Minutes:
The Deputy Chief Fire Officer presented the Digital Strategy 2022 – 2027. This was an enabling document that supported other strategies for Prevention, Protection, Response, People and Finance which all underpinned the Community Risk Management Plan (CRMP).
The Deputy Chief Fire Officer drew Members’ attention to page 32 of the agenda pack which set out the Service’s key principles (these would support the delivery of a digital Fire and Rescue Service through our culture and provide the best services to our communities); page 36 set out 7 key digital themes (to help deliver the strategy over the next 5 years) and page 41 set out how the strategy aligned with the other major strategies to support the delivery of the CRMP.
The Deputy Chief Fire Officer introduced Roger Stone, Head of Digital Transformation who gave a presentation on the digital approach to the delivery of the strategy.
The Head of Digital Transformation advised that the Service’s published key strategies had been analysed and digital horizon scanning undertaken to develop the strategy. Seven key themes had been identified. These focussed on automation and efficiencies and aligned with the other key strategies, with security inherently built into the solutions. The Government’s directive was ‘digital by default, cloud first’ and the Service was therefore largely aligning itself to that. The ‘cloud’ was an off-site solution that was a lot bigger, better, and resilient with more security, control and investment. This helped the Service to capitalise on trillions of dollars of investment that cloud organisations put into their systems in terms of security, collaboration and accessibility. He confirmed that the Service focused on European and UK territories and with GDPR regulations data was hosted on UK shores.
The Head of Digital Transformation advised that there were over 40 digital transformation projects ongoing with only a relatively small team. The team was made up of a Digital Transformation Team (a team of professionals who worked on custom integration with 3rd party solutions), Delivery Partners (provided external expertise) and Business Developers. This role was a key element as a lot of the strategy focussed on self-service which aimed to empower our workforce to generate the solutions themselves. A video example was shown of the business fires safety check mobile app which had been developed (with tools available to the workforce) to turn a paper form into a digital one. In addition, one of the key things the Service was doing was trying to make all its data accessible centrally.
In response to a question raised by County Councillor Woollam regarding whether the Service’s security systems were adequately protected and up-to-date, the Head of Digital Transformation reassured Members that there was a dedicated security team that looked after ‘on premises’ and ‘cloud’ security models. He advised that the Service took advice from the National Cyber Security Centre and the Home Office. Guidance and advice had been provided on how to minimise increasing threats from certain territories and globally. Weekly security meetings were held to discuss those threats and the Service’s response to them. The Service policy was to lock systems down first and were therefore probably tighter than most. The beauty of the cloud model was the level of investment in those security layers.
County Councillor Mirfin congratulated the Head of Digital Transformation on the report. He supported the use of a self-serve environment. Based on his experience, he did not want the Service to underestimate the resources needed to craft this type of environment including the costs this would involve in terms of training others to best use the system going forward.
Councillor Williams queried the level of safety with the cloud model as it was an international platform with common access; he also queried whether the Service had any experience of anyone attempting to hack into its systems. In response, the Head of Digital Transformation advised that the Service had explored this in detail with its platinum partner who had been recommended by Microsoft. Virtual tours of its data centres were provided alongside detailed explanations of the security measures taken. Trillions of dollars had been invested with security taken very seriously given this was a critical risk to their business. If they did suffer a vulnerability and were exploited, it would be a massive dent in their reputation. With any connection to the internet there was an inherent vulnerability. The only way to properly secure a system was to turn it off or disconnect it from an external network but that was impractical. Therefore, there was a need to find a balance between usability and security. This was done by making sure data in the cloud was restricted to our own network. Additional security was through setting a virtual perimeter, known as geo-fencing the data together with multiple layers of security on our own sites and the cloud. The Service also vociferously monitored security and had not been hacked but was aware of external scanning of ports which provided a steer for protection. This did happen on a regular basis (as with most other organisations).
RESOLVED: - That the Committee noted and endorsed the report and strategy.
Supporting documents: