Agenda item
Concerto Audit
(To receive a verbal update on the actions being taken to address and rectify the issues identified in the Concerto Property Asset Management System)
Minutes:
The Committee received a presentation from Brian Goodwin, Contracts Manager, in relation to the findings of the audit of the Concerto Property Management System. It was reported that Concerto had been working with the authority in order to address the issues raised by the audit, and the majority had been resolved.
The audit report highlighted 27 issues, and of those, 20 were fully resolved. There were no 'red' issues highlighted, and the 7 remaining were 'amber' i.e. they were subject to further review and potential action if deemed necessary. The target date to resolve these remaining issues was 31 October 2016.
Concerto engaged a third party security advisor to support them in the testing of security aspects of the system, including a penetration test. Officers had also taken advice from Leicester City Council who had the same system, and they concurred that the amber items were easily remedied if there was requirement for changes. A meeting with Concerto in October 2016 had been agreed to finalise the report and any further actions which needed to be taken. A final report would then be submitted to the Audit Committee by 30 November 2016, which would outline all actions taken as a result of the security audit, with supporting information.
Members of the Committee were provided with the opportunity to ask questions to the officers present in relation to the information contained within the report and some of the points raised during discussion included the following:
· It was confirmed that no personal data was held on the LCC version of Concerto.
· The Concerto system went live on 1 April 2015.
· Concerto worked with the authority to develop the system, which was used for managing projects. Whilst it was accepted that there were flaws with the system, it was better than the one it replaced, and Concerto had been working with officers since it went live to get it to where officers wanted it to be. It was commented that Concerto had been very good, and were now rolling out this approach with other contracts.
· The system was used for estate management and covered everything owned by the County Council in Lincolnshire. Any changes in land prices would be updated manually by asset managers and building surveyors.
· It was commented that it was always better to go for a system that someone else had tested. However, it was noted that the authority did buy something that was used elsewhere, but then needed to determine how this authority needed it to work. The authority was aware of what it was getting from day one, and was buying into the potential of the system.
· One of the security was in relation to passwords, and who could make them and how complex they needed to be. This system could be used on any platform.
· It was emphasised that there were no breaches of data security.
· Members were satisfied that there was progress being made in relation to the actions identified.
· It was noted that when an audit was of a technical nature it was more difficult to get it closed down.
RESOLVED
1. That the update provided be noted.
2. That a copy of the recommendations from the Concerto audit be circulated to the Committee.
Translate