Mandatory cyber security training improvements at council

Staff performance figures for mandatory cyber security training at Dorset Council have improved – partially by changing how they are measured.

Councillors had been shocked by previous figures which seemed to suggest that only 65% were taking the training which they have a contractual obligation to do.

Now those figures have improved to around 80 per cent.

The authority’s Place and Resources Scrutiny committee have been told that the improvement has partially come about by changing how the statistics are collected.

They had previously included training which Dorset Council offers to town and parish councils and to other outside bodies, and had also previously included staff on long-term sickness who would not have been in a position to undertake the training courses.

Councillors were told that the figures about the number of completed courses also varied over time – so if the snapshot of how many had taken the courses was measured shortly after emails had been sent out inviting participation, the figures were likely to be better if judged a week or two later.

The committee also heard that the statistical ‘base’ also included staff who do not routinely use technology as part of their job.

Councillors were told that they will now also be obliged to take the training, and although sanctions will not be taken against them if they do not, staff who persistently do not take the cyber security training will have access to some parts of the council computer system withdrawn from them.