At the Chairman’s
invitation Councillor Mike Hallam presented the report, copies of
which had been previously circulated. Councillor Hallam was also
joined by the Executive Director Corporate Services and Chief
Information Officer.
The committee was advised that
should there be any questions which require a more in depth
discussion then the committee may have to move into private
session. The recent server fire was discussed, and the committee
was informed that lessons had been learnt from this incident. It
was noted that the council had been looking at cloud- based
services for some time. There had been no proposed change to the
risk rating and it was hoped that in 6 months-time there could be a
move to a more positive rating.
The Executive Director
Corporate Services advised that it was prudent to ensure that
emergency planning was in place.
Committee members raised the
following question and comments:
- Had there been any
impact to customers, when staff from other areas were called to
deal with emergencies?
- It was noted that
some members of the IT team had worked a 36-hour shift, was this
not a concern?
- When staff are called
away to help in emergencies would there be a residual cost to other
services?
- It was queried if any
data had been lost during the fire in August.
- Can member and staff
behaviours be monitored in order to improve cyber
security?
- Was the disaster
recovery used by the council with regards to the fire, in-house or
external.?
- Could clarification
be given as to whether there was only one back up system in place
and if it was stored onsite or offsite?
Councillor Hallam, Executive
Director Corporate Services and Chief Information Officer made the
following comments in response to the questions asked by the
committee.
- It was agreed that
there should be better systems in place.
- Staff were fully
trained and the work load was shared between systems and
teams.
- There was an
emergency planning arrangement in place
- There had been
customer feedback, this had been forwarded to
communications.
- The committee was
advised that once the system had been re-started there had been
checks carried out to ensure that all of the information was
accounted for.
- The committee was
informed that 17% of data breaches had been in the public sector
and the biggest risk continued to be human error.
- There were bids being
considered with regards to cyber-security options, it was however,
impossible to be completely secure.
- Councillor Hallam
advised that he had been pushing for member learning on this
subject.
- The idea to migrate
to the Cloud had been discussed but would take time to move all of
the relevant data.
- All of the data had
been backed up off site.
The Chair requested that the
committee be presented with another report on this in six
months’ time and noted that more education should be given to
councillors regarding human risks. Councillor Brown left the meeting at this
point.