Decision details

1          INFORMATION GOVERNANCE FRAMEWORK UPDATE – The Director: Governance and Partnerships submitted a report seeking approval for an update to the council’s Information and ICT Security Policy that formed part of the Information Governance Framework.

Information was a key council asset and it was crucial that it was looked after with the same care as other important assets, such as finance, people, land and property.

The Information Security Policy was one of a series of policies that sat as part of the Information Governance Framework relating to the management and security of information and personal data.  It set out how the council would comply with legal and best practice requirements governing information management.  These requirements included the UK General Data Protection Regulation / Data Protection Act 2018 and the Freedom of Information Act. It sat alongside the currently separate ICT Security Policy which contained provisions that ensured that IT assets, infrastructure and systems and their associated use were safe, secure and compliant.

The key changes were as follows:

•           The former Information Security Policy had been enhanced to become the “Information and ICT Security Policy”, bringing together the originally separate Information Security Policy and the former ICT Security Policy, and combining them into a single policy statement given a cross-over of issues and content.

•           The policy had been amended throughout to add ICT Security detail to the previous Information Security requirements.

•           The policy had been amended throughout to reflect changes to UK GDPR since 1 January 2021

•           Section 4.0 had been updated to replace ‘Keep it Secure’ with the 2021 version that took account of updated guidance and the content of the revised Digital Technologies Policy.

Resolved – That the proposed changes, as set out in the revised the Information and ICT Security Policy, be approved.