Agenda item

Report of the Commissioner.

To be read in conjunction with Non-Public Appendices at Item 29.

Members received a report of the Commissioner regarding a regular risk register update. Questions were raised on the following areas:

• Following recent personal data breaches in other Forces, assurances were sought on whether this risk had been appropriately mitigated for City Police.
• Having reviewed the risks for the delivery of the Fraud and Cyber Crime Reporting and Analysis Service, the risk was not as binary as it presents. The concern was not that the Service would be delivered or not, but rather whether it would be delivered on time, with the expected capabilities, within budget.
• What actions, if any, were required for risks that appear red-rated, even after mitigations.

In discussing the above, the Board agreed that there were always going to be some risks that remained red despite all mitigations. There was, however, a question as to whether the generic Corporation risk template was appropriate for the Police and whether a more tailored or different approach should be used to better reflect the nature and probability of certain risks.

With regard to data security, there had been no attacks of this nature on the City of London Police. In regard to Freedom of Information Requests specifically, a second layer of assurance had been built into the process to ensure total preventability. A new Digital Data Technology Committee had been established within the Force and an update on this would be going to the next Resource Risk and Estates Committee.

RESOLVED, that the report be noted.