Kent County Council
Information governance x-directorate group
6 October 2011
Medway Room, Sessions House
Present: / Caroline Dodge BSS IRT – ChairTony Cordina BSS ICT
Pauline Banks BSS IRT
Michelle Hunt BSS IRT
Mark Lobban FSC SC (for Margaret Howard)
Cath Head BSS FP / Elizabeth Barber BSS IR&T
Dave Oxlade BSS BS
Dave Cox BSS HR
Chris Luke BSS FP
Henry Swan BSS FP
Ian Allwright BSS HR
Samantha Buckland BSS FP
Apologies: / Geoff Wild BSS GL
Charlie Beaumont CC SI
Debra Exall BSS BS / Margaret Howard FSC LDMH
Sandra Town BSS IR&T
Item / Action
1 / Welcome
Geoff apologised for a last minute appointment resulting in him being unable to attend and nominated CD to Chair. CD apologised that there were no minutes taken at the last meeting. PB & MH to minute this meeting. / PB & MH
2 / Information Asset Survey Programme – Update and decisions about the way forward
EB explained that the NHS questionnaire and an online alternative which she’d hoped could be used as a template were not suitable for KCC’s purposes. Therefore she has developed a bespoke questionnaire for circulation. This is currently with the Comms. Team for plain English testing. HR to provide EB with list of all Heads of Service
Hopefully, questionnaires will be sent out 1st week in November to every team in KCC. Janet Armstrong to assist EB with the returns. , Natasha Stonestreet investigating final output software. Decisions to be made on:
· Who the email will go out from (GW?)
· Who it goes out to (budget holders/unit managers/heads of service?)
· Method for dealing with non returns (these will require a visit as potentially high risk) and
· Steer required for timescales (complete by December?).
DC raised concerns about duplication in responses in respect to the many corporate systems (ie: Swift, ORACLE), and smaller directorate based systems/databases. HR & ICT to provide list of all corporate systems and all ICT supported systems. EB will include instructions on the questionnaire for recording these systems.
DO asked about numbers of questionnaires as there were 1400 TCP managers and this would be an indicative figure. / DC & IA
TC & DC
3 / Protective Marking Scheme
TC & EB have met and agreed that the latest version (which will be circulated) will be developed in line with the ICT Security Standard (now on Knet!) to ensure we are compliant with government requirements:
· Open
· Protected
· Restricted.
Assignment of markings would be carried centrally to ensure consistency as marking affects how records are managed (ie: storage, transfer and destruction). Asset managers will be advised what category their records will usually be.
TC spoke about email classification and the requirement for KCC’s Coco compliance. KCC promised central government that protective marking would be in place by the end of this year. ICT looking at software to make this mandatory for emails enforcing marking before send. / EB & TC
4 / Information Management SORMP – Update and action plan
DO & EB had been working on this and the content had gone through a fair amount of consultation. IR&T Team to provide much of the content. The development of the action plan was ongoing and will be accompanied by a toolkit that was yet to be developed.
As there were a few new attendees, DO provided an update about how SORMPs came about and EB confirmed that they would achieve compliance with the FOIA s46 code of practice.
DO to circulate an update report for all KCC SORMPs / DO
5 / Share Point Governance
Update from EB who is managing the SharePoint Governance Plan to ensure it sits within IM SORMP. Version 1.1 is going to SharePoint Governance Board on Monday 10 October.
TC confirmed that SharePoint had been chosen as the corporate solution for exchange of information within KCC.
6 / Sending emails internally containing personal data.
CD advised the group that this item has arisen following a number of email incidents. TC advised ICT were investigating distribution list anomalies that had come to light.
Following group discussion, TC advised that it was accepted by the Information Commissioner that KCC’s email system is considered to be secure and therefore encryption is not required internally. The proof was that the email system is a closed system.
7 / Privacy and Electronic Communications Regulations – Compliance Audit
CD explained that this item had arisen out of concerns that KCC’s web sites were not compliant with new Regulations; that required an opt out facility on web sites that collect cookies. KCC’s Web Team had confirmed they are looking at this and have carried out a lot of research with other councils. Believed that KCC has until May 2012 to implement necessary changes.
TC advised that the main concern is externally managed websites on kent.gov.uk where external providers are hosting sites on behalf of KCC (ie: online libraries shop), as these sites are also covered by the new Regulations but ISG is not able to ascertain if compliant or not…
8 / AOB
DC asked about Net Consent and TC advised that it was a very good policy management system which could be used to ensure users read policies, undertake training and tests etc before logging in. However ICT had not yet been able to make this work in our environment as it couldn’t pick up hierarchy to flag up “fails” to management. However a new pilot scheme would be in place by the end of October. TC to chase current position
SB asked about compliance and schools – CD confirmed that schools were data controllers in their own right and whilst we provide advice and guidance, KCC was not liable for non-compliance. DC thought that there was likely to be some liability on the part of the Council, in some circumstances. / TC
9 / Date of Next Meeting
To be confirmed
Info Gov X-Dir Group October 2011 Page 1 of 3