- Meeting of BMKFA Executive Committee, Wednesday 16th October 2019 10.00 am (Item 6.)
To consider Item 6
The Vice Chairman introduced the report and advised Members that a good ICT Strategy underpins the whole vision and strategy of the organisation and reflects on the previous strategy and makes recommendations around ICT security and cyber-security and builds upon that strategy.
The ICT Manager advised Members that this ICT Strategy was different to previous versions and had been written to make it clearer and more comprehensive to read and use. The Strategy aligns and supports the Public Safety Plan/Corporate Plan 2019-2020 which was updated in March 2019 and would be reviewed again when replacement documents were released.
The ICT Manager advised Members that over the last five years there had been more issues with cyber than before. As Members may have seen recently, Wiltshire Council systems were shut down for many weeks following the novichok poisoning, not because their IT systems had been compromised, but because so many people outside the UK were trying to access their systems.
A Member asked if the Authority backed up on site or off site and was advised that back up was done to tape off site and also to the cloud. Moving forward everything was becoming more cloud based and it would eventually take over.
A Member asked what was being done to ensure the Authority’s systems couldn’t be hacked and was advised that there was a multi-layered approach to security using different manufacturers and different providers. The network was protected through firewalls that were intelligent and looked at the information coming in. Emails coming in presented the most risk and these were blocked if there was a link or an attachment that was not recognised.
The Head of Service Development advised Members that an exercise had taken place recently where someone had been brought in to provide penetration testing to ensure the Authority’s systems were robust.
A Member asked how ‘not spots’ were covered when people were using mobile phones, and was advised that in order to mobilise staff, the Authority had moved away from paging which used to have a lot of ‘not spots’ and recently moved to an app that sits on a phone. The benefit of the app was that users would have chosen a network which had best coverage in their area. The app also worked across home based Wi-Fi, 3G, 4G and 5G.
A Member asked if the Authority was complying to GDPR as there was no mention of it in the Strategy and was the Authority still able to share data with councils and other blue light services and was advised that the Authority had recently signed up to a shared data agreement with Milton Keynes Council and it had something similar with Buckinghamshire County Council. GDPR was also factored into the acceptable use policies that sit below the ICT Strategy. There would also have been a data protection impact assessment carried out in conjunction with producing the ICT Strategy.
Members asked that for GDPR reasons, the data impact assessment be appended to the Strategy.
That the ICT Strategy 2019-2024 be approved.