A report of the Head of Strategy,
Information and Governance was presented to advise the Corporate Affairs and
Audit Committee of arrangements in place to ensure the proper governance of
information within the Council, progress made within the 2021 calendar year,
risks and issues arising, and priorities for 2022.
The report provided assurance to
the Committee that information governance (IG) policy and practice within the
Council was in line with legal obligations, and consistent with the principles
of good governance.
The last annual report to this
Committee (29 April 2021) set out eight key priorities to reduce information
risk for the 2021 calendar year and beyond.
During this period the COVID-19 pandemic persisted, and again associated
restrictions resulted in some delays to planned activity, as relevant employees
were either re-directed to emergency response or otherwise unable to progress
work, for example, due to the unavailability of the workplace.
As such, work on these, and other
priorities identified during 2021 and set out within this report, would
complete during 2022. Nevertheless, good
progress was made in many areas during the year, as summarised in the submitted
of major ICT projects and information governance requirements.
to information asset registers.
of information risk.
Key priorities for 2022 to address
the issues and risks outlined in the report were as follows:
the Council’s approach to cyber security and continuity/ recovery plans in
line with changes to National Cyber Security Centre guidance and the
Government’s National Cyber Strategy for 2022-2030, focusing on zero-day,
internet-facing application and supply chain attacks, particularly in view
of the ongoing situation in Ukraine.
to improve the Council’s responsiveness to information requests through
use of enhanced 365 tools and increased resourcing of the central team.
to improve the Council’s surveillance practice by implementing in full the
provisions of the Surveillance Policy.
an Integrated Operations Strategy for the Council, fully aligning all existing
operational strategies including the Information and ICT strategies.
the Council’s revised Information Governance Framework to staff, focusing
in particular on those with specific roles in the framework – IAOs, system
owners and Information Asset Assistants.
that the move to and operation of Fountain Court is undertaken in line
with the Council’s Premises Security and Access policy to avoid loss of or
unauthorised access to information.
that key ICT projects for 2022 including the migration from the Council’s
existing EDRMS to Microsoft SharePoint and the review of the Council’s
website are fully aligned with the Information Governance Framework and
progress the aims of the Council’s Information Strategy.
The Committee were advised that
the Annual CCTV report would be presented to the Committee when completed.
Key messages would continue to be communicated to staff via
re-induction, staff training, Information Asset Owners and other means in order
to ensure improved information risk management.
AGREED that the
report was received and noted.