Hawaii Behavioral Health. Information Technology. Contingency Plan Version: 1.0. Carla Gross Chief Operating Officer
|
|
- Audrey Allison
- 8 years ago
- Views:
Transcription
1 Hawaii Behavioral Health Information Technology Contingency Plan Version: 1.0 Carla Gross Chief Operating Officer Prepared by: Michael Lukson
2 Hawaii Behavioral Health INFORMATION TECHNOLOGY CONTINGENCY PLAN Version: 1.0 This Hawaii Behavioral Health (HBH) Contingency Plan establishes procedures used to recover HBH Information and Technology Systems following a disruption in service or a critical failure event. The following objectives have been established for this plan: Maximize the effectiveness of contingency operations through an established plan that consists of the following phases: Notification/Activation phase to detect and assess damage and to activate a plan to restore and recover affected systems. Recovery phase to restore temporary IT operations to support continued operations until the reconstitution phase is complete. Reconstitution phase to restore/rebuild the affected IT systems back to normal operations. Prepared by: Michael Lukson Date: 05/01/15 Reviewed by: Jessica Wong-Sumida Date: 05/08/15 Approved by: Carla Gross Date: 05/15/15
3 1.1 BACKGROUND This HBH System Contingency Plan has been developed as required under the Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, November 2000, and the Health Insurance Portability and Accountability Act (HIPAA) Final Security Rule, Section (a) (7), which requires the establishment and implementation of procedures for responding to events that damage systems containing electronic protected health information. This HBH System Contingency Plan is promulgated under the legislative requirements set forth in the Federal Information Security Management Act (FISMA) of 2002 and the guidelines established by the National Institute of Standards and Technology (NIST) Special Publication (SP) , titled "Contingency Planning Guide for Information Technology Systems" dated June APPLICABILITY The HBH System Contingency Plan applies to HBH Information Technology systems and delineates the necessary procedures and resources required in the event of a systems failure. The goal of these procedures is to restore normal IT operations and business functionality. The HBH System Contingency Plan applies to the Operations Division (OPDIV) and all other persons associated with HBH Systems as identified under Section 2.3 Responsibilities. The HBH Systems Contingency Plans is supported by the HBH Recovery and Backup Plan. This plan lays out the specific backup operations used to protect HBH critical data. It also lays out the specifics of critical HBH systems, where they are physically located, and the general methods for backup. The HBH Systems Contingency Plan is also supported by the HBH Technology Plan which lays out expected technology related updates or reviews on current systems. 1.3 SCOPE Planning Principles This plan is designed for two basic scenarios. a. SINGLE SYSTEM FAILURE: The first is a single critical system failure. This would be a single system which failed due to software or faulty hardware. An example would be a failure of the file server in Honolulu. This type of event would cause the temporary loss of IT resources for the type of system failed. In this example a file server failure in Honolulu
4 would deny OPDIV staff the use of file server data such as user and workgroup folders. However, other operations such as , billings and information management which do not rely on the failed system would still be functional. b. SITE CRITICAL SYSTEM FAILURE: This would be a system failure at a specific location due to a disaster event. Examples of this type of even would be loss of a critical location such as the Honolulu office to possibly due to a natural disaster event such as a Hurricane, Tsunami or building fire. This type of event would cause major system outages and affect business operations more seriously than a single critical systems failure Contingency Plan Action In the event of a failure of an HBH critical systems failure contingency operations will be put into place. These operations will have two or three phases. Phases Notification/Activation Recovery Reconstitution Phase Overview The notification/activation phase is the determination after a critical system failure of which plan type to implement and the notification of HBH system users of the system outage and expected recovery estimate. Recovery is the temporary restoration of an HBH system assets. Depending on the specific system this is not always possible. For instance in the failure of the a temporary restore would not be possible. Only the reconstitution of the server would solve this system outage. However, some systems as the file server user and work groups data files can be restored for temporary usage while system reconstitution operations are occurring. This phase is rebuild of the affected system back to its normal state. The two types of plan operations are: a. Quick Recovery Operations: For system failures where the expected recovery time is estimated to be under 48 hours, the determining authority may decide to not implement a recovery phase and accept the service loss until system reconstitution. b. Full Recovery Operations: In full recovery operations scenario it has been determined that full system reconstitution will take longer than 48 hours. In this plan the determining authority has decide to allocate resources to the recovery phase to try reduce the system impact on normal business operations.
5 A determination will be made by the Chief Operating Officer which type of recovery plan will be put into place. This decision will be made depending on the type of system which has failed. Certain systems such as the domain controller, and do not the ability to have a recovery (i.e. temporary) system put into place. Other systems such as the file server can have a recovery system put into place for business operations. 1.4 REFERENCES/REQUIREMENTS This HBH Contingency Plan complies with the OPDIV IT Contingency Planning Policy as follows: The organization shall develop a contingency planning capability to meet the needs of critical supporting operations in the event of a disruption extending beyond 48 hours. The procedures for execution of such a capability shall be documented in a formal contingency plan and shall be reviewed at least annually and updated as necessary. Personnel responsible for target systems shall be trained to execute contingency procedures. The plan, recovery capabilities, and personnel shall be tested to identify weaknesses of the capability at least annually. The HBH System Contingency Plan also complies with the following federal and departmental policies: The Computer Security Act of 1987 OMB Circular A-130, Management of Federal Information Resources, Appendix III, November 2000 Federal Preparedness Circular (FPC) 65, Federal Executive Branch Continuity of Operations, July 1999 Presidential Decision Directive (PDD) 67, Enduring Constitutional Government and Continuity of Government Operations, October 1998 PDD 63, Critical Infrastructure Protection, May 1998 Federal Emergency Management Agency (FEMA), The Federal Response Plan (FRP), April 1999 Defense Authorization Act (Public Law ), Title X, Subtitle G, Government Information Security Reform, October 30, 2000
6 2 CONTINGENCY OPERATIONS 2.1 SYSTEM DESCRIPTION AND ARCHITECTURE A. HARDWARE OVERVIEW: In the event of a critical systems failure one consideration is that the organizational hardware is not off the shelf items which can be replaced locally. Rack mounted servers and network switches will have to be ordered from specialty companies and delivery of replacement systems may take longer than a week. Because each HBH has a firewall appliance with a VPN tunnel a temporary restore may be possible using existing domain servers or file servers via this method. B. DOMAIN CONTROLLER SYSTEM: HBH has two domain controllers located in Honolulu and Hilo. These domain controllers provide logon and file security authentication for HBH sites. In the event of a critical failure in one facility the domain controller should be able to provide logon and file authentication using VPN access until a new system is rebuilt. In the event of a system failure on the domain controller, a general overview of what should occur: 1. New rank mounted server hardware acquired. 2. Windows Server Operating System installed and setup for HIBH.org domain. 3. A restoration of HIBH.ORG domain occurs from the system backup file. C. MANAGEMENT INFORMATION SYSTEMS (NPA WORKS): The HBH management and information systems is called NPAWorks. This system is provided by CodeMetro and physically located in California. Work performed. Because this is a remote web based application a site critical failure should not impact the use of this system. The use of any internet capable workstation should allow HBH to continue using this system. D. BILLING SYSTEMS: Billing is performed via NPAWorks and the Department of Education provider data system. Both of these systems are maintained by external agencies. A critical system failure at an HBH location will not affect billing output. The use of any internet capable workstation should allow HBH to continue billing operations.
7 E. ACCOUNTING SYSTEM: The HBH Accounting system is Quickbooks. In the event of a critical failure the following primary events will have to occur to bring the system back online: 1. CLIENT WORKSTATION INSTALL: A reinstall of the accounting system on the client. The client system will also have to be activated. 2. SERVER CLIENT INSTALL: A reinstall of the accounting system (server) will have to occur. 3. DATA FILE RESTORED: The backup copy of the accounting system will have to be copied back to the server client location and then referenced as the data file by the client server. F. PAYROLL SYSTEM: HBH uses ADP Webpay as the system for employee payroll. In the event of a facility site failure the payroll system should not be affected. However, on the individual payroll workstations webpay users will have to install a security certificate before being able to use the system. ADP has a technical support hotline to assist with this. G. HBH SYSTEM: HBH currently uses Microsoft Exchange as the HBH system. This system located in the Hilo office. backups occur and offsite copies occur using the VPN connection between offices. In the event of failure the following general operations will occur. 1. SERVER INSTALLATION: Microsoft Exchange will have to be installed on the new server. 2. RESTORE OF DATA: The exchange data files will be restored using the system backup file. H. HBH WEB SERVER: The HBH Web server is currently located in Hilo. Backups of the website occur and are stored offsite in Honolulu. In the event of failure the following general operations will occur. 1. SERVER INSTALLATION: The designated server will have to have the correct web server software and content management system (CMS) installed. 2. WEB SITE RESTORE: The web site files should be restored from the backups. I. PRIMARY DOCUMENT STORAGE: This is the central file server where user and workgroup (i.e. Masterdocs, Oahudocs) are located.
8 There are two HBH file servers. One located in Honolulu and the other in Hilo. In the event of a critical system failure the following general operations will occur: 1. FILE SERVER SYSTEM REBUILD: The file server will be rebuilt and then tied into the windows domain using active directory. 2. WORKGROUP AND USER FOLDERS RESTORED: The workgroup and user files will be restored using backups. 3. PERMISSIONS REBUILT: The permissions will be rebuilt using active directory to protect access to the data loaded. J. PHYSICAL LOCATION OF EQUIPMENT: There are server locations for HBH. There is a locked server storage area in Hilo. The second server storage area is located in the Chief Operations Officer s office. Both server location areas are rack mounted systems and kept in secure with limited access. K. EQUIPMENT DIAGRAM VPN Connection Honolulu Site Hilo Site L. Honolulu Microsoft Windows Server Firewall VPN Firewall Hilo Microsoft Windows Server Microsoft Exchange Server Honolulu File Server Hilo File Server Hilo Web Server INTERNET Peer-to-Peer Workgroup Kauai Site Peer to Peer Workgroup Firewall Firewall Maui Site Peer to Peer Workgroup
9 L. External Partnerships: HBH currently has information and technology trained staff. HBH has designated employees that can add users to the domain and create s accounts. All other technical support issues including system backups, maintenance and computer workstation setup is done using external partnerships. HBH ensures that a good synergy with external partners is established. External partners must be able to support organizations critical periods and work with management to achieve cost effective IT solutions. 2.2 LINE OF SUCCESSION In the event of a site system critical event a decision making authority will have to ensure that the contingency plan is activated. The Chief Operations Officer (COO) is the designated authority to make these decision and set the plan in motion. The plan members for contingency operations are listed in Appendix A. Plan members are responsible for reporting status information to the COO and ensuring that recover and reconstitution operations occur in a timely fashion. Any developments which affect these operations should be communicated. 2.3 RESPONSIBILITIES In the event of a facility system critical event a response team will be created using the contacts listed in Appendix A. Most system issues will be geographically centered and only the contact point listed for that region need be involved. The other team members will normally be the designating authority (COO) and the external partner (tech consultant). Because HBH has limited technical resources the majority of the work responsibility will be placed upon the external partner. With this type of setup it will be important to establish a good relationship with the external partner. The external partner should be able to commit to devoting adequate scheduling time to support system critical events when needed. Other island contact members should be able to work with the external partner to assist when needed. 2.4 TESTING AND MAINTENANCE Testing and maintenance of HBH IT systems should occur on a regular basis. Any irregularities noted in the daily system operations should be communicated to the external partner. Testing of the system backups should also occur on a frequent basis. These procedures are discussed the HBH Recovery and Backup Operations Policy.
10 3 NOTIFICATION AND ACTIVATION PHASE Upon the failure of a critical system actions should be taken to assess the damage to the system. The regional center point of contact individuals should discuss system outages with the determining authority (COO). The COO should contact the external partner to review the damage to the system and determine what steps need to be taken to bring the system back to operational status. 4 RECOVERY OPERATIONS Recovery operations will occur, when eligible, for systems when it has been determined that the outage will be over 48 hours. Not all systems are eligible for a temporary recovery situation. As an example the failure of the system would not be eligible for a temporary recovery operation. The external partner and island contact representatives will be responsible for the planning and execution of recovery operations. 5 RECONSTITUTION OPERATIONS Reconstitution Operations is the restoration of the affected system back to normal usage. Once the affected system has been put back into normal working order any recovery systems should be brought down. It is important to ensure that new data or information created on the recovery systems is brought over to the newly reconstituted system. This will ensure that no work efforts have been lost. 5.1 ORIGINAL OR NEW SITE RESTORATION When new systems have been reconstituted they may be located in a new facility. It placed in a new location it is important that ventilation, security and electrical needs are met for the new equipment. If ventilation and electrical needs are not met it can affect the new equipment in an adverse manner. The external constant should be involved with the new system layout. 5.2 CONCURRENT PROCESSING In the event of a critical system failure at a facility location many normal business operations can continue with minimal delays. The following Billing and Operations The billing systems and management information systems are hosted by companies external to HBH. A facility site failure will have minimal effect on these operations. The recovery team news
11 to produce normal computer workstation with access to the internet for these operations to continue. Accounting Operations For accounting systems Quickbooks 2013 data file is normally hosted on a server. For recovery operations a temporary system could be put into place. First a workstation would have to be put in place with Quickbooks 2013 installed. The data file (accounting information) could be directly hosted on the workstation to support accounting operations. Payroll Operations Payroll operations use ADP webpay for payroll. Because this system is external to HBH facility critical failures will have minimal impact. To continue payroll operations you will need a computer workstation. A special security certificate will have to be installed for the payroll user. ADP can support this installation via their technical support. File Server Operations HBH uses a number of regular word processing and spreadsheet documents to support business operations. During the file server reconstitution phase a recovery file server can be put into place with the backs being located on a recovery system. This will support normal business operations. 5.3 PLAN DEACTIVATION Once new systems have been put into place. The contingency operation is coming to a close. The contingency team should evaluate what may have caused the site critical failure event. Any lessons which can be learned from the event should be documented and reported to the management team. All recovery systems should be deactivated and disassembled. It is important that data from any recovery systems be brought over to the new systems so no work is lost. Recovery systems deactivated should be protected as there may be HIPAA related information stored on them. All disk media should be destroyed in accordance with normal IT policies.
12 Appendix A: Contact List # Name Contact List Plan Assignment Office Phone Cell Phone 1 Carla Gross COO cgross@hibh.org 2 Mark Chun External Partner (808) mchun@pacificprotech.com 3 Lorna Pedro- Villaneuva Big Island Contact lorna@hibh.org 4 Maila Kaneaiakala Honolulu Contact ronderom@hibh.org 5 Mary Santos Kauai Contact santosm@hibh.org 6 Courtney Azoulay Maui Contact azoulayc@hibh.org
SAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationHawaii Behavioral Health. Technology Plan. Technology and System Plan. Carla Gross Chief Operating Officer. Technology and System Plan 2013-2015
Hawaii Behavioral Health Technology Plan Technology and System Plan Carla Gross Chief Operating Officer Prepared by: Michael Lukson Hawaii Behavioral Health TECHNOLOGY & SYSTEM PLAN 2013-2015 The purpose
More informationDisaster Recovery Planning Procedures and Guidelines
Disaster Recovery Planning Procedures and Guidelines A Mandatory Reference for ADS Chapter 545 New Reference: 06/01/2006 Responsible Office: M/DCIO File Name: 545mal_060106_cd44 Information System Security
More informationDisaster Recovery Checklist Disaster Recovery Plan for <System One>
Disaster Recovery Plan for SYSTEM OVERVIEW PRODUCTION SERVER HOT SITE SERVER APPLICATIONS (Use bold for Hot Site) ASSOCIATED SERVERS KEY CONTACTS Hardware Vendor System Owners Database Owner
More informationDISASTER RECOVERY PLAN
DISASTER RECOVERY PLAN Section 1. Goals of a Disaster Recovery Plan The major goals of a disaster recovery plan are: To minimize interruptions to normal operations. To limit the extent of disruption and
More informationThe 5 Most Commonly Used Disaster Recovery Process
DR Risk Assessment White Paper This document provides an overview of Equilibrium s disaster recovery risk analysis and remediation methodology. This methodology was developed over a period of 10+ years
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationInternational Trade Administration
U.S. DEPARTMENT OF COMMERCE Office of Inspector General International Trade Administration FY 2007 FISMA Assessment of Core Network General Support System (ITA-012) Final Inspection Report No. OSE-18840/September
More informationContingency Planning Guide for Information Technology Systems
NIST Special Publication 800-34 Contingency Planning Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology Marianne Swanson, Amy Wohl, Lucinda Pope,
More informationNETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.
NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result
More informationTable Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10
Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS
More informationIdentify and Protect Your Vital Records
Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,
More informationVersion: 1.5 2014 Page 1 of 5
Version: 1.5 2014 Page 1 of 5 1.0 Overview A backup policy is similar to an insurance policy it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware
More informationHow To Check If Nasa Can Protect Itself From Hackers
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationDisaster Recovery Plan
Disaster Recovery Plan This guide sets forth items to consider in the review of the firm s disaster recovery plan. You should form a committee to assess the plan and should assign activities under the
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Disaster Recovery Planning for DHS Information Systems Needs Improvement (Redacted) Notice: The Department of Homeland Security, Office Inspector
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationIT MANAGER GUIDE: AGNET ENTERPRISE FILE SERVER
IT MANAGER GUIDE: AGNET ENTERPRISE FILE SERVER This document provides overview and guidance for departmental IT managers regarding the utilization and operation of their AGNET Enterprise File Server. Page
More informationManagement of Hardware Passwords in Think PCs.
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
More informationARTICLE 10. INFORMATION TECHNOLOGY
ARTICLE 10. INFORMATION TECHNOLOGY I. Virtual Private Network (VPN) The purpose of this policy is to provide guidelines for Virtual Private Network (VPN) connections to Education Division s resources.
More informationTailored Technologies LLC
685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationCMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments
Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments January 9, 2008
More informationHow To Plan For A Disaster At The University Of Texas
Disaster Recovery Planning The Process Introduction We began our planning processes after experiencing several disasters, including a building fire, an environmental contamination, faulty discharge of
More informationProgram: Management Information Systems. David Pfafman 01/11/2006
Effective 04/20/2005 Page - 1 - POLICY: PURPOSE: It is the policy of to provide a plan to insure the accessibility of protected health information (PHI) in the event of data loss due to an emergency or
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationINSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES
INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:
More informationAcronis Backup & Recovery 10 Workstation. Installation Guide
Acronis Backup & Recovery 10 Workstation Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent for Windows...
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationMSP Service Matrix. Servers
Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server
More informationCloudBackup. Data Backup, Archiving and Disaster Recovery - all in one easy-to-use platform. Taking care of your critical company data
CloudBackup Data Backup, Archiving and Disaster Recovery - all in one easy-to-use platform Taking care of your critical company data TAKING CARE OF YOUR DATA The cornerstone of any business continuity
More informationScomis Remote Backup Service 1 st April 2014 until 31 st March 2015
Scomis Remote Backup Service 1 st April 2014 until 31 st March 2015 This service offers remote backup of part or all of a school's data, including SIMS, on a daily basis during term time. The Customer
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationSQL Server Protection
User Guide BackupAssist User Guides explain how to create and modify backup jobs, create backups and perform restores. These steps are explained in more detail in a guide s respective whitepaper. Whitepapers
More informationNagoya city s View of a Disaster-stricken Local Government s ICT
Nagoya city s View of a Disaster-stricken Local Government s ICT Ken Tsunashima Informationization Promotion Section, Planning Department, General Affairs Bureau, Nagoya city 1 Support provided by Nagoya
More informationContract # 04-06. Accepted on: March 29, 2005. Starling Systems. 711 S. Capitol Way, Suite 301 Olympia, WA 98501
Disaster Recovery Plan Starling Systems Deliverable #15 - Draft I Contract # 04-06 Accepted on: March 29, 2005 Starling Systems 711 S. Capitol Way, Suite 301 Olympia, WA 98501 DISASTER RECOVERY PLAN TABLE
More informationSession 17 Windows 7 Professional DNS & Active Directory(Part 2)
Session 17 Windows 7 Professional DNS & Active Directory(Part 2) Fall 2011 ITE153 Operating Systems 1 Session 17 Windows 7 Professional Operating in Microsoft Networks Fall 2011 ITE153 Operating Systems
More informationOIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL
OIG OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center Report No. 2003-P-00011 May
More informationDisaster Recovery Policy
Disaster Recovery Policy Organizational Functional Area: Policy for: Executive Division Bank Disaster Recovery Program Board Reviewed: September 14, 2011 Department/Individual Responsible for Maintaining/Updating
More informationUniversity of Ulster Policy Cover Sheet
University of Ulster Policy Cover Sheet Document Title Custodian Approving Committee Information Technology Disaster Recovery and Data Backup Policy 1.2 Deputy Director of Finance and Information Services
More information,"ENT 0..- ~ -1-0. Q c. ;:* *1 ~ J U.S. DEPARTMENTOF HOUSINGAND URBAN DEVELOPMENT THEDEPUTYSECRETARY WASHINGTON, DC 20410-0050.
,"ENT 0..- ~ -1-0 Q c. ;:* *1 ~ J c.~.
More informationFINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001
FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationTk20 Backup Procedure
Tk20 Backup Procedure 1 TK20 BACKUP PROCEDURE OVERVIEW 3 FEATURES AND ADVANTAGES: 3 TK20 BACKUP PROCEDURE 4 DAILY BACKUP CREATION 4 TRANSFER OF BACKUPS 5 AUDITING PROCESS 5 BACKUP REPOSITORY 5 WRITE TO
More informationAdagio and Terminal Services
This document will describe some best practices to follow when installing Modules in a Terminal Server Environment. First, let s look at a Basic Network configuration as shown in Diagram 1: Basic Network
More informationBackup Strategies for Small Business
Backup Strategies for Small Business StarTech Group, Inc. Jim Scalise 11.15.2014 1 StarTech Group, Inc. 2771-29 Monument Rd. PMB 232 Jacksonville, FL 32225 CONTENTS BACKUP STRATEGIES.. 1 CLOUD BACKUP 2
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationSecurity Architecture. Title Disaster Planning Procedures for Information Technology
Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationTechnical Considerations in a Windows Server Environment
Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationStandard Operating Procedure Contingency Planning Guidance
Standard Operating Procedure Contingency Planning Guidance Version Date: 20080702 Effective Date: 20080707 Expiration Date: 20110707 Responsible Office: Office of the Chief Information Officer 1 Document
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationTECHNICAL SECURITY AND DATA BACKUP POLICY
TECHNICAL SECURITY AND DATA BACKUP POLICY PURPOSE Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education and training.
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More information[Insert Company Logo]
[Insert Company Logo] Business Continuity and Disaster Recovery Planning (BCDRP) Manual 1 Table of Contents Critical Business Information 4 Business Continuity and Disaster Recover Planning (BCDRP) Personnel
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationBusiness Continuity and Disaster Recovery Planning from an Information Technology Perspective
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com
More informationTransmittal Sheet #: 2005-0012 Date: July 12, 2005
ADMINISTRATIVE COMMUNICATIONS SYSTEM UNITED STATES DEPARTMENT OF EDUCATION Office of Management, Executive Office 400 Maryland Avenue; Washington, DC 20202 Transmittal Sheet #: 2005-0012 Date: July 12,
More informationInformation Services hosted services and costs
Information Services hosted services and costs 1. Overview Information Services (I.S.) has provided a popular hosting service for specialized departmental servers for many years. Servers hosted by I.S.
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationPOSTAL REGULATORY COMMISSION
POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationTechnology Recovery Plan Instructions
State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationPCGenesis Backup / Reorganization / Restore Checklist
PCGenesis Backup / Reorganization / Restore Checklist BACKUP GUIDELINES 1 Include a full backup of K:\*.* in the site s standard server backup process Recommend full backup of K:*.* every night if possible
More informationDisaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support
Disaster Recovery Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support Categories of Risk Financial Operational Reputational Market share Revenue
More informationCHAPTER 67 INFORMATION SYSTEMS TECHNICIAN (IT) NAVPERS 18068-67H CH-63
CHAPTER 67 INFORMATION SYSTEMS TECHNICIAN (IT) NAVPERS 18068-67H CH-63 Updated: July 2015 TABLE OF CONTENTS INFORMATION SYSTEMS TECHNICIAN SUBMARINES (ITS) SCOPE OF RATING GENERAL INFORMATION INFORMATION
More informationAcronis Backup & Recovery 10 Server for Windows. Installation Guide
Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent
More informationInformation Resource Management Directive 5000.13 USAP Contingency & Disaster Recovery Program
The National Science Foundation Polar Programs United States Antarctic Program Information Resource Management Directive 5000.13 USAP Contingency & Disaster Recovery Program Organizational Function Policy
More informationBusiness Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com
Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:
More informationClovis Municipal School District Information Technology (IT) Disaster Recovery Plan
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationAudit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture
U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT
More informationMCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationTop Cloud Solutions For SMBs
The Fulcrum Group, Inc. (817) 337-0300 Top Cloud Solutions For SMBs Is it time you came to the cloud? This White Paper is brought to you by your friends at The Fulcrum Group, Inc. Good timing plus a little
More informationUniversity of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary
University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary This Summary was prepared March 2009 by Ian Huggins prior to HSC adoption of the most recent
More informationApplication / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis
Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required
More informationDomain 3 Business Continuity and Disaster Recovery Planning
Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing
More informationPerforce Backup Strategy & Disaster Recovery at National Instruments
Perforce Backup Strategy & Disaster Recovery at National Instruments Steven Lysohir National Instruments Perforce User Conference April 2005-1 - Contents 1. Introduction 2. Development Environment 3. Architecture
More informationJacksonville University Information Technology Department Disaster Recovery Plan. (Rev: July 2013)
Jacksonville University Information Technology Department Disaster Recovery Plan (Rev: July 2013) Table of Contents Introduction 3 Objectives/Constraints 4 Assumptions 4 Critical Systems 5 Incidents Requiring
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationMICROSOFT 70-687 EXAM QUESTIONS & ANSWERS
MICROSOFT 70-687 EXAM QUESTIONS & ANSWERS Number: 70-687 Passing Score: 700 Time Limit: 120 min File Version: 58.0 http://www.gratisexam.com/ MICROSOFT 70-687 EXAM QUESTIONS & ANSWERS Exam Name: Configuring
More information6445A - Implementing and Administering Windows Small Business Server 2008
6445A - Implementing and Administering Windows Small Business Server 2008 Course Number: 6445A Course Length: 5 Days Course Overview This 5 day course provides students with the necessary knowledge to
More informationCDP 3.0 Release Notes
Backup and Recovery CDP 3.0 Release Notes Contents Platform Compatibility New Features Known Issues Resolved Known Issues Installing SonicWALL Software Procedures Related Technical Documentation Platform
More informationINSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists
Preventing Data Loss INSIDE > Disaster Recovery Types and Categories > Disaster Recovery Site Types > Disaster Recovery Procedure Lists > Business Continuity Plan 1 Preventing Data Loss White Paper Overview
More information15 questions to ask before signing an electronic medical record or electronic health record agreement
15 questions to ask before signing an electronic medical record or electronic health record agreement Many definitions exist for electronic medical record (EMR) and electronic health record (EHR). Although
More informationSQL Server Protection. User guide
User guide Contents 1. Introduction... 2 Documentation... 2 Licensing... 2 Requirements... 2 2. SQL Protection overview... 3 Backup destinations... 3 Transaction logs... 3 Hyper-V backups... 4 SQL database
More informationU.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Corporate Administrative Office System PTOC-005-000 September 4, 2015 Privacy Impact Assessment This Privacy
More informationLeveraging Virtualization for Disaster Recovery in Your Growing Business
Leveraging Virtualization for Disaster Recovery in Your Growing Business Contents What is Disaster Recovery?..................................... 2 Leveraging Virtualization to Significantly Improve Disaster
More informationwww.cadline.co.uk www.midastechnology.co.uk Page 1 of 5
Page 1 of 5 Support Are you confident that you have all eventualities covered and that your current IT support provider can handle all of your issues? Are you frustrated with your application supplier
More informationDisaster Recovery Planning for Homesteaders 2004 Paul Edwards & Associates
Disaster Recovery Planning for Homesteaders 2004 Paul Edwards & Associates Introduction The term homesteading comes from the days of the pioneers that setled in the midwest and western United States. That
More information