Agenda item

Matt Smith, Business Development and IT Manager:

a.    presented an update on ICT Disaster Recovery (DR) and Audit recommendations for the ICT Service as requested by the Audit Committee.

b.    advised that in terms of Disaster Recovery the Council had a limited amount of resource and where possible sought to optimise benefits from the resources available by adopting solutions that worked towards resolving more than one issue.

c.     summarised the risks associated with the provision of an IT Service as detailed at paragraph 2.4 of the report and gave details of the significant workload that this imposed on the service and further explained the resource implications.

d.    detailed several aspects that had been developed which would assist with delivery of the Disaster Recovery Solution over a number of years:

                        I.         Backup arrangements – allowing multiple copies of data to be held within two locations on premises, and a further copy to be maintained offsite, in the ‘cloud’

                      II.         Refresh of infrastructure – a duplicate copy of the infrastructure had now been delivered which could be invoked should a disaster occur at the primary site

                     III.         Enhanced DR copies of data – some data was not held within ‘real-time’ copies to reduce the likelihood of data loss should an emergency issue arise.  This would reduce the amount of data that could be lost since the previous backup cycle.

                    IV.         A DR plan had been developed.

e.    highlighted further improvements that could be implemented as detailed at paragraph 3 of the report and explained that the Disaster Recovery work would continue to be reviewed to seek opportunities for improvement.

f.      advised that since October 2018 there had been 5 Internal Audits, which had resulted in a number of recommendations, many of which had been concluded.

g.    explained that one of the main outstanding actions was to review the ICT Policy, a draft had been completed and it was currently being reviewed by other stakeholders prior to the committee process.

h.    further advised that some recommendations would require finance to be made available in order to complete them, this was under ongoing review and would be considered alongside other pressures on the budget a part of the normal cycle.

i.      advised that an ICT Risk Register has also been developed over the last year.  There were currently 90 risks documented.  The higher-level risks have actions in defined projects i.e. DR, which also competed for resource, or were also identified on the corporate risk register e.g. for financial and staff resources in general.

j.      invited members questions and comments.

Question: Referred to the back up arrangement as detailed at paragraph 3.2 of the report and asked if the multiple copies of data were kept in sync.

Response: Some of the data was replicated overnight, some was synchronised, and some was held in the cloud.

Question:  Asked if the ICT Security Policies would be overruled by stakeholders during the consultation.

Response: The consultation was with HR, Audit and external consultants and was to intended to ensure that the policy was fit for purpose.

Question: Asked if consideration had been given to using Lincolnshire County Council as a fall back if the systems went down.

Response: All options had been considered, we were advised by external consultants to have our own off site back up which was at Hamilton House.

The committee extended their thanks and appreciation to the IT Team for their excellent work during an unprecedented time.

RESOLVED that the report be noted.

(Councillor T Dyer left the meeting)