Decision details

ICT Policies

Decision status: Recommendations Approved

Is Key decision?: No

Is subject to call in?: Yes

Purpose:

Embracing digital technology is an important part of helping the council to improve the way it delivers services to local people. As more council transactions and interactions move online, it's essential that the organisation works as safely as possible. This is particularly important given the threat of cyber attack across the local government sector, and at a global level, continues to be high.

 

Having clear and up to date organisational policies in place is a key way to support the council and to help mitigate against this potential threat. There were previously 14 separate ICT and Digital policies with a great deal of overlap and duplication. They have now been updated into four new overarching policies which the Cabinet was asked to approve.

Decision:

Cabinet approved the following policies for implementation across the organisation:

 

1.  Acceptable Use Policy;

2.  Cyber Security and Cyber Attacks Policy;

3.  Digital Security Policy;

4.  Payment Card Industry Data Security Standards (PCI DSS) Compliance Policy.

Reasons for the decision:

The reasons for this decision are to ensure that the council’s overall cyber security and management of Digital and ICT are optimised by:

 

  • Providing comprehensive guidance to officers and councillors;
  • Demonstrating the robust and comprehensive measures that the council takes;
  • Setting out regular reviews of the policies to ensure guidance is updated and reflective of best practice.

Alternative options considered:

The alternative was not to approve the proposed updated policies. This was not recommended on the basis that the previous 14 policies in place had significant overlap and were created as part of the former tripartite East Kent council arrangement which is no longer in place. It would mean disregarding an agreed management action as part of the EKAP cyber security audit and would also potentially subject the council to an unacceptable level of risk, given that cyber security is one of the council’s highest scoring corporate risks at this time.

Publication date: 27/09/2024

Date of decision: 26/09/2024

Decided at meeting: 26/09/2024 - Cabinet

Effective from: 05/10/2024

Accompanying Documents: