Agenda item

Report of the Chamberlain.

The Sub Committee received a report of the Chamberlain on the CR 16 Information Security Risk. Members were informed that there has been an increase of Spear Phishing. Members have raised concerns on the same subject in the past with Officers from the City of London Corporation. Officers assured the Committee that this is being investigated.

Members were informed that the Information Commissioner, the watchdog responsible for data protection has fined Newham Council £145,000 due to its breach of information management and the way it was handled.  Officers further emphasised the seriousness of such breach and the fact that large fines should focus the attention of councils, including the City of London Corporation and provides further incentive to ensuring that the City of London Corporation is up to date with all its Information Security Risks. 

The City of London Corporation is addressing a wide range of potential Information Security Risks, as any failure to demonstrate appropriate control in such risk areas will expose the City of London Corporation to high-level risks and hinder various strategic objectives of the Corporation.

A Member asked why the dates we had on maturity levels were very broad and what were the intended maturity levels. Members were assured that the City of London Corporation has controls that allow the Corporation to monitor the progress on maturity levels. In addition, the City of London Corporation has a number of programmes put in place to mitigate any risks.   

A Member asked if the City of London Corporation has plans put in place to respond to incidents without hampering any of the core services.  The Committee were informed that the City of London Corporation designs its services with resilience in mind and makes every effort to avoid causing disruption to the services. As part of such services, there are testing and services in place to ensure that the City of London Corporation is prepared for the eventuality of disruption to service at present, the City of London Corporation runs its services through two different centres, working in partnership withAgilisys.

The Committee agreed that the Information Security Risk should remain as a Corporate Risk, as it is still live and remains as a constant risk. The Sub Committee agreed to send a memorandum to the Chair of the Audit and Risk Management Committee on the importance of Information Security Risk remaining as a Corporate Risk. The Chairman noted the Chairman of Audit and Risk was receptive of such note.

A further report on Information Security Risk is to be tabled at the next meeting.

RESOLVED – that the Sub Committee:

·         The report be noted.