Issue - meetings

The committee is requested to consider the agenda report and its appendices and to note the current strategic risk register, the current high scoring programme board and organisational risks, the plans and mitigation actions in place and to raise any issues or concerns. Appendix 1b is confidential* and is available to members of the committee and relevant officers only.

*Note Exempt category Para 3: Information relating to the financial or business affairs of any particular person (including the authority holding that information)

The committee considered the report in the agenda (copy attached to the official minutes).

Mrs Belenger introduced the report, advising that the Strategic Risk Group (SRG) had considered the council’s strategic risk register and the high scoring programme board and organisational risks and the internal controls in place at its meeting on 15 March 2017. The SRG had suggested a number of changes and these were reflected in the appendices to the report. She reminded members that Appendix 1b was confidential and that any discussion should be taken in Part 2.

Mr Hobbs complimented Mrs Belenger on this comprehensive method of setting out the council’s risks.

The committee made the following comments or asked questions which were answered as follows:

·             CRR128 Non-compliance of the Payment Card Industry Data Security Standard (PCI DSS) – Do these regulations change regularly and are we out of kilter with similar organisations who are continually trying to keep up? Mrs Belenger responded that the council was not alone. Our new card payment supplier had indicated they would assist us to achieve compliance. We have until 2019 due to the link to the General Data Protection Regulations to achieve compliance which gives us a couple of years to get our internal practices in order.

·             CRR145 Data Protection Act Breach Loss of Data – Mr Barrett wondered whether this should be a confidential item as there was the risk of losing personal data. Mrs Belenger advised that there had been occasions when the public sector and other organisations had lost data, however the likelihood was low as controls had been put in place. PSN compliance was the key control in achieving secure lines and systems between local government and government agencies. A potential breakdown of controls could cause a breach and that would result in fines. Confidential hard copy information was kept in tied bags and shredded on site. Mrs Belenger undertook to check whether this was a confidential risk.

RESOLVED

1)          That the current strategic risk register and the internal controls in place, plus any associated action plans to manage those risks, be noted.

2)          That the current high scoring programme board and organisational risks, and the associated mitigation actions in place, be noted.