Decision Maker: Corporate Governance and Standards Committee
Decision status: Recommendations Approved
Is Key decision?: No
Is subject to call in?: No
To consider a six-monthly update on compliance
with statutory requirements.
The Committee considered a report from the Information Governance Officer that provided an update on developments in data protection and information security within the council since the last report of September 2020. The report covered governance successes, information assurance successes and plans for the coming six months.
The Lead Councillor with portfolio responsibility for governance hoped that the Committee would be reassured about the Council’s continuing investment of resources into data security, and the ongoing work in this area.
During the debate, the following points were raised:
· The need for regular mandatory refresher training for staff on cybersecurity to avoid complacency. It was also suggested that such training should also be provided to councillors.
· It was suggested that one method of testing the organisation’s resilience to cybersecurity threats could include sending fake phishing emails to staff to gauge the extent to which staff respond to such emails. This suggestion would be raised with the Information Assurance Officer.
The Committee
RESOLVED: That the update report be noted.
Reason:
To keep the Committee informed of progress with various data protection and information security initiatives that had taken place since the last annual report.
Report author: Ciaran Ward
Publication date: 08/06/2021
Date of decision: 22/04/2021
Decided at meeting: 22/04/2021 - Corporate Governance and Standards Committee
Accompanying Documents: