To receive any declarations of
interest. Members are advised to consider the advice contained
within the Declaration of Interest advice attached to this
Agenda. If a Member declares an interest, they should complete
the Declaration of Interest
Form
Councillor Albon proposed, Councillor Davis
seconded and the General Purposes Committee agreed that the public
and press be excluded from the meeting for agenda item 4 as it
contains exempt information as defined in Paragraph 7 of Part 1 of
Schedule 12A of the Local Government Act 1972 (as amended).
Hannah Thorpe, Head
of Strategy and Transformation introduced the report and made the
following points:
The General Purposes Committee was being asked to
consider proposals for four new ICT policies that
included:
§Acceptable Use Policy;
§Cyber Security /Cyber Attacks
Policy;
§Digital Security Policy;
§Payment Card Industry Data Security
Standards Policy.
A staff consultation that would include consulting
trade unions would be conducted for thirty days as the adoption of
these policies had implications for the staff conditions of
employment;
The four policies would go to Cabinet for final
approval;
The Committee was being asked to agree that after
the staff consultation, the Chief Executive be authorised to make
any changes to the final draft;
Following the decision to bring back in-house the
ICT service from a shared services arrangement, the majority of the
service moved back to the council in April 2023 and in April 2024,
the ICT became a fully in-house service when cyber security also
moved back;
In January 2024, a security incident
occurred;
TDC was audited by the East Kent Internal Audit
Partnership and some comments were made and the Council was now
actioning those recommendations;
The Council appointed Richard Knight as the new
Policy Manager. Mr Knight worked with the ICT team in drafting the
new policies;
These policies covered both councillors and
staff;
The draft policies were reviewed by an officer
working group who checked for robustness;
National best practices were referenced during the
drafting stage;
Officers also considered the requirement of the
National Cyber Security Centre (NCSSC);
The Policy Manager advised that the policies should
be reviewed every six months to ensure that they were compliant to
industry standards.
Members asked
questions and made comments as follows:
Would these four policies be considered by Cabinet
in a confidential session?
Would any future updates to these policies be
considered by Cabinet?
What actions would be taken against a councillor who
broke the policies?
There should some wording in the policies that
mentions what consequences there would be for breaches by
councillors;
The glossary section should be updated
regularly;
Was there any provision for out of hours
support?
The current email out of office wording should have
some wording on where to redirect any queries.
Hannah Thorpe,
Ingrid Brown, Head of Legal and Democracy & Monitoring Officer
and Dan Evans, Head of ICT responded as follows:
These policies would still be considered in a
private session when they are presented to Cabinet. This was in
order to protect the methods used by the Council against cyber
security attacks;
Any updates to the policies would be signed off by
the Chief Executive, without the need to go to Cabinet;
In order for these policies on be enforceable on
councillor breaches would require reviewing the code of conduct for
councillors to link to these policies;
Officers would ensure that the out of office auto
response email would contain a similar message that advises who
else could be contacted in the absence of the intended officer.
...
view the full minutes text for item 54.