Agenda item

Report by Emergency Planning Officer (attached).

The Committee considered the report by the Graduate Emergency Planning Officer regarding Business Continuity (circulated previously).

The Public Protection Manager and Graduate Emergency Planning Officer advised the Committee that:

The Committee were advised that:

·         the Cabinet Office had produced guidance in line with ISO 22301:2019 Security and resilience – Business Continuity Management Systems.  The proposal to refresh the current plans was deemed good-practice under this guidance.

·         Success would be measured against the reduction in impact or improvement of the Authority’s response when disruptions occur.

·         The Graduate Emergency Planning Officer would be studying for a Business Continuity Diploma from November 2020.

In response to questions from the Committee, the Graduate Emergency Planning Officer advised that:

·         Under the Civil Contingency Act 2004, Local Authorities had a duty to offer guidance and support to businesses and organisations in the area.  North Devon Council would look to continue this work should any further localised flooding occur.

·         She was not aware of any plans by the Government to change the parameters within which the Council would work in future.

·         The Council was looking at its own internal ability to respond to disruptions, with normal services being defined at a pre-determined level.

In response to a question from the Committee, the Head of Place advised the Committee that there were three major changes within Planning proposed within the White Paper which was currently out for consultation. The range of permitted dwellings had changed, along with the ability to now build at 3.5m above the ridgeline of a terrace or semi-detached dwelling under permitted development rules.  The Government consultation was due to end on 1^st October 2020, with a further consultation due to end on 31^st October 2020 which would provide a more detailed plan of the changes to the system.  A briefing regarding these changes would be presented to the Joint Local Plan Working Group on 22^nd September 2020.

The Business Information Systems Manager provided the Committee with an update in terms of the ICT systems in place. She provide an infographic (circulated separately) showing an overview of the network.  She advised the Committee that:

·         There was a layered defence approach in protecting the network.

·         A major risk was the possibility of cyber-attack. This was a tier one attack and as such the avoidance of this was a very high priority.  Principles employed to avoid this cover hardware, software and cloud provision. Firewalls and Anti-virus and malware software were being used. Network traffic was monitored in real-time.  Software and servers were updated monthly.

·         Procedures were in place which enable hardware (such as ipads) to be wiped remotely if required.

·         There were restrictions to access to the system, networks connections and online usage, to reduce the possibility of external access to the system via hack or virus.

The Chair thanked the Business Information System Manager for the work done by herself and her team in setting up the access for remote users in such a short period of time.

In response to questions from the Committee, the Business Information System Manager advised that:

·         Works to move the 2008 RT servers to the 2016 servers was now 60% completed.  It was expected to be 90 to 95% completed by the end of December. It was anticipated there may be a need for a further extension of Microsoft support during the overlap period.  The network would be replicated to the cloud.

·         All emails received were filtered centrally before reaching the recipients. Any suspicious emails were then stopped before being opened. It was still imperative that any suspicious emails were not opened by users and if anyone was unsure about the validity of any email they should contact ICT helpdesk prior to opening the email.

·         The process where an email is sent to an ipad advising of a missed call was not to be treated as suspicious as this would have been a missed skype call.

The Committee noted the update on Business Continuity.