Apologies for absence were received from Cllr Sweetman. Cllr Bolshaw attended as substitute.

The Chair thanked officers for all of the work done throughout the last municipal year.

There were no declarations of interest.

[To approve the minutes of the previous meeting as a correct record.]

Resolved:     That the minutes of the previous meeting be approved as a correct record and signed by the Chair.

[For information only]

The Board considered the minutes of the West Midlands Combined Authority Overview and Scrutiny Committee meeting held on 25 February 2019.

Concern was expressed that the meeting was not quorate and that this could indicate that scrutiny was not being taken seriously.

The Chair stated that it was due to how the legislation was written and that steps were being taken to try and address the problems through the governance procedures. The Chair stated that it was hoped that in the future the WMCA O&SC would start to bring updates back to each constituent authority.

The Board queried how many times the meetings were inquorate, and it was stated that this happened quite regularly but that turnout was better in the working groups.

The Board considered that it should be noted that these bodies are deemed important and that if they are constituted in such a way that there are issues such as being inquorate, then these issues needed to be addressed. Public money was going into these groups and it needed to be used productively. A board member stated that he had been involved in county wide organisations for a long time and that they had ended because they were not accountable, and it seemed probable that not many members of the public would know what the WMCA was or what it did.

It was agreed that concerns about governance arrangements needed to be fed back to the WMCA O&S Committee.

The Chair noted that there were only two Scrutiny Officers for the WMCA O&SC and that other councils including Wolverhampton were often asked to help with the administration of meetings.

The Board also noted that to amend the quorum of the WMCAO&SC would require intervention from central government as it could not be done locally.

Resolved:     That concerns regarding the governance arrangements of the WMCA O&S be fed back.

There were no matters arising.

[To discuss the current call-in process as detailed in the Overview and Scrutiny Procedure Rules]

The Board considered the recent call-in and the processes that were currently in place for dealing with call-ins.

The Board considered that the procedure rules needed to be looked at and that in the future a reason for the call-in had to be specified.

The Board also considered that clarification was required around the exclusion of the press and public from meetings.

Resolved:     That a scrutiny working group be convened to consider the call-in procedure.

[Report to Follow]

The Board welcomed Gail Rider, Head of ICT to the meeting.

The Director of Governance who was the Senior Information Risk Owner (SIRO) had recommended a report be presented to Scrutiny Board to provide an overview and understanding of how Cyber security was managed within the authority. The report included information on the robustness of processes and preventative measures that were in place, an overview of the authorities’ cloud storage approach and the on-going roadmap that assured constant and up to date approaches to new threats and challenges.

It was stated that the Council was a Microsoft partner which meant that any processes were supportive and progressive.

The Council adopted a cloud first approach, but this wasn’t always an option as some applications were not be cloud ready. The cloud was provided by Microsoft, which was one of the most secure and the Council only paid for what it used. There was a secondary data centre in Stafford and a proportion of what the Council run was replicated there.

The Council took a very preventative approach to cyber security and it was stated that there had been four attempted attacks since Christmas, all of which had been stopped.

It was confirmed that the Council did apply patches regularly and was continuously updating firewalls and antivirus software whilst also working closely with partners including the Information Governance team.

The Council’s cyber security had been assessed and once deemed to be one of the safest in the region.

The Board queried the use of multiple and often very complex passwords and it was confirmed that the Council’s password policy was currently under review and that the team were aware that it could not be overly secure as this might make it harder for people to use the services on offer.

The Board considered the issue of the phishing campaigns that had been carried out by Information Governance. The first had been carried out in October 2017 with 608 emails being opened and 500 employees attempting to click on link. The more recent exercise had resulted in 93% of emails not being opened and only 4% attempted to click on the link.

The question was raised as to what were the big-ticket issues that could really cause problems if we got them wrong such as a sustained denial of service attack (if services went down for a long time), the safeguarding of data or problems with the urban traffic control centre for the black country including the threat of hostile actors trying to take it down.

It was stated that the Council was looking at every single service it had and every application including where it sat, how it was backed up and how it was secured. The Head of ICT stated that she had managed to obtain match funding to put in additional controls. The Head of ICT stated that in relation to the Urban Traffic Control System she would expect that this was replicated in Stafford with the servers based here.  ...  view the full minutes text for item 7.

[To consider the Board’s work programme for future meetings.]

The Board received a verbal update from Cllr Ahmed on the work of the Scrutiny Review into Youth Violent Crime. The next meeting of the Review group was 20 June 2019 when the matter of exclusions would be considered.

Resolved:     That the workplan be agreed.

[City of Wolverhampton Council Forward Plan April 2019]

[Black Country Forward Plan up to July 2019]

Resolved:     That the Forward Plans be noted.

[To consider the format of the Annual Scrutiny Planning Event]

Resolved:     That any recommendations be brought back to a future meeting.