Issue - meetings

Report by the Chief Operating Officer

8.1       The Committee considered a report by the Chief Operating Officer, which presented an update on the current strategic risks faced by the Council and the controls and responses.

8.2       The Committee discussed:

• Cyberattack remains a risk with increased homeworking with staff using their own equipment and systems, and issues of data protection
• Brexit and the implementation of the Political Declaration: should the risk be rewritten and be included, given the risks associated with ports and ferry traffic, the potential disruption to supply chains that may affect Council services
• Covid-19 and the potential for a second wave and response by a local lockdown plans and what that would involve

8.3       Officers responded:

• Data breaches are dealt with by the Data Protection Officer, who reports to the Chief Operating Officer, who coordinates any necessary reporting to the Information Commissioner’s Office.  There has been no increase in reporting during the pandemic.  In terms of staff using their own equipment, access to the Council’s systems is controlled by the security associated with the Council’s Citrix environment.  There are two cybersecurity accredited members of staff (out of circa 1000 people nationally so accredited) who maintain contact with national guidance.  There has been a review of information from the civil service as to the key issues to bear in mind. 
• Brexit is being kept under review and will be incorporated once there is sufficient information for the risk and mitigations to be quantified.
• Public Health have been working on local lockdown plans based on latest government guidance, and information will be provided to Members. Details of the of the Coronavirus Local Outbreak Plan can be found on the Council’s website: (https://www.eastsussex.gov.uk/community/emergencyplanningandcommunitysafety/coronavirus/outbreak-control-plan/).

8.4       The Committee RESOLVED to note the current strategic risks and the risk controls/responses being proposed and implemented by Chief Officers, including the inclusion of a new Covid-19 risk.  The Committee requested consideration be given to reinstating a redefined Brexit risk on the future relationship with the European Union as there has been no agreement on the implementation of the withdrawal agreement.

Report by the Chief Operating Officer

24  Strategic Risk Monitoring - Quarter 2, 2019/20

24.1     The Committee considered a report by the Operating Officer. The Committee commented on the following risks: 12 – Cyber Attack and 9 – Workforce.

Cyber Attack

24.2     The Committee asked questions about the effectiveness of staff training in processing sensitive information and compliance with GDPR.  Kevin Foster confirmed that the e-learning modules were being refreshed, and that the Data Protection Manager compiled a regular monitoring report.  The report includes areas of concern being referred to the Information Commissioner’s Office, and no such areas have been identified.        

Workforce

24.3     The Committee asked questions about stress in the workforce, whether to do with reduced staff numbers and increased workloads, or withdrawing from direct contact with the public.  They also enquired about a general staff attitudes survey.   

24.4     Kevin Foster highlighted the drive to recruit Mental Health First Aider volunteers, and the continued focus on absences recorded as due to stress.  He set out the support in place for managers to deal with their own stress and within their teams, and the openness for staff to ask for help that is encouraged.  The success of the return to work interview and protocol in supporting those staff that had been absent to reintegrate into work was highlighted.  While there is no overall staff attitude survey, individual departments conduct their own.    

24.5     The Committee RESOLVED to note the current strategic risks and risk controls and responses being proposed and implemented by Chief Officers.