Agenda item

Deep Dive Risk Reviews

Minutes:

6.1       CR10 Adverse Political Consequences

 

Members received a report of the Remembrancer in respect of Corporate Risk 10: Adverse Political Developments.  During the discussion the following points were noted:

 

  The possibility of considerable changes to the political composition of councils in London’s forthcoming local elections.

 

   The current poor perception of the financial services sector and business generally.

 

     Whilst there were no current statements of an intention to move against the City of London Corporation, with the exception of the Green Party Manifesto, it was likely   that it could become an issue if a Labour Government were elected. 

 

    In concluding, Members noted that the above messages helped to inform the risk rating of ‘8 – Amber’.

              

RESOLVED, that – the report be noted. 

 

 

 

6.2       CR16 Information Security

 

Members received a report of the Chamberlain in respect of Corporate Risk 16 (CR16) – Information Security.  During the discussion the following points were noted:

 

           The City Corporation had been working in accordance with GCHQ procedures, which included ISO2701 compliance (as defined by the National Audit Office).

 

           The transformation agenda was increasing the take-up of mobile and home working.  Following last week’s adverse weather, the IT Sub Committee on 26 March would receive a report on The Personal Access Device Policy, which would include the take-up and success of home working.  Furthermore, the IT Sub Committee were having their own operational ‘Deep Dive’ in respect of information security at their next meeting on 26 March. 

 

           The officers’ People Security Board were delivering on policy management and training.  The IT Director advised that staff road shows were planned, along with a ‘Master Class’.

 

           Information security generally would be covered in a forthcoming Members Survey, which would also include GDPR and data protection.

 

           Members asked for another Deep Dive review into IT Security, in about 6 months’ time, once the current improvements had embedded further. 

 

RESOLVED, that – the report be noted.