Issue - meetings

Information Security Framework and Policies

Meeting: 21/01/2020 - Policy Development Panel (Item 51)

51 Information Security Framework and Policies pdf icon PDF 171 KB

To seek member feedback and comments on a new Information Security Framework which aims to ensure that a robust and secure ICT service is provided to the Council through its delivery partner PSPS (report of the Executive Member for Governance and Customer enclosed).

Additional documents:

Minutes:

Consideration was given to the report of the Portfolio Holder Governance and Customer, which sought member feedback and comments on a new Information Security Framework, which aimed to ensure that a robust and secure ICT service was provided to the Council through its delivery partner, PSPS.  Feedback on the Employee Access Policy, in particular, was sought as this would cover not only employees, but also members.

 

The following issues were raised:

 

·         User Access Policy – a member appendix would be helpful as members and officers were covered by different codes.

·         Members were not employees, but elected Councillors.  Guidance was required that was specific to them.

·         The document currently addressed all users however, some sections may be more appropriate to different audiences.  Better signposting was required.

·         Members requested that a condensed version of the policy, specifically addressing members and their requirements, be produced.

·         The document, as it related to officers, was generally felt to be good.

·         In response to whether members could use their devices for private work, officers confirmed that this was acceptable, but that care was required around personal data while using the devices.  Although this issue fell slightly out of the remit of the policies under discussion, specific, relevant guidance could be produced for members, to include useful information such as safe ways to use IT and use of Council devices.  However, the main focus should still be on Council data, management and safe usage.

·         Members asked whether, with regard to resourcing of non copyright material/ images, there was a way for this to be sourced safely.  Officers confirmed that there was a brand guide that the Council could use, but that this detail would need to be confirmed.  This information could also be included in any member guidance.

·         How would adherence to the policy be verified, and would there be any training available?  Officers advised that there is on-line training available for staff.  Training could also be made available to members and consideration would be given to the best way in which this training could be delivered.  Training would need to be provided for members of the current administration, and would then be delivered to all members following District Council elections. 

·         Signing up to the policies ensured that all users had received guidance and were aware of issues around information security, to support them in carrying out their role as a councillor, safely and securely.

·         Where legislation changed, training would be provided where appropriate.

 

AGREED:

 

a)    That the contents of the report, together with the attached Information Security Framework be noted and be supported;

 

b)    That a condensed version of the document, pertinent to member requirements, be recommended; and

 

c)    That training to members to support the information provided within the document be recommended.