Report of the Chamberlain.
The Sub-Committee received a report of the Chamberlain on the IT Division on the IT Division Risk Update. IT currently holds 2 risks on the Corporate Risk Register, whilst feeding into the GDPR Corporate risk which is owned by Comptrollers. There was a discussion around removing the CR16 the IT Security risk from the Corporate Risk Register however it was agreed that for the interim the risks should stay on the Corporate Risk Register. It was agreed that a paper would be produced on the current security maturity levels along with an outline of any further investments required to reach the necessary maturity levels.
It was further suggested that all IT Departmental Risks should be brought to the Committee as a regular item.
RESOLVED – That the Sub-Committee notes the report.