Limited support for Newport
We do not currently provide detailed weekly summaries for Newport Council. Running the service is expensive, and we need to cover our costs.
You can still subscribe!
If you're a professional subscriber and need support for this council, get in touch with us at community@opencouncil.network and we can enable it for you.
If you're a resident, subscribe below and we'll start sending you updates when they're available. We're enabling councils rapidly across the UK in order of demand, so the more people who subscribe to your council, the sooner we'll be able to support it.
If you represent this council and would like to have it supported, please contact us at community@opencouncil.network.
Delegated Decisions - Leader - Monday, 1st September, 2025
September 1, 2025 View on council websiteSummary
This meeting of Newport Council's Leader was scheduled to consider the Annual Information Risk Report. The report provides an assessment of the council's information governance arrangements, identifies key risks and proposes an action plan for 2025-26.
Annual Information Risk Report 2024-25
Councillor Dimitri Batrouni, Leader of the Council, was scheduled to review the Annual Information Risk Report 2024-25. The report was written by the Digital Services Manager/Information Manager, and intended to provide an assessment of Newport Council's information governance arrangements, and to identify key risks. It also includes an action plan for 2025-26.
The report includes an executive summary of key highlights, including:
- Compliance and Audit
- Public Services Network (PSN) accreditation
- Payment Card Industry (PCI) standard
- Cyber Assessment Framework (CAF)
- Audit Wales
- The UK General Data Protection Regulation (UKGDPR) and Data Protection Act 2018
- Information Governance culture and organisation
- Communications and Awareness Raising
- Staff Guidance
- Training Courses
- MetaCompliance Solution
- Cyber Breach Workshop
- Information Policy Development
- Information Risk Register
- Information Security Incidents
- Information Sharing
- Business Continuity
- Technology Solutions
- Records and Data Management
- Freedom of Information and Subject Access Requests
The report noted that local authorities collect, store, process, share and dispose of a vast amount of information and that Newport Council must meet its statutory responsibilities effectively and protect the personal information it holds throughout its life cycle.
The report also noted that the Council was subject to accreditation to the Public Services Network (PSN) by the Cabinet Office, and was required to comply with the Payment Card Industry Data Security Standards (PCI-DSS) when it handles card payments for customers. In addition, the Council is subject to audit from Audit Wales to ensure appropriate information governance is in place.
The report stated that the Cyber Assessment Framework (CAF) was developed by the National Cyber Security Centre (NCSC) for organisations to assess their preparedness for cyber attacks. The CAF is made up of 4 Main Objectives which contain 13 principles.
The report stated that under the Data Protection Act 2018, the local authority needs to ensure that personal data is handled securely and lawfully, and that in the event of a data breach, certain breaches must be reported to the Information Commissioner's Office (ICO) within 72 hours.
The report stated that the Council has been a partner of the Shared Resource Service (SRS) since April 2017 and that representatives from the SRS attend various Newport City Council groups, including information governance.
The report stated that employees are often the weakest link in terms of causing incidents. It noted that technical measures will never be totally effective especially given the increased sophistication of cyber-attacks including phishing1 and ransomware2.
The report stated that policies form an invaluable way of documenting legal requirements and best practice, and that they provide guidance for employees to ensure information governance is integrated into the way the Council operates.
The report stated that an information risk register is maintained that identifies key information risks, their likelihood and impact, together with the measures in place to mitigate the risk.
The report stated that all information security incidents are reported, logged and investigated, and that lessons need to be learned from these incidents to improve practice in future to minimise the risk of recurrence.
The report stated that partnership and collaborative working drives sharing of increased amounts of information between the Council and other organisations. The Wales Accord on the Sharing of Personal Information (WASPI) requires public sector organisations to follow agreed guidance in the development of Information Sharing Protocols (ISP's).
The report stated that there is an ever-increasing reliance on digital technology to support business activities and it is therefore important to maximise the availability of systems.
The report stated that numerous technical solutions are in place to minimise risk to information and the corporate network generally.
The report stated that as a public authority, the Council also handles requests for information and data, and that there are risks associated with responding to Freedom of Information and Subject Access requests.
The report included a proposed action plan for 2024/25.
The report proposed that Councillor Dimitri Batrouni endorse the Annual Information Risk Report 2024-25 and proposed actions.
-
Phishing is a type of online fraud in which criminals send an email, text message, or social media message pretending to be from a legitimate organisation in order to trick you into giving them your personal information. ↩
-
Ransomware is a type of malware that encrypts a victim's files and demands a ransom to restore access. ↩
Attendees
Topics
No topics have been identified for this meeting yet.
Meeting Documents
Agenda
Reports Pack