Norfolk County Council CIO renegotiates terms on HPE contract and beefs up cyber security

Geoff Connell says council is now ‘better prepared’ to stop data breaches after ICO audit

Norfolk County Council is better equipped to deal with data breaches after it completed an audit from the Information Commissioner's Office, according to CIO Geoff Connell.

Connell, who took over as head of ICT and information management in August 2016, tells IT Pro that his two main objectives since joining the council have been to work with the ICO on the audit, and to work with one its biggest providers HPE to renegotiate terms on its contract for the troubled Digital Norfolk Ambition' project.

Cyber security

Norfolk Council does not have a good record when it comes to data breaches; it was fined 80,000 by watchdogs in 2012 after a social worker hand-delivered highly sensitive child welfare information to the wrong address. The council recorded 59 breaches between 2011 and 2014, with one of the most shocking incidents being when confidential files containing details of adults and children was left in a filing cabinet which was sold following an office move.

Advertisement
Advertisement - Article continues below

But after an audit completed by the ICO in January, Connell believes the council is much better prepared.

"We had to do quite a lot of work to improve our processes and we're well on track with that to make sure we have the right information sharing agreements in place," he says.

Connell emphasises that the audit is not a compulsory programme to catch the council out, but is instead an optional audit to help the organisation to improve its policies.

The council has now resolved its historical data loss cases and has implemented new policies, procedures and awareness training. It is the latter, which Connell believes is most crucial.

"Of course you need policies but if people don't know what they are or how to use them then it's no good," he states.

He will be testing staff by sending out phishing e-mails to see who clicks on malicious' links the idea is to understand what more can be done to train staff.

Cyber security is something Connell has also been focused on in his role as president of SOCITM. He wants to put together activities for local authorities within the new national cyber security centre.

"It's a really important focus area for local authorities it's not just about making sure we're in good shape, but that we can join up and work with central government agencies and other public sector organisations safely," he states.

Connell is passionate about data being shared across public sector organisations more easily. He says that it would enable social workers to know about medicines that people are on, and hospitals to know what social care arrangements have been made.

"Up until now, this has all been on an ad hoc basis. We need to make it more systematic and share data when it is appropriate to do so," he says.

Advertisement
Advertisement - Article continues below

But as public sector organisations are funded separately, and budget cuts continue to be made across the board, it makes it increasingly difficult for all parts of the public sector to continue to invest in technology that can help with data-sharing. By work together, the money could be spent more efficiently.

"For example, councils spend a lot of money on technology that helps elderly people to live more independently in their homes, such as IoT, but if local authorities are spending the money then health organisations save the money. Likewise if care homes aren't being adequately funded it is difficult for elderly people to be discharged from hospitals.

"So we need to have ways of working that enable joint investment," he says.

Renegotiating terms with HPE

Connell is in charge of Digital Norfolk Ambition' a 26m IT transformation project which one councillor referred to as a "looming catastrophe" in an interview with the Eastern Daily Press.

The project was signed back in December 2013 with HPE, Microsoft and Vodafone as the three key suppliers but it has been beset by issues such as an increase in costs, a build-up of delays and technical issues with laptops.

In order to solve some of these problems, Connell has held talks with HPE to reshape the agreement.

"We only have another year and half on the contract and we've agreed certain things we don't want to do with them anymore that we will take in-house, and other things which they're doing well which we will continue with but ultimately we need to be planning to exit from that contract," he states.

Despite the need to move away from the contract, Connell has been satisfied with how HPE have dealt with the contract review.

"Give them credit, they were flexible and they've recognised that times have changed and that not everything will pan out as you'd expect it to. It's important that vendors are able to alter the contract scope to ensure it is most cost-effective," he says.

Advertisement
Advertisement - Article continues below

Indeed, HPE is not one of the big vendors that Connell would say it hard to work with.

"There are some vendors that are notoriously difficult when it comes to licensing because they have complexity that you may call borderline fraud because they are simply inflexible," he states.

"Some view their products as cash cows so they're taking money and not reinvesting it, and some that don't keep up to date with patching, browsers and versions of different products we use so it's difficult for us to keep up to date," he adds.

Connell says that it is up to public sector organisations to  work together to help to shift this kind of behaviour from these big vendors, either by buying from other suppliers or lobbying through user groups.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/careers/28219/it-manager-job-description-what-does-an-it-manager-do
Careers & training

IT manager job description: What does an IT manager do?

28 Oct 2019
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

1 Oct 2019
Visit/careers/28228/ciso-job-description-what-does-a-ciso-do
Careers & training

What does a CISO do?

25 Sep 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019