|
| | | | This will be a virtual meeting conducted via GoToMeeting. Should you wish to join this meeting from your phone, tablet, or computer you may go to https://global.gotomeeting.com/join/326218157. You can also dial in using your phone United States: +1 (224) 501-3412 and Access Code: 326-218-157. | | | |
|
Not available
|
|
| | 1. | | Call to order.
Minutes note: Meeting called to order at 10:02 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present - Kovac, Henke, Islo, Kaminski, Klajbor, Owczarski, Madison, Pinger, Klein, Watt, Larson
Excused - Meyer-Stearns
Also present:
Peter Block, City Attorney's Office
Brad Houston, City Records Center | | | |
|
Not available
|
|
| | 3. | | Introduction of new members.
Minutes note: Vice-chair Henke and member Klein introduced themselves, respectively, as the Information and Technology Management Division Chief Information Officer and the Office of the Comptroller Functional Applications Manager. | | | |
|
Not available
|
|
| | 4. | | Review and approval of the previous meeting minutes from December 12, 2019.
Minutes note: The meeting minutes from December 12, 2019 were approved without objection. | | | |
|
Not available
|
|
| | 5. | | Records retention.
Minutes note: a. Proposed departmental record schedules for approval.
Mr. Houston commented. The only schedules before the committee for consideration were those from March with 5 new schedules and 8 delete/superseded schedule request. The majority of schedules was from the Employes' Retirement System and pertained to amendments made to existing schedules. Of note is schedule 20-0011 on making retention of routine business correspondence be in line with the State with a retention period of 3 years after creation. About 600 closed schedules will be proposed at the next meeting.
Member Klajbor moved approval of the proposed department record schedules, as presented. There was no objection.
b. State Records Board approval of previous schedules
Mr. Houston said that all schedules from the committee's previous December 2019 meeting were approved by the State Records Board. | | | |
|
Not available
|
|
| | 6. | | Communications or updates from the Information and Technology Management Division.
Minutes note: a. IT Training Protocol
Vice-chair Henke commented. A draft protocol was forwarded to members for review. The management training protocol is intended to create more effective training of end users for systems implemented by ITMD. The document should serve as an effective guide to workforce training solutions for the purpose of effective training as outlined. The management training protocol relates to those systems installed and maintained by ITMD. Public Safety (MPD & MFD) and elected officials’ departments (City Clerk/Common Council, City Treasurer, City Comptroller and City Attorney) maintain their own systems and are therefore not covered by this protocol. However, these departments should review and consider integrating these practices as part of their department procedures. The protocol entails these seven steps: 1) Perform a Training Needs Assessment, 2) Develop Learning Objectives, 3) Design Training Materials, 4) Develop Training Materials, 5) Implement the Training, 6) Evaluate the Training, and 7) Repeat Any Step When Necessary. Any feedback on the protocol should be forwarded to him.
b. Cyber Security Awareness Training
Vice-chair Henke commented. October is Cyber Security Awareness Month. ITMD has been and will be doing some activities to coincide with the month. Activities include monthly trainings on cyber security, phishing campaign, and focus on remote work. Information about these activities is on the MINT website.
c. COVID-19 IT Implications
Vice-chair Henke commented. The pandemic has caused more IT support personnel to work remotely from home. CARES Act dollars have helped to provide laptops to Milwaukee Public Library personnel. Efforts to provide easier access and security to those staff working remotely will continue for the rest of the year. Being planned is an upgrade to the phone system with app support for the UCC call center, which is operating remotely as well.
Mr. Houston inquired about the migration from GoToMeeting to the Microsoft Teams video conferencing platform, record implications from using the new platform, said that unlimited storage will result in bad end user practices, and said that there should be proper retention labels for the new platform.
Vice-chair Henke replied. The migration will take place next year to coincide with City usage of the Microsoft Office 365 product line, to utilize file sharing and storage on the cloud instead of the City network, and to prevent usage of two product lines. GoToMeeting was used initially and will continue into early next year with free services. Unlimited storage is a concern. Recordings of meetings should continue if they are being done, however, one should not start a recording of a meeting already in progress.
d. Incident Response Plan (IRP)
Judy Siettmann, ITMD, appeared and gave an overview. The internal task group has the goal to standardize policies and procedures. The plan was done to minimize cyber security damage, especially for the Democratic National Convention. The draft plan was forwarded, reviewed, given input, and reviewed by the Department of Homeland Security (DHS) and regional representatives. The plan was created to be used as a guide in the event of a cyber incident or information security incident. The objective is to provide a well-defined, organized approach for handling of any potential threat to IT/OT systems and data. Contents of the plan include definition of incident, response team, rules, responsibilities, criteria, levels of incidents, response steps, and communication contacts. The first step for an incident is to go to a fusion center, and the center will engage DHS and the FBI. The internal task group will continue to work on and oversee this plan, the continuity plan, and other plans from the full committee. The internal team has been working remotely and through email communication.
Member Klajbor inquired about training and webinars for departments.
Ms. Siettmann replied. The plan is department specific. Training is not for the average user but can be done for department heads and managers. There has been no training done and incident yet. Table top exercises can be done through DHS with advance notice to them. She can engage DHS on table top exercises and other ideas. The Treasurer's Office can be added to the internal task group. | | | |
|
Not available
|
|
| | 7. | | Review of IT Risk Assessment Summary of Recommendations from the Office of the Comptroller - Systems Support Division.
Minutes note: Member Klein gave an overview. Bakertilly (auditor) considered the City's internal control over financial reporting as a basis for designing their auditing procedures and testing. Bakertilly gave four recommendations: periodic review of access rights (at least annually), disaster recovery plan be updated to reflect current people and resources, obtain a SOC report or equivalent for all applications or systems hosted by a third-party service provider, and proactive review of network access and security logs be completed more frequently. Access rights include excessively used and dormant accounts. There were no formal reviews of access rights in 2019, and review should begin in 2020. Logic access relate to unauthorized and fraudulent access. Water Works did one review and should increase its frequency of review. Departments should each have disaster recovery plans, and Water Works should update its plan (last updated in 2014). The City should have on file SOC reports of internal controls from third parties. Some departments do not have SOC reports, such as Water Works. The recommendations from Bakertilly are to be considered best practices. The deficiencies are considered low. Internal Audit will monitor the recommendations.
Ms. Siettmann said she would like the internal task group to address and provide input on the disaster recovery plan with the inclusion of those necessary departments.
Member Klajbor moved approval of the IT Risk Assessment Summary of Recommendations. There was no objection.
| | | |
|
Not available
|
|
| | 8. | | Update on IT Security from the Office of the Comptroller - Internal Audit Division.
Minutes note: This item was considered last on the agenda and at the end of the meeting.
Member Klajbor moved that the City Information Management Committee convene into closed session, pursuant to s. 19.85(1)(d), Wis. Stats, except as provided in s. 304.06 (1) (eg) and by rule promulgated under s. 304.06 (1) (em), for the purpose of considering strategy for crime detection or prevention.
Ayes - Kovac, Henke, Islo, Kaminski, Klajbor, Owczarski, Madison, Pinger, Klein, Watt, Larson
Excused - Meyer-Stearns
The meeting convened into closed session at 10:50 a.m.
Present - Kovac, Henke, Islo, Kaminski, Klajbor, Owczarski, Madison, Pinger, Klein, Watt, Larson
Excused - Meyer-Stearns
Also present:
Peter Block, City Attorney's Office
Charles Roedel, Comptroller's Office
Byron Dean, Comptroller's Office
Brenda Koehler, Comptroller's Office | | | |
|
Not available
|
|
| | 9. | | Review and approval of the 2019 CIMC Annual Report.
Minutes note: Mr. Lee said that the annual report is required by ordinance and summarizes the meetings and topics discussed by the committee for the year 2019.
Member Klajbor moved approval of the 2019 CIMC Annual Report. There was no objection. | | | |
|
Not available
|
|
| | 10. | | Agenda items for the next meeting.
Minutes note: Agenda items to include routine items and updates on the Incident Response Plan and the IT Risk Assessment Summary of Recommendations. | | | |
|
Not available
|
|
| | 11. | | Next meeting date and time.
Minutes note: a. Thursday, December 10, 2020 at 10 a.m. | | | |
|
Not available
|
|
| | 12. | | Placing on file the following files as no longer necessary: | | | |
|
Not available
|
|
181727
| 0 | a. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its March 21, 2019 meeting.
Minutes note: Member Klajbor moved to place on file. (Prevailed 11-0) | PLACED ON FILE | | |
Action details
|
Not available
|
|
190347
| 0 | b. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its June 13, 2019 meeting.
Minutes note: Member Klajbor moved to place on file. (Prevailed 11-0) | PLACED ON FILE | | |
Action details
|
Not available
|
|
190710
| 0 | c. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 19, 2019 meeting.
Minutes note: Member Klajbor moved to place on file. (Prevailed 11-0) | PLACED ON FILE | | |
Action details
|
Not available
|
|
191230
| 0 | d. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its December 12, 2019 meeting.
Minutes note: Member Klajbor moved to place on file. (Prevailed 11-0) | PLACED ON FILE | | |
Action details
|
Not available
|
|
| | 13. | | Adjournment.
Minutes note: The meeting adjourned at 11:10 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Meeting materials for this meeting can be found within the following file: | | | |
|
Not available
|
|
200654
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 17, 2020 meeting. | | | |
Action details
|
Not available
|
|