Cyber or information security

1. The number of occasions on which cyber or information security risks appeared on the agenda of the Fire and Rescue Service governing body (or equivalent oversight body).

2. The name(s) of any committee(s) or board(s) with formal responsibility for cyber or information security oversight within the Fire and Rescue Service.

3. Whether documented criteria exist for escalating significant cyber incidents to the Fire and Rescue Service governing body or senior leadership (yes/no; if yes, please provide or summarise).

4. The number of Fire and Rescue Service governing body members (or equivalent) who completed cyber or information security training during this period, and the total number of members in that body.

5. Whether an independent assessment of the Fire and Rescue Service cyber security arrangements (e.g. internal audit, external review, or third-party assessment) was reported to the Fire and Rescue Service governing body during this period (yes/no; if yes, please state the type of assessment).

1. Cyber appears on the agenda of the DRC – Digital Risk Committee every quarter and any recent threats or high risks are discussed at SLT weekly meetings if required. Furthermore emergency meetings are held if required.

2. DRC - Digital Risk Committee - Manage all Digital Risk at a Senior LCC level. - This is an LCC board. LCC provide IT and Cyber Security services to LFR.

3. LCC operate a formal (and documented) risk management process based on a 6 x 6 risk matrix mapping risk against impact and likelihood. The framework delivers a comprehensive digital risk identification, management and reporting process. ( Reports to LCC senior leadership). LCC also hold a comprehensive Cyber Security Incident Response Plan which clearly documents how Cyber (and other digital) Incidents are dealt with.

4. While we provide material to raise awareness of cyber risks to Cllrs, we do not hold data on governing body members only employees. Information Security and cyber risk training is mandatory for all those within LFR which currently the number of completed to date is 481. This includes those that sit on boards.

5. LFR has not had a general Cyber Security Audit, but there was an IT Health Check in November 2025.