Further to Minute 29(2) 22 November 2016, the Head of Digital (SIRO) will provide a verbal update on Outstanding Audit Recommendations in respect of IT.

Further to minutes 41 and 42, the Head of Digital (SIRO) provided a verbal report on the status of the IT programme of works designed to mitigate and remove risks associated with an underinvestment in IT infrastructure over the years. The report detailed progress thus far, and outlined the remaining steps to be completed regarding Information Governance and Security, ICT Business Continuity and Data Loss Prevention.

The Head of Digital (SIRO) informed that the programme of work had delivered, or was in the process of delivering, its planned objectives and provided a summary of the individual elements of the programme, namely:

• IT Contingency
• Disaster Recovery
• Data Loss
• Cyber Security
• Information Governance

IT Contingency and Disaster Recovery

The Committee was apprised that contracts had been signed and that works and associated procurement had been actioned with a specialised cable company to link fibre networks through the Mersey Tunnel. Design work for the network equipment was underway for connectivity between the Treasury Building and Mersey Travel Datacentre. Procurement to buy ‘off the shelf’ equipment had been actioned and additional procurement was underway to engage a specialist company with the technical expertise to move and re-commission equipment as part of the two Datacentre sites. The Head of Digital (SIRO) stated that the existing corporate risk would be mitigated when the project was complete, with equipment up and running by September 2017. Additional plans had also been considered to investigate the utilisation of ‘cloud’ technology i.e. paying a company for use of their servers. 

Data Loss

Head of Digital (SIRO) informed that policies had now been put in place, reviewed and updated. This ensured that as part of the ICO Audit, the all required assurances would be in place prior to May 2017. The Committee was also informed that as part of existing data loss prevention protocols the Council utilised McAfee end point security software that controlled access to Wirral’s computer networks. Members noted that the standard protocols also meant that there were no permissions for use of USB ports or USB plug in devices and Wirral computer equipment did not have DVD / CD drives fitted – any use of enabled ports would require encrypted devices as a minimum standard. The Head of Digital reported that the above arrangements were covered within the Information Security Policy which was to be reviewed and updated prior to May 2017.

Cyber Security

The Head of Digital (SIRO) also reported that all internal audit recommendations had been agreed, in line with overlapping recommendations from the ICO audit, and that any outstanding actions would be completed by May 2017.

General matters, including Information Governance

The Head of Digital (SIRO) reported that governance plans were in place and delivery was on track. He stated that Officer Sub-Groups met regularly and following restructuring better arrangements for scrutiny and information governance existed. He further stated that this fed into improved Corporate Governance arrangements, with regular briefings taking place with Councillor Ann McLachlan, Cabinet Member Transformation, Leisure and Culture. Planning was also well under way for data protection regulations expected to come into force in Europe, May 2018.

A Member thanked the Head of Digital (SIRO) for his report, but expressed the opinion that he would have preferred a written submission, to allow Members more time to effect detailed questioning of fact.

Members questioned the Head of Digital (SIRO) at length regarding the subjects of 3^rd party relationships, groups and complications relating to governance / controls / auditing / best practice / data protection and working within regulations.

The Head of Digital informed that contractual obligations must be checked as part of all ICT and data processing duties, and scrutiny of arrangements ensured that the Digital Service must work to ensure that technology is adequate and met the requirements of the service i.e. including encrypted links.

As part of recent Audits, he reported that ICO best practice had been used as a benchmark, and standard terms and conditions had been amended as a result.

The Head of Digital (SIRO) re-iterated his confidence in the work scheduled and already undertaken, expressing the view that the investment to date would continue to improve the efficiency of the Council’s IT networks. 

Members re-enforced their request that written submissions be presented to the Committee in the future, noting the work undertaken and the dramatic changes to Council’s IT over the past 2 years.

Resolved - That the report be noted.