Issue - meetings
Investigation report into Incorrect Political Listing - CORS/25/218
Meeting: 11/09/2025 - Audit, Risk and Scrutiny Committee (Item 6)
6 Investigation report into Incorrect Political Listing - CORS/25/218 
PDF 211 KB
Additional documents:
Decision:
(i) to note the findings of the report;
(ii) to note the additional controls being implemented;
(iii) to note the timeline for system upgrade as being end of 2025; and
(iv) to note that the bug was contained in the release notes provided to the Council however the description of the bug was insufficient to identify the implication it would have in the system.
Minutes:
The Committee had before it a report by the Executive Director of Corporate Services which provided the security incident report relating to the incorrect listing of a member’s political party on 15 August 2025.
The report recommended:
that the Committee -
(a) note the findings of the report;
(b) note the additional controls being implemented; and
(c) note the timeline for system upgrade as being end of 2025.
In response to a question relating to whether the bug had been replicated, the Chief Officer – Digital and Technology advised that the vendor had replicated the bug and implemented a solution.
In response to a question relating to whether Councillor McLellan had received an apology, the Chief Officer – Digital and Technology advised that the Executive Director of Corporate Services had provided an apology.
In response to a question relating to how a similar incident in the future will be prevented, the Chief Officer – Digital and Technology advised that whilst the current version of the software was still being used, there would be potential for a similar incident to occur. He further advised that interim measures had been put in place until such time as the planned upgrade had taken place.
In response to a question relating to whether the Council were aware of the bug, the Chief Officer – Digital and Technology advised that the description of the bug within the release notes, was not sufficient enough to indicate the implication it may have on the system.
In response to a question relating to figures being in euros and whether this was accurate, the Chief Officer – Digital and Techology advised that he would ensure the template was amended to reflect the correct currency.
In response to a question relating to whether this incident would be reported as a data breach, the Chief Officer – Digital and Techology advised that there was an assessment undertaken at the time which showed that is was not a data breach as it was incorrect information published.
In response to a question relating to whether there was human error with the incident, the Executive Director of Corporate Services advised that there were robust vendor logs to show the user and the activity that was being undertaken and that he user would not have known that this incident had occurred.
The Committee resolved:-
(i) to note that the bug was contained in the release notes provided to the Council however the description of the bug was insufficient to identify the implication it would have in the system; and
(ii) to otherwise approve the recommendations contained in the report.