Members gave consideration to a report from the ICT Manager, seeking approval of the suite of Information Technology Policies, which had been refreshed to ensure they were compliant with the new National Cyber Strategy 2022. It was explained that a total of twelve policies had been refreshed, with the report detailing the amendments to each policy. The Committee also heard that the ICT Manager was in contact with the associated team at Lincolnshire County Council, in order to seek a solution for ‘multi-hatted’ Councillors to be able to use a single device, rather than a device for each Council. He assured Members he would keep them updated but initial conversation had proved positive. After summarising the purpose behind each policy, as well as the security reasons as to why there were some policies that were exempt from being made public, questions and comments from the Committee were invited.

Note:              Councillor T. Young arrived at 6.43pm

Members commented that it was perhaps a sign of the times that it was necessary to have such policies but appreciated their importance in protecting the Council’s data and that of residents. Members were particularly pleased to hear that discussions were continuing with Lincolnshire County Council regarding shared software on one device.

It was confirmed that training arrangements were in place for both Members and Officers in relation to the policies. These arrangements were reviewed on a frequent basis. It was also confirmed that policy reviews were undertaken at North Kesteven District Council, bearing in mind the existing shared service arrangements.

Members noted that the timing for the return of devices from Members who were no longer Councillors had been discussed with Democratic Services and was based on best practice.

Having been moved and seconded, and on the Chairman taking the vote, it was unanimously

RESOLVED that

a)    the ICT Policy report and associated updated policies (as given below) be approved:

·         Information Security Policy (Appendix 1)

·         ICT Disaster Recovery Policy (Appendix 2)

·         Incident Response Action Card Phishing (Appendix 3)

·        Incident Response Action Card Denial of Service (Appendix 4)

·         Incident Response Action Card Malware (Appendix 5)

·         Incident Response Action Card Ransomware (Appendix 6)

·         Network Connection Agreement (Appendix 7)

·         Patch Management Policy (Appendix 8)

·         Mutual Non-Disclosure Agreement (Appendix 9)

·         Change Management Procedure (Appendix 10)

·         Remote Working Policy (Appendix 11)

·         Members ICT Policy (Appendix 12)

b)    ICT communicate key changes to staff and Members through Minerva, the Members’ Handbook and the learning management system (Learning Pool), providing the opportunity for staff and Councillors to read and understand the policies and have the process confirmed; and

c)    all newly elected Members receive a copy of the Members’ ICT Policy contained within the Members’ Handbook; and

d)    any future minor housekeeping amendments be delegated to the Director – Change Management, ICT & Regulatory Services, in consultation with the Chairs of the Joint Staff Consultative and Corporate Policy and Resources Committees.