Agenda and minutes
Venue: Conference Room 4B - Tŷ Hywel. View directions
Contact: Liz Jardine
No. | Item |
---|---|
Introductions, apologies and declarations of interest Minutes: Apologies were received
from Lowri Williams, Head of Human Resources. There
were no declarations of interest. |
|
Communication note to staff - Non Gwilym Minutes: Non Gwilym would
draft a note of the Management Board discussion for the news page. |
|
Minutes of the Previous Meeting Minutes: The
minutes of the 2 February Management Board meeting were agreed subject to an
amendment to the wording of the corporate risk relating to the name change
consultation. |
|
Activity on the Assembly Estate Paper
2 – Activity on the Assembly Estate Minutes: Craig
introduced the paper, on behalf of Natalie Drury-Styles, and asked the Board
for comment. The
Commission’s Strategy for 2016-2021 highlights the importance of enabling and
encouraging public engagement in the Assembly’s work. To align better with the
Commission’s priorities, the paper suggested that the management of events on
the estate move to a more pro-active, strategic and considered approach. The
Board discussed the paper, agreeing that this was priority issue for the
current Commission. Ensuring that the right balance was struck between the
range of events was emphasised, whilst being mindful of carefully managing
stakeholder perceptions to any change in the arrangement and organising of
events. To
allow sufficient time for further drafting to take place, the paper will be put
to the Commission at its meeting on15 May. |
|
Cyber Security Awareness Presentation Minutes: The
Board welcomed Drew Evans and Paul Peters to the meeting. Drew
explained to the Board that 6 million user accounts worldwide had been breached
in January 2017 alone and that the biggest threat to an organisation’s
cyber security is often found from within, therefore raising awareness amongst
staff is the most effective form of defence. The Board were informed of the
impact any potential cyber incident could have on an organisation, ranging from
data loss right through to wide scale business disruption. In addition, there
could be longer term impacts to reputation and stakeholder confidence. Since
last September a wide ranging assurance exercise had been conducted to review
the Assembly’s robustness to any potential cyber threat. Whilst steps have been
taken to reduce the risk of a cyber-attack, Drew re-emphasised the importance
of improving staff awareness with regards to tackling any threat. Drew
informed the Board of the upcoming Cyber Security Awareness Week taking place
from 6-9 March. These sessions, aimed at staff, will consist of short awareness
raising videos along with an opportunity to ask questions afterwards. It was
felt that given the importance of the topic it should be compulsory for staff
to attend these sessions. The
Board were introduced to Detective Inspector Paul Peters, from TARIAN, who
delivered the second of the awareness raising presentations. Paul talked the
Board through examples of some of the threats posed to organisations through
the use of social engineering, phishing emails, ransomware threats and DDOS
(Distributed Denial of Service) attacks. ACTIONS:
Management Board agreed to make attendance at an awareness session mandatory
for all staff; Service Heads were asked to strongly encourage their staff to
attend the awareness raising sessions taking place between 6-9 March. |
|
Corporate Risk Minutes: Dave
introduced the Corporate Risks paper, informing the Board that it was an
opportunity for them to review the Assembly’s existing and emerging corporate
risks. The
Board agreed the recommendations to: ·
add the personal security and safety risk to the
Corporate Risk Register; ·
continue to monitor the personnel security risk at
service level; ·
add the General Data and Protection Regulation risk
to the Corporate Risk Register, with a target duration of until May 2018; ·
continue to monitor the Members’ awareness of
Safeguarding of children risk at service level, with a decision to be taken at
a future date as to which service should own the risk; and ·
further to consideration by ACARAC, that the
Assembly’s current and future accommodation needs risk be added to the
Corporate Risk Register. The
Board also noted the following new or emerging risks: ·
Establishment of a Youth Parliament. Non informed
the Board that the Youth Parliament working group have considered the risks
associated with the project and will be doing so again at its next meeting; ·
the lack of strategic and co-ordinated interactions
with the media, which had been added to the service level register. The
Board discussed adding a new risk to the Corporate Risk Register regarding
constitutional change. The intention would be for this to encapsulate a
collection of similar risks associated with the changes taking place, to
provide the Board with the overall oversight required. ACTIONS:
·
Dave to work with Adrian, Anna and Non, to draft a
detailed note and circulate for wider discussion. |
|
Any other business Minutes: The
latest Financial Management Report would shortly be circulated. Claire reminded
the Board to ensure that their service areas provide a very accurate picture
spend for the remainder of the financial year. |