Technical update - further guidance

05 June 2017

With the Policing and Crime Act 2017 now in force, it is pertinent to consider guidance for chief executives of Offices of Police and Crime Commissioners published by the Association of Policing and Crime Chief Executives (APACE) regarding the duty for emergency services to keep opportunities for collaboration 'under review' and where a case is made, for the Police and Crime Commisstioner (PCC) to 'take responsibility for the governance of their local fire and rescue service'. The guidance details the processes PCCs are required to follow as a result of the Act, with a particular focus on the 'five case model,' the standard used by HM Treasury for drafting public sector business cases.

PCC governance of fire and rescue authorities will occur only when a local case is made that is deemed to be:

 

'in the interests of efficiency, economy and effectiveness, or public safety.'

 

Various factors that PCCs need to be aware of when looking into taking over governance for a fire and rescue authority (FRA) include:

  • the boundaries of the PCCs area and the FRA area they are proposing to take responsibility for must be 'coterminous'. This means that a PCC cannot propose to take responsibility for only one FRA in an area where others are also situated in their police area;
  • a PCC responsible for the governance of a FRA would become a 'Police, Fire and Crime Commissioner' (PFCC);
  • the PFCC would be required to prepare both a policing and crime plan and a strategic fire and rescue plan but may decide locally whether to combine these plans; and
  • the PFCC could decide to run a 'single employer model', whereby one 'chief officer' could be appointed who employs both police and fire personnel.

The cyber threat

Published by the National Cyber Security Centre (NCSC) in collaboration with the National Crime Agency, is the first annual threat assessment of cyberattacks to the UK, which remarked on the 'significant and growing threat.' Of course this cyber threat posed to individuals, organisations and government has never been more apparent with the recent outbreak of the 'WannaCry' ransomware, which has seen 200,000 victims in over 150 countries affected with many systems still at risk. It is against this backdrop that we have published the results and report of our cybercrime survey.

Our technology risk assurance partner, Sheila Pancholi, commented:

‘Today’s annual assessment published jointly by the NCA and the NCSC underlines that the risk to business from cybercrime is significant and growing. Within the last year, 65 per cent of large UK firms have detected a cyber security breach or attack and this is likely to be the tip of the iceberg.'
The NCSC has also published a report on how the cyber crime online business model actually works; looking in detail at how organised criminal groups (OCGs) exploit low risk low cost criminal activities that are not 'actively prosecuted by the authorities.' The report looks in depth at the various functions of an OCG, from the 'team leader' to the 'data miner', who can extract key data from large bulk intercepts that are growing in prevalence in cyberspace.

Upgrading emergency services communications

The Public Accounts Committee (PAC) is 'greatly concerned' that the introduction of the Emergency Services Network (ESN) has been delayed, but also 'is not likely to be deliverable' within these delayed timescales, and with 'potentially catastrophic' new operational information regarding the use of current system 'Airwave' coming to light. 

The hastily published report 'Upgrading emergency communications - recall' which closely follows a report on the ESN by the PAC in January 2017, comes after revelations from Motorola, the owners of Airwave, that extensions to keep the Airwave system running after March 2020 could now not be possible due to upgrade works planned by supplier Vodafone that would make the Airwave system unusable unless additional compatibility work for Airwave is performed. The PAC emphasised the importance of the Home Office engaging with Motorola and Vodafone to find a solution to this impending problem highlighting the huge effects any shutdown of service would have on the emergency services. The Home Office was also criticised for the 'little slippage' (nine months) of the transition period for the ESN to September 2020, and the additional issues this will cause in establishing which regions will require 'dual running' of the ESN and Airwave in the transition period. 

In addition the PAC was critical of the Home Office's risk identification and management, stating that the Home Office 'did include a general risk around extending what was ageing equipment but it did not anticipate the specific issue that has occurred,' with the PAC also expressing its surprise that Motorola themselves did not pick up on the issue when conducting due diligence before the companies purchase of Airwave in February 2016.

Download the full report to find out more on the below areas affecting the emergency services sector including key questions for your audit committees consideration.