Agenda and minutes

Apologies for Absence


Apologies were received from Councillor Dawson.


There were no declarations of interest.


Councillor Albon proposed, Councillor Davis seconded and the General Purposes Committee agreed that the public and press be excluded from the meeting for agenda item 4 as it contains exempt information as defined in Paragraph 7 of Part 1 of Schedule 12A of the Local Government Act 1972 (as amended).


ICT and Digital Policies

Hannah Thorpe, Head of Strategy and Transformation introduced the report and made the following points:


  • The General Purposes Committee was being asked to consider proposals for four new ICT policies that included:

§  Acceptable Use Policy;

§  Cyber Security /Cyber Attacks Policy;

§  Digital Security Policy;

§  Payment Card Industry Data Security Standards Policy.

  • A staff consultation that would include consulting trade unions would be conducted for thirty days as the adoption of these policies had implications for the staff conditions of employment;
  • The four policies would go to Cabinet for final approval;
  • The Committee was being asked to agree that after the staff consultation, the Chief Executive be authorised to make any changes to the final draft;
  • Following the decision to bring back in-house the ICT service from a shared services arrangement, the majority of the service moved back to the council in April 2023 and in April 2024, the ICT became a fully in-house service when cyber security also moved back;
  • In January 2024, a security incident occurred;
  • TDC was audited by the East Kent Internal Audit Partnership and some comments were made and the Council was now actioning those recommendations;
  • The Council appointed Richard Knight as the new Policy Manager. Mr Knight worked with the ICT team in drafting the new policies;
  • These policies covered both councillors and staff;
  • The draft policies were reviewed by an officer working group who checked for robustness;
  • National best practices were referenced during the drafting stage;
  • Officers also considered the requirement of the National Cyber Security Centre (NCSSC);
  • The Policy Manager advised that the policies should be reviewed every six months to ensure that they were compliant to industry standards.


Members asked questions and made comments as follows:


  • Would these four policies be considered by Cabinet in a confidential session?
  • Would any future updates to these policies be considered by Cabinet?
  • What actions would be taken against a councillor who broke the policies?
  • There should some wording in the policies that mentions what consequences there would be for breaches by councillors;
  • The glossary section should be updated regularly;
  • Was there any provision for out of hours support?
  • The current email out of office wording should have some wording on where to redirect any queries.


Hannah Thorpe, Ingrid Brown, Head of Legal and Democracy & Monitoring Officer and Dan Evans, Head of ICT responded as follows:


  • These policies would still be considered in a private session when they are presented to Cabinet. This was in order to protect the methods used by the Council against cyber security attacks;
  • Any updates to the policies would be signed off by the Chief Executive, without the need to go to Cabinet;
  • In order for these policies on be enforceable on councillor breaches would require reviewing the code of conduct for councillors to link to these policies;
  • Officers would ensure that the out of office auto response email would contain a similar message that advises who else could be contacted in the absence of the intended officer.  ...  view the full minutes text for item 54.