Issue - meetings

ICT Audit Actions Progress Report

 

 

Meeting: 30/09/2025 - Audit and Scrutiny Committee (Item 27)

27 ICT Audit Actions Progress Report pdf icon PDF 218 KB

Progress report on ICT Audit Actions.

Additional documents:

Minutes:

The Committee received a report on the Progress of the ICT Audit Actions.

The following matters were considered:

a)            Cybersecurity training. A Member of the Committee asked why the target for cybersecurity training completion wasn’t 100%, as the targets currently sit at 90% for internal staff and 80% for Councillors. The Head of ICT informed the Committee that a new platform, Boxphish, is being used to deliver the cybersecurity training. This new platform enables both ICT and HR teams to monitor training completion levels across the organisation and automatically issues reminders to the staff who have not completed the training within the designated time frame and in case of persistent non participation ICT will work with HR to determine appropriate sanctions. Based on HR’s guidance and organisational policy, the original target of 90% completion was set to ensure broad coverage, whilst acknowledging that some staff may be on long term leave or otherwise unable to complete the training within the given time frame. The campaign that ICT have now launched for the staff is directed at all staff who use a computer or an electronic device that could be vulnerable to cyber threats, taking, ICT remain confident that the box fish system can achieve a 99% completion rate. The Head of ICT raised that limited engagement was received from Members in the past in regard to cybersecurity training and that informed the target of 80% completion. He explained that ICT remain confident that Boxphish will deliver a more engaging experience and the training is shorter, more relevant, and tailored to the needs of both staff and Members. There is ongoing work between ICT, Comms, and Democratic Services to deploy the training to Councillors and the first wave of training should be received by Members in the coming weeks.

b)            Uptake of Training. A Member of the Committee raised that when the previous training email was received by Councillors, it was deleted by some who believed it could be spam or phishing.

Following consideration, the Committee unanimously resolved to:

(1)      Note the most recent progress that has been made on the remaining ICT audit actions as set out in Appendix 1.