Agenda item

To present the minutes of the previous meeting of the Audit and Governance Committee held on 25 July, 2016.

The minutes of the previous meeting of the Audit and Governance Committee held on 25 July, 2016 were presented and confirmed as correct.

Arising thereon –

•           ICT Disaster Recovery

The ICT Business Transformation Manager reported on progress to date with regard to arrangements for ICT disaster recovery with the objective ultimately of ensuring that the Council has a dedicated off- site back-up data centre that will allow its critical business systems to be fully recovered in the event of flood or fire or any other disaster scenario. The Officer said that the Council does not currently have that advanced capability and that information stored in its one existing data centre is backed up by other means. In addition, the equipment which the Council’s systems rely upon does not have the necessary degree of resilience, and although the storage systems themselves are robust and have historically been carefully managed, the arrangements as at present are susceptible to risk and single points of failure.

The Officer explained the enhancements made to the existing data centre as a result of increased investment in ICT over the previous 12 months which was made to improve both infrastructure and business systems as well as the general ICT capability within the Council. In addition investment has also been made in new service technologies to replace the outdated technologies that were in place; the storage system has been replaced with a new state of the art system and new data back- up systems are being implemented as part of the broader aim of moving to a more digital economy in Anglesey to improve the delivery of services to its citizens.

The Officer said that the new technologies which have been purchased specifically to run over two data centres have designed out all the single points of failure meaning that the Council is in a much better position that it was 12 months ago in terms of its ICT arrangements. There is no additional cost overhead because the new technologies’ design is best practice and also because of good procurement practice in their acquisition. These technologies are meant to provide resilience over two data centres without extra cost and will provide the bedrock of the core infrastructure to support the Council’s digital ambitions in future e.g. App Môn. The end objective of these endeavours is to construct a second facility as the ultimate back-up solution which is what the ICT Service has been tasked with doing and for which it has received capital funding to deliver. The build is underway, and the two data centres will together act, and be managed, as a single entity although they will be in physically separate locations. This means that the Council, in the event that it loses use of the current data centre can continue running its entire business from the other data centre and vice versa because all the technologies will be  designed to run over both centres thereby guaranteeing the availability of the Council’s business systems over and above the core  critical businesses. This is a more economical and more flexible option than obtaining a back- up solution via a third party provider as the latter would be unlikely to be able to provide resilience for all of the Council’s 112 business systems. The decision as to what systems to prioritise in a disaster event becomes the choice of the organisation and will form part of the Disaster Recovery Plan which has now been formulated. The business systems that will be prioritised will be based on work with individual services but the ultimate decision, taking into account seasonal demands and the nature of the incident will be made by the SLT thus allowing the Council to respond to changing demands within the organisation.

The Officer said that the new facility once up and running, will remove all of the remaining single points of failure. It will provide disaster recovery, back-up capability and critically it will enable continuous operation of the Council’s services. Essential systems will be delivered over both data centres by design, there will be no single point of failure and the system will be   responsive to demands. The new arrangements are planned to go live in December, 2016 but their implementation could possibly slip into the New Year.

The Committee considered the information presented and made the following points:

•           The Committee was satisfied that the risks associated with ICT Disaster Recovery are being appropriately addressed, that good progress has been made and that Management is in the process of finalising arrangements to ensure that the Council’s business systems are protected and remain viable in the event of those risks materialising.

•           The Committee noted that the new technologies and systems have been acquired efficiently by good procurement practice and that they will not entail additional overhead costs. The ICT Business Transformation Manager said that it is also part of the ICT Strategy to challenge and rationalise the Council’s software estate which eclipses infrastructure as regards costs and he described the steps being taken to do so.

•           The Committee noted that the actions taken to upgrade the Council’s electronic and ICT systems in total contribute towards the achievement of one of the Council’s key strategic objectives which is the digitisation and improved accessibility of services.

•           The Committee sought clarification regarding the longevity of the technologies acquired and the strategy for replenishing them economically. The ICT Business Transformation Manager said that the service will bid into the capital programme each year to replace 25% of all of core infrastructure so that over a 4 year period the service will have refreshed the whole of its infrastructure. The ICT service is mindful of the demands on the capital budget and will therefore target its investment to ensure that it is contributing to the delivery of some form of efficiency and improvement elsewhere in the Council.

It was resolved to accept the information and to note the progress made.

•           Internal Audit Progress Report

With regard to the need by Management to ensure timely and effective communication so as to provide a clear picture of  how well services are implementing internal audit recommendations  the Head of Function (Resources) and Section 151 Officer confirmed that the issue relates to Management ensuring that the 4 action system which records the implementation of internal audit recommendations is updated in a timely and appropriate way so that the Internal Audit Manager is provided with a clear picture of the state of play and can then present that information accurately to the Audit Committee via the quarterly progress report. The Officer said that the message regarding the need for clarity in what is reported through the 4 action system has been conveyed to Heads of Service through the Penaethiaid meeting and it is hoped that that message will now filter down the management structure.

The information was accepted and was noted by the Committee.