Agenda item
INFORMATION MANAGEMENT STRATEGY
To consider a report by the Head of
Business, Planning and Performance (copy enclosed) on the new framework for managing information
assets.
Minutes:
A
report by the Head of Business, Planning and Performance (HBPP) had been
circulated previously.
The HBPP introduced
the report and highlighted the need to ensure that the Council managed its
information effectively, enabling them to realise and exploit its true value as
a corporate asset in support of achieving business priorities, delivering
efficiencies and reducing risk. An
Information Management Strategy, Appendix 1, had been developed to provide the
corporate framework for managing the Council’s information assets, and had been
approved the adoption by SLT. Members
were informed of the improved governance of the Council’s information that the
Strategy would provide.
Public sector organisations were under increasing pressure to deliver
business efficiencies, whilst ensuring business continuity and risk management. In
addition, there was more external scrutiny of how public organisations manage
their information with a move towards greater openness and transparency around
the information held, and greater levels of regulatory requirements which
necessitated more rigorous protection of information resources. The Corporate Improvement Manager (CIM) outlined
the information security requirements, making particular reference to the
Public Service Network and to the transparency agenda.
The absence of a defined corporate framework to manage information had
resulted in information management practices being inconsistent across the
organisation, and details of the several challenges created as a result had
been included in the report.
Since 2008, reports from both the Wales Audit Office and the
Council’s Internal Audit team had identified weaknesses in the way the Council
managed its information. The Council had
provided a greater focus to information management matters through the
formation of the Corporate Information Team at the end of 2012. The Corporate Information Team had now
developed an Information Management Strategy to address the challenges
identified and to embed the required improved working practices in the
following areas identified in the report:-
·
Information Compliance
·
Information Access
·
Information Assurance
·
Information Quality
·
Information Retention and Disposal
·
Information Training and Awareness Raising
The framework depicted in the Strategy would support the Council in
achieving the corporate priorities, by:-
·
Ensuring
our information can be quickly and easily identified;
·
Ensuring
our information is protected, according to risk;
·
Ensuring
our staff and members have the required levels of competencies to manage
information appropriately;
·
Ensuring
our information meets statutory requirements; and
·
Ensuring
our vital records are identified and protected accordingly.
Funding for the EDRMS
project had been approved by CET for a further 3 years, and there were several
actions contained within the Information Management Strategy which would direct
impact upon all Officers and Members, these included:-
·
Mandatory
Training
·
File-naming
·
Email
Policy
·
Privacy
Impact Assessment
·
Proactive
publication of information
·
EDRMS
Members acknowledged the enormity of the task involved, its importance
and the need for an understanding of the risks relating to the Information
Management Strategy process.
The following responses were provided to issues raised by Mr P. Whitham:-
-
With
regard to Revision to DCC007: ‘The risk
that critical or confidential information is lost or disclosed’. Mr Whitham
explained that there had been no reference to the Strategy as a mitigation or reference in the report to it being a
Corporate Risk, and suggested that they should be interlinked.
-
Mr Whitham question whether the Strategy was being managed as
a project and had a project plan been implemented to monitor progress. The HBPP outlined the role of Internal Audit
and confirmed that the Authority were keen to monitor progress and ensure the
Committee received progress reports. The
view expressed by Mr Whitham that an overarching
management programme be adopted was supported by the HBPP.
-
The
Committee agreed that under the heading “Scope” on Page 54 of Appendix 1
“Information Management Strategy applies to all information held by the Council
irrespective of format” should include clarification that this includes
officers and Members. Mr Whitham referred to “The Council has a duty to schools and
as such schools are welcome to adopt this strategy should they wish” and
suggested that stronger implementation powers should be introduced. The HBPP explained that the Authority were
only in a position to provide advice and assistance to schools.
-
In
response to a question from Mr Whitham, regarding the
provision of an assurance that various policies, protocols and procedures
placed on the Councils electronic website could be found and accessed, the CPOM
highlighted the importance of easy access and outlined the various mechanisms
available. He explained that the
maintenance of a register, through e-leaning, could provide details of access
and monitoring usage. The Chair
emphasised the importance of Information Management and the provision of
training throughout the Council in relation to the dissemination of
information.
In reply to concerns raised by Councillor M.L. Holland regarding risk
compatibility of system, Members were assured that the system used by
Denbighshire was compatible with those utilised by other neighbouring
LA’s. Councillor Holland felt the
provision of clear guidelines to users of the system would be imperative during
the transition period. The HBPP
expressed the view that the issue of staff working from home did not present a
security risk to the Authority.
During the ensuing discussion, it was:-
RESOLVED – that
Corporate Governance Committee:-
(a)
receives
the report and notes the Council’s framework for managing its information
assets, as detailed in the Information Management Strategy.
(b)
notes
that the risks highlighted in respect of the Information Management Strategy
and Policy be incorporated in the Corporate Risk Register, and noted as a
mitigating factor.
(c)
proposes
that the management approach to the Strategy be project managed.
(d)
requests
the provision of mandatory training for both Elected Members and staff in
relation to the Strategy.
(e)
acknowledges
the importance of the work in question.
(f)
requests that a copy of the Forward Plan be
presented to the Committee in January, 2014, and
(g)
agrees
that an invitation to attend specialist training on Data Protection be extended
to Members of the Committee.
Supporting documents: