Agenda item

IT & Cyber Security Report

Tony Oladejo, ICT Audit and Compliance Manager

Minutes:

The Chair welcomed Tony Oladejo, ICT Audit and Compliance Manager, who introduced the IT and Cyber Security report which had been circulated with the agenda. 

 

Mr Oladejo explained that the report was a follow up to previous work and he summarised the key activities undertaken by ICT to date, as well as the planned work.

 

Mr Oladejo reported that there is continuing progress on cyber security and that Publica had recently recruited a Cyber Officer to ensure that there is constant and consistent focus and horizon scanning on this area of their work.

 

Looking ahead, Publica ICT will be working with other government agencies and other partners to provide improved assurance, advice and guidance on current and future cyber security challenges and mitigation.

 

A focus on prevention of threats to cyber security is a priority for Publica, with emphasis on information, training and education.   To date, there are have been no breaches of security.

 

Members had a number of questions and comments about the recent ‘health check’, part of which, Mr Oladejo explained, involves the supplier attempting to gain unauthorised access to our networks from outside through our firewalls and other security barriers.  They also attempt to access all networks from internally to test and rate vulnerabilities on  licences, applications and passwords.  Once they gain access, they highlight and rate all vulnerabilities so the risk can be properly assessed and mitigated.  Members enquired as to the name of the supplier which was provided.

 

The Chair requested a top level report to this committee of what their findings are in order to get a better understanding of what the suppliers undertake.  Clearly this is sensitive information and Mr Oladejo will take that request back to Publica. The Chairman asked that he and the Vice Chairman be given access to the full report from NTS.

 

Raising awareness is recognised as a requirement as staff, including Members, need to sufficiently competent and knowledgeable about cyber security.   In response to a question about plans for ensuring staff are more informed, Mr Oladejo explained that ICT is working with the learning and development team on the roll out of training packages in the spring.  This will be completed by all staff online, and will be mandatory.  A communications plan is being developed to support the roll out.   It was suggested that member of this committee would be useful trial users of the training packages and Councillor Brownsteen offered to represent the committee.

 

With regard GDPR training for new councillors, it was suggested that it should be mandatory before they are set up on the council’s network. Mr Oladejo suggested he share the GDPR written guidance with the committee.

 

In response to a number of other questions, Mr Oladejo confirmed that Publica is actively involved with NCS and that in terms of working with suppliers there is a very robust due diligence process.  He also confirmed that looking at licences is part of the health check.   He would refer more detailed questions to Publica’s technical officer for a response.

 

The report was noted and the Chair thanked Tony for presenting it and taking questions.

 

 

 

 

Supporting documents: