Part One REPORT OF THE LEAD MEMBER FOR CUSTOMER AND SUPPORT SERVICES

advertisement

Part One ITEM NO. 9

REPORT OF THE LEAD MEMBER FOR

CUSTOMER AND SUPPORT SERVICES

TO THE: BUDGET & AUDIT SCRUTINY AUDIT SUB-COMMITTEE

ON TUESDAY, 22 MARCH, 2005

TITLE: COMPUTER AUDIT UPDATE

RECOMMENDATIONS: Members are asked to note the contents of the report.

EXECUTIVE SUMMARY: The purpose of this report is to inform members of the progress made by the Computer Audit Team in respect of BS7799, Business

Continuity Planning and delivery of joint computer auditing to AGMA members and other public bodies.

BACKGROUND DOCUMENTS: Various reports and working papers.

(Available for public inspection)

ASSESSMENT OF RISK: Internal Audit projects are managed within the Unit’s risk and systems based audit protocols aimed at giving assurance regarding the management of the City Council’s and those partners involved in joint computer audit key business risks.

SOURCE OF FUNDING: Existing revenue budget for BS7799 and business continuity and new income generated by external computer audit working.

COMMENTS OF THE STRATEGIC DIRECTOR OF CUSTOMER AND SUPPORT

SERVICES (or his representative):

1. LEGAL IMPLICATIONS

2. FINANCIAL IMPLICATIONS

Provided by: N/A

Provided by: Strategic Director

Customer & Support

Services

PROPERTY (if applicable): N/A

HUMAN RESOURCES (if applicable): N/A

CONTACT OFFICER: David McIlroy, Head of IT/IS Audit 0161 793 2172

Email – david.mcilroy@salford.gov.uk

WARD (S) TO WHICH REPORT RELATE (S): N/A

KEY COUNCIL POLICIES: N/A

DETAILS (Continued Overleaf)

BS7799

– Code of Practice for Information Security Management

Work continues regarding compliance against the BS7799 information security management standard. Customer and Support Services and Social Services are now largely completed, with the focus moving towards defining solutions to achieve compliance. Considerable progress has also been made in many other parts of the authority.

The new Corporate Information Security Protocol, which was given final go ahead by

Cabinet in January, has been implemented. This is the first in a series of new policies and controls planned to further improve information security arrangements in

Salford.

Business Continuity Planning (BCP)

Salford City Council is undertaking a project to initiate and maintain business continuity management within it’s own directorates, Greater Manchester Police

Authority and New Prospect Housing Ltd.

Phase 1 of the project has been largely completed and has resulted in a series of recent plan exercises to test plans and response arrangements. Some refinement is required in light of this.

Activity around Phase 2 will be rolled out over the next two to three months and will initially focus on Chief Executives, Environmental Services, NPHL and Urban Vision.

Joint Computer Auditing

The first full year of external computer audit delivery is almost complete. Customer satisfaction with work delivered is in excess of 93% and for the full year a total of 26 pieces of work have been delivered.

Early indications are that all participants plan to re-engage with Salford to deliver computer audit services in 2005-6, with delivery expected to exceed that in 2004-5

(circa 630 days).

Demand for other non-technical audit services continues to be strong and we expect additional interest in consultancy services around planning, best practices, information security and business continuity planning. A further appointment is in hand to ensure the availability of suitably skilled and experienced technical audit specialists.

Positive comments have been received from the Audit Commission, who has described joint computer auditing as an exemplar of best practice and one, which is raising standards amongst the participating members.

The Office of the Deputy Prime Minister has also expressed support for the work

Salford is leading as promoting collaborative working and developing best practices amongst public sector bodies.

Download