The Director of IT to be heard.
The Sub Committee received a verbal update of the Director of IT on the IT risks. There were not material changes in IT risks since the last meeting of the Sub-Committee. The Director of IT noted that the Mazars GDPR Compliance Review draft audit report undertaken in July & August 2019 was received in September 2019 and reviewed by the Data Protection Officer for the City of London and C&CS Information Compliance Manager.
The draft audit report rated GDPR compliance as amber 'an adequate control framework is in place but there are weaknesses and or a lack of compliance which may put some system objectives at risk'.
Some suggested amendments to the report findings were made and the revised report is awaited, the core findings and recommendations remain unchanged. Further updates on this corporate risk will be provided to the Sub-Committee at future meetings.
RESOLVED – That the Sub Committee notes the report.