Agenda item

A presentation will be provided as part of this item on corporate risk 3.7 (If the Council does not manage its exposure to cyber risk, then decisions and controls cannot be taken to mitigate the threat of a successful cyber-attack).

The Committee considered a report of the Director of Corporate Resources which provided an update on the impact of the Coronavirus (COVID-19) in

the context of the Council’s risk management arrangements. The report also included a copy of the Corporate Risk Register which provided an update on each risk including an assessment of the risk through the prism of Covid-19 impacts, an update on the role of the Local Resilience Forum (LRF) in managing and responding to the coronavirus pandemic risk and an update on the work of the Property and Occupants Risk Management Group. A copy of the report marked ‘Agenda Item 8’, is filed with these minutes.

As part of this item, the Committee also received a presentation on Corporate Risk 3.7 on the Corporate Risk Register: If the Council does not manage its exposure to cyber risk, then decisions and controls cannot be taken to mitigate the threat of a successful cyber-attack. A copy of the presentation slides is filed with these minutes.

Presentation - Cyber Security Risk Management

(i)         Attempted cyber attacks and threats of attack had become a major ongoing risk for most organisations including the County Council. To date, the County Council had managed to prevent such an attack being successful; however, the constantly evolving nature of cyber attacks, for example the Covid-19 pandemic now being used as bait on electronic communications, meant that cyber security remained a high-risk area and that systems and strategies were required to be reviewed and adapted regularly to keep ahead of the ever-changing situation. In terms of potential mass data loss that could be incurred if an attack was successful it was confirmed that the Council had a data backup strategy in place for such an event.

(ii)    Staff working from home or offsite were only permitted to do so through an approved Council network which was regularly reviewed, and risk assessed to ensure the appropriate security measures were in place.

Risk Management Update

(iii)   The additional details provided in the report on the role of the Local Resilience Forum (LRF) in managing and responding to the coronavirus pandemic risk were welcomed.

(iv)   In response to a question from a member it was confirmed that the way future meetings were conducted, for example, holding remote meetings, meetings in person or a mixture of both, beyond the pandemic period would be considered in due course and that at the last meeting of the County Council the Leader had stated his intention to consult with Group Leaders on the matter at the appropriate time to determine the best way forward. Members were advised that remote meetings were currently only permitted by the regulations until May 2021 and that holding meetings in this way beyond that point would be dependent on an extension to those regulations. It was acknowledged that the pandemic had opened up the prospect of more home working which had led some other councils such as Shropshire County Council to consider downsizing their headquarters and include a greater emphasis of remote working into their future plans.

(v)    In response to a comment raised around ensuring there were robust technical systems in place to cope with remote meetings, it was confirmed that the number of technical issues reported had so far been minimal. Members were also reminded that any problems experienced should be reported as soon as they occurred so that the issue could be quickly resolved. This was also particularly important in ensuring that the current regulations, stipulating that members must be able to see and hear the meeting where possible, were being fulfilled.

(vi)   Members welcomed the suggestion that a presentation be given at the Committee’s next meeting on Corporate Risk 6.1 (Brexit - Uncertainty and significant knock on consequences on public services (including potential legal, regulatory, economic and social implications), and the local economy as a result of the United Kingdom leaving the European Union) or Corporate Risk 9.4 (If climate change impacts happen more frequently or at a greater intensity than anticipated, then there is the risk that County Council services will be negatively affected) if the Director of Corporate Resources considers that risk to be more appropriate.

RESOLVED:

(a)    That the impacts arising from COVID-19 on the current status of the strategic risks facing the County Council be noted;

(b)    That at the next meeting of the Committee a presentation be provided on Corporate Risk 6.1 (Brexit - Uncertainty and significant knock on consequences on public services (including potential legal, regulatory, economic and social implications), and the local economy as a result of the United Kingdom leaving the European Union) or Corporate Risk 9.4 (If climate change impacts happen more frequently or at a greater intensity than anticipated, then there is the risk that County Council services will be negatively affected) if the Director of Corporate Resources considers that risk to be more appropriate;

(c)    That the updates regarding the Local Resilience Forum role in coronavirus risk management, recovery planning, counter fraud and the Property and Occupants Risk Management Group be noted.