Nottinghamshire Fire and Rescue Service
Enabling Services Strategy 2025-28

ICT and cyber security strategy

We use digital technology, or information and communication technology (ICT), in a huge variety of ways to support our activities. Whether it's mobilising resources to operational incidents and making sure that our front-line colleagues have all the data and intelligence they need or using business systems to manage and control our resources, technology touches every part of our Service.

Our ambition

Our ICT and cyber security strategy supports our ambition to be an outstanding fire and rescue service in the following ways:

  • By working alongside business users and the projects team, to ensure that we procure and successfully implement the most appropriate solutions to meet the needs of the organisation into the future
  • By exploiting opportunities provided by technology to improve the efficiency and effectiveness of our activities, tailor our services to the needs of our communities and support colleagues to use their digital tools confidently
  • By promoting interoperability between systems and processes to improve the use and availability of data, helping drive improvements in the service
  • By maintaining the security and integrity of our systems and data
  • By optimising ways of working within the ICT team through the adoption of industry standard practices and processes
  • By supporting colleagues in their use of ICT through a more efficient service desk capability, with a greater emphasis on enabling self-service
  • By investing in developing both the skills of the ICT team and the skills and confidence of colleagues using the various systems, we will support continuous improvement in performance across the organisation

Where we want to be

During the life of this strategy, we aim to:

  • Investigate the benefits of a unified Digital, Data and Technology (DDaT) function, and develop a combined strategy
  • Review the resourcing model within the ICT team to ensure optimum service levels
  • Improve the digital maturity of the organisation, considering the findings of an independent digital maturity assessment conducted in 2024
  • Complete the implementation of the new mobilising system
  • Support the implementation of a new incident recording system (FaRDaP)
  • Maintain a robust and reliable ICT infrastructure
  • Conduct a programme of equipment replacement and plan a refresh cycle to better support the service and ensure outdated and unsupported equipment is properly retired
  • Review, upgrade and integrate our core ICT systems where contracts expire during the CRMP 25-28. Systems affected are fleet management, facilities management, building management, HR & payroll, occupational health
  • Provide education, training and support to upskill staff in the effective use of technology and core systems
  • Develop a more efficient service desk capability
  • Investigate the feasibility of building and maintaining an in house software and application development facility, including a review of the viability of current ad-hoe facilities
  • Achieve the National Cyber Security Centre Cyber Assessment Framework baseline by December 2025
  • Review disaster recovery policies and processes and test them to ensure preparedness
  • Review contingency and security incident response plans
  • Implement robust contract management to ensure systems and suppliers are as effective, efficient, and secure as possible

Operating context

The Government Cyber Security Strategy 2022-2030 sets out a framework to build a cyber-resilient public sector. The Security Centre Cyber Assessment Framework (CAF) helps organisations evaluate their cyber security measures against best practices and regulations. The Fire Standards Board Digital and Cyber Standard set out requirements and guidance for a modern fire service to make appropriate use of digital technologies. Additionally, the NFCC Digital, Data and Technology strategy and roadmap establishes priorities and outlines the national vision for improvement.

Without digital technology we could not work effectively or do the job we do for communities across Nottinghamshire.

The current provision includes:

  • Local and wide area networks, including an SO-WAN service, enabling connectivity across all our premises
  • A wide range of hardware, including desktop and tablet PCs, audio visual equipment, radios, mobile phones and pagers, mobile data terminals (MDTs) in fire appliances, printers and other peripheral devices (monitors, keyboards, mice, etc.)
  • Many software applications and tools, including general office applications within Microsoft's M365 product suite and function specific systems supporting all areas of the organisation

Our key strategic systems are all off the shelf solutions and currently include:

  • Agresso - supporting finance and inventory management
  • iTrent - supporting HR and payroll
  • CFRMIS - supporting prevention, protection and response in relation to community risk data
  • FireServiceRota - supporting the rostering of operational staff
  • Systel - supporting response in relation to mobilisation and management of incident response
  • IRS - supporting the documentation of incidents and the actions taken in response to them
  • Concerto - supporting facilities management
  • Tranman - supporting fleet management
  • Redkite - supporting asset management
  • ManageEngine - supporting service desk requests

We use M365 to support general information and business management functions. In particular:

  • Power BI - providing the management information and reporting needs of the organisation
  • SharePoint - providing file and document management
  • Teams - providing voice and instant message communication and offering collaboration tools to support meeting and team working

In addition, there are many smaller systems and applications, some of which are developed in-house to support specific, local requirements. In house development mostly takes place using Microsoft PowerApps.

Cyber security is a major focus, with the ever-present threat of cyber-attacks which can disrupt critical services, compromise data and impact on emergency response times. Attacks like malware or ransomware pose threats to data integrity by encrypting or deleting crucial information, which can cripple an organisation like ours for extended periods whilst the situation is resolved. The risk includes attacks on suppliers and partner institutions as well as the Service itself.

We maintain secure, up-to-date ICT systems, and provide training to colleagues to help them recognise and respond to cyber threats. Our security infrastructure has been independently assessed and awarded Cyber Essentials accreditation. We aim to continually improve our cyber security standing.

We must ensure sufficient resilience to provide business continuity that can respond to a wide range of issues from a single system or component failure to the complete loss of power or service.

We aim to be fully compliant with the Digital and Cyber Security fire standard.

Operating principles

We have adopted the following principles in respect of our digital strategy.

  • Operate a rolling renewal programme of all assets to maintain a fit for purpose provision of digital equipment
  • Strategically support all lCT systems
  • Adopt a 'digital first' approach that seeks to aid staff in streamlining processes and providing relevant support
  • Provide secure, resilient and appropriate systems, communications and processes
  • Focus on the user experience
  • Meet the needs of all users, enabling accessibility to our services and processes
  • Enable flexible and agile working across our workforce
  • Minimise the impact on the environment
  • Research and engage with emerging technology
  • Encourage and listen to feedback from our users
  • Continually evaluate our processes and feed into continual service improvement
  • Ensure relevant training is provided across our systems
  • Ensure interoperability of systems, where feasible and meaningful

Drivers for change include:

  • The ICT industry is a fast moving, ever-changing environment - the pace of change in technology has accelerated leading to an increase in the use of personal devices in the workplace; artificial intelligence (Al) and its use and implications are both an opportunity and a threat, and an increasingly interconnected world presents new challenges in relation to cyber security
  • Fire Standards Board Digital and Cyber standard 2024
  • NFCC Digital Data and Technology Strategy 2024
  • Results of our recent Digital Maturity Assessment and Technical Service Review
  • Cyber Assessment Framework - NCSC.gov.uk
  • Government Cyber Security Strategy 2022-2030

Resources/ delivery model

The ICT and Cyber security team provides and supports our ICT services. They are located at JHQ, with an element of remote working. They:

  • Manage IT equipment across all Service locations
  • Deliver robust systems to underpin the Service's essential operations
  • Get involved from the earliest stages of systems procurement to ensure best fit and value for the service
  • Ensure that the ICT network is secure and resilient, enabling efficient communications across the Service

The ICT Service Desk provides a first line response for any issues, queries or requests relating to our ICT provision. The ICT Technical Analysts (or equivalent) will pick up more complex issues alongside routine work to maintain and develop the infrastructure. Where relevantI user requests may be passed on to the appropriate support team or systems administrator to resolve. User training and support is provided by the ICT Software Support Officer, to ensure that all colleagues are able to make effective use of the technology relevant to their roles.

Each of our key systems has a support team or system administrator that takes the lead on systems upgrades, testing, user support and training, and user-configurable functionality such as reporting. The ICT team work alongside these individuals and teams to co-ordinate software upgrades and ensure backup and recovery mechanisms are in place. T

here are several collaboration arrangements place:

  • We operate a Joint Fire Control function in collaboration with DFRS, which uses a jointly procured mobilisation system and station end equipment
  • Work with the Derbyshire FRS ICT team to maintain critical operational communications via Fire Control and the Airwave radio system
  • We have an arrangement with Nottinghamshire Police to use their network infrastructure to provide local area network services to our colleagues based at JHQ. The network is isolated from and secured independently from the Police network

Delivering the strategy

Over the life of this strategy, we will deliver the following:

Year 1
  • Support the staged roll-out of the new mobilising system across the fleet
  • Update the station end equipment and station interface systems
  • Continue programme of engagement and training of staff in core systems
  • Raise awareness of the ICT learning hub, enabling users to self-educate on ICT systems and facilities where possible
  • Implement recommendations of the ICT Digital Maturity Assessment
  • Review the skills required in the ICT function
  • Review the Service Desk, aiming to realise improvements across the function
  • Improve and maintain the ICT knowledge base to aid issue resolution
  • Undertake a communication and education exercise to aid users to self-serve for ICT issues
  • Develop reporting and analysis of service desk requests to proactively identify and address issues
  • Analyse the current state of Service infrastructure and develop future plans
  • Research the feasibility of employing in-house resource to provide application development, including developing cost/benefit analysis and business case
  • iTrent and Agresso will be migrated to Saas (software as a service) platforms
  • Support implementation of SiPass replacement (Paxton)
  • Support upgrade of Umbraco website development software
  • Undertake due diligence and planning on 10-year capital programme to ensure ICT hardware refresh timeline is considered
  • Review ICT re9uirements on appliances, to cover operational needs, CCTV, mobile working, Wi-Fi/cell connectivity, data capture, storage and sharing, phones, and the power, stowage and fixing points to support the equipment
  • Complete any outstanding actions to achieve the NCFC CAF baseline
  • Aim to build on our Cyber Essentials accreditation
  • Develop and plan a cycle of Cyber Security exercises utilising NIST SPB00-84 - Guidance for Testing, Training & Exercising Programme and NCSC Exercise In a Box
  • Develop disaster recovery procedures for ICT
  • Undertake an audit of software licences
Year 2
  • Support implementation of new IRS system (FaRDaP)
  • Review Microsoft licencing
  • Review mobile SIM contracts and device needs
  • Plan and test disaster recovery procedures for ICT
Year 3
  • Consolidate year l & 2 annual delivery plan

Outcomes

The successful delivery of this strategy will result in:

  • Monitoring of up-time for key systems
  • An IT literate workforce, where colleagues are competent users of our software solutions
  • Identified Service Desk efficiencies
  • Reduction in the number of cyber security incidents
  • Monitoring of cyber security compliance
  • Compliance with the Fire Standards Board Digital and Cyber standard 2024, measured against the standards a fire and rescue service must meet and should meet and aiming to hit the standards a fire and rescue service may meet
  • Alignment and support of the new NFCC Digital Data and Technology Strategy where appropriate. Measured against the NFCC DDaT roadmap
  • Answering all the questions raised by the Digital Maturity Assessment and Technical Service Review