Agenda item

To present the report of the Head of Function (Council Business)/Monitoring Officer.

The report of the Head of Function (Council Business)/Monitoring Officer outlining the compliance levels for all services apart from the Learning Service for policy acceptance requirements based on information available as at 24 July, 2018, was presented for the Committee’s consideration.

The Corporate Information Governance Manager reported that the Council’s policy management system – the Policy Portal – was made available to staff as an electronic library in November, 2016.Policy acceptance requirements began on 24 April, 2017. The Policy Portal provides the Senior Information Risk Owner with assurance that key Information Governance policies are being read, understood and formally accepted by individual members of staff.

The Officer referred to the following key points in relation to Year 1 compliance levels –

•           That 7 policies – Clear Desk Policy; Records Management Policy; Data Classification Policy; Managing Absence Policy; Display Screen Equipment Policy; Health and Safety - Roles and Responsibilities, and the Welsh Language Standards – were first subject to the click and accept system between April, 2017 and June, 2018 as determined by the Council’s SLT.

•           Details of compliance levels for the seven policies for all services apart from the Learning Service are provided in Appendix 1 to the report. A decision was taken in April, 2017 not to include the Learning Service as the service’s IT group contained school-based staff for whom the process was not relevant. This issue has since been addressed and the Learning Service was first included in the corporate process in July, 2018 when the Council’s Data Protection Policy was made available for acceptance. The first seven policies referred to will be assigned gradually to the Learning Service over the coming months.

•           Compliance reports on a service by service basis are submitted to the SLT at the end of the 6 week acceptance period assigned for each policy. All policies remain available for acceptance after the closing dates so that users who have not completed a policy on time are able to catch up.

•           As at 24 July, 2018 average compliance levels for all policies across the Council was 95%, compared with an average of 79% at the end of the 6 week acceptance period set for each policy. All services have attained high levels of compliance apart from Adults’ Services where a number of staff do not have an Active Directory account which is an issue.

•           Compliance in Children’s Services - which was identified as an issue by the Audit Committee at its September meeting - has improved significantly with an average rate of 99% as at 24 July compared with an average of 57% at the end of the six-week acceptance periods. Adults’ Services attained an average compliance rate of 78% as at 24 July, 2018 which whilst lagging behind other services, is an improvement on the 63% compliance average at the end of the 6 week acceptance period set for each policy.

•           The Policy Portal relies on the Council’s Active Directory (AD) which now includes around 1000 users following the inclusion of the Learning Service. The Portal’s reliance on the AD has been recognised as a weakness from the outset with staff who are not AD users not included in the process. The number of staff who do not have Active Directory accounts is estimated at around 709 and include specialist support workers and off site staff in Adults’ Service, Children’s Services, the Learning Service, Highways, Waste and Property and Regulation and Economic Development Services. Although solutions have been considered e.g. provision of Microsoft Client Access Licences; IT equipment or the creation of manual accounts, it has been concluded that whilst widening the scope of the Portal to included non-AD connected staff is possible, the rollout would require significant resource and planning that goes beyond the original remit of the system.

The Officer concluded by saying that despite the limitations referred to above, the Policy Portal is a valuable system in terms of facilitating a high level of oversight and compliance monitoring thereby providing Management with assurance that staff are up to date with key information governance policies.

The Committee noted the policy acceptance compliance levels for Year 1 including the improvement in compliance in Children and Adults’ Services whilst noting also that universal access by services’ staff to the Policy Portal remains an issue that remains to be satisfactorily resolved.

It was resolved to accept the report and to note the information provided about Policy Acceptance Year 1 Compliance Data.

NO ADDITIONAL ACTION WAS PROPOSED