Councillors and committees

Agenda item

Summary Corporate Risk Register Update

Minutes:

A summary of the top 15 risks on the Corporate Risk register was considered. This had been reviewed by the Strategic Leadership Team (SLT) on 12 February.

The 2 red risks are the Dedicated Schools Grant deficit and Placement Costs. Mitigating measures for all the risks were listed.

In response to a question on projections on income from investment properties it was noted that the intention is to spread the risk across a wider range of properties.

 

Updates on the risks selected at the November meeting for more detailed review were also presented.

 

Cyber Security and Information Governance

The Council complies with the Public Sector Network security requirements. The assessment for this includes an external security test of the network.

Following a formal assessment by an external accreditation body, The Council has also been awarded the Cyber Essentials Certification indicating that systems will protect against the vast majority of common cyber attacks and Cyber Essentials Plus certification, a more rigorous test of cyber security systems is being sought..

Phishing is one of the biggest risks for the Council and on the internet in general.  Tool are in use to test  staff awareness  of the risk and how to avoid falling for any scam

Links with the National Cyber Security Centre (NCSC),  part of GCHQ, continue and the Council is participating in several initiatives with them including being one of the testing sites for the new improved Webcheck service This continually scans the internet facing infrastructure, websites (ending in .gov.uk), firewalls etc. for issues and misconfigurations.

Significant progress has been made to remove unsupported operating systems over the past year to ensure the Council is on supported and maintained versions.  

Work continues across a number of areas to embed cyber security into the overall Council Business Continuity Plans, finally better using of logging and reporting from systems and use of threat intelligence

Information Governance

The Council’s website has been updated to comply with and reflect the changes in legislation on Data Protection and to provide clear guidance on how the public can exercise their data rights.  Privacy Notices are displayed on our webpage. Processes are in place for Subject Access Requests and the Right to Erasure and other right to data .

The Information Asset Register and Retention and Disposal Schedule has been updated and will be reviewed quarterly.

A process of Data Protection Impact Assessments (DPIA) is embedded in the project management and commissioning process. Services provided by arms length companies include satisfactory Information Governance and Security requirements which are checked on a regular basis.

Training and awareness for staff and Councillors on Information Governance continues with specific training for roles such as Data Protection Officer, Senior Information Risk Owner and Caldicott Guardian have had specific training.  Training and drop in sessions are provided to all staff.

There is a programme of work for 2019/20 to ensure that improvements continue to be made in the management of Information and cyber security.

 Questions concerned internal and external audit of these arrangements

 

Emergency Planning

A Standardisation Programme aimed at aligning all emergency planning, training and exercising arrangements, to enhance resilience across the capital by 2020 is in progress. All boroughs are participating in specific workstreams to achieve more resilience to emergency and disruptive incidents.

A new Command and Control system has been established, with defined roles and responsibilities. Kingston’s emergency plans are being revised to reflect these.  A standardised training programme, started in January 2019 for senior roles .  A programme for all staff undertaking roles is being developed and they will participate in emergency planning and response exercises.

Boroughs implementation and performance against the new workstreams will be assessed in a self assessment process, via a peer review by another London Local Authority, and by external peer review by an external body.   

 

Kingston has an implementation programme and is an active member of the South West London Resilience Programme Board, represented by the Director, Communities and the Contingency Planning Manager.

 

The steps already taken and planned changes were noted

 

Questions concerned the co-ordination of these arrangements and the Council’s ability to execute them

 

Brexit preparedness

 

Guidance from central government, the LGA, London Councils and other local authorities have identified a common set of themes which have been used as a framework for assessing the potential impacts for a no deal Brexit

 

The council has established a cross-directorate Task and Finish Group and including Achieving for Children to assess the impact Brexit could have on the council, its residents and communities and businesses.

 

In consultation with local and regional partners, an impact log for a no deal exit with mitigating actions to address some of the potential impacts in the following areas has been developed:   

 

Community Cohesion - in consultation with faith groups, Community groups and the Metropolitan Police.

Economic impact on small and medium businesses - in consultation with Kingston Chamber of Commerce, Kingston First, Kingston University.

Citizens Rights - in consultation with Kingston Citizen Advice Bureau, Kingston Voluntary Action, Voluntary Sector Organisations working with migrant groups, DWP, Kingston University, Kingston College.

 

A review of the Council’s business cContinuity arrangements is underway and the Council is participating in pan-London Brexit arrangements, with London Council’s, LGA & London Resilience via weekly teleconference and Brexit workshops.

The Safer Kingston Partnership on 18 January 2019, considered a report on the Brexit arrangements and possible borough impacts at that point. Partnership members are liaising regarding preparations for a no deal Brexit.

 

Ongoing liaison in the Borough Resilience Forum (Borough Multi-agency Partners  reviews  the multiagency impact on the borough and on partner agencies i.e. impacts on medical and medicine supply; workforce of provider organisations.

 

Funding of £210k for each London Borough over two years (2018/19 and 2019/20) to help support Brexit preparations was recently announced and Kingston has also created a local Brexit contingency.

A more detailed, follow-up report will be taken to the Community Engagement Committee - which has responsibility for contingency planning - three months after the UK has left the EU

Resolved that

 

1.    the updates on the high priority risks are noted;

2.    SLT will review the risk register on a quarterly basis and the Committee will continue to review the register on a quarterly basis;

3.    a report on the process for scrutinising risk and the relationship between the role of this Committee and the Strategic Committees in considering risk is considered at the July meeting;

4.    the updates on the risks for further review, selected at the meeting in November, and the following recommendations are noted;

Emergency Planning - to note

a)       the recent improvements made to emergency planning resilience in Kingston Council and further improvements in the pipeline.

b)      the actions to introduce the London Emergency Planning 2020
standardisation programme and resilience assurance programme across Kingston Council, with the implementation programme on target to have the required arrangements in place by September 2019.

c)        that a more detailed report on emergency planning resilience will
be brought to Community Engagement Committee in the spring 2019.

Brexit preparedness - to note

d)        the work underway across the council and with local partners to prepare for a ‘no deal’ Brexit.

e)        that a more detailed, follow-up report will be taken to the Community Engagement Committee - which has responsibility for contingency planning - three months after the UK has left the EU, reporting on impacts on council services,  residents, communities and businesses

 

Supporting documents: