Agenda item

IT Governance and Compliance - External Compliance Schemes for the Council - Presentation

Minutes:

Simon Marshall, Governance and Compliance Manager, made a presentation which focused on IT Governance and Compliance and on the External Compliance Schemes with which the Council worked. 

 

In giving an overview of the compliance schemes, he explained that there were multiple schemes, some mandated by Government, some by the NHS and some by Industry.  Each had individual strengths with separate Governance Arrangements and Scheme rules.  He outlined the reasons for using compliance schemes together with the benefits to be achieved and then made reference to the main features, components and requirements of the following compliance schemes used by the Council:

 

·         PSN – Public Sector Network

·         DSPT – Data Security and Protection Toolkit

·         Cyber Essentials Plus

·         PCI DSS – Payment Card Industry Data Security Standards

 

He concluded by making reference to the Industry Good Practice Models which were also used by the Council together with the benefits to be gained by their use :

 

·         ISO Standards 27000, 28000 and 31000

·         National Cyber Security Centre

·         National Institute for Standards Technology (USA)

·         Local Government Association

·         Department for Levelling Up, Housing and Communities

 

In the ensuing discussion reference was made to the following:

 

·         There was a discussion of the action that could be taken in relation to non-compliance.  Further information on this would be provided to a future meeting.  Information was also provided on the action being taken by the authority in ‘working towards’ accreditation of the various schemes.  It was noted that any issues identified were appropriately escalated and addressed in a timely manner.  Reference in this respect was made to the work of the Information Governance Board of the Council

·         It was noted that 60% of the Team’s time (comprising 6 staff) was allocated to compliance work

·         The ways in which staff were kept informed of changes to IT processes and systems and how such information was disseminated was outlined

·         Reference was made to the liaison arrangements in place with other authorities and organisations to share best practice and learn from other people’s experiences

 

RESOLVED that the presentation be noted and that Mr Marshall be thanked for attending the meeting and for answering Members questions.

Supporting documents: