Issue - meetings

To select appropriate items from the Cabinet (Finance) Sub Committee (Cabinet Finance Sub Committee reports enclosed for Scrutiny Members)

Meeting: 09/04/2024 - Cabinet (Policy and Resources) Scrutiny Sub Committee (Item 3)

Pre-decision Scrutiny

·        To select appropriate items from the Cabinet (Policy and Resources) Sub agenda for pre-decision scrutiny (cabinet reports enclosed for Scrutiny Members)

Decision:

Neath Port Talbot Cyber Security Strategy Update 2024

 

Following scrutiny, the recommendation was supported to Cabinet.

Minutes:

 

Neath Port Talbot Cyber Security Strategy Update 2024

 

Chris Owen Chief Digital Officer introduced the Neath Port Talbot Cyber Security Strategy Update 2024 report.

 

Members welcomed the progress against the actions in the strategy.

 

Members noted that a range of measures have been put in place to protect the organisation over the years in terms of cyber security, but that has also created a more complex system. Members asked if the growing risks of user error and maintenance of this complex and interconnected system has been considered?

 

Officers outlined how digital platforms underpin the delivery of the majority of council services. Members were advised that extensive work has been undertaken to documents the interdependencies between the systems, how they operate, and how the service areas consume those services.

 

Through their Disaster Recovery and Business Continuity plans, Digital Services has documented ‘playbooks’ which outline how to recover services in the event of an outage, which includes timelines to restore the service .

 

Members were advised that service areas need to understand these timelines and put them into their business continuity plans, so they will know how long they would be without that service. Service areas need to understand what the implications are of any digital service being down to their service and how they would need to operate in that situation. Officers have started work with the emergency planning team to engage with the service areas.

 

Members asked how officers would mitigate the extent of the systems going down, for example if email goes down for the entire organisation.

 

Officers advised that a lot of time and effort has been invested to review the critical systems and categorised them in terms of major services and they have playbooks in place for each one. If one of those services goes down, digital services have the playbook to know who needs to be available, what the action plan is and what the communications need to be so they be best prepared if a service goes down.

 

Officers advised that they have built the services to meet the Neath Port Talbot digital services standards.  These standards make sure there are no single points of failure and that there is full redundancy in place. Officers stated that they are using ‘cloud first’ as a new approach (where possible) rather than the on-premises data centre which inherently has a single point of failure within it. This is to make sure that the redundancy is there as part of the design.

 

Officers noted that there was a recent issue caused by a third-party organisation. Officers advised that there was very good internal communication as soon as the incident happened in-which notifications were sent out and they mobilised staff across all the civic centres to try and get through the backlog as quickly as possible.

 

Officers noted that while they wouldn’t want that incident to happen again, they have additional processes and steps in place with the third parties to mitigate a recurrence. Officers are aware that they  ...  view the full minutes text for item 3