RESOLVED that the implementation of the IT Information Security Policy be approved; and delegated authority be granted to the relevant Assistant Director in consultation with the Portfolio Holder for future updates.

The current policy requires refreshing to align with changes in systems, processes, technologies and threats.

There is a need to enshrine in policy a number of behaviours and processes that are not currently in existing policies (i.e. involvement of IT & Digital in procurement of new systems, behaviours around cyber security etc.)

With threats and technologies constantly evolving, there is a need for delegated authority to allow for frequent interim updates to ensure that the policy remains fit for purpose.

Option 1 - Approve the implementation of the IT Information Security Policy contained within Appendix 1 of the report and provide delegated authority for future updates to the relevant Assistant Director in consultation with the Portfolio Holder.

Option 2 – Approve the implementation of the IT Information Security Policy contained within Appendix 1 of the report but do not provide delegated authority to the relevant Assistant Director in consultation with the Portfolio Holder for future updates.

Option 3 – Do not approve the implementation of the IT Information Security Policy contained within Appendix 1 of the report.