Andrew Durant/Ellen Sullivan

Similar documents
AGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE

Mission Statement & Company Overview

Networks

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Business Continuity Policy

The ehealth Annual Report aims to highlight the activities within the teams that make up the ehealth Department.

Cyber security. Strategic delivery: Setting standards Increasing and. Details: Output:

New Zealand Government IBM Infrastructure as a Service

Groton Data Center Migration Project

IT Consulting and Implementation Services

Policy. Business Resilience MB2010.P.119

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Ofqual. Ofqual Supporting a Cloud-First Programme. Client Testimonial

Capabilities Statement. CITEC 317 Edward Street Brisbane, QLD

Staffordshire University

1. To provide an update on the development of the SPA Assurance Map.

The University of Queensland

Perfect Balance of Public and Private Cloud

Modular & Mobile Data Centre Solutions. Data Centre Solutions Expertly Engineered

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

The Virtualisation Journey at Perpetual. Business Technology Group November 2009

The Three Data Challenges

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

New Zealand Government IbM Infrastructure as a service

Information Technology Disaster Recovery Planning Audit Redacted Public Report

THE REGIONAL MUNICIPALITY OF YORK

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

What can the OnBase Cloud do for you? lbmctech.com

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

What you need to know about disaster recovery in the

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Introduction to Business continuity Planning

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

DATA CENTRE & COLOCATION

Nottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable

CHAIR AND MEMBERS CIVIC WORKS COMMITTEE MEETING ON NOVEMBER 29, 2016

External Supplier Control Obligations. Cyber Security

ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES

Aneurin Bevan Health Board

BT CNSP - new solutions for health and social care

Information Security Controls Policy

NEN The Education Network

Using ITIL to Measure Your BCP

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Hurricane and Storm Commercial Damage Assessment

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Protecting enterprises from potentially disastrous data loss.

REPORT 2015/010 INTERNAL AUDIT DIVISION

SOUTH AFRICAN LIBRARY FOR THE BLIND (SALB)

Business Continuity and Disaster Recovery

Organisational Development Programme Update Policy Review & Performance Scrutiny Committee January 2017

DATA CENTRE SOLUTIONS

IT your way - Hybrid IT FAQs

Securing strategic advantage

ROLE DESCRIPTION IT SPECIALIST

Infocomm Professional Development Forum 2011

Dell helps you to simplify IT

Dell helps you simplify IT

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

The Australian Government s Approach to Critical Infrastructure Resilience

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Marine Institute Job Description

IN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK

Rachel Nibbs, General Manager Resilience and Recovery

Disaster Recovery as a Service

An Introduction To Security Planning

Cisco Director Class SAN Planning and Design Service

HCL GRC IT AUDIT & ASSURANCE SERVICES

BCS Level 3 Award in Cloud Services QAN 603/0218/5

Introduction to Business Continuity Management

April Appendix 3. IA System Security. Sida 1 (8)

Introduction to SURE

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

DO NOT USE Microsoft Designing Database Solutions for Microsoft SQL Server

Building resilience. Delivering assurance.

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

Why the Threat of Downtime Should Be Keeping You Up at Night

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Director, Major Projects and Resilience. To: Planning and Performance Committee 6 November 2014

COLOCATION A BEST PRACTICE GUIDE TO IT

1560: Storage Management & Business Continuity Strategy and Futures

A framework for community safety and resilience

POSITION DESCRIPTION

ISAO SO Product Outline

Emergency Management BC Update

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

HYBRID CLOUD BACKUP & DISASTER RECOVERY

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Overcoming the Challenges of Server Virtualisation

TSC Business Continuity & Disaster Recovery Session

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

ICT and Disaster Risk Reduction Division ESCAP

A Promise Kept: Understanding the Monetary and Technical Benefits of STaaS Implementation. Mark Kaufman, Iron Mountain

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

ISSC is invited to consider the attached report and to support the proposal to change the priority order for the migration UEA web services.

INDUSTRY PERSPECTIVE

Transcription:

AGENDA ITEM: 3.5 INFORMATION MANAGEMENT, TECHNOLOGY AND GOVERNANCE COMMITTEE DATE OF MEETING: 2 OCTOBER 2018 Subject : Approved and Presented by: Prepared by: Other Committees and meetings considered at: Andrew Durant/Ellen Sullivan Michael Jones None PURPOSE: The purpose of this paper is to provide the Information Management, Technology an update against the ICT Disaster Recovery and Business Continuity Plans of PTHB. RECOMMENDATION(S): It is recommended that the Committee DISCUSSES the content and NOTES that to re-risk (reduce the risk level) will involve increased costs. Once determined these costs will form part of a business case put forward to the health board so that an informed decision as to the degree of risk that the health board is willing to accept can be agreed. Approval/Ratification/Decision 1 Discussion Information 1 Equality Impact Assessment (EiA) must be undertaken to support all organisational decision making at a strategic level 1 Information Management, Technology

THE PAPER IS ALIGNED TO THE DELIVERY OF THE FOLLOWING STRATEGIC OBJECTIVE(S) AND HEALTH AND CARE STANDARD(S): Strategic Objectives: Health and Care Standards: 1. Focus on Wellbeing 2. Provide Early Help and Support 3. Tackle the Big Four 4. Enable Joined up Care 5. Develop Workforce Futures 6. Promote Innovative Environments 7. Put Digital First 8. Transforming in Partnership 1. Staying Healthy 2. Safe Care 3. Effective Care 4. Dignified Care 5. Timely Care 6. Individual Care 7. Staff and Resources 8. Governance, Leadership & Accountability EXECUTIVE SUMMARY: This report provides an update on the following area: 1. ICT Disaster Recovery and Business Continuity Plan Actions undertaken: An integrated Business Continuity Plan (covering all of Powys ICT functions across council and health) has been developed. The ICT Infrastructure team are working on testing recovery systems and processes. This will allow them to further refine recovery processes, provide assurance on data integrity, confirm RTA (Recovery Time Actual) for systems. This testing and assurance programme is part of the teams ongoing standard operating processes. 2 Information Management, Technology

Preliminary investigations have been undertaken on the infrastructure, to determine appropriate system consolidation and future infrastructure requirements. Work is ongoing to develop a business case around moving systems into a 3 rd party data centre and/or cloud solutions. This work is designed to further de-risk the organisation, develop a more flexible, resilient, secure infrastructure and address some of the remaining single points of failure. DETAILED BACKGROUND AND ASSESSMENT: Business Continuity Plan Part of the integration of the service across council and health is to ensure policies / process are aligned as far as possible. This minimises response times or confusion when responding to incidents. As part of this work the Cyber Security Officer has developed a single Business Continuity Plan for the ICT Service covering all its operations across the council and health service. As with any such plan this will be subject to ongoing refinement and development. Disaster Recovery and Back Testing Having disaster recovery processes and backup policies is of minimal value unless subject to ongoing testing and refinement. Without regular backup testing to provide assurance on information integrity no backup system can be warranted as fit for purpose. To this end the Infrastructure Team are undertaking ongoing, regular testing of the present backup system and the DR systems we have implemented as a temporary mitigation pending a longer term solution. These tests are designed to provide assurance as to data integrity (can we recover data from backup, is data actually being backed up); can we recover servers to alternative infrastructure, can the DR system (located in Brecon) be used to bring up servers in an alternative location. This testing provides the team with experience in using recovery systems, allows them to identify issues with recovery processes and systems, to refine those processes or systems. They can also use the actions to provide actual recovery times which will be used as part of service SLA s. This testing regime, now the team has the resource, will be ongoing using a regular cycle of testing (They aim to do some form of testing every week). 3 rd Party Data Centre / Cloud Whilst we have documented our systems, recovery processes and implemented some mitigation in respect of our infrastructure (improvements in network hardware, failover capabilities, and primary hosting in Bronllys) 3 Information Management, Technology

there is significant work required to provide the health board with a truly resilient infrastructure that re-risks the organisation. The main computer room in Bronllys has a number of limitations. It is a repurposed ground floor room in a former ward. The floor above consists of a toilet block so there is a potential flood risk. The structure is part of the original hospital, so dates back 100 years. It is difficult to maintain the room as a completely clean room environment. The hospital electrical supply has a number of issues and there is a single point of failure, in regard to the link to the room. The network connection into the room consists of a single fibre optic cable (4-cores). The wide area connection is dependent on a single connection into the site due to our rural location it is financially infeasible to provide a resilient connection. Whilst we have tried to provide a degree of security to the room, we have limited response capabilities out of hours (i.e. there will be a significant delay in response should the room be compromised). The failover infrastructure uses older equipment, no longer required for primary purposes, and is located in Brecon hospital. The Brecon computer room has even more limitations in regard to environment, security, power. The network connection is presently over utilised (i.e. too much data for bandwidth) so this would limit performance in the event of a failover incident. Our offsite backup systems are reaching end of life and we need to determine how best to provide such a solution going forward. Following an a detailed assessment of our capabilities it has been determined that to provide the health board the robust, secure, agile infrastructure it requires we need to de-risk ourselves, moving to hosting solutions. Improving our on premise environment is not cost effective and limits our capabilities. At present our investigations are centred on cloud and where on premise requirements will be required, use of a dedicated third party data centre. Cloud Cloud is generally used about a certain type of linked data centres which use advanced management systems providing an agile, secure and responsive solution. They incorporate a number of systems and solutions building on traditional ICT models to provide advanced capabilities in regard to use of data, applications and management. For our purposes when we talk of cloud solutions we are looking at Microsoft Azure as the best fit for our requirements, infrastructure. 4 Information Management, Technology

Azure has a number of capabilities in regard to backup and DR that would ensure our systems are appropriately protected and services can be restored in a timely fashion in the event of an incident. Our present work is investigating how cloud would best fit our requirements, whilst controlling costs, improving support. Some legacy systems may not be best suited for a cloud solution and as such we may have to operate a hybrid model and have a local data centre requirement. This would be provided via a 3 rd party data centre 3 rd Party Data Centre A number of providers have dedicated data centres and will rent space to organisations or provide hosting capabilities for virtual servers. Such spaces will have appropriate security, environmental controls (including power, cooling, and fire protection) and resilient network connectivity. We are presently investigating a number of options around such solutions to provide an integrated hosting environment for both health and council systems. Where possible we are looking to provide a single solution for council and health systems, this is to simplify support and keep costs to a minimum. NHS Wales have implemented a cloud solution (Azure tenancy) that should be available to all health boards. We will investigate this option as a primary solution, as opposed to our own tenancy. NEXT STEPS: Develop a business case in regard to hosting as part of providing an appropriate disaster recovery and business continuity solution for the health board. 5 Information Management, Technology

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback