Agenda and minutes

To confirm the appointment of the Chair for the meeting.

In accordance with Section 10 of the Joint Committee Terms of Reference the Chair should rotate between the appointed members from each Council at each meeting. As this meeting is being hosted by the London Borough of Lewisham, the practice is for the Chair of the meeting to be appointed from the membership of that authority.

RESOLVED that in accordance with Section 10 of the Joint Committee’s Terms of Reference, Councillor Amanda De Ryk (as representative of the hosting Authority – London Borough of Lewisham) be appointed as Chair for the duration of the meeting.

Apologies for absence were received from Councillor Dora Dixon-Fyle MBE (London Borough of Southwark) and Councillor Brenda Dacres (London Borough of Lewisham).

Members are invited to declare at this stage of the meeting, the nature and existence of any relevant disclosable pecuniary or personal interests in the items on this agenda and to specify the item(s) to which they relate.

There were no declarations of interest from Members.

To approve the minutes of the previous meeting held on Tuesday 11 July 2023 as a correct record.

RESOLVED that the minutes of the previous meeting of the Joint Committee of the London Boroughs of Brent, Lewisham and Southwark held on Tuesday 11 July 2023 be approved as a correct record.

No deputations or request to speak were submitted by members of the public.

This report provides an update on the performance of the Shared ICT Service.

Fabio Negro (Managing Director of Shared Service) introduced the report to the Joint Committee providing an update on key performance areas in relation to the Shared Technology Service (STS).

Members noted the summary of key performance management indicators for the service across all three Council’s, which had been included within Appendix A of the update report along with the changes made to the format of the report which, following feedback, had been remodelled to provide a more streamlined outline of performance and opportunities available to the STS.

In terms of detailed service performance, the Joint Committee were advised of the following:

·             Whilst good progress continued to be made against targets in relation to STS operational queues, performance had been affected during October as a result of a shortfall in workforce resources with 10% of staff having been unavailable for various reasons.  STS were also currently focussing activity to close aged tickets with the target for end of year being that all tickets prior to 2023 would be closed with details also provided in section 4.6 of the report on the trend with logged tickets.

·             In the period of June through to October 2023, there had been eleven Priority 1 incidents related to STS infrastructure, six of which were resolved within SLA with 7 application/supplier related P1 incidents and a comparison also provided over the previous 12 months.  Members also noted the update provided in relation to the number of Priority 2, 3 & 4 calls logged along with the main categories as detailed within section 4.9 – 4.11 of the report.

·             The shared service had logged 69,075 tickets between 1^st June and 31^st October 2023 for all council application teams as well as the shared service (an average of 13,815 tickets per month) which compared with 41,100 in the previous reporting period March 2023 to May 2023 (an average of 13,700 tickets per month). These tickets consisted of both incidents and service requests, with a detailed breakdown provided in section 4.15 of the report.

·             The details provided on the Top 10 risks identified for STS and the relevant mitigations in place to address them, as detailed within section 6 of the report.

·             The details provided on the STS related audits which had been undertaken across all three authorities during 2022-23 along with progress on delivery of the recommended actions identified and audit plan for 2023-24, as detailed within section 7 of the report.

·             The outline provided on the 6-month overview of the STS Technology Roadmap, as detailed within section 8 of the report including updates in relation to completion of the Compute and Storage Infrastructure replacement, implementation of the Asset Management System (AMS) policy and processes across Brent & Lewisham, with this to be completed within Southwark by November 23.  Members were also advised of the work being undertaken to develop the next generation laptops, with STS having approved a project to migrate the laptop management to the Office 365 Intune environment, including use of Autopilot to support deployment  ...  view the full minutes text for item 6.

To note the remaining programme of date(s) scheduled for meeting of the Joint Committee during 2023/24, as follows:

·        Tuesday 19 March 2024 at 6pm – to be held online chaired by the London Borough of Brent

Members noted that the next meeting of the Joint Committee had been scheduled for Tuesday 19 March 2024 at 6pm – this would be an online meeting to be chaired by London Borough of Brent.

To consider the exclusion of the press and public from the remainder of the meeting as the remaining report to be considered contains the following category of exempt information as specified in Paragraph 3, Part 1 Schedule 12A of the Local Government Act 1972, namely:

“Information relating to the financial or business affairs of any particular person (including the authority holding that information)"

Subject to the exclusion of the press and public being agreed at this stage of the meeting, the live webcast will then be ended.

At this stage in proceedings the Chair advised that she intended to move into closed session for the remainder of the meeting in order to consider what would (moving forward) be a separate report for the Joint Committee providing updates on the Cyber Security status, threats, and mitigations in relation to the Shared Technology Services (STS).

Given the commercially sensitive nature of the details contained within the update, the Joint Committee were advised that the report would need to be considered in closed session which would require the Joint Committee to pass a formal resolution excluding the press and public for consideration of the item.

It was therefore AGREED that that under Section 100A (4) of the Government Act 1972 the press and public be excluded from the remainder of the meeting for consideration of the following item on the grounds that it would involve the disclosure of exempt information as defined in paragraph 3 (information relating to the financial or business affairs of any particular person, including the authority holding that information) of Part 1 of Schedule 12A of the Act (as amended).

The live webcast was ended at this stage of the meeting to enable the Joint Committee to move into private session.

This report provides an update on the Cyber Security status, threats, and mitigations identified in relation to the Shared Technology Services.

Fabio Negro then introduced the update report in relation to Cyber Security status, threats, and mitigations for the Shared Technology Service (STS).  In considering the report members noted:

·             The development of a new STS Cyber Security Strategy for 2021-2024, which detailed the approach to Cyber Security within STS and outlined plans to further develop capabilities within the following main areas: Defend, Deter, Develop and React and was scheduled to be formally approved by the Joint Committee towards the start of 2024.

·             The outline of events impacting on STS along with an update on current threats and mitigating actions in relation to the following key areas of activity as detailed within section 7 of the report:

Ø   DEFEND – which had involved STS developing the means to defend against evolving cyber threats, respond effectively to incidents, and ensure networks, data and systems were protected and resilient.

Ø   DETER – which had involved STS detecting, understanding, investigating, and disrupting hostile activities against the service.

Ø   DEVELOP – which had involved STS developing a coordinated and tailored approach to risks and threats encountered and mitigating against potential vulnerabilities.

Ø   REACT – which had involved STS in developing sufficient controls to respond to any attacks including the organisational channels and processes required to make efficient decisions further protect data and limit any scope of attack.

·             The outline of future plans being developed in relation to the STS Cyber Security Strategy, as detailed within section 8 of the report.

As no further matters were raised, the Joint Committee completed their consideration of the update report.  The Chair thanked Fabio Negro for the updates provided and it was RESOLVED to note the update and actions being taken as detailed in the report.

None.