Issue - meetings

The Executive Board considered a report on the Information Security Policy which had been reviewed and updated to ensure compliance with current legislation (GDPR) and best practices providing a robust policy which aimed to protect the Council’s information.  Key elements of the Access Control Policy and a Copyright Designs and Patents Act Policy had also been incorporated into the revised Information Security policy.

The Executive Board noted the policies three main objectives:

·         The Council’s information assets and ICT equipment are adequately protected against any action that could have an adverse effect on the security of information.

·         That all information assets must be “owned” by a named officer within the authority.  The Council defines all Heads of Service as Information Asset Owners.

·         That staff and elected members are aware and comply with all relevant legislation and council policies related to how they conduct their day-to-day duties in relation to ICT.

The report recommended that the policy be published to all staff and elected members via meta-compliance in order to ensure the policy has been read and fully understood.

UNANIMOUSLY RESOLVED that the recommendations as set out in the report be endorsed and the revised Information Security Policy be approved.