Report of the Chief Operating Officer.
Members commented greater controls needed to be implemented to try to reduce the likelihood of the target risk as well as the impact, and asked if the target risk in the register was the right one. The target should be for the risk to be in green, not amber.
A Member commented that the report often refers to the risks with staff, and whether the risk was also applicable to Members. The IT Director said that the risk should be applicable to all who work for the City Corporation and receive information from it, and that he would take the role of Members in the risk into consideration, including the possibility of training in information security for Members.
A Member asked if the risk had been benchmarked against similar risks experienced by other major institutions in the City of London. The IT Director replied that while there was no benchmarking, they do have a maturity model which is a comparison tool for best practice with other organisations and would be able to share the maturity model with the Committee.
RESOLVED, that – the report be received and its contents noted.