The Digital Services Committee was scheduled to meet to discuss the Digital Information Technology Service, the Programme Sapphire ERP update, and the impact of the new Cyber Security and Resilience Policy Statement. The committee was also scheduled to discuss the minutes from the previous meeting, and to exclude the public from part of the meeting.

Impact of the New Cyber Security and Resilience Policy Statement

The committee was scheduled to receive a report regarding the impact of the recently published Cyber Security and Resilience Policy Statement Command Paper. The policy statement outlines changes intended to enhance the UK's cyber security and resilience, including expanding the regulatory scope to include Managed Service Providers (MSPs), strengthening supply chain security, empowering regulators, and ensuring the regulatory framework can adapt to emerging threats.

The report noted that although the City of London Council is not formally designated as Operators of Essential Services (OES) and therefore does not currently comply with the Network and Information Systems (NIS) Regulations 2018¹, there are still actions that can be taken forward.

Although we are not in scope for this bill there are some actions we can take forward.

• 1. Remain Vigilant to Changing legislation
• 2. Certify with NCSC Cyber Assessment Framework

The report proposed that the council should remain vigilant to changing legislation and certify with the NCSC's Cyber Assessment Framework (CAF). The report stated that the City of London had already begun its journey to certification and had passed its initial independent assessment.

The report concluded that while local government remains outside the immediate remit of the Cyber Security and Resilience Bill, cyber security is a shared responsibility.

By anticipating change, embracing best practices, and fostering a culture of continuous improvement, councils can play a pivotal role in protecting both their own operations and the wider communities they serve, ensuring ongoing trust and resilience in an increasingly digital world.

Quarterly Programme Sapphire (ERP) Update Report

The committee was scheduled to receive a report concerning a quarterly update on Programme Sapphire (ERP) ². Programme Sapphire is the project for the City of London Corporation to replace its current legacy systems, City People (Midland i-Trent) for HR & Payroll and Oracle R12 for both strategic and operational finance.

The report stated that the programme had delivered Wave 1 deliverables: Learning Management (LMS), Performance Management and Goal Management (PMGM), and Recruitment. The report also stated that the principle of Adopt not Adapt is being maintained and there have been minimal changes proposed.

The report provided updates on Wave 2 and Wave 3 of the programme. Wave 2 is Core HR & Payroll, and Wave 3 is Finance & Budget Management / Forecasting.

The report also included updates on change management, digital services, and budget. The overall budget forecast is unchanged at £19.4m, and the costed risk provision is £8.6m.

Digital Information Technology Service (DITS) - Service Delivery Summary

The committee was scheduled to receive a report providing an overview of the current service provision as managed by DITS. The report stated that the services managed by DITS for the City of London (CoL) and City of London Police (CoLP) have been stable.

The report noted that general performance across all CoL/CoLP Incident Response and Resolution KPIs remains consistent with previous months.

May performance figures for CoL and CoLP were:

CoL: Incident Response 94% Met, Incident Resolve 95% Met

CoLP: Incident Response 84% Met, Incident Resolve 93% Met

The report also highlighted key service provider status, service improvements and highlights, and service metrics.

Exclusion of the Public

The committee was scheduled to consider a motion to exclude the public from the meeting for the following items on the grounds that they involve the likely disclosure of exempt information as defined in Part I of Schedule 12A of the Local Government Act 1972.