Pre-decision Scrutiny
·
To select appropriate items from the Cabinet (Policy and Resources) Sub
agenda for pre-decision scrutiny (cabinet reports enclosed for Scrutiny
Members)
Decision:
Neath
Port Talbot Cyber Security Strategy Update 2024
Following
scrutiny, the recommendation was supported to Cabinet.
Minutes:
Neath
Port Talbot Cyber Security Strategy Update 2024
Chris
Owen Chief Digital Officer introduced the Neath Port Talbot Cyber Security
Strategy Update 2024 report.
Members
welcomed the progress against the actions in the strategy.
Members
noted that a range of measures have been put in place to protect the
organisation over the years in terms of cyber security, but that has also
created a more complex system. Members asked if the growing risks of user error
and maintenance of this complex and interconnected system has been considered?
Officers
outlined how digital platforms underpin the delivery of the majority of council
services. Members were advised that extensive work has been undertaken to
documents the interdependencies between the systems, how they operate, and how
the service areas consume those services.
Through
their Disaster Recovery and Business Continuity plans, Digital Services has
documented ‘playbooks’ which outline how to recover services in the event of an
outage, which includes timelines to restore the service .
Members
were advised that service areas need to understand these timelines and put them
into their business continuity plans, so they will know how long they would be
without that service. Service areas need to understand what the implications
are of any digital service being down to their service and how they would need
to operate in that situation. Officers have started work with the emergency
planning team to engage with the service areas.
Members
asked how officers would mitigate the extent of the systems going down, for
example if email goes down for the entire organisation.
Officers
advised that a lot of time and effort has been invested to review the critical
systems and categorised them in terms of major services and they have playbooks
in place for each one. If one of those services goes down, digital services
have the playbook to know who needs to be available, what the action plan is
and what the communications need to be so they be best prepared if a service
goes down.
Officers
advised that they have built the services to meet the Neath Port Talbot digital
services standards. These standards make
sure there are no single points of failure and that there is full redundancy in
place. Officers stated that they are using ‘cloud first’ as a new approach
(where possible) rather than the on-premises data centre which inherently has a
single point of failure within it. This is to make sure that the redundancy is
there as part of the design.
Officers
noted that there was a recent issue caused by a third-party organisation.
Officers advised that there was very good internal communication as soon as the
incident happened in-which notifications were sent out and they mobilised staff
across all the civic centres to try and get through the backlog as quickly as
possible.
Officers noted that while they wouldn’t want that incident to happen again, they have additional processes and steps in place with the third parties to mitigate a recurrence. Officers are aware that they ... view the full minutes text for item 3