Edinburgh City Council to create ‘register of shadow IT’ following audit report recommendation
Edinburgh City Council is to create a register of shadow IT systems that have been purchased by various departments without appropriate controls or oversight.
The city council’s governance, risk and best value committee identified a series of risks around ‘fragmented’ systems that are in use across different departments without the knowledge of the IT department. They are typically externally hosted by a third party supplier, and usually cloud based.
Shadow IT can also include software or hardware such as laptops, smartphones, and scanners that can be connected to an organisation’s network.
Across the council, shadow IT includes technology systems used by directorates and divisions that are not hosted on either the Council’s Corporate or Learning and Teaching networks, or not supported and maintained by Customer and Digital Services and CGI, the Council’s technology partner.
The report said: “Significant control weaknesses were identified both the adequacy of design and operating effectiveness of the key controls established across the Council to manage the security, information, and resilience risks associated with ongoing use of shadow IT and end user computing applications to support delivery of Council services. Consequently, two High rated findings have been raised.
“The first finding highlights the need to refresh the Council’s digital strategy for both the Corporate and Learning and Teaching networks to provide a clear strategic direction for future use and alignment of technology systems across the Council that includes consideration of use of both shadow IT and end user computing applications following assessment of their associated advantages and risks.
“This finding also confirms that there is no current register of shadow IT and end computing user applications used across the Council and notes that Directorates and Divisions are currently procuring shadow IT applications on their own with limited oversight by or engagement with either Commercial and Procurement Services or Digital Services to confirm that all relevant risks have been considered either prior to purchase or in advance of contract extensions through a waiver of the Council’s Contract Standing Orders.”
The report added that the established Digital Service and CGI enterprise architecture governance forum is “limited in its ability to effectively ensure that the Council’s current and future technology architecture is optimised; efficient; provides best value; and remains aligned with the Council’s digital strategy and technology risk appetite”.
As a result the council has agreed to update its digital strategy – first conceived in 2016 – this year that “includes consideration of future use of both networked and cloud-based systems solutions that are aligned with the Council’s strategic and service delivery objectives and applicable security and compliance requirements.”
A separate cloud strategy will also be prepared as part of the overarching digital strategy that outlines the opportunities and risks associated with ongoing and future use of cloud based shadow IT systems.
In addition a council-wide register of shadow IT and end user computing applications will be developed and centrally maintained by Commercial and Procurement Services (CPS).
Not a drop wasted: digital cask filling can save the whisky industry millions
Scotland’s food and drink sector is central to the country’s economy. Bringing in around £14 billion every year, it employs more than 115,000 people and accounts for one in five manufacturing…
The value of engineering in the curriculum
If you were to look back at the greatest discoveries in science and technology over the past 30 years, you would soon notice that engineering is a key catalyst for…
Glasgow Council leads the way in digital learning
In 2017, we at Glasgow City Council took the opportunity to overhaul our digital approach to education and redefine learning, keeping in mind the core aim of reducing the impact…
Why data is the new oil
In 2006, British mathematician Clive Humby coined the phrase, “Data is the new oil”. This analogy has been proven correct as data now powers entire industries and holds tremendous value…
Global Entrepreneurship Week offers chance to reset aspirations amid new innovation landscape
With the advent of Global Entrepreneurship Week, it is an opportunity for us to celebrate the innovators, the grassroots risk takers who drive the economy, and those who invest in…
Aberdeenshire leads the way in work-based learning
There has long been debate about the distinction to be drawn between vocational and academic learning. However, in Aberdeenshire Council the focus is on what is best for our learners;…
5G connectivity can ’empower people to restore our planet’
Six years on from the Paris Climate Accords and the world is still getting warmer. We are now seeing first-hand the impact of climate change – the floods and fires…
Cracking the code to offline computational thinking
In our digitally connected world, it can be argued that coding and especially computational thinking have become essential parts of a new ‘computing literacy’ to support traditional literacy. These computational…