1 Disaster Recovery, Business Continuity & Other Lessons Learned FTA Annual Conference Nashville, Tennessee Bob Tangorre Nonie Manion New York State Tax & Finance
2 September 11-A Different Type of Disaster Previous Planning Mainframe Computer System Recovery Hot Site Services Contract Provides out of town location to reestablish IBM and Unisys mainframes Reconnects our networks Tested twice a year Off Site Data Storage Critical application programs and operating systems Backup tapes of key mainframe systems data Backup tapes of return images
3 September 11-A Different Type of Disaster Other Plans We Had Y2K computer systems recovery plans Y2K business recovery plans Call Center distributed to multiple locations Employee contact database Gartner: The 11 September 2001 terrorist attacks are different in their human and enterprise operational impact from previous disasters.
4 September 11-A Different Type of Disaster What was different: We never expected to have to deal with loss of life for Department employees Loss of large numbers of original business records & the taxpayers lost their records as well Delays in mail Chase Water St. location Anthrax scares Magnitude of the event Call Center operations Donations tracking WTC Relief Fund Tax Relief Revenue Impacts
5 Things We Discovered We had no backup plans for works in progress related to our vital business records We had no centralized process for backing up our field offices servers While we had business continuity plans for Y2K, they were specific to Y2K, not generic
6 What We re Doing About it Business Continuity Planning Business Records Imaging Project Distributed Systems Disaster Recovery/Business Continuity Study
7 Business Continuity Planning Must be supported throughout the agency, not just an IT plan. Determine what the core businesses are Vision An agency that provides a fair system of tax administration, is accessible and responsive to taxpayers, and contributes to a favorable economic climate. Mission Collect tax revenue and provide associated services in support of government services in New York State. Key Service Areas Processing Services - Facilitating voluntary compliance; receiving and recording tax returns, documents and remittances; issuing refunds; and distributing funds to State and local governments. Compliance/Enforcement Services - Identifying and addressing errors, non-filers, and civil and criminal violators of the tax system. This is done through audit, investigation, collection, and dispute resolution activities. Identify what resources (IT, people, special equipment or tools) are needed to provide business continuity, disaster recovery, business recovery and business resumption plans.
8 Steps to Develop a Business Contingency Plan Establish a Business Contingency Planning Team (executive mgt) Identify core businesses (Line of Business Managers and executive mgt) Develop Business Continuity, Disaster Recovery, Business Recovery and Business Resumption Plans (Business units, IT and Business Contingency Planning Team)
9 Steps to Develop a Business Contingency Plan Identify key staff responsible for each plan with alternates, establish a contact database (sheet) and phone tree (Human Resources and Business Contingency Planning Team) Establish alternate decision-making hierarchy (Executive Staff)
10 Steps to Develop a Business Contingency Plan Establish a personnel awareness program (Human Resources and Contingency Planning Team) Determine alternate methods of communication (Contingency Planning Team) Set up a toll free number that employees can call in on for updates Test your plan once or twice a year Long Term, build Business Contingency Planning into all of your systems, operations and facility planning
11 Business Records Imaging Project Image vital business records as they are received at the district office Associate the image with an electronic case folder
12 Business Records Imaging Project Back up and store the image/electronic case folder centrally Reduce dependence on paper tax returns Image all returns received during data capture process Provide workflow tools to integrate, retrieve and use images more effectively in the work units
13 Distributed Systems Disaster Recovery/Business Continuity Study Hired an outside consultant to do a Disaster Recovery/Business Continuity study Identified the financial impact to the State (our core business is collecting tax revenue) of 20 day outages for critical processes
14 Distributed Systems Disaster Recovery/Business Continuity Study Developing a risk mitigation plan Prioritizing critical components Identifying options for mitigating risk of failure of those components Identifying operational alternatives Identifying funding sources
17 Disaster Recovery, Business Continuity & Other Lessons Learned Questions? What are you doing?
Experience the commitment issue PAPeR Trends in Managed Services in Tax Administration This issue paper reviews the findings of a joint survey by CGI and the Federation of Tax Administrators asking senior
Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain
RENT vs. BUY AUDIO VISUAL EQUIPMENT When does it make sense for your organization to rent audio visual equipment versus purchasing it? Rent vs. Buy: Audio Visual Equipment 1 Rent vs. Buy Audio Visual Equipment
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
Standards for Internal Control in New York State Government October 2007 Thomas P. DiNapoli State Comptroller A MESSAGE FROM STATE COMPTROLLER THOMAS P. DINAPOLI My Fellow Public Servants: For over twenty
EMR Incorporation: Evaluating the Benefits for Your Organization BHM Healthcare Solutions Measurable Results. Sustainable Solutions Learning Objectives To evaluate the pros and cons of electronic medical
United States Government Accountability Office Report to the Subcommittee on the Legislative Branch, Committee on Appropriations, U. S. Senate March 2015 INFORMATION TECHNOLOGY Copyright Office Needs to
Cybersecurity Unit Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice 1301 New York Avenue, N.W., 6th Floor, Washington, D.C. 20530 - CYBERSECURITY.CCIPS@USDOJ.GOV
Designing and Building a Call Center For Mobile Money Financial Services Design the Call Center Determine the model that will be used for the call center, i.e. a customer centric or product centric approach
ch01.fm Page 1 Thursday, November 4, 1999 12:19 PM Chapter 1 Lights Out Exposed Planning and executing a successful automation project begins by developing realistic expectations for the purpose and scope
Emergency Management Guide for Business and Industry A Step-by-Step Approach to Emergency Planning, Response and Recovery for Companies of All Sizes FEMA 141/October 1993 EMERGENCY MANAGEMENT GUIDE FOR
Security Policy: Best Practices White Paper Document ID: 13601 Introduction Preparation Create Usage Policy Statements Conduct a Risk Analysis Establish a Security Team Structure Prevention Approving Security
U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
Government Records Procedure GRO 3 Retrieving Records Government Records Office Archives of Manitoba 2 PROCEDURE GRO 3: Retrieving Records Updated: October 2013 CONTENTS PURPOSE... 3 AUTHORITY... 3 POLICY...
Small Business Legal Audit Checklist 2008 Stuart Adams 1. Basic Disaster Preparation and Planning None of us like to think about disasters, and many of us have an it won t happen to me attitude. The following
CUNY Business Continuity and Disaster Recovery Task Force Information Technology Subcommittee IT Disaster Recovery/Business Continuity Recommendations Adopted by CUNY IT Steering Committee on September
WORKFORCE SOLUTIONS Tax Credits and Incentives We know where to look. We combine technology and expertise to identify and capture all the federal, state, and local tax credits available to your organization.
REED COLLEGE ediscovery GUIDELINES FOR PRESERVATION AND PRODUCTION OF ELECTRONIC RECORDS TABLE OF CONTENTS A. INTRODUCTION... 1 B. THE LANDSCAPE OF ELECTRONIC RECORDS SYSTEMS... 1 1. Email Infrastructure...
CLOUD COMPUTING READINESS VOLKER RATH VOLKER RATH 1 CONTENTS HOW SHOULD THIS GUIDE BE USED? 2 WILL MY COMPANY BENEFIT FROM 2 TRANSITIONING SERVICES TO THE CLOUD? CLOUD READINESS OVERVIEW 3 SECURITY CONCERNS
BEST PRACTICES WHITE PAPER Measuring Success Service Desk Evaluation Guide for the Midsized Business: How to Choose the Right Service Desk Solution and Improve Your ROI Table of Contents INTRODUCTION...1
FIRST Site Visit Requirements and Assessment Document originally produced by CERT Program at the Software Engineering Institute at Carnegie Mellon University And Cisco Systems PSIRT Revision When Who What
WHITE PAPER Business Process Services: A Successful Transition Is the Foundation of World- Class Outsourcing A summary of the key transition questions asked by our clients In this paper, we examine five
Auxiliary Services Optimization Managed Print Services MCP Presented By: Bernard Newman NAE Sales & Business Development Managed Print Optimization & Cost control strategy Why you should consider Managed