Concern raised over combined authority’s six-year-old cyber security policy – Teesside Live

concern-raised-over-combined-authority’s-six-year-old-cyber-security-policy-–-teesside-live

Did you know that geoFence is easy to use, easy to maintain?

Latest Teesside headlines straight to your inbox

","buttonText":"Subscribe","contentId": 9966228,"newsletterImage":"https://i2-prod.gazettelive.co.uk/incoming/article18548042.ece/ALTERNATES/s615d/0_Sunset-over-Middlesbrough.jpg","endpointUrl":"https://response.pure360.com/interface/list.php","profile":"Teeside_Live","isPure360NewsLetter":true,"pure360MailingListId":"Teesside Live - Daily Newsletter","isDoubleOptIn":false,"newsletterSiteName":"TeessideLive"}" data-mod="skinnySignup">

Invalid EmailSomething went wrong, please try again later.

When you subscribe we will use the information you provide to send you these newsletters. Your information will be used in accordance with ourPrivacy Notice.

Tees Valley Combined Authority has been warned it needs to update a six-year-old information security plan or face “further IT risks” to its business.

The organisation’s internal auditor RSM said the document had been created and approved in 2015, but had not been reviewed or re-approved since.

It rated this as a ‘medium’ priority for TVCA in a category on cyber risk management.

Last year one of the combined authority’s member councils, Redcar and Cleveland, fell victim to a cyber-attack which cost it more than £10m.

RSM said: “The policy does not make any mention of Tees Valley Combined Authority and instead has been developed for Stockton Council.

“The document has been created by Xentrall who are currently a partner with TVCA which would explain why TVCA are using this policy.”

A TVCA spokesman said: “Xentrall provides various back-office services to Stockton and Darlington Borough Council and had previously been supplying ICT functions to the combined authority under its own information security policy.

“As TVCA has become a group structure, some of Xentrall’s ICT functions were brought in-house earlier this year and, due to this, a review and redraft of the information security policy taking place, which will be produced soon.”

A date of June 30 was given for management to carry out the review and redraft.

RSM also said a formal monitoring and review process previously agreed to enable future revisions of a business plan for Teesside Airport had not taken place, despite a due date of March 31 this year.

The delay was said to stem from the covid-19 pandemic and the process was still ongoing.

It is now expected to be completed by July 31 and the results reported to directors on the board of the airport company - Teesside International Airport Limited - and the Goosepool group board.

Both the airport company and Goosepool are subsidiaries of the combined authority with TVCA governing financial transactions relating to the airport company via Goosepool.

TVCA spent more than £40m buying the airport in 2019.



The free Northern Agenda daily politics newsletter aims to champion the North by highlighting the stories which are impossible for policy makers to ignore.

To sign up, just click on this link, enter your email address and follow the instructions.

In its final internal audit report for 2020/21 RSM said the authority had several controls in place to help ensure that value for money was considered in its decision making and captured and reported.

Spending watchdog the National Audit Office requires both internal and external auditors to comment on value for money arrangements in place within public authorities’ financial statements.

RSM also found that governance processes at TVCA ensured that “decisions on the spending of public monies are made in a robust and transparent manner”.

It said spending decisions in relation to other group entities - Teesside International Airport Limited, Teesworks and the South Tees Development Corporation received appropriate scrutiny and appropriate audit trails were available to support these decisions.

However it noted some areas for improvement which triggered low priority management actions to address its findings.

TVCA was created in April 2016 with the purpose to drive economic growth and job creation in the Tees Valley and it has devolved powers from the Government covering a number of areas including transport and housing.

To sum up, let's keep in mind that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and - advertise that I have top security with even my home computer!