Agenda and minutes
Venue: Conference Room 4B - Tŷ Hywel. View directions
Contact: Liz Jardine
No. | Item |
---|---|
Introductions, apologies and declarations of interest Minutes: Apologies were received from Elisabeth Jones (Director of Legal
Services), Mark Neilson (Head of ICT) and Gareth Watts (Acting Head of
Governance and Audit). There
were no declarations of interest. |
|
Communication note to staff - Siân Wilkins Minutes: Siân Wilkins would draft a note of the Management Board discussion for the news page. |
|
Minutes from the previous meeting - 20 June Minutes: The
minutes of the 30 June Management Board meeting were agreed as a correct
record, excepting a clarification on the wording of item 4.1 relating to
sickness absence. |
|
Cyber security Minutes: Alison Bond was welcomed to the meeting to deliver a short video and
discussion on key information and cyber security issues, an area of increasing
importance to the management and protection of Assembly information and one
that ACARAC has requested be scrutinised. The Assembly, like most organisations was extremely dependent on its
information and systems but, with the number and type of attacks threatening
information increasing, the potential risks to reputation, confidence,
disruption and compliance were high. The Board were informed that restricting
access and protecting information assets was central to cyber security. It was recognised that, generally, the Assembly was very security
conscious, with many tools and controls in place. It was, however, important to
remind staff about security of email and the use of computers and the network,
including the storage of restricted papers prior to destruction and during
disposal. Alison outlined the guidance in relation to malicious emails and that
these emails can appear very sophisticated, meaning constant vigilance was
needed. A message was also going to Members and their staff in relation to
security of emails, computers and the network. The Board discussed other
threats and how to mitigate the risks through user awareness, being mindful of
assets, assessing and managing risk and being vigilant. Alison advised that the
privacy impact assessment had been very intensive around the Assembly’s use of
cloud services. Alison would
write to Heads to undertake an exercise, in their roles as Information Asset
Owners, to identify and test the robustness of controls around their most
important and sensitive assets. |
|
Corporate Risk Minutes: Management Board considered the
current and emerging risks at corporate level and, in particular, the impact on
the organisation of the new Commission strategy and the emerging risks around
the EU referendum result. Although there were many uncertainties around the
effect of the result and the organisation was doing well on mitigation,
thinking ahead, being prepared and having the Commission committed to
resources, it would be prudent to include it as a corporate risk. The Board
agreed it was necessary to have a focussed discussion on potential risks, with
a view to avoiding having it remain on the register long term. It was agreed
that Anna Daniel would take the lead on assessing risks around the implications
of the referendum result. The Board were asked to consider recommendations for
removing four risks from the corporate risk register given the effective
management, cessation or mitigation of the risks and, if so, whether they
should be monitored at service level. The Board agreed all four
recommendations. Additionally, some changes to the
register to reflect the current status of risks were noted. Dave Tosh agreed to
review the wording of the risk relating to terrorist/weapons attack following
recent events (Ref: Sec009). The Board considered the risk relating to decisions of the
Remuneration Board, which was being well managed and agreed to consider it
again at the next review. They also discussed the risk relating to senior
management changes. |
|
Archive strategy Minutes: Chris Warner introduced a proposal
to develop an archiving strategy, working closely with the National Library of
Wales, to create a coherent and accessible archive for the long-term
preservation of all the Assembly’s records that would complement the broader
policies for information management and data protection and join up with the
objectives of the MySenedd programme. Management Board acknowledged the strategic importance of
developing an Assembly archive strategy and agreed the proposed actions to deliver
the project. |
|
Corporate Induction Minutes: The Board welcomed Hayley Rees (HR Training Officer) to
present proposals for the refreshed Corporate Induction Programme following the
agreed improvements that had been developed and implemented in the initial four
pilot sessions. The induction had been reduced from two days to one day,
replacing some of the content with a signposting DVD and including an
introduction by a member of Management Board. Feedback had been ongoing with
adaptations and improvements each time. It was planned that it would link into
a Management Development programme. The Board agreed all the recommendations with a request
for HR to consider how we could further inspire people about the importance of
the institution and future of Wales. |
|
Winding up the meeting |
|
Any other business Minutes: It was noted that the Commission’s Strategy for the Fifth
Assembly had been launched and that an intranet message had been prepared to
highlight the change to the mission statement. The Heads were asked to advise
their teams that they should instigate any necessary changes to literature,
internet references and email signatures, etc. The LLywydd had issued a thought piece around reform of
procedural matters. A paper on potential proposals for changing the Assembly’s
name would be presented to Commissioners at their meeting on 19 September. The Annual Report and Accounts had been laid and work was
now underway to prepare for the Public Accounts Committee’s evidence session on
19 September. The Management Board would next meet informally on the
first day of the new term, 9 September, with a formal meeting on 10 October for
the annual capacity planning session. |