Agenda item

The Committee considered a report of the Director of Corporate Resources the purpose of which was to present the Corporate Risk Register for approval along with an update on Local Government Reorganisation as an emerging risk.  A copy of the report marked ‘Agenda Item 13’ is filed with these minutes.

As part of this item, the Committee also received a presentation from the Senior Resilience Officer regarding Critical Service Business Continuity.  A copy of the presentation is filed with these minutes.

Arising from the discussion, the following points were made:

Presentation

(i)             Following a query on whether any lessons could be learnt from the cyber attack on the City Council, it was noted that some briefings had taken place.  The County Council was aware of the technicalities surrounding the attack and were taking steps to ensure that everything was in place to assist with disaster recovery.  It was felt inevitable that the County Council would be the subject of a cyber incident at some point, and it was therefore essential that staff were prepared.  A range of preventative measures had been implemented, including providing advice to staff, mandatory annual training and a number of infrastructure controls.

(ii)            Assurance was given that regular business continuity testing was undertaken, with quarterly reports being presented to the Resilience Planning Group (RPG).  It was stated that in general, tests were carried out by exercise with six being completed in 2024.  A large number of teams within the Council also tested their individual business continuity plans on a regular basis.  Although this was not currently mandatory, this would be the case from July with more regular formal reporting to RPG and the Council’s Corporate Management Team.

(iii)          A member questioned whether any funding from Government was received to support the prevention of cyber attacks.  The National Cyber Security Centre had developed a toolkit to support local authorities in adopting best practice, and there was guidance from the Public Sector Network.  A paid for service was also available for organisations to receive support in the event of a cyber attack.

(iv)          It was noted that there were currently 42 Tier 1 critical plans, including departmental management plans, and it was queried how much duplication there was across these.  Officers had met with Chief Officers to discuss this and departments were in the process of reviewing their individual plans.  However, it was largely the responsibility of managers to ensure that their service had a business continuity plan in place.

Report

(v)           There was one emerging risk relating to Local Government Reorganisation.  It was noted that, regardless of the Government’s approach to the proposals submitted and the preferred way forward, there would be a period of intensive work and demand on internal resources, short term uncertainty and instability which would require mitigation.

(vi)          In relation to a query on Risk 1.6 (Special Educational Needs), and whether there had been an update from the Department for Education on the statutory override, the Director of Corporate Resources stated that the override had been extended pending further details on the proposed reform of the High Needs Block.

(vii)         A member commented that it would be useful to receive the full Risk Register with each item ‘RAG’ rated.  Currently the Committee was presented with the most important risks to the Council, but this would be considered further.  Discussions had previously taken place around the role of the Committee and the level of information it required to properly fulfil its role; this would provide a further opportunity to review this.

RESOLVED:

a)    That the Committee approves the status of the corporate and strategic risks facing the County Council;

b)    That the Chairman is contacted nearer to the meeting to agree the next presentation to the Committee;

c)    That the Committee notes the update to the emerging risk on Local Government Reorganisation.