Minutes
IT Dual Assurance Meeting
Held on 18 June 2013 in Room 165, Northcote House
Present:
Michele Shoebridge (MIS), Sally Wilcox (SW), Lynne Tucker (LT), Suzie Mountain
(SJM) (Minutes)
In Attendance: Ian Tilsed (IJT) for the Enterprise Application Strategy Discussion.
1. Minutes from Previous Meeting
1.1 Professor Everson will Chair the HPC Governance Group. LT and Tim Harries will be
writing the Terms of Reference and suggesting a list of attendees.
1.2 MIS and LT met Julia Slingo (Chief Scientist, The Met Office). There is a further meeting
scheduled for 9 July to discuss establishing a research facility in the Science Park
following the outcome of the Met Office government bid for funds; Exeter could
potentially contribute to the facilities. DA suggested up to £500K of funding. LT will
investigate the University’s use of Monsoon.
1.3 No progress with ePDRs to date. LT expects this may sit within the Council’s
performance management agenda.
ACTION: LT to investigate the University’s use of Monsoon
2.
Corporate Risks
2.1 The corporate risks have been signed off.
2.2 Mazars have conducted two audits in the areas of the two corporate risks:
Information/data Security and Performance of IT. Both have received Substantial
Assurance and were presented at Audit Committee.
2.3 LT also presented a Cyber Security paper at Audit Committee. RKT have identified the
ten highest risk research areas and Exeter IT will be working with researchers in these
areas. AC has asked that all laptops be encrypted by February 2014 and that Info
Security training be made mandatory.
2.4 Comments on the Information Security risk for next time:
 Clarify what is meant by “all means”.
 Online training is not recorded/monitored by the University and is not
mandatory. Access data could be produced however. SW view is that
online training should be mandatory professional development with
printable certificates – this could link with ePDRs.
 Professional penetration tests – state the regularity of these and quantify.
 Formal IS Policy is now much easier to locate on the intranet.
 Analysis of Logs – explain “new technology” in more detail.
 Hard copy filing access – are there physical checks? Is there a clear desk
policy?
 Incident management – there is an annual business continuity event and LT
has asked for research data loss to be included in future.
2.5 Comments on the Performance of IT Risk for next time:
 The review date is shown as May 2013 however the red text is the
additional text.
 Budget must be emphasised.
 Clarify the difference between the IT Strategic Projects Task Force and a
similar named meeting – one is strategic projects and one is departmental
projects.
 What are the processes in place to ensure performance?
 There were nine power cuts over two months in the Old Library which
hosts a large part of the wireless infrastructure. Work to improve
resilience is being carried out.
 The ‘fit for purpose’ audit carried out by Mazars on 18 March should be
marked as “external audit”.
3. Freedom of Information (FOI) Requests
3.1 LT circulated a FOI report.
3.2 Improved communication between professional services, QAA and colleges for FOI
requests is needed. This may include training for FOI staff.
3.3 Recommendation that this FOI report be submitted to Council as a part 2 paper.
4. Draft Enterprise Application Strategy
Ian Tilsed (IJT joined the meeting for this item).
4.1 The executive summary will be redrafted.
4.2 The strategy’s goal is to provide management information and to link with Cognos and
other systems for consistency with the data quality programme.
4.3 It must be clear in the strategy that management information is a “business
responsibility”.
4.4 A visual flow chart of all the governance groups and how they work together would be
useful to convey understanding of roles and responsibilities.
4.5 The strategy is too lengthy – ideally it should be reduced by half.
4.6 Who is the audience? Could possibly be 2 documents
4.7 The project plan and the appendices are ‘spot on’.
4.8 Links and a RAG analysis would be helpful.
5. ISG Dual Assurance Meetings – Clarity
5.1 An ISG Dual Assurance meeting took place on 14 June, attended by Michele Shoebridge
(MIS), Geoff Pringle, Hugh McCann and Peter Lacey. This was not in Sally Wilcox’ (SW)
diary.
5.2 Need to confirm ISG Dual Assurance membership.
5.3 Northcote House accommodation may be reviewed together with use of desk space
across the University.
5.4 MIS or Claire Baines (CB) must sit on ISG Dual Assurance to represent the student
experience and stretch targets.
5.5 CB has indicated the need for an ‘academic voice’ at Dual Assurance.
5.6 A Dual Assurance Newsletter would be helpful.