Agenda item

Agenda item

INFORMATION MANAGEMENT STRATEGY

To consider a report by the Head of Business, Planning and Performance (copy enclosed) on the new framework for managing information assets.

 

Minutes:

A report by the Head of Business, Planning and Performance (HBPP) had been circulated previously.

 

The HBPP introduced the report and highlighted the need to ensure that the Council managed its information effectively, enabling them to realise and exploit its true value as a corporate asset in support of achieving business priorities, delivering efficiencies and reducing risk.  An Information Management Strategy, Appendix 1, had been developed to provide the corporate framework for managing the Council’s information assets, and had been approved the adoption by SLT.  Members were informed of the improved governance of the Council’s information that the Strategy would provide. 

 

Public sector organisations were under increasing pressure to deliver business efficiencies, whilst ensuring business continuity and risk management.  In addition, there was more external scrutiny of how public organisations manage their information with a move towards greater openness and transparency around the information held, and greater levels of regulatory requirements which necessitated more rigorous protection of information resources.  The Corporate Improvement Manager (CIM) outlined the information security requirements, making particular reference to the Public Service Network and to the transparency agenda.

 

The absence of a defined corporate framework to manage information had resulted in information management practices being inconsistent across the organisation, and details of the several challenges created as a result had been included in the report.

 

Since 2008, reports from both the Wales Audit Office and the Council’s Internal Audit team had identified weaknesses in the way the Council managed its information.  The Council had provided a greater focus to information management matters through the formation of the Corporate Information Team at the end of 2012.   The Corporate Information Team had now developed an Information Management Strategy to address the challenges identified and to embed the required improved working practices in the following areas identified in the report:-

 

·                     Information Compliance

·                     Information Access

·                     Information Assurance

·                     Information Quality

·                     Information Retention and Disposal

·                     Information Training and Awareness Raising

 

The framework depicted in the Strategy would support the Council in achieving the corporate priorities, by:-

 

·                     Ensuring our information can be quickly and easily identified;

·                     Ensuring our information is protected, according to risk;

·                     Ensuring our staff and members have the required levels of competencies to manage information appropriately;

·                     Ensuring our information meets statutory requirements; and

·                     Ensuring our vital records are identified and protected accordingly.

 

            Funding for the EDRMS project had been approved by CET for a further 3 years, and there were several actions contained within the Information Management Strategy which would direct impact upon all Officers and Members, these included:- 

 

·                     Mandatory Training

·                     File-naming

·                     Email Policy

·                     Privacy Impact Assessment

·                     Proactive publication of information

·                     EDRMS

 

Members acknowledged the enormity of the task involved, its importance and the need for an understanding of the risks relating to the Information Management Strategy process.

 

The following responses were provided to issues raised by Mr P. Whitham:-

 

-               With regard to Revision to DCC007: ‘The risk that critical or confidential information is lost or disclosed’.  Mr Whitham explained that there had been no reference to the Strategy as a mitigation or reference in the report to it being a Corporate Risk, and suggested that they should be interlinked.

  

-               Mr Whitham question whether the Strategy was being managed as a project and had a project plan been implemented to monitor progress.  The HBPP outlined the role of Internal Audit and confirmed that the Authority were keen to monitor progress and ensure the Committee received progress reports.  The view expressed by Mr Whitham that an overarching management programme be adopted was supported by the HBPP.

 

-               The Committee agreed that under the heading “Scope” on Page 54 of Appendix 1 “Information Management Strategy applies to all information held by the Council irrespective of format” should include clarification that this includes officers and Members.  Mr Whitham referred to “The Council has a duty to schools and as such schools are welcome to adopt this strategy should they wish” and suggested that stronger implementation powers should be introduced.  The HBPP explained that the Authority were only in a position to provide advice and assistance to schools.

 

-               In response to a question from Mr Whitham, regarding the provision of an assurance that various policies, protocols and procedures placed on the Councils electronic website could be found and accessed, the CPOM highlighted the importance of easy access and outlined the various mechanisms available.  He explained that the maintenance of a register, through e-leaning, could provide details of access and monitoring usage.  The Chair emphasised the importance of Information Management and the provision of training throughout the Council in relation to the dissemination of information. 

 

In reply to concerns raised by Councillor M.L. Holland regarding risk compatibility of system, Members were assured that the system used by Denbighshire was compatible with those utilised by other neighbouring LA’s.  Councillor Holland felt the provision of clear guidelines to users of the system would be imperative during the transition period.  The HBPP expressed the view that the issue of staff working from home did not present a security risk to the Authority.

 

During the ensuing discussion, it was:-

 

RESOLVED – that Corporate Governance Committee:-

 

(a)          receives the report and notes the Council’s framework for managing its information assets, as detailed in the Information Management Strategy.

(b)          notes that the risks highlighted in respect of the Information Management Strategy and Policy be incorporated in the Corporate Risk Register, and noted as a mitigating factor.

(c)          proposes that the management approach to the Strategy be project managed.

(d)          requests the provision of mandatory training for both Elected Members and staff in relation to the Strategy.

(e)          acknowledges the importance of the work in question.

(f)            requests that a copy of the Forward Plan be presented to the Committee in January, 2014, and

(g)          agrees that an invitation to attend specialist training on Data Protection be extended to Members of the Committee.

 

Supporting documents: