AGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE

Similar documents
Andrew Durant/Ellen Sullivan

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Policy. Business Resilience MB2010.P.119

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Business Continuity and Disaster Recovery

Nottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable

SOUTH AFRICAN LIBRARY FOR THE BLIND (SALB)

Cyber security. Strategic delivery: Setting standards Increasing and. Details: Output:

The ehealth Annual Report aims to highlight the activities within the teams that make up the ehealth Department.

Virtual protection gets real

Information Security Controls Policy

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

TSC Business Continuity & Disaster Recovery Session

Aneurin Bevan Health Board

New Zealand Government IBM Infrastructure as a Service

Todmorden High School Job Description

INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES

ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Programme Headlines. Project Headlines. Appendix - Watford 2020 Progress Update Report 8 November 2017

IT Progress Report. Presented by: Owen Brady Director of Information Technology. Board. 19 th March 2015

SEC Appendix AG. Deleted: 0. Draft Version AG 1.1. Appendix AG. Incident Management Policy

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

Ensure that all windows servers are patched and virus checked to the correct levels and that changes are made in line with ISO standards

NEN The Education Network

ICT DISASTER RECOVERY PLAN. FIRST DRAFT: ET 2015#11 (21 October 2015) None to Date

Business Continuity Policy

Mid-Kent ICT Services Technology Strategy. Author: Tony Bullock Date: September 2013 Version: 019

REPORT 2015/149 INTERNAL AUDIT DIVISION

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Introduction to SURE

AUDIT OF ICT STRATEGY IMPLEMENTATION

DO NOT USE Microsoft Designing Database Solutions for Microsoft SQL Server

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

B.29[18a] Infrastructure as a Service: Are the benefits being achieved?

The Virtualisation Journey at Perpetual. Business Technology Group November 2009

REPORT 2015/010 INTERNAL AUDIT DIVISION

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

Information Security Strategy

Disaster Recovery and Business Continuity

Meeting of the BBC Audit and Risk Committee SUMMARY MINUTES. Thursday 22 June, 2017 New Broadcasting House, London

Dell helps you to simplify IT

Mission Statement & Company Overview

OPTIONS FOR INFORMATION COMMUNICATION TECHNOLOGY (ICT) PROVISION AND SUPPORT CONTRACT

ROLE DESCRIPTION IT SPECIALIST

New Zealand Government IbM Infrastructure as a service

Governing Body 313th Session, Geneva, March 2012

Migrating a critical high-performance platform to Azure with zero downtime

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

AtoS IT Solutions and Services. Microsoft Solutions Summit 2012

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Cyber Security Strategy

SQL Server Virtualization 201

Conducted by Vanson Bourne Research

User Guides. Here is an overview of the process for connecting with organisations and using the App

Position Description For ICT Systems Officer Information, Technology and Communication Department Hobart

Position Description IT Auditor

Paddy Power Betfair Percona and MySQL Shane Murray & Andrew Cook

Protecting information across government

Introduction to Business continuity Planning

COUNTY GOVERNMENT OF BUSIA P.O. PRIVATE BAG BUSIA, KENYA. Disaster Recovery & Business Continuity Plan for ICT Services

IN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK

Day One Success for DevSecOps and Automation on Azure

The Project Charter. Date of Issue Author Description. Revision Number. Version 0.9 October 27 th, 2014 Moe Yousof Initial Draft

CYBER RESILIENCE & INCIDENT RESPONSE

BREITKOM Network Sdn Bhd Corporate Profile

Certified Information Systems Auditor (CISA)

National Disaster Risk Management Plan Disaster Management Centre Ministry of Disaster Management

Buyer s Guide: DRaaS features and functionality

Memorandum APPENDIX 2. April 3, Audit Committee

SHARED SERVICES - INFORMATION TECHNOLOGY

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

SFH Digital Strategy Roadmap 2017/18 to 2011/2012

Overcoming the Challenges of Server Virtualisation

QUALITY IT SUPPORT TAILORED FOR NOT FOR PROFITS

Why Continuity Matters

EA-ISP Business Continuity Management and Planning Policy

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

From Single File Recovery to Full Restore: Choosing the Right Backup and Recovery Solution for Your Cloud Data

Evaluation of technologies that will improve the UEL IT infrastructure, recommending and advising on strategic improvements

Port Facility Cyber Security

Staffordshire University

University of Texas Arlington Data Governance Program Charter

Introduction to Business Continuity Management

Ofqual. Ofqual Supporting a Cloud-First Programme. Client Testimonial

Dated 3 rd of November 2017 MEMORANDUM OF UNDERSTANDING SIERRA LEONE NATIONAL ehealth COORDINATION HUB

Recovery at a Click - where to be in 18 months

Accelerate Your Enterprise Private Cloud Initiative

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Applying Mitigation. to Build Resilient Communities

20465: Designing a Data Solution with Microsoft SQL Server

ICT Infrastructure for Digital Government Services. GovTech-Government Infrastructure Group (GIG)

Consolidation Committee Final Report

INFORMATION SECURITY AND RISK POLICY

Transcription:

AGENDA ITEM: 3.4 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE DATE OF MEETING: 3 MAY 2018 Subject: Approved and Presented by: Prepared by: Other Committees and meetings considered at: Considered by Executive Committee on: IT DISASTER RECOVERY AND BUSINESS CONTINUITY PLAN Andrew Durant/Ellen Sullivan Michael Jones None Not considered at time of reporting PURPOSE: The purpose of this paper is to update the Information Management, Technology & Governance Committee on the ICT Disaster Recovery and Approval/ Ratification/Decision Discussion Information THE PAPER IS ALIGNED TO THE DELIVERY OF THE FOLLOWING STRATEGIC OBJECTIVE(S) AND HEALTH AND CARE STANDARD(S): Well Being Objective 8: Transforming in Partnership Health and Care Standards: Organisational Priority 27 The information outlined in this paper supports Governance, Leadership and accountability. Page 1 of 5

EXECUTIVE SUMMARY: As requested at the last IMTG this report provides an update on the following area: 1. ICT Disaster Recovery and Actions undertaken: A review of ICT system documentation and processes has been completed and brought together to develop a comprehensive set of tools, manuals and policies to support ICT disaster recovery processes. A draft integrated has been developed to provide a standard approach to business continuity which clearly identifies shared resources that are available to respond to incidents. The work carried out commenced with an audit and review of systems and information sources used by Powys ICT to support the infrastructure. Identified actions included the creation of plans, manuals, test plans, supporting procedures. Disaster Recover Policy / Plan A top level Disaster Recovery Policy has been drafted (PTHB-ICT007 ICT Disaster Recovery Policy) and handed over to Powys ICT infrastructure team for implementation. A top level Disaster Recovery Plan (PLA-POW-ICT001_Disaster Recovery) has been completed and handed over to Powys ICT infrastructure team for implementation. This provides more detailed instructions around processes to be undertaken for disaster recovery response. This plan was originally created in respect of health requirements, during 2018 it will be replaced by a single integrated plan for health and council ICT. Disaster Recovery Manuals A set of manuals, recording the information required for system recovery, have been created for systems managed by Powys ICT for health users: Page 2 of 5

There is a core of 21 manuals providing detailed instructions and configuration information for system management and recovery. This includes information to allow the infrastructure team to plan for failover options. It includes a backup and DR test plan as agreed by the infrastructure team for regular testing and assurance around system recovery. Manuals are reviewed on an annual basis or more regularly if the infrastructure team determine a requirement. The manuals are stored in electronic format in a number of locations across Powys to maximise access options. Paper copies are also kept in the main computer room in Bronllys. Disaster Recovery Toolkit In order to support timely operational response a variety of resources are required. This will include information around network designs, addressing, physical locations of equipment, warranty information. For health locations and systems this information has been consolidated into an electronic library of information that has been labelled as the disaster recovery toolkit. The toolkit includes shutdown and start-up scripts to support the infrastructure team in undertaking responses. The toolkit also includes documented maintenance checks to support the infrastructure team in undertaking proactive monitoring of systems to minimise service downtime and to reduce operation risk. This is supported by a software library to enable restoration of software, applications and operating systems. Disaster Recovery Infrastructure During 2017/18 the ICT service has undertaken a number of actions designed to improve the capability, these include: 1. Storage Area Network A storage area network is a highly resilient solution for storage. Powys has implemented a solution that improves performance and resilience over previous systems in place. 2. Cluster A cluster is a group of physical servers working together to provide a virtual server infrastructure. This provides a load balanced system with 4 nodes capable of hosting resources loss of a physical node will result in services Page 3 of 5

being switched to other nodes automatically and with minimal impact on users. For Powys each node should be capable of providing services in the event of a situation (i.e. we can lose three nodes will limited impact on services). 3. Switch Refresh The core of our networks is based around central network switches. Much of the estate throughout Powys was quite old and no longer meeting performance requirements. During the end of financial year 2017 a programme of replacing older units was undertaken to improve resilience and performance across local networks. 4. Exchange Work was completed during the first quarter of 2017 to migrate Powys across to Exchange 2010 based on a three server solution. Two servers, located in Bronllys, provide automatic failover to each other. The third server is located in Brecon and provides off site failover for the service. 5. DR Failover Site A medium term solution was implemented in Brecon to provide a manual failover site for the majority of services provided from Bronllys. This solution provides the infrastructure team with the capability to re-provide services within a reasonable time frame even if they don t have physical access to the main computer room in Bronllys. 6. Wireless programme To support alternative access options for users and to provide further resilience options a programme has been undertaken to blanket cover health board sites with wireless network access. The infrastructure team developed, during 2017, a health centric business continuity plan. This will be replaced by comprehensive integrated plan to cover all of Powys ICT operations across council and health. This will help support a standard approach to business continuity and clearly identify shared resources that are available to respond to incidents. Completion of the integrated ICT is targeted for mid-summer of 2018. As Powys ICT is a service provider to the wider council and health board parts of the plan will be dependent on other areas clearly identifying their ICT business continuity requirements within their plans. This will enable Powys ICT to clearly understand resource requirements and update its plan accordingly. Page 4 of 5

RECOMMENDATION(S): It is recommended that the Information Management Technology & Management Committee DISCUSS and NOTES the IT Disaster Recovery and. NEXT STEPS: There are still single points of failure that require work to mitigate risks. Offsite backup and disaster recovery sites will need significant improvements to provide robust capabilities from investigative work undertaken cloud solutions have been identified as the most appropriate solution. Once NWIS have completed the initial configuration and pilot work around Azure / Office 365 this will be investigated as appropriate solution for health (mirroring work already undertaken for council). To reduce risks and to improve business continuity it has been determined that services presently provided from Bronllys computer room should be provided either from a purpose built 3 rd party data centre or via a cloud solution. Work is underway to look to implement consolidation of services to a centrally provided infrastructure this will reduce costs and hardware to support so reducing risk. Further work to improve failover capabilities is underway e.g. DHCP failover to automate processes so as to minimise impact on users. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback