The Brent, Lewisham and Southwark IT Committee met on Tuesday 19 March 2024 to discuss the performance of the Shared Technology Service and its cybersecurity status. The meeting's agenda included updates on service delivery, technology roadmaps, and risk management.

Shared Technology Service Update Report

The committee was scheduled to receive an update on the performance of the Shared Technology Service (STS) for the period of November 2023 to February 2024. The report indicated progress in reducing the number of open STS operational calls and improving Service Level Agreement (SLA) performance for priority 3 incident calls and priority 4 request calls. Significant improvements were noted in the Wi-Fi at Laurence House in Lewisham, and the migration of mobile services to O2 across Brent and Lewisham was underway, aiming for cost savings. The Private Cloud Project was reported as complete, with all servers migrated to a Nutanix solution for a more robust infrastructure.

The report detailed advancements in the development of next-generation laptops, including a project to migrate laptop management to the Office 365 Intune environment and a move towards Windows 11. The laptop refresh project was nearing the end of its discovery and design phase, with hardware specifications developed and shared with vendors.

Updates were also provided on various projects, including the completion of the Southwark Leisure Centres' migration to the corporate network and the resolution of Virgin Media issues at Dulwich Leisure Centre. The replacement of the Microsoft Direct Access remote working system with AlwaysOn VPN was successfully completed for Southwark and was initiating deployment in Brent and Lewisham. Network upgrades using SD-WAN technology were in progress, with purchase orders raised for Brent and Lewisham, and savings identified for Southwark.

The report highlighted the completion of mobile migrations to O2 for Southwark and Lewisham Homes, with pilots for Brent and Lewisham underway. Progress was also noted on upgrading Windows 2012 servers across the three councils, with Brent and Lewisham having completed a significant percentage of their upgrades. The Telephony and Contact Centre services were being reviewed, with work commencing on an options appraisal for all three partners.

In terms of service level performance, the report indicated a reduction in open and aged tickets, and improved SLA performance for ticket resolution times. The number of supported users had grown, yet logged call volumes had dropped. Triage of unassigned tickets was maintained at good levels, with improvements in automatically triaged tickets. The report detailed performance metrics for Priority 1, 2, 3, and 4 incidents and requests, noting that while Priority 2 incidents were low, this made meeting the SLA target challenging. Efforts were being made to improve SLA performance for Priority 3 and 4 tickets through new processes and focus.

The report also covered continuous service improvement initiatives, including the enablement of an asset management system in Southwark, a trial 'quick log' facility in Brent with positive user feedback, and the launch of a Leavers form for managers in Southwark. The IT Change Management process was also being improved.

The Shared Technology Service (STS) faced several risks, including cybersecurity threats such as DDoS attacks, viruses, malware, and hacking, with ongoing efforts to monitor access logs and accelerate IT roadmap items. The risk of data loss via the IT supply chain was being addressed through an audit. Financial risks related to uncontrolled spend on Azure services were being managed through workshops and the creation of a new post to control license spending. Risks associated with end-of-life applications, hardware, and systems were being mitigated through the technology roadmap and future laptop design projects. Incomplete inventories of hardware and software assets were being addressed with the implementation of an asset management module. The risk of ransomware affecting the whole infrastructure, including backups, was being mitigated by implementing Rubrik immutable backups.

Audits were progressing, including reports on Brent IT DR and 3rd Party Supply Chain Cyber. The plan for FY23/24 audits was outlined, with some audits unlikely to be completed by the end of Q4. Progress on recommendation actions from the Brent IT DR review was detailed, with most actions due for completion by the end of March.

The Technology Roadmap for 2026 and Forward Plan was presented, outlining planned and in-flight projects for the next six months.

Shared Technology Service Cyber Security Update Report

The committee was also scheduled to receive an update on the cybersecurity status, threats, and mitigations related to the Shared Technology Services. This report was to be considered in a closed session due to its commercially sensitive nature. The agenda indicated that a new STS Cyber Security Strategy for 2021-2024 had been developed, detailing the approach to cybersecurity and plans to enhance capabilities in the areas of Defend, Deter, Develop, and React. Future plans for the STS Cyber Security Strategy were also to be outlined.

Date of Future Meetings

The committee was asked to note the provisionally scheduled dates for future Joint Committee meetings during the 2024-25 Municipal Year, including meetings in July 2024, November 2024, and March 2025.