The Courier Masthead
 28 August 2008   Latest News
       

News Headlines

Sex-assault businessman sentenced to 45 months

Toll crash man drove erratically on Forth Bridge

Training company expands city HQ

Security clamp goes on patient records

£330,000 taxi bill likely over next two years

Heartfelt appeal over junction bid

Laurencekirk ‘only A90 town without a flyover’

Theatre worth £13.1m to Scottish economy

Attempt to distance Brown from poll

More than a seat rides on this vote

Abandoned pets a growing problem

Simple test helped beat cancer

Undercover tactics on drugs defended

City firm developing heart test

Fresh checks for radioactive waste

Dundee Flower Festival set to celebrate 20 years

Report on baby girl injured by rolling pin

Factory opened by Prime Minister

Woman’s foot device revelation

Sailors’ families’ chance to visit graves at last

Shopping mall blast simulated during exercise

Butler bid aids many charities

Auditors highlight security problems

Man of iron will prove his mettle again

Town supermarket proposals agreed

Post filled after a long drag

Evening at harbour

Scots karate stalwart Pat Dempsey

65 years of marriage



Archive








Get me today's Courier

 
Auditors highlight security problems

By Dave Lord

THE REPUTATION of Perth and Kinross Council could be undermined by serious lapses regarding information security, a “high level” audit review has revealed.

The report highlights a raft of weaknesses in processes and procedures.

It warns that the council runs the risk of incurring financial loss due to its failure to properly recognise and document laws and regulations relating to information security.

Auditors also said inadequate back-up systems could seriously hamper the delivery of key council services.

Meanwhile, the failure to remove former staff from council directories has laid the authority bare to accusations of “reputation loss” and even regulatory sanctions.

The report’s authors also claimed that antivirus software requires to be upgraded, stating that the current system’s failure to flag up trends could lead to “significant security breaches” not being detected promptly.

In a total of 12 areas examined by auditors, performance in six was found to be “weak.”

Information technology staff at the council insist action is being taken to tackle all the concerns raised and say problems will be satisfactorily ironed out.

Auditors warned that an up-to-date inventory of relevant laws and regulations is desperately required.

“There is a risk that relevant laws or regulations will be overlooked, leading to possible non-compliance,” the report stated.

“There is a risk of financial loss as a result of sanctions imposed by regulators and reputational damage from publicity generated by non-compliance.”

However, such points failed to worry the convener of Perth and Kinross Council’s audit sub-committee, John Law.

As councillors reflected on the report he said, “I suppose bad publicity could come from having this in The Courier in the morning but that is not really the end of the world.

“An audit of this kind will always find issues. It is a difficult area and due to press interest it may be thought that there are weaknesses here and there,” he added.

The audit report also warned that a “disaster recovery plan” was not in place.

Effectively that means sensitive information could be lost in the result of occurrences such as serious electrical faults or the flooding of council buildings.

“There is a risk of failure to recover systems and services in a timely manner in the event of a disaster,” the report stated.

“In the event of a disaster...it may not be possible to resume key council services within the required timescales.”

The audit of the council’s information security processes—described as a “high level review”—was carried out by externally-sourced staff.

Senior local authority officials say action plans have now been drawn up to tackle all the problems highlighted.

Send the Editor your comments on this or any other story.