Agenda and minutes

To confirm the appointment of the Chair for the meeting.

In accordance with Section 10 of the Joint Committee Terms of Reference the Chair should rotate between the appointed members from each Council at each meeting.  As this meeting is being hosted by the London Borough of Brent, the practice is for the Chair of the meeting to be appointed from the membership of that authority.

RESOLVED that in accordance with Section 10 of the Joint Committee’s Terms of Reference, Councillor Mili Patel (as representative of the hosting Authority – London Borough of Brent) be appointed as Chair for the duration of the meeting.

No apologies were received.

Members are invited to declare at this stage of the meeting, the nature and existence of any relevant disclosable pecuniary or personal interests in the items on this agenda and to specify the item(s) to which they relate.

There were no declarations of interest declared by Members at the meeting.

To approve the minutes of the previous meeting held on Tuesday 28 November 2023 as a correct record.

RESOLVED that the minutes of the previous meeting of the Joint Committee of the London Boroughs of Brent, Lewisham and Southwark held on Tuesday 28 November 2023 be approved as a correct record.

No deputations or request to speak were submitted by members of the public.

This report provides an update on the performance of the Shared ICT Service.

Kevin Ginn (Head of Operations of Shared Technology Services) introduced the report to the Joint Committee providing an update on key performance areas in relation to the Shared Technology Service (STS).

Members noted the summary of key performance management indicators for the service across all three Council’s, which had been included within the report and in terms  of detailed service performance, the Joint Committee were advised of the following:

·            In this reporting period, STS had made strong progress in meeting three of the main performance indicators, with significant reductions in the number of open STS operational Hornbill calls, the number of open Operational Aged calls (dating back to 2021) and then a significant improvement in SLA performance for priority 3 incident calls and priority 4 (P4) request calls.

·            In the period November 2023 through to February 2024, there were ten P1 incidents related to STS infrastructure, four of which were resolved within SLA.

·            P3 incidents were the most common type of incident, as these were generally related to issues experienced by individual users.  The target SLA was to resolve 90% of P3 incidents within two working days.  10,051 P3 incidents were logged into STS operational queues by the partner councils (11,299 overall) during this reporting period, with an overall SLA performance of 75% (compared with 66% in the previous reporting period) and the top eight  categories for P3 calls detailed in section 4.10 of the report.

·            Priority 4 were defined as requests for standard service or catalogue item.  The standard SLA was to resolve 80% within 5 working days.  In the current reporting period, there had been 10,373 P4 requests logged into STS operational queues, with an overall SLA performance of 83% compared with the previous reporting period figure of 74%.

·            Response times to P3 and P4 incidents were recorded as faster than they had ever been before, and STS was remaining within SLA across all three local authorities.

·            The on-site service for face-to-face visits by users was now covering standard Business as Usual (BAU) hours of 8am to 6pm, as STS strived to improve the user experience further.  This service was being provided at the Councils’ main offices at Brent Civic Centre, Lewisham Laurence House and Southwark Tooley Street.

·            In terms of users needing face to face support, STS had improved the queuing service by implementing the QMinder system, which provided a controlled queueing and notification mechanism, and this will result in tickets being completed quicker.

·            The telephony provider was Risual Ltd and when staff rang the IT Service Desk number, it was answered by operatives from Risual who acted on behalf of the three councils.  Members were advised of measures being undertaken to resolve an ongoing issue involving the logging of tickets via Risual on Hornbill which had been designed to provide a more accurate picture of first-touch ticket resolution volumes and was also expected would improve SLA performance for P3 and P4 priority tickets.  The integration should be delivered by the end of March 2024.

·            Overall, the  ...  view the full minutes text for item 6.

To note the list of provisionally scheduled of dates for the Joint Committee during the 2024 – 25 Municipal Year, as follows:

·             Tuesday 9 July 2024 at 6pm – to be held online chaired by the London Borough of Southwark.

·             Tuesday 26 November 2024 at 6pm – to be held online chaired by the London Borough of Lewisham.

·             Tuesday 18 March 2025 at 6pm – to be held online chaired by the London Borough of Brent.

Members are asked to note that the above dates will be subject to confirmation by each respective partner borough.

Members noted the following dates scheduled for future meetings of the Joint Committee during 2024-25 Municipal Year:

·            Tuesday 9 July 2024 at 6pm – to be held online chaired by the London Borough of Southwark.

·            Tuesday 26 November 2024 at 6pm – to be held online chaired by the London Borough of Lewisham.

·            Tuesday 18 March 2025 at 6pm – to be held online chaired by the London Borough of Brent.

To consider the exclusion of the press and public from the remainder of the meeting as the remaining report to be considered contains the following category of exempt information as specified in Paragraph 3, Part 1 Schedule 12A of the Local Government Act 1972, namely:

“Information relating to the financial or business affairs of any particular person (including the authority holding that information)"

Subject to the exclusion of the press and public being agreed at this stage of the

meeting, the live webcast will then be ended.

At this stage in proceedings the Chair advised that she intended to move into closed session for the remainder of the meeting in order to consider a separate report for the Joint Committee providing updates on the Cyber Security status, threats, and mitigations in relation to the Shared Technology Services (STS).

Given the commercially sensitive nature of the details contained within the update, the Joint Committee were advised that the report would need to be considered in closed session which would require the Joint Committee to pass a formal resolution excluding the press and public for consideration of the item.

It was therefore AGREED that that under Section 100A (4) of the Government Act 1972 the press and public be excluded from the remainder of the meeting for consideration of the following item on the grounds that it would involve the disclosure of exempt information as defined in paragraph 3 (information relating to the financial or business affairs of any particular person, including the authority holding that information) of Part 1 of Schedule 12A of the Act (as amended).

The live webcast was ended at this stage of the meeting to enable the Joint Committee to move into private session.

This report provides an update on the Cyber Security status, threats, and mitigations identified in relation to the Shared Technology Services.

Kevin Ginn (Head of Operations of Shared Technology Services) then introduced the update report in relation to Cyber Security status, threats, and mitigations for the Shared Technology Service (STS).  In considering the report members noted:

·            The outline of events impacting on STS along with an update on current threats and mitigating actions in relation to the following key areas of activity as detailed within section 3-7 of the report:

Ø   DEFEND – which had involved STS developing the means to defend against evolving cyber threats, respond effectively to incidents, and ensure networks, data and systems were protected and resilient.

Ø   DETER – which had involved STS detecting, understanding, investigating, and disrupting hostile activities against the service.

Ø   DEVELOP – which had involved STS developing a coordinated and tailored approach to risks and threats encountered and mitigating against potential vulnerabilities.

Ø   REACT – which had involved STS in developing sufficient controls to respond to any attacks including the organisational channels and processes required to make efficient decisions further protect data and limit any scope of attack.

·            The aim to present the future Cyber Security Strategy 2024-2026 to the Joint Committee for approval at the next meeting.

·            The outline of future plans being developed in relation to the STS Cyber Security Strategy, as detailed within section 8 of the report, which had included a project focussed on future laptop design as well as work to develop the plans for implementation of Microsoft's biometric authentication method for logging into devices, work to reduce the amount of open old vulnerabilities and to engage with third parties to onboard a Security Operations Centre.

·           To protect against privilege escalation in the cloud and on-premise environment, STS had been working with CrowdStrike on their identity protection tool to understand the risk with accounts and the likelihood of exploit and the process to secure corporate identities.

The Chair thanked Kevin Ginn for his update with additional clarification provided for members in relation to the following issues raised:

·            The background and resolution of recent cyber security events impacting on the STS across each borough, including the costs and resources involved in dealing with any incidents.

·            The approach being developed towards the use of biometrics as a potential security feature.

As no further matters were raised, the Joint Committee completed their consideration of the update report.  The Chair thanked Kevin Ginn and Fabio Negro for the details provided and it was RESOLVED to:

(1)       note the update and actions being taken as detailed in the report.

(2)       To request (in view of the issues highlighted during the meeting) a separate paper to be provided for members of the Joint Committee (in advance of the next meeting) on the approach towards the use of biometrics as a potential security feature on devices to be included within the laptop refresh programme including a focus on risks, mitigations and also opportunities alongside consultation with staff representatives/Trade Unions.

None.