Audit of. District s Information Technology Disaster Recovery Plan

Size: px
Start display at page:

Download "Audit of. District s Information Technology Disaster Recovery Plan"

Transcription

1 Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #

2 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education with excellence and equity to empower each student to reach his or her highest potential with the most effective staff to foster the knowledge, skills, and ethics required for responsible citizenship and productive careers. E. Wayne Gent Superintendent of Schools School Board Members Audit Committee Members Chuck Shaw, Chair Noah Silver, CPA, Chair Frank A. Barbieri, Jr., Esq., Vice Chair David H. Talley, Vice Chair Marcia Andrews N. Ronald Bennett, CPA Karen M. Brill Michael Dixon, CPA Jennifer Prior Brown, Esq. Richard Roberts, CPA Michael Murgio Bill Thrasher, CGFO Debra L. Robinson, M.D. (Vacant) Representatives Frank A. Barbieri, Jr., Esq., School Board Member E. Wayne Gent, Superintendent of Schools JulieAnn Rico, Esq., General Counsel Stephanie Nance, Principal Representative Debra Wilhelm, CTA President

3 Audit of District s Information Technology Disaster Recovery Plan Table of Contents Page PURPOSE AND AUTHORITY 1 SCOPE AND METHODOLOGY 1 INFORMATION EXEMPT FROM PUBLIC DISCLOSURE 2 BACKGROUND 2 CONCLUSIONS 1. Business Impact Plan (BIA) Not Performed 4 2. Disaster Recovery Plans Not Fully Tested 5 3. Temperature and Humidity Requirements at Off-Site Tape Storage Facility 7 Did Not Meet Specifications 4. Back-up Tapes May Not Arrive at Designated Off-Site Location 8 5. Technology Disaster Recovery Plan Needs Improvement 9 6. Procedures for Off-Site Tapes to Designated Recovery Sites Needs Enhancement Security Enhancements Needed for Off-Site Backup Tapes 11 APPENDIX Management s Response 12

4 This page intentionally left blank.

5 THE SCHOOL DISTRICT OF LUNG CHIU, CIG, CPA SCHOOL BOARD PALM BEACH COUNTY, FLORIDA INSPECTOR GENERAL CHUCK SHAW, CHAIRMAN FRANK A. BARBIERI, JR, ESQ., VICE CHAIRMAN OFFICE OF INSPECTOR GENERAL MARCIA ANDREWS 3318 FOREST HILL BLVD., C-306 KAREN M. BRILL WEST PALM BEACH, FL JENNIFER PRIOR BROWN, ESQ. MICHAEL MURGIO (561) FAX: (561) DEBRA L. ROBINSON, M.D. E. WAYNE GENT, SUPERINTENDENT M E M O R A N D U M TO: FROM: Honorable Chair and Members of the School Board E. Wayne Gent, Superintendent of Schools Chair and Members of Audit Committee Lung Chiu, CPA, Inspector General DATE: April 11, 2014 SUBJECT: Audit of District s Information Technology Disaster Recovery Plan PURPOSE AND AUTHORITY Pursuant to the District s Audit Plan of , we have audited the District s Information Technology Disaster Recovery Plan. The primary objective of the audit was to assess the adequacy of the District s Information Technology Disaster Recovery Plan for preserving the integrity of data backups and minimizing disruption to the District s operations should disasters occur. SCOPE AND METHODOLOGY The audit was conducted in accordance with Generally Accepted Government Auditing Standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. This audit was based on information and records obtained from four departments: (1) IT Infrastructure, System Support & Security, (2) IT Enterprise Applications, (3) IT Technical Operations, and (4) Purchasing. Computer processed data was not used as part of this audit; therefore, we did not assess the reliability of this data. The scope and methodology of this audit included the following areas: Development of the Information Technology Disaster Recovery Plan Plan testing and maintenance of both plans 1

6 Effectiveness of tape backup procedures, testing, and storage facility review Contracts for hot site recovery and tape storage Test results and action plans from hot sites This review also included the review of the following: School Board Policies and District s procedures School Board IT User Standards and Guidelines Manual Florida Statute Section 1. Subsection (3b) and Florida Statute Chapter 1B , Florida Administrative Code Records Management Standards and Requirements Electronic Recordkeeping (11) (b) Florida Agency for Enterprise Information Technology AEIT Rule 71A-1.012, Florida Administrative Code Audit conclusions were brought to the attention of staff during the audit so that necessary corrective actions could be implemented immediately. The draft report was sent to the departments for review and comments. The management response is included in the Appendix. We would like to thank staff for their cooperation and courtesy extended to us during the audit. The final draft report was presented to the Audit Committee at its April 11, 2014, meeting. INFORMATION EXEMPT FROM PUBLIC DISCLOSURE Pursuant to Florida Statute , certain security systems information is exempt from public access and disclosure. Moreover, in accordance with Government Auditing Standards, Section 7.41, information related to computer security for a particular program may be excluded from publicly available reports because of the potential damage that could be caused by the misuse of this information As such, this confidential and sensitive information has been excluded or redacted from this report. This information and the related audit findings have been provided to the Chief Operating Officer and Division of Information Technology for review and appropriate corrective actions. BACKGROUND District s Continuity of Operations Plan (COOP). This is a District-wide planning process with the objective of maintaining continuity of the business processes across the District during/after a disaster. Damages to the District could range from data loss due to corrupted data to loss of computer operations and adverse impacts on other District operations from a hurricane, tornado, and fire, etc. 2

7 Business Impact Analysis. As part of the COOP, Service Level Agreements between the business processes and Information Technology are needed to determine which systems should be recovered first within specific timeframes. This requires the completion of a formal Business Impact Analysis which includes an inventory of all computer systems, a cost/benefit risk assessment to identify and include all the critical systems in the backup and disaster recovery arrangement. The Business Impact Analysis also assesses the risk for certain disasters to occur along with the cost to be incurred for the loss of each critical District process and computer system in the event of these disasters. The cost of the loss should always outweigh the cost of restoring the business process as the District does not want to spend more money on a disaster recovery solution than the financial loss or other consequences that would be suffered from a disaster. Critical applications to restore at a recovery facility should be identified in order to minimize the disruption of business operations should disaster occur. Technology Disaster Recovery Plan (DRP). DRP is a component of COOP and can only be successful with full engagement from the departments and schools for input and plan testing. DRP focuses on the continuity of the technology side of the District. Disaster recovery plans should be tested periodically and modifications be made to correct any problems. Overall, the District has established and implemented some parts of DRP. As of January 28, 2014, the District has the following agreements with three vendors for Disaster Recovery (DR) services: Vendor 1: This vendor (in an out-of-state location) provides DR facility for the District s mainframe computer systems, such as the Student TERMS System. The annual cost of this contract during 2013 was about $43,708. Vendor 2: This vendor (in Florida) provides DR facility for the District s enterprise systems such as PeopleSoft (Financial and HR/Payroll) and Educational Data Warehouse (EDW). The annual cost of this contract was approximately $64,306 during Vendor 3: This vendor (in Florida) provides off-site storage of backup tapes for the District s computer systems. Total payment to this vendor during 2013 was approximately $57,044. The District continuously replicates and transmits data for the enterprise systems, such as PeopleSoft, to Vendor 2. Backup tapes of the enterprise systems are also sent to the off-site storage facility with Vendor 3 in case the data transmitted to Vendor 2 is not available for any unforeseen reason. Mainframe data for student information on the TERMS system is also backed up daily on tape and sent to the off-site storage facility managed by Vendor 3. In case of a disaster, the off-site storage facility with Vendor 3 is responsible for sending the mainframe and enterprise systems backup tapes to the two DR sites with Vendor 1 and Vendor 2 respectively. 3

8 CONCLUSIONS The audit produced the following major conclusions. 1. Business Impact Analysis (BIA) Not Performed Continuity of Operations Plan (COOP) is a District-wide planning process. The objective of the plan is to maintain continuity of the business processes in case of a disaster. The Technology Disaster Recovery Plan (DRP) is a subset of the COOP and focuses on the continuity of the technology side of the District in order to support the District s schools and departments during a disaster. COOP is a sound business practice which should help to assure the District s survival in the event of a disaster. A Business Continuity Plan (referred to as the Continuity of Operations Plan (COOP) at the School District) is required by Florida Statutes (3)(b) for Palm Beach County and all state agencies. Specifically, the statute states: The plan must include, at a minimum, the following elements: identification of essential functions, programs, and personnel; procedures to implement the plan and personnel notification and accountability; delegations of authority and lines of succession; identification of alternative facilities and related infrastructure, including those for communications; identification and protection of vital records and databases; and schedules and procedures for periodic tests, training, and exercises. The District is part of the local government and submitted a copy of its COOP version to Palm Beach County Office of Emergency Management in A second COOP draft version was started in October 2011 but had not been completed. Both the 2010 version and the 2011 draft require more involvement, feedback, testing and written approval from departments, schools, and senior management. Although a COOP requires the District to conduct a Business Impact Analysis (BIA), we found no evidence of such analysis by the District. The BIA should include an inventory of all computer systems in the School District and a cost/benefit risk assessment to identify and include all the critical systems in the backup and disaster recovery arrangement. The analysis should also include critical business processes, their associated downtime, and the risks to be incurred in the event of a disaster. These risks should justify the required availability of the processes and the related IT systems that are needed to support the processes. General services needed for schools/departments in an emergency were found in the Continuity of Operations Plan; however, the Business Impact Analysis was not performed. Also, the Internal Service Level Agreements with detailed requirements about system name, and system availability were not completed and implemented between the schools/ departments and Information Technology. It did appear that Information Technology attempted to obtain this information, but no input was received from the business side. Consequently, there is no assurance that the Information Technology is aware of the availability requirements of the business operations. 4

9 In the absence of a Business Impact Analysis, which should include an inventory of all computer systems and a risk assessment, there are increased risks that some critical applications will not be appropriately defined and included in the Disaster Recovery Plan. Consequently, the District may not be fully prepared for disasters because not all the applications are included in the Technology Disaster Recovery Plan. As indicated in the District Technology Plan, work is still needed on further completion of the Continuity of Operations Plan. Recommendation A formal Business Impact Analysis should be conducted by the business/applications sides to inventory all computer systems, confirm the identification of critical processes and applications, and to further confirm that the identified Recovery Time Objectives (Tiers I, II, and III) remain appropriate and relevant as noted in the draft COOP. Management s Response: The District's COOP plan was first approved and submitted to Palm Beach County Office of Emergency Management in The District initiated a review/revision of the COOP plan in 2013 with a final version being submitted to Palm Beach County office of Emergency Management in December The final COOP plan was approved by senior management as well as appropriate department leaders. The District developed an Essential Systems document that was reviewed and approved by management in IT will work with Operational and Academic divisions to update/revise the Essential Systems Documents and develop a full functioning Business Impact Analysis (BIA) which will include critical business processes, financial, operational and instructional risks to be incurred in the event of a disaster. (Please see page 13.) 2. Disaster Recovery Plans Not Fully Tested Disaster Recovery Plan testing allows users to test procedures and detect errors or gaps. Agency for Enterprise Information Technology Florida Administrative Code, AEIT Rule 71A-1.012(5) requires annual testing of the technology disaster recovery plans. Specifically, Information Technology Disaster Recovery Plans shall be tested at least annually; results of the annual exercise shall document those plan procedures that were successful and modifications required to correct the plan. Regular testing of the Technology Disaster Recovery Plan will ensure that: 1. The plans are updated. Both technical and functional tests need to be performed which requires resources for preparation time, reporting test results, and implementing an action plan. 2. Problems encountered are discussed. 5

10 3. Critical systems can be recovered and addressed. However, the District s Disaster Recovery Plan does not require periodic testing. The District should ensure the system and data are restored within time frames the district has defined in the Business Impact Analysis. The functional team should ensure that the processes on the test plans for TERMS student information and PeopleSoft Financial and HR/Payroll, etc. are successful. We noticed that the functional team has not tested the PeopleSoft Financials and HR/Payroll business processes since July 2010, over three years ago. Also, functional testing for mainframe TERMS student information was last tested in July 2011 at the DR facility with Vendor 1, over two years ago. Moreover, lessons learned and action plans from testing sessions were not consistently documented and made available for management use. Consequently, potential problems detected during testing will not be addressed in the plan. When a disaster recovery plan is not tested regularly, there is an increased risk that restoration of technology operations could be delayed in the event of a disaster. Recommendation The District should: Incorporate an annual testing of the enterprise systems (PeopleSoft) and Student TERMS System at the disaster recovery facilities, as part of the District s Disaster Recovery Plan (DRP) to identify and address any weaknesses. Restoration of backup tapes should also be part of this annual testing. Document and learn from DRP testing and address issues accordingly. Management s Response: A DR Functional and Technical test was performed at Vendor 1 site in December 2013 for the TERMS system. All associated documentation and restoration of backup tapes were completed. IT has scheduled the annual TERMS DR functional and technical test at the District's Disaster Recovery facility (Vendor 1) for July Restoration of backup tapes are included in the DR process. This process will continue annually. PeopleSoft functional DR testing: The PeopleSoft Team along with the business users will perform annual DR functional and technical tests through virtual connections to Vendor 2 on key business functions. (Please see page 13.) 6

11 3. Temperature and Humidity Requirements at Off-Site Tape Storage Facility Did Not Meet Specifications We visited the off-site storage facility with Vendor 3 on June 20, During the visit, we observed that the temperature of the media vault was 72.3 degrees Fahrenheit and the humidity was 42%. There was no automatic temperature monitoring or redundant power system to run the air conditioners for the vault. Consequently, there was no assurance that the air conditioning was functioning properly. The School District s Request For Proposal (RFP) No. 09C-004L for the off-site tape storage facility states: In compliance with Florida Statute these storage areas shall also be temperature and humidity controlled at all times and shall be physically separated from the paper records storage areas. As specified in Chapter 1B , Florida Administrative Code.., the temperature for such storage areas shall be maintained below 68 degrees Fahrenheit and the relative humidity controls shall remain between 20 and 30%. Also, page 82 Electronic Media and Archival Storage Environment of the RFP states, The storage area shall include storage racks, fire suppressant systems (nonliquid), and alarm systems. The successful proposer shall store media in a facility that meets the county commercial building codes and hurricane standards in which the facility is located. During our visit, we noted a log located outside the media vault which indicated that the fire suppression system was installed for the off-site tape media vault. However, the log indicated the system was not tested since January 19, 2009, which also appeared to be the installation date of the system. Inspections for this type of system should occur every six months, according to a manual for that same system. The environment and safety controls for the media room should be properly maintained to ensure the integrity of the data on the tapes, and the restoration of backup of critical District data will not be compromised. Recommendation We recommend the following issues be addressed at the current off-site tape media vault location: The media vault temperature and humidity be maintained properly. The vault should also be installed with the device for monitoring the temperature and humidity, and instant redundant power supply for air conditioning. There should be proper inspections of fire suppression systems. 7

12 The temperature and humidity monitoring system for the vault and an instant redundant power supply for air conditioning, fire, etc. should be a part of requirements for future Request for Proposal. Management s Response: IT has been in communication with Vendor 3 including a surprise visit to see that related inadequacies were also corrected. Additionally, IT will work with experts in the field environmental control from District facilities management and establish a process for future inspections. Future competitive solicitation documents will include the requirements for remote monitoring of temperature and humidity and redundant power supply subject to cost considerations and fiscal responsibility. (Please see page 14.) 4. Back-up Tapes May Not Arrive at Designated Off-site Location The mainframe tapes containing TERMS student information and the District enterprise system tapes with PeopleSoft and EDW data, etc. are rotated daily to the designated off-site storage facility with Vendor 3. The business systems backup tape is an additional safeguard implemented by the Information Technology Department in case the data continuously transmitted to Vendor 2 is somehow corrupted in a disaster. We tested 13 backup tapes sent to the off-site media storage vault for a period of two days (June 17 and 18, 2013) and noted that two of the tapes (tape # and tape #400475L4) for June 17, 2013, were not received by the off-site truck driver, and therefore were never sent to the off-site vault as presumed by District s IT staff. The above enterprise system and mainframe tapes would not be available to restore critical District data if a disaster occurred at the District. There were no written procedures to ensure that all tapes scheduled to be shipped to the designated off-site storage facility with Vendor 3 arrived at the storage site. IT staff later stated that the tapes might not have been given to the driver and has since documented procedures to correct this issue. Recommendation Information Technology should develop procedures to ensure that all backup tapes scheduled for delivery arrive at the off-site storage facility for proper storage. Management s Response: The tapes identified in the finding were not from the TERMS or the Mainframe systems. Therefore, the District was not at risk with the TERMS or the Mainframe systems as stated in the finding. The tapes identified in the audit are from the secondary (redundant) backup of the enterprise system pool of PeopleSoft and EDW database as per the data below from the tape backup 8

13 log. The primary backup of the enterprise system pool database is conducted by continuous electronic transmission to Vendor 2 The District IT staff monitors that transmission to ensure data integrity. However, we have taken steps with our internal and vendor processes to ensure that all tapes are accounted for and delivered in a timely fashion to Vendor 3. The data submitted earlier showed the tapes to be TSM server (non-mainframe) tapes. (Please see page 14.) 5. Technology Disaster Recovery Plan Needs Improvement The Disaster Recovery Plan (DRP) should support the business strategy outlined in the Continuity Operation Plan and contain a prioritized recovery strategy. While work has been performed on the Disaster Recovery Plan (DRP) and includes critical applications, the framework is not yet fully implemented. Specifically, The District has assigned only one employee the task of administering the DRP activities, among their numerous other duties. There is no evidence that the DRP was adopted by the School District, and therefore may not meet the needs. There is no DRP versioning process to ensure that the plan is kept up-to-date and indicate possible changes in procedures and responsibilities which should be communicated to all responsible parties. Without these procedures, there is no assurance all items in the plan are current. Moreover, there is no evidence of when the last review of the Disaster Recovery Plan occurred. The Technology Department should review the plan annually and make necessary adjustments. Technology employees utilize a SharePoint site to access the DRP, which increases the risk that the DRP will not be readily available should the SharePoint site not be accessible in a disaster. Internal Service Level Agreements with detailed requirements about system availability have not been completed and implemented between the Technology Department and the schools/departments. This increases the risk that the Technology Department may not be aware of the availability requirements of the business side. Recommendation To ensure the DRP is readily available in a disaster and meets the business requirements for recovery times and priorities, the, District should: Know who are the employees currently assigned to the DRP program. 9

14 Ensure that the DRP is reviewed and formally adopted. The same employees who sign the internal Service Levels Agreements detailing system availability requirements should sign the DRP. Implement procedures to certify all DRP documents are formally reviewed and approved by application users and updated at least annually. Ensure that the DRP is also in a format other than SharePoint and distributed to appropriate employees. Staff at the recovery facilities should have access to DRP documents. Ensure formal Service Level Agreements with detailed requirements about system availability be implemented between IT and schools and departments. Management s Response: We concur with the finding that IT has inadequate staffing levels to support the audit s detailed recommendations. Flash Drives for the DR plan have been purchased and are being distributed to respective stakeholders. (Please see page 14.) 6. Procedures for Off-Site Tapes to Designated Recovery Sites Needs Enhancement The District has contracts for two disaster recovery facilities: Vendor 1: This vendor (in an out-of-state location) provides DR facility for the District s mainframe computer systems, such as the Student TERMS System. Vendor 2: This vendor (in Florida) provides DR facility for the District enterprise systems such as PeopleSoft (Financial and HR/Payroll) and Educational Data Warehouse (EDW). However, there are no written procedures from the District for the designated off-site storage facility with Vendor 3 to automatically ship the tapes to the disaster recovery facilities in the event of an emergency, without input from the District s IT Division. For prior mainframe disaster recovery tests, District IT staff notified the off-site tape storage facility with Vendor 3 of the tape numbers and Vendor 1 s address to ship the tapes to. However, if IT staff is unable to provide the off-site tape facility with the exact tape numbers and address, no backup tapes would be shipped to the designated recovery facilities in the event of a disaster. Recommendation The District should develop and implement procedures to ensure that management at the offsite storage facility with Vendor 3 ships the appropriate tapes to the designated recovery addresses in the event of an emergency. 10

15

16 Appendix Management s Response 12

17 Appendix Management s Response 13

18 Appendix Management s Response 14

Audit of. Workers Compensation Program

Audit of. Workers Compensation Program Audit of Workers Compensation Program October 23, 2014 Report #2014-06 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education with excellence and equity

More information

Follow-up Audit of. Fees Paid to Construction Managers

Follow-up Audit of. Fees Paid to Construction Managers Follow-up Audit of Fees Paid to Construction Managers June 11, 2015 Report #2015-07 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education with excellence

More information

Audit of. Software Inventory Procedures

Audit of. Software Inventory Procedures Audit of Software Inventory Procedures April 22, 2003 Report 2003-8 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our students with

More information

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013 Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included

More information

Contract Compliance Audit of. WHLS of Florida, Inc., for Fiscal Year 2006. January 19, 2007

Contract Compliance Audit of. WHLS of Florida, Inc., for Fiscal Year 2006. January 19, 2007 Contract Compliance Audit of WHLS of Florida, Inc., for Fiscal Year 2006 January 19, 2007 Report 2007-03 Contract Compliance Audit of WHLS of Florida, Inc., for Fiscal Year 2006 Table of Contents PURPOSE

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

B U S I N E S S C O N T I N U I T Y P L A N

B U S I N E S S C O N T I N U I T Y P L A N B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

Audit of. Information Technology Help Desk

Audit of. Information Technology Help Desk Audit of Information Technology Help Desk October 10,2003 Report 2003-15 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation ofall our students

More information

Vital Records. Mary Hilliard, CRM

Vital Records. Mary Hilliard, CRM Vital Records Mary Hilliard, CRM Background Vital records of an organization must be identified so they can be protected Protection of vital records is a joint effort of records management and disaster

More information

DATA CENTER OPERATIONS

DATA CENTER OPERATIONS REPORT NO. 2015-101 FEBRUARY 2015 FLORIDA STATE UNIVERSITY NORTHWEST REGIONAL DATA CENTER DATA CENTER OPERATIONS Information Technology Operational Audit EXECUTIVE DIRECTOR OF THE NORTHWEST REGIONAL DATA

More information

DATA CENTER OPERATIONS

DATA CENTER OPERATIONS REPORT NO. 2011-082 JANUARY 2011 NORTHWOOD SHARED RESOURCE CENTER DATA CENTER OPERATIONS Information Technology Operational Audit EXECUTIVE DIRECTOR OF THE NORTHWOOD SHARED RESOURCE CENTER Pursuant to

More information

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the HIPAA Security rule: Contingency planning and evaluation.

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA AUDIT OF THE INFORMATION SYSTEMS GENERAL CONTROLS BRUNSWICK COMMUNITY COLLEGE DECEMBER 2007 OFFICE OF THE STATE AUDITOR LESLIE MERRITT, JR., CPA, CFP STATE AUDITOR AUDIT OF THE

More information

AUDITOR GENERAL WILLIAM O. MONROE, CPA

AUDITOR GENERAL WILLIAM O. MONROE, CPA AUDITOR GENERAL WILLIAM O. MONROE, CPA HILLSBOROUGH COUNTY DISTRICT SCHOOL BOARD LAWSON FINANCIALS MODULE Information Technology Audit SUMMARY To support its financial management needs, the Hillsborough

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the

More information

Office of Information Technology E-Government Services

Office of Information Technology E-Government Services New Jersey State Legislature Office of Legislative Services Office of the State Auditor Office of Information Technology E-Government Services February 13, 2001 to November 21, 2001 Richard L. Fair State

More information

TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014

TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014 TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014 CITY OF TAMPA Bob Buckhorn, Mayor Internal Audit Department Christine Glover, Internal Audit Director September

More information

The Commonwealth of Massachusetts

The Commonwealth of Massachusetts A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE

More information

Audit of. G-Star School of the Arts For Motion Pictures and Television

Audit of. G-Star School of the Arts For Motion Pictures and Television Audit of G-Star School of the Arts For Motion Pictures and Television September 14, 2007 Report 2007-11 Audit of G-Star School of the Arts for Motion Pictures and Television Table of Contents PURPOSE AND

More information

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

BACKUP SECURITY GUIDELINE

BACKUP SECURITY GUIDELINE Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect

More information

Identify and Protect Your Vital Records

Identify and Protect Your Vital Records Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

SECTION 15 INFORMATION TECHNOLOGY

SECTION 15 INFORMATION TECHNOLOGY SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

Audit of. Information Technology Disaster Recovery. March 11, 2005

Audit of. Information Technology Disaster Recovery. March 11, 2005 Audit of Information Technology Disaster Recovery March 11, 2005 Report 2005-05 MISSION STATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our

More information

KAREN E. RUSHING. Audit of Purchasing Card Program

KAREN E. RUSHING. Audit of Purchasing Card Program KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller Audit of Purchasing Card Program Audit Services Jeanette L. Phillips, CPA, CGFO, CIG Director of Internal Audit and Inspector General

More information

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS. Audit Report 11-30 August 12, 2011

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS. Audit Report 11-30 August 12, 2011 IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS Audit Report 11-30 August 12, 2011 Members, Committee on Audit Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

Review of. Freedom Shores Elementary Parent-Teacher Association's Bank Accounts

Review of. Freedom Shores Elementary Parent-Teacher Association's Bank Accounts Review of Freedom Shores Elementary Parent-Teacher Association's Bank Accounts December 7, 2007 Report 2007-17 Review of Freedom Shores Elementary Parent-Teacher Association's Bank Accounts Table of Contents

More information

Department of Public Utilities Customer Information System (BANNER)

Department of Public Utilities Customer Information System (BANNER) REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology

More information

Audit of. Boca Raton Middle School's Community School Program

Audit of. Boca Raton Middle School's Community School Program Audit of Boca Raton Middle School's Community School Program November 12,2004 Report 2004-15 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA UNC-GENERAL ADMINISTRATION BANNER HOSTING SERVICES DECEMBER 2013 INFORMATION TECHNOLOGY GENERAL CONTROLS PERFORMANCE AUDIT OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010 IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret

More information

HOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management

HOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management HOW TO CREATE A VITAL RECORDS PROTECTION PLAN New York State Unified Court System Division of Court Operations Office of Records Management June 2003 TABLE OF CONTENTS Purpose of a Vital Records Protection

More information

Audit of. Accounts Payable Procedures

Audit of. Accounts Payable Procedures Audit of Accounts Payable Procedures March 6, 2006 Report 2006-03 Audit of Accounts Payable Procedures Table of Contents Page EXECUTIVE SUMMARY PURPOSE AND AUTHORITY SCOPE' AND METHODOLOGY BACKGROUND 1

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014 The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

AUDIT REPORT INTERNAL AUDIT DIVISION. Audit of the Riskmetrics system in the Investment Management Division of UNJSPF

AUDIT REPORT INTERNAL AUDIT DIVISION. Audit of the Riskmetrics system in the Investment Management Division of UNJSPF INTERNAL AUDIT DIVISION AUDIT REPORT Audit of the Riskmetrics system in the Investment Management Division of UNJSPF Overall results relating to the effective implementation of the Riskmetrics system were

More information

Business Continuity Planning

Business Continuity Planning Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

I. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

I. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services Date: June 30, 2015 To: Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services From: Craig Trujillo, CPA, Deputy Chief Auditor CST Tele: Office 860-757-9952 Mobile 860-422-3600 City

More information

Audit Report. Information Technology Email Service. May 2014. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT

Audit Report. Information Technology Email Service. May 2014. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT Audit Report AUDIT DEPARTMENT Information Technology Email Service May 2014 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No. 2016-002 July 2015

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No. 2016-002 July 2015 July 2015 Information Technology Operational Audit DEPARTMENT OF STATE Florida Voter Registration System (FVRS) Sherrill F. Norman, CPA Auditor General Secretary of State Section 20.10, Florida Statutes,

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons:

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons: Rockwell Financial Group Business Continuity Plan Emergency Contact Persons Rockwell Financial Group has two emergency contact persons: Michael Halkitis, President/ Finop Primary Contact Information: Phone

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

Continuity Planning and Disaster Recovery

Continuity Planning and Disaster Recovery Responsible Officer: AVP - Information Technology Services & UC Chief Information Officer Responsible Office: IT - Information Technology Services Issuance Date: 7/27/2007 Effective Date: 7/27/2007 Scope:

More information

Information Technology Operational Audit UNIVERSITY OF SOUTH FLORIDA. Data Center. Report No. 2016-033 November 2015

Information Technology Operational Audit UNIVERSITY OF SOUTH FLORIDA. Data Center. Report No. 2016-033 November 2015 November 2015 Information Technology Operational Audit UNIVERSITY OF SOUTH FLORIDA Data Center Sherrill F. Norman, CPA Auditor General Board of Trustees and President Members of the University of South

More information

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and

More information

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template Massachusetts Institute of Technology Functional Area Recovery Management Team Plan Development Template Public Distribution Version For further information, contact: Jerry Isaacson MIT Information Security

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

JANSSEN PARTNERS, INC. Business Continuity Plan (BCP)

JANSSEN PARTNERS, INC. Business Continuity Plan (BCP) JANSSEN PARTNERS, INC. Business Continuity Plan (BCP) Emergency Contact Persons Our firm s two emergency contact persons are: Peter Janssen, President, Tel. 641-209-5940, Cell 516-456-7059, Fax 641-843-7036,

More information

Disaster Recovery Plan Florida-Bahamas Synod of the Evangelical Lutheran Church in America April 4, 2014

Disaster Recovery Plan Florida-Bahamas Synod of the Evangelical Lutheran Church in America April 4, 2014 Disaster Recovery Plan Florida-Bahamas Synod of the Evangelical Lutheran Church in America April 4, 2014 The Florida-Bahamas Synod gratefully acknowledges the model and selected text from "Administrative

More information

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems

More information

Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller

Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller AYCHA SIRVANCI, CPA Audit Manager City of Milwaukee, Wisconsin July 2014 TABLE OF CONTENTS

More information

This policy applies to all DRC employees, contractors, volunteers, interns and other agents of the state.

This policy applies to all DRC employees, contractors, volunteers, interns and other agents of the state. STATE OF OHIO SUBJECT: PAGE 1 OF 9 DRC Sensitive Data Security Requirements NUMBER: 05-OIT-23 DEPARTMENT OF REHABILITATION AND CORRECTION RULE/CODE REFERENCE: RELATED ACA STANDARDS: SUPERSEDES: 05-OIT-23

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

OKHAHLAMBA LOCAL MUNICIPALITY

OKHAHLAMBA LOCAL MUNICIPALITY OKHAHLAMBA LOCAL MUNICIPALITY I.T DISASTER RECOVERY PLAN 2012/2013 TABLE OF CONTENTS 1. INTRODUCTION 1 1.1 PURPOSE 2 1.2 OBJECTIVES 2 1.3 SCOPE 2 1.4 DISASTER RECOVERY STRATEGY 2 1.5 DISASTER DEFINITION

More information

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000.

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000. U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all

More information

FEDERAL ELECTION COMMISSION OFFICE OF INSPECTOR GENERAL

FEDERAL ELECTION COMMISSION OFFICE OF INSPECTOR GENERAL FEDERAL ELECTION COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INSPECTION OF THE FEDERAL ELECTION COMMISSION'S DISASTER RECOVERY PLAN AND CONTINUITY OF OPERATIONS PLANS January 2013 ASSIGNMENT No.

More information

NASCIO STATE RECOGNITION AWARDS 2015

NASCIO STATE RECOGNITION AWARDS 2015 DEPARTMENT OF TECHNOLOGY AND INFORMATION STATE OF DELAWARE 801 SILVER LAKE BLVD. DOVER, DELAWARE 19904 The Honorable James L. Collins, Chief Information Officer NASCIO STATE RECOGNITION AWARDS 2015 DELAWARE

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

Audit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture

Audit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

Beyond Traditional Disaster Recovery Goals Augmenting the Recovery Consistency Characteristics

Beyond Traditional Disaster Recovery Goals Augmenting the Recovery Consistency Characteristics Beyond Traditional Disaster Recovery Goals Augmenting the Recovery Consistency Characteristics Octavian Paul ROTARU American Sentinel University Octavian.Rotaru@ACM.org Abstract For most organizations

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION THE PHYSICAL SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S CONTRACTOR OWNED AND OPERATED OFF-SITE STORAGE FACILITY September 2012 A-14-12-11227

More information

Joint Audit Report for South Lakeland District Council. & Eden District Council

Joint Audit Report for South Lakeland District Council. & Eden District Council Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit

More information

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

More information

Columbus City Schools Office of Internal Audit

Columbus City Schools Office of Internal Audit Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management

More information

Administrative Procedure

Administrative Procedure Administrative Procedure Number: 707 Effective: 5/13/2011 Supersedes: INTERIM Page: 1 of 11 Subject: RECORDS RETENTION, MANAGEMENT, AND DISPOSITION PROGRAM 1.0. PURPOSE: 1.1. To establish and administer

More information

Alabama State Port Authority

Alabama State Port Authority DISASTER RECOVERY HOTSITE REQUEST FOR PROPOSAL Alabama State Port Authority Issued April 27, 2010 Alabama State Port Authority Table of Contents 1.0 OVERVIEW... 1 1.1 INTRODUCTION... 1 1.2 SCHEDULE OF

More information

DRAFT Disaster Recovery Policy Template

DRAFT Disaster Recovery Policy Template DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...

More information

for Kimberly F. Benoit Deputy Assistant Inspector General for Information Technology and Data Analysis

for Kimberly F. Benoit Deputy Assistant Inspector General for Information Technology and Data Analysis August 20, 2014 MEMORANDUM FOR: CHARLES L. MCGANN, JR. MANAGER, CORPORATE INFORMATION SECURITY FROM: for Kimberly F. Benoit Deputy Assistant Inspector General for Information Technology and Data Analysis

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian Disaster Recovery 101 Sudarshan Ranganath & Matthew Phillips Ellucian SESSION OBJECTIVES Business continuity is critical to every institution and its IT organization. How do you set up your ERP and other

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

WHY DO I NEED DATA PROTECTION SERVICES?

WHY DO I NEED DATA PROTECTION SERVICES? WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks.

More information

REPORT NO. 2011-025 OCTOBER 2010 VALENCIA COMMUNITY COLLEGE. Operational Audit

REPORT NO. 2011-025 OCTOBER 2010 VALENCIA COMMUNITY COLLEGE. Operational Audit REPORT NO. 2011-025 OCTOBER 2010 VALENCIA COMMUNITY COLLEGE Operational Audit BOARD OF TRUSTEES AND PRESIDENT Members of the Board of Trustees and President who served during the 2009-10 fiscal year are

More information

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0 DISASTER RECOVERY Omniture Disaster Plan June 2, 2008 Version 2.0 CHAPTER 1 1 Disaster Recovery Plan Overview In the event that one of our data collection environments are unavailable due to an event,

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information