Northamptonshire County Council could ‘go out of business’ if its data centre goes down because the council does not have a disaster recovery plan.
The council’s audit committee was left ‘speechless’ yesterday by the revelation from LGSS’s interim managing director Mark Ashton that the authority is operating without an adequate form of IT disaster protection.
The meeting heard that if there was a fire or flood at the data centre site at County Hall then it could take ‘weeks or months’ to get reinstated. Like all local authorities the council holds a huge amount of data that it relies on to provide services to its thousands of customers.
Audit committee chair Bill Jessup said the matter needed to be dealt with urgently by the council’s senior management and the authority’s Conservative-controlled cabinet.
Mr Ashton said the lack of an adequate security back-up had been a ‘financial decision’ taken by the council.
He said an IT security contract had ended when the council moved its main headquarters from John Dryden House to One Angel Square in September 2017. There is data back-up at Cambridge County Council – which along with Milton Keynes Council is a partner of NCC under the LGSS umbrella – but Mr Ashton said this data would not be immediately accessible. He used the analogy of having a Betamax video tape but not having a Betamax video player.
At the meeting the usually unflappable Mr Jessup exclaimed ‘wow’ when he heard Mr Ashton’s explanation of matters.
He said: “We are in a pretty dire situation if you tell us that if any sort of disaster [occurs] we have no facility to recover the data. The council could go out of business.”
Conservative Cllr Cecille Irving Swift said the situation had left her ‘speechless’. She questioned how the authority – which is currently projecting a several million pound overspend this financial year – could put the costs of IT protection into the budget. Mr Ashton said he had ‘no idea’ of cost but that possibly it could come from the council’s capital budget.
The revelation came during a discussion of the council’s IT disaster recovery systems – which had been given a limited audit rating by internal auditors LGSS.
Auditors found that the three councils did not have disaster recovery plans or testing arrangements in place and contractual arrangements between the three councils had not been formalised.
With specific reference to Northamptonshire the report said: “We were informed that critical IT systems do not currently have a disaster recovery solution in the event of a serious incident. There is a risk that the disaster recovery solution may lead to signifiant delays in recovering critical systems from a disruption, thereby resulting in operational disruption and reputational damage.”
The recommendation from auditors is that as a high priority disaster recovery plans are put in place and should be tested.
Mr Ashton said that all three LGSS authorities were ‘joined at the hip’ and that as part of current discussions about LGSS’s future, the data could be ‘repatriated to the individual councils.