirements associated with that.
All ARQ requests were conducted in an isolated secure room on the 4th floor,
with full security access control due to the sensitive nature of the analysis
being required on financial transactions. Any such audit would require close
working between Penny Thomas, who provided that function and the
applications support team, who would provide any required application logs
and assist with analysis when required.
As the 4th floor had its own access control and camera phones were not
permitted, it was not deemed necessary for any of the other roles that
operated on that floor to be in their own secure locations.
In respect of my role and its connection to the following:
a) Post Office disciplinary matters;
b) Matters relating to those accused of criminal offences;
c) Matters relating to criminal or civil proceedings;
d) Witness evidence in any proceedings; or
e) The extraction of audit data.
As Head of service management my role had little involvement in Post Office
disciplinary matters and was not directly involved in matters relating to those
accused of criminal offences. My team and I were responsible for the
availability of Post Office branch systems, and as such did not have or
require access to application data or audit records.
Page 3 of 16
11.
12.
13.
WITN10480100
WITN10480100
Due to the nature of the sensitivity and confidentiality of matters relating to
criminal or civil proceedings, witness evidence in any proceedings, or the
extraction of audit data, these were conducted in a secure room on the 4th
floor of the Fujitsu Offices in Lovelace Road, Bracknell, Berkshire. To my
recollection, only those directly involved in these investigations had access
to this room, namely Penny Thomas. To my knowledge any discussions
regarding specific case details of any findings as a result of audit enquiries,
were directly between Penny and her counterparts in Post Office Limited.
Should Penny require additional support with regards to retrieval of audit
data, Penny would seek assistance from the Applications support team which
were situated on the secure 6th floor.
Any change control to the Contract related to audit (ARQ’s), i.e. the
commercial charging mechanism associated with the volume of ARQ’s
requested, I would have oversight of and would agree the approach with my
counterpart at Post Office Limited, as per document [FUJ00231843]. The
specific details of the results of ARQ’s were confidential and I would not have
access to these. I would and did only become aware of any content contained
within an ARQ, when the query was raised relating to PEAK PC0152376,
which was regarding a specific application lock, that required investigation.
In relation to my working relationship with the following individuals and my
understanding of their roles in relation to the provision of evidence for court
proceedings:
a) Gareth Jenkins
b) Penny Thomas
c) Anne Chambers
Page 4 of 16
14.
15.
16.
WITN10480100
WITN10480100
My working relationship with Gareth Jenkins was very limited and infrequent.
From the documentation provided by the inquiry, I have recalled that Gareth
was the Application Architect for the Horizon system and provided input as
to the problem statement that needed to be investigated as per document
[FUJ00155241] provided by the Inquiry. As I was not privy to the details of
any day to day investigations and communications related as such, I cannot
comment on any involvement beyond this.
My working relationship with Penny Thomas was limited to any Service
Management, Customer relationship or Commercial Management
assistance that Penny may require in the execution of her role. The detail of
any audit enquiries (ARQ’s) requested by Post Office Limited in support of
their investigations were confidential due to the privacy nature of the
activities and my team and I were not privy to the content. In the event where
Penny's role required Service Management assistance, i.e. escalation to the
Customer (Post Office Limited) or anything that could be deemed to be
Commercial related, Penny would engage myself or a member of my team.
My understanding of Penny's role as Security Analyst is that she would
investigate ARQ’s requested by Post Office Limited, through detailed
analysis, which would seek to identify any reasons for discrepancies in the
financial balance data of Post Office Branches. To my recollection, the results
of the ARQ may have required Penny to be a witness in matters relating to
Civil or Criminal Proceedings pursued by Post Office Limited.
My working relationship with Anne Chambers was limited, and engagement
would be through my peer relationship with her Manager Mick Peach,
(example document [FUJ00155418)). I don’t recall Anne’s role title but would
Page 5 of 16
WITN10480100
WITN10480100
describe it as Application engineer for the Horizon application platform. I do
not have enough detail to describe Anne’s day to day activities. Anne’s
involvement in the provision of evidence for Court proceedings would have
been in assisting Penny Thomas in her investigations, and typically in
understanding if a discrepancy identified in audit data it expected or an
anomaly that should be investigated further, example document
[FUJ00155389] provided by the Inquiry. I nor my team had visibility of any
day to day activities Anne may have been involved in related to this topic, as
ARQ activities were confidential and we did not need to know about them.
Relationship with Post Office Limited (POL)
17.
My relationship and interaction with Post Office Limited was in the main at
the Service Delivery Management layer. This included the availability of the
IT components that made up the Horizon system for the Post Office
Branches to be able to provide services to the general-public, operating to
contracted service levels. My Fujitsu peers of relevance and reporting to
Wendy Warham were,
a) Mick Peach Head of Application development and Support
e Management of the Team that supported the Horizon
Application software
b) Howard Pritchard — Head of Security
e Responsible for all things Security related, including audit and
compliance
c) Graham Welsh — Head of Service Introduction and Change
Page 6 of 16
18.
WITN10480100
WITN10480100
e Responsible for the team that managed any introduction or
change to the services, any introduction or change to
commercial items that may impact services, Release
Management of any changes to the Horizon application or
underpinning infrastructure.
Whilst there will have been many touch points with POL across an Account
this size and complexity, they were at a peer-to-peer level at various levels
of the operation. My day-to-day relationships were with Dave Hulbert —
Senior Service Delivery Manager, and reporting to Dave, Mark Weaver —
Senior Service Delivery Manager. There were other more minor relationships
with others at POL, i.e. to handle Commercial discussions, and other topics
on a case-by-case basis, but I do not recall names specifically. The Fujitsu
and POL Service Delivery Management teams were responsible for ensuring
that Post Office branches could trade and provide services to the general
public. Typically, our teams would be the conduit for the Governance and
performance of the Contract, a point of escalation into either organisation,
and be available to connect people between both organisations as required.
An example of this is document [FUJ00227928] provided by the Inquiry,
which details a request made of myself at a meeting with POL, where I
needed to engage another team/ peer for the response to the query.
Audit data from Horizon
19.
My recollection as to the process for the collection of audit data (such as
ARQ data) to POL. This should include but not be limited to the following:
Page 7 of 16
20.
21.
WITN10480100
WITN10480100
a) The contractual requirements as I understood them to be (including in
the respect of the ability to obtain audit data, the cost to POL, the type
of data and the quality and completeness of the data)
b) Any changes as between Legacy Horizon and Horizon online
c) What, if any, role you I had in respect of providing this data
d) Who was responsible for the provision of this data.
The Horizon contract between POL and Fujitsu Services UK Ltd included a
commercial vehicle for the provision of audit data. I cannot recall the exact
details but can ascertain from document [FUJ00231845] that provision was
made within the contract for 100 ARQ’s per year, which were covered by a
purchase order provided by POL. If greater than 100 ARQ’s were required in
a contract year, then anything over and above 100 would attract an extra
charge of £187 as detailed in document [FUJ00231806] provided by the
Inquiry. The following documents provided by the Inquiry, [FUJ00227928],
[FUJ00154829], [FUJ00231801], [FUJ00231806], [FUJ00231958],
[FUJ00231843], [FUJ00231845], describe the requirement for POL to
consume more than 100 ARQ’s in a contract year. And the Commercial
treatment of this that was agreed between POL and Fujitsu at the time. 35
were agreed to be funded by the current Contract year purchase order, and
the additional 65 to be carried over into the following year, with an
assessment to be made on volume consumption as the year progressed.
With regards to document [FUJ00154829] provided by the Inquiry, I was not
in attendance at this meeting, but had made a representation by those
attending to increase the Commercial coverage for the number of ARQ’s as
POL were exceeding the contracted amount. In terms of the process agreed,
Page 8 of 16
22.
23.
24.
WITN10480100
WITN10480100
I was not privy to or cannot recall this, but do recall being part of the decision
making process as to how this should be handled commercially between the
two parties.
In respect to changes between Legacy Horizon and Horizon on line, I have
minimal recollection of this, other than Horizon on line sought to improve on
the legacy application and there was an intent to automate error checking
where possible to avoid manual processes undertaken by humans and
therefore the potential for human error.
In respect to the provision of ARQ data, my role was not involved in this other
than ensuring that this occurred within the agreed framework of the contract.
Any specific details of an ARQ were confidential due to the potential sensitive
nature of these investigations.
In respect to the provision of this data, to my recollection the investigations
were the responsibility of the Security team and conducted by Penny Thomas
who was a security analyst. Details of any findings and results from ARQ’s
were provided directly by the Fujitsu Security team to their relevant peers in
POL.
ARQ Process issues
25.
Assisting the enquiry in a detailed account of a certain issue or issues
regarding ARQ data variously referred to as an “ARQ Service Problem’,
“ARQ Service Issue”, “Prosecution Support Urgent Issue” and a “Security
Incident” in the 2008/early 2009 period. And, my recollection, including but
Page 9 of 16
26.
WITN10480100
WITN10480100
not limited to the following (insofar as not already covered by response to the
questions above)
What I understood the issue to be;
The detail of any meetings that took place, included who attended;
My role in relation to the issue(s);
What I recall of POL’s involvement in the issue(s);
My recollection of communication with POL on the issue(s) and
whether handling of this issue with POL different from usual contact
with POL at the time;
The involvement of Fujitsu or POL’s senior management;
Whether and how the issue(s) were resolved
Any other issues concerning the reliability of ARQ data that I can
recall.
In respect of what I understood the issue to be, I am only able to recall this
in any detail through the documentation provided by the Inquiry due to the
significant time elapsed from 2008. From my understanding at a high level
the problem is broken into three parts:
A previously unseen error caused by a “software database lock”
presenting potential discrepancies in Post Office branch financial
data,
The resulting impact of this error on witness statements provided by
Fujitsu, historical and current at the time,
The security of the data whilst analysis was being undertaken to
support ARQ requests.
Page 10 of 16
27.
28.
29.
WITN10480100
WITN10480100
In respect of the software database lock, supported by the documentation
provided by the Inquiry, example document [FUJ00155242], the application
database may find itself locked when writing to the Riposte message store,
which to my understanding holds financial transaction information. This “bug”
was identified as a defect under PEAK 152376, under development for a
permanent fix. Through investigations it was found that the errors were
benign, but highlighted the potential for the application to present errors that
weren't always identified through error events, causing a financial imbalance,
that needed to be manually investigated.
In respect of the impact of this error on witness statements provided by
Fujitsu, there was concern that the witness statement provided essentially
said that the integrity of the data in the horizon system was guaranteed. The
identification of this “bug” which could only be investigated manually,
undermined the integrity of witness statements, both historical and current at
the time as the process was cumbersome and introduced the potential for
human error due to the significant volumes of data that needed to be filtered
(Document [FUJ00155387]). In Document [FUJ00155378] provided by the
Inquiry, Penny Thomas is very clear that the process to handle this error was
not acceptable and needed to be automated, and that consideration needed
to be given to all witness statements provided because of this. A change
proposal was to be put to POL to automate the filtering and resolution of
these errors as far as possible with the intent to significantly reduce the
amount of manual intervention and analysis.
In respect of security of the data, my recollection on this is poor, but my
assumption is that due to the overall security of the audit server, it was not
Page 11 of 16
30.
31.
32.
WITN10480100
WITN10480100
possible to give access to the Security analyst to all of the data, and therefore
due to the lack of automation and filtering for this particular error, large
amounts of data were required to be moved to the workstation. Whilst the
risk is inherent, as workstations are not as secure as servers typically, the
security posture of that data had changed and therefore again undermined
the witness statements going forward.
In respect of meetings that took place, I do vaguely recall and through the
documentation provided by the Inquiry, that I was standing in for Wendy
Warham in December 2008, I assume because Wendy was taking annual
leave or similar.
On 17th December 2008 the ARQ Service problem was presented to me,
attendees invited to the meeting were as per document [FUJ00155392], I
cannot recall if everyone invited, attended. I took an action from the meeting
to discuss the findings with the Fujitsu legal team to take advice on our
understanding of the impact to witness statements and how they would like
to handle this with their counterparts at POL. I do not recall the actual
conversation or who it was with.
Wendy Warham returned in January 2009 and as per the document provided
by the Inquiry, [FUJ00155399], Wendy wrote to Sue Lowther at POL on 7th
January, advising her of the issue that had been discovered, any activities
undertaken and the need to re-check the previously submitted ARQ’s and
any action to be taken on witness statements. Wendy also highlighted the
need for such incidents to be raised as Major Security Incidents, to ensure
that they have the appropriate senior Management and Executive visibility in
both organisations.
Page 12 of 16
33.
34.
WITN10480100
WITN10480100
As a result of this meeting and a further meeting on 8th January, I asked for
further investigations to be undertaken to establish if any of these errors
could not be eliminated as caused by the postmaster. As per the document
provided by the Inquiry, [FUJ00155418], on 3rd February 2009, this was
narrowed down to 7 or less occurrences, all of which could be eliminated as
there was nobody logged in to the system at the point the errors occurred. At
this point to my knowledge, investigations had shown that because of this
“bug” in this particular scenario there were no discrepancies caused by Post
Masters. The issue was now about the integrity of witness statements and
the potential for human error due to manual processing of event data to
establish if there is a genuine financial balance issue that needs to be
answered. At this point, and to my recollection, my involvement in the
situation ceased and was managed between the Fujitsu & POL Security
teams.
I was not directly involved in communication with the POL Fraud team, but
can see from the document provided by the Inquiry, [FUJ00155400], that
until our investigations regarding this particular error/ event were concluded,
that they did not see the need to change any statements at that point. I
cannot comment on what occurred subsequent to this as I was not directly
involved. My understanding was/ is that the data issue itself was resolved,
and that the issue surrounding witness statements moving forward would be
addressed by the respective teams in both organisations.
General
Page 13 of 16
WITN10480100
WITN10480100
35. When I left Fujitsu Services UK Ltd in 2009 and moved overseas, I left
confident that the issue around data integrity had been resolved, and that the
work undertaken via the ARQ process could be relied upon. It was a
complete surprise to me when I learned via the media that there had indeed
been data discrepancies that may have led to the incorrect conviction of
postmasters and that this was being investigated. Whilst not directly involved
in the ARQ process, I do firmly believe that those involved from the Fujitsu
Security and Applications teams, undertook all activity with the highest of
integrity, particularly Penny Thomas.
Statement of Truth
I believe the content of this statement to be true.
Signed:
Dated: 19th January 2024
Page 14 of 16
Index to First Witness Statement of Steven Michael Denham
WITN10480100
WITN10480100
URN
Document Description
Control Number
FUJ00231843
Email from Steve Denham to Ken
Westfield and Hilary Forrest re Fw:
CT0724 - SIGNED - Proposed way
ahead
POINQ0237997F
FUJ00155241
Email chain between Gareth Jenkins,
Roy Birkinshaw and David Johns RE:
Potential Audit Issue.doc
POINQ0161435F
FUJ00155418
Email from Anne Chambers to Penny
Thomas cc Howard Pritchard, Peter
Sewell and others re Outlet Checking
List - Audit Issue
POINQ0161612F
FUJ00155389
Email from Penny Thomas to
Graham Allen, Adam Cousins, Steve
Evans and others RE: New Witness
Statement Request Support - branch
132001
POINQ0161583F
FUJ00227928
Email from Mik Peach to David
Chapman, David Johns cc: Steve
Denham. RE: TES and ARQ queries
from last weeks Fujitsu/POL Joint
Working Day
POINQ0234082F
FUJ00231845
Email chain from Mark Weaver to
Darryl Judd cc Andrew Jackson,
Dave Hardie and others re CT0724 -
SIGNED - Proposed way ahead
POINQ0237999F
FUJ00231806
Email from Steve Denham to Ken
Westfield re New Chargeable
Horizon CP for agreement to Impact -
Increase the current threshold of 100
Audit Request Queries (ARQ's) for
Horizon Banking and Card Account
Products
POINQ0237960F
FUJ00231801
Email chain from Steve Denham to
Ken Westfield, and John Burton
cc'ing Peter Sewell and another Re:
New Chargeable Horizon CP for
agreement to Impact - Increase the
current threshold of 100 Audit
Request Queries (ARQ's) for Horizon
Banking and Card Account Products
POINQ0237955F
FUJ00231958
Potential CT Closures from POL
010311
POINQ0238112F
Page 15 of 16
WITN10480100
WITN10480100
10.
FUJ00154829
Fujitsu - RMGA/POL Fraud Team
Meeting Minutes
POINQ0161024F
11.
FUJ00155242
Potential Audit Issue - Horizon
POINQ0161436F
12.
FUJ00155387
Email from Thomas Penny to Allen
Graham, Hinde David and others RE:
Proposed Slides for ARQ Service
Issues
POINQ0161581F
13.
FUJ00155378
Email chain between Penny Thomas,
Howard Pritchard and Peter Sewell
RE: ARQ Service problem
POINQ0161572F
14.
FUJ00155392
Email from Steve Denham to Allen
Graham, Adam Cousins, Steve
Evans ‘and others' Re: Updated:
ARQ Service issue - Meeting invite
POINQ0161586F
15.
FUJ00155399
Email to Dave Posnett from Penny
Thomas re Security Incident which
occurred and has been resolved with
software correction
POINQ0161593F
16.
FUJ00155400
Email from Thomas Penny to
Pritchard Howard, Warham Wendy
and Denham Page 16 of 16: Security
Incident
POINQ0161594F
Page 16 of 16