Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20

Size: px
Start display at page:

Download "Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20"

Transcription

1 Comhairle nan Eilean Siar Internal Audit Review Final Report 12/ th January 2013

2 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4-9 SECTION 3 - ACTION PLAN 10 APPENDIX A - RESPECTIVE RESPONSIBILITIES OF MANAGEMENT 11 AND INTERNAL AUDIT Date of Visit Dec 2012 Final Report Issued 8 th January 2013 Issued to: Chief Executive Director of Finance & Corporate Resources Head of IT & Customer Services External Audit Malcolm Burr Robert Emmott Angus Macarthur Karen Jones 8 th January 2013

3 1.1 SECTION 1: EXECUTIVE SUMMARY Introduction This report has been prepared following a high level overview of the Disaster Recovery procedures in place in the Comhairle. Disaster Recovery was included as part of the internal audit work plan for 2011/12 and also 2012/13, but due to requests by management we have had to postpone the review on two occasions. This was, mainly due to new works being progressed to replace the system, and it would add no significant value to the area to be audited under such circumstances. Nevertheless, it is important that Internal Audit keep management and members informed of the present position of the disaster recovery procedures in the Comhairle. We intend to re-visit the area in April/May 2013 to confirm how the project is progressing. Disaster Recovery - the process by which you resume business after a disruptive event 8 th January

4 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.2 We have graded our detailed findings and recommendations, based on the likelihood of the identified weakness occurring and the impact on the Comhairle if it should occur, using the following criteria: Grade 1 - Critical High likelihood, High impact (HH) The weakness is almost bound to happen or is already happening (likelihood) and could have a significant impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance if not contained Grade 2 - Contingent/Insurable Risk - Low likelihood, High impact (LH) The weakness is unlikely to happen, but would have a significant impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance if it did occur Grade 3 - Housekeeping High likelihood, Low impact (HL) The weakness is almost bound to happen or is already happening but is unlikely to have a material impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance, and can be contained Grade 4 - Value for Money High likelihood, Value for money impact (HV) The weakness is almost bound to happen or is already happening but if contained would have a positive impact on economy, efficiency and effectiveness in the use of resources Where we have identified isolated exceptions in our sample testing, and we consider that: - They are unlikely to recur; and Would have no significant impact if they should occur, we have classified them as low likelihood and low impact ( LL), discussed them with relevant officers and detailed them in Appendix B to this report. 8 th January

5 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.3 Our recommendations can be summarised and prioritised as follows: Recommendation 2.1 Appropriate disaster recovery procedures be implemented in terms of best practice. Overall grading An SLA/legal agreement be put in place to cover responsibilities, security, data sharing and termination arrangements. Once the system is installed the disaster recovery procedures should be tested to give assurance that the new system in place meets the agreed requirements We would like to thank the Head of IT & Customer Services for the co-operation and goodwill we received during the course of our internal audit fieldwork. For Comhairle Nan Eilean Siar Internal Audit Section Internal Audit Comhairle Nan Eilean Siar Sandwick Road Stornoway Isle of Lewis HS1 2BW 8 th January th January

6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1:The processes in place at present. At present we have reduced levels of disaster recovery controls in place. The means of safeguarding and protecting corporate data is that data is backed up to disks and taken off site and stored securely at the Sports Centre. Backups are done on a daily, weekly, monthly basis and documented to allow for easy retrieval should the need arise in the event of data loss. This process is regularly tested as part of operational restore requests and has proved to be a workable and reliable solution. However, it is necessary to have a more comprehensive plan in place so that processing can resume as soon as possible after an incident. 8 th January

7 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1 The processes in place at present. With the current setup, should IT be faced H H Appropriate disaster recovery 1 Agreed. with any form of data failure, corruption, procedures be implemented in fire etc. there is a high risk that the systems terms of best practice. would be unavailable for a number of weeks. In this situation it is imperative that departments who run operational systems have tried and tested business continuity plans in place to provide a minimum level of service that will fulfil statutory obligations during the outage. Current arrangements do not meet best practice.. However, we understand that ongoing processes are underway to remedy this weakness. 8 th January

8 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1: What are we doing? As part of a modernisation programme to update the Comhairle s server infrastructure it will be possible to review IT Disaster Recovery planning. We are advised by the Head of IT & Customer Services that server virtualisation has been identified as the most beneficial and the proposal is that the Comhairle replace its current server and storage facility with a virtualised infrastructure whilst also re-deploying existing equipment to a suitable disaster recovery facility at the NHS-WI site. We understand that virtualisation would allow the Comhairle to replicate its servers alongside the WIHB servers. This would do away with the processes in place of having to back up on tapes and take off site. The benefits are that the processes would be quicker, cleaner, better located and the on-line connection improved. 8 th January

9 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1: What are we doing? Work is nearing completion on the installation of fibre optic ducting being run from the Comhairle to the NHS WI site to allow this to happen. The work that would allow the link to be in place is scheduled to be completed on Friday 14 th December. A report was presented to the Comhairle s Policy & Resources Committee on 6 th December 2012 seeking the approval of members for funding for the virtualisation project. This report was approved. 8 th January

10 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1: Where we hope to be? A proposed legal agreement to govern the H An SLA/legal agreement be put 1 Agreed relationship between CNES and NHS-WI in place to cover responsibilities, for the purposes of site sharing has been security, data sharing and drawn up by CNES and is currently with termination arrangements. NHS-WI legal team for review. It will address issues of shared responsibilities, data security, review arrangements, dispute resolution and termination of the agreement. We would hope to have an agreement in place with NHS-WI allowing the two organisations to share external networks. All the Comhairle critical servers would be replicated on Comhairle equipment housed at the NHS-WI site.. 8 th January

11 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1: Where we hope to be? The benefits of this would be that in the H H Once the system is installed the 1 Agreed event of a major incident at Sandwick disaster recovery procedures Road there would always be a duplicate set should be tested to give of data at the NHS-WI site, and it would be assurance that the new system in possible to resume processing within a place meets the agreed matter of hours rather than weeks or requirements. months. Other benefits realised from this project would be the freeing up of resources reducing the time taken to perform backups and removing to a secure location, more office space would be made available at Sandwick Road as the large servers take up additional space and costs would be managed more effectively as server replacement would be integrated into a rolling replacement programme over time. 8 th January

12 SECTION 3 - ACTION PLAN Ref. RECOMMENDATION RESPONSIBLE OFFICER 2.1 Appropriate disaster recovery procedures be Head of IT & implemented in terms of best practice. Customer Services. DATE OF IMPLEMENTATION Summer 2013 An SLA/legal agreement be put in place to cover responsibilities, security, data sharing and termination arrangements. Once the system is installed the disaster recovery procedures should be tested to give assurance that the new system in place meets the agreed requirements Head of IT & Customer Services. Head of IT & Customer Services. Summer 2013 Summer

13 APPENDIX A: RESPECTIVE RESPONSIBILITIES OF MANAGEMENT AND INTERNAL AUDIT Responsibility in relation to internal controls It is the responsibility of the Comhairle s management to maintain adequate and effective financial systems and to arrange for a system of internal controls. Our responsibility as internal auditors is to evaluate the financial systems and associated internal controls. In practice, we cannot examine every financial implication and accounting procedure within an activity, and we cannot substitute for management s responsibility to maintain adequate systems of internal controls over financial systems. We therefore may not identify all weaknesses that exist in this regard. Responsibilities in relation to fraud and corruption The prime responsibility for the prevention and detection of fraud and irregularities rests with management. They also have a duty to take reasonable steps to limit the opportunity for corrupt practices. It is our responsibility to review the adequacy of these arrangements, but our work does not remove the possibility that fraud, corruption or irregularity may have occurred and remained undetected. We nevertheless endeavour to plan our internal audit work so that we have reasonable expectation of detecting material fraud, but our examination should not be relied upon to disclose all such material frauds that may exist. 11

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06 Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department. Final Report 2014/15-21

Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department. Final Report 2014/15-21 Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department Final Report 2014/15-21 4 th November 2014 PROJECT MANAGEMENT & PROJECT DELIVERY CONTENTS

More information

Comhairle nan Eilean Siar Internal Audit Review MANAGEMENT OF SICKNESS ABSENCES. Final Report 2013/14-18

Comhairle nan Eilean Siar Internal Audit Review MANAGEMENT OF SICKNESS ABSENCES. Final Report 2013/14-18 Comhairle nan Eilean Siar Internal Audit Review Final Report 2013/14-18 01 st July 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-8 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 9-27 SECTION 3

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13

Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13 Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing Final Report FU16 12/13 09 October 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 2 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15 Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

Comhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22

Comhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22 Comhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22 3 rd June 2015 3 rd June 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13

Comhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13 Comhairle nan Eilean Siar Internal Audit Follow Up Review Final Report FU17 12/13 30 th May 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4 7 30

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators. Final Report FU20 11/12

Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators. Final Report FU20 11/12 Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators Final Report FU20 11/12 14 th August 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14

Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14 Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements Final Report FU01 13/14 INTERNAL AUDIT FOLLOW UP REPORT CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15

Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15 Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management Final Report FU01 14/15 11 November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 4 SECTION 2 - DETAILED FINDINGS AND

More information

ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING

ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING Report by Director of Finance and Corporate Resources PURPOSE OF REPORT To bring before the Sub-Committee

More information

Internal Audit Report Disaster Recovery / Business Continuity Planning

Internal Audit Report Disaster Recovery / Business Continuity Planning Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,

More information

APPLICATION FORM PARTICIPATORY BUDGETING TRAINING SUPPORT PACKAGE FOR LOCAL AUTHORITIES. Telephone number Gayle Findlay 01851 822617

APPLICATION FORM PARTICIPATORY BUDGETING TRAINING SUPPORT PACKAGE FOR LOCAL AUTHORITIES. Telephone number Gayle Findlay 01851 822617 APPLICATION FORM PARTICIPATORY BUDGETING TRAINING SUPPORT PACKAGE FOR LOCAL AUTHORITIES Contact Details Name Telephone number Gayle Findlay 01851 822617 Organisation: Comhairle nan Eilean Siar Role: Community

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13

More information

Joint Audit Report for South Lakeland District Council. & Eden District Council

Joint Audit Report for South Lakeland District Council. & Eden District Council Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

IT control environment Caerphilly County Borough Council

IT control environment Caerphilly County Borough Council Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet

More information

Audit of Business Continuity Planning

Audit of Business Continuity Planning Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),

More information

APPENDIX 1 COMHAIRLE NAN EILEAN SIAR IT STRATEGY

APPENDIX 1 COMHAIRLE NAN EILEAN SIAR IT STRATEGY APPENDIX 1 COMHAIRLE NAN EILEAN SIAR IT STRATEGY VERSION 4.0 MAY 2012 0 Item Table of Contents Page CHANGE HISTORY... 2 1 INTRODUCTION... 3 2. BACKGROUND AND SUPPORTING POLICIES... 4 3. REVIEW PROCESS...

More information

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015 Summary of Inmation Technology General Control Environment Findings the year ended 30 June 2015 1 Change management Complete Revisiting the Change Management control process documentation and updating

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Food Standards Agency in Scotland

Food Standards Agency in Scotland in Scotland Report on the Audit of Local Authority Assessment of Regulation (EC) No 852/2004 on the Hygiene of Foodstuffs in Food Business Establishments Comhairle nan Eilean Siar 21-23 November 2011 Foreword

More information

IT Assurance - Business Continuity and Disaster Recovery

IT Assurance - Business Continuity and Disaster Recovery Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for

More information

Public Document Pack. Audit and Governance Committee. Friday, 12 September 2014, 10.00 am County Hall, Worcester

Public Document Pack. Audit and Governance Committee. Friday, 12 September 2014, 10.00 am County Hall, Worcester Public Document Pack Worcestershire County Council Agenda Audit and Governance Committee Friday, 12 September 2014, 10.00 am County Hall, Worcester This document can be made available in other formats

More information

Business Continuity Management

Business Continuity Management Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain

More information

Guidance notes: Financial Planning & Managing Risk

Guidance notes: Financial Planning & Managing Risk Guidance notes: Financial Planning & Managing Risk This guidance note is particularly for governors on the audit or finance committee, but will be of interest to all governors. What is the governing body

More information

Comhairle nan Eilean Siar. Social Work Department. Criminal Justice Service Plan 2008-11

Comhairle nan Eilean Siar. Social Work Department. Criminal Justice Service Plan 2008-11 Comhairle nan Eilean Siar Social Work Department Criminal Justice Service Plan 2008-11 1 INTRODUCTION Comhairle nan Eilean Siar Criminal Justice Service provides services, such as, Supervision of offenders

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

ICT systems Back-up, business continuity and disaster recovery proposals

ICT systems Back-up, business continuity and disaster recovery proposals Council Meeting - 14 May 2013 ICT systems Back-up, business continuity and disaster recovery proposals 1. Purpose of report To seek approval for improvements to the councils ICT back-up arrangements and

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Outsourcing and third party access

Outsourcing and third party access Outsourcing and third party access This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Information Services IT Security Policies B. Business continuity management and planning

Information Services IT Security Policies B. Business continuity management and planning Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

West Highland College. Internal Audit 2014/15 Annual Report August 2015

West Highland College. Internal Audit 2014/15 Annual Report August 2015 Internal Audit 2014/15 Annual Report August 2015 TABLE OF CONTENTS Section Page 1. Introduction 3 2. Executive Summary 4 5 3. Audit Findings 6 11 4. Benchmarking 12 5. Key Performance Indicators 13 Appendices

More information

AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING

AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING Introduction It has become increasingly common for schools to place a great deal of reliance upon PC s and computer systems to manage and operate

More information

Dacorum Borough Council Final Internal Audit Report

Dacorum Borough Council Final Internal Audit Report Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

Internal Audit Report Business Continuity Planning Arrangements

Internal Audit Report Business Continuity Planning Arrangements The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

Governance and Audit Committee 23 November 2015

Governance and Audit Committee 23 November 2015 Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

Service Level Agreement: Support Services (Version 3.0)

Service Level Agreement: Support Services (Version 3.0) Service Level Agreement: Support Services (Version 3.0) This Service Level Agreement ("SLA") is attached to the Agreement (Number [ ]) entered into between Uniware Systems Limited ("Uniware") and the Customer

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6

Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6 For Publication Bedfordshire Fire Rescue Authority Corporate Services Policy Challenge Group 9 September 2014 Item No. 6 REPORT AUTHOR: SUBJECT: ASSISTANT CHIEF OFFICER (HUMAN RESOURCES AND ORGANISATIONAL

More information

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance FRAMEWORK FOR THE PREPARATION OF ACCOUNTS Best Practice Guidance Revised Edition April 2010 PUBLISHED IN APRIL 2010 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF SCOTLAND This document is published by the

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness. Service Definition Business Continuity Plan Overview of Service Sapphire provides a bespoke service, working with your organisation to develop a comprehensive Business Continuity Plan (BCP) designed to

More information

INTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)

INTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY) 2008/09 SUMMARY Location Subject Business Sponsor Staff engaged Coleg Gwent Information Technology (Business Continuity) Lynda Roberts Sue Harris Head of Internal Audit Gaynor Rains Manager David Bratt

More information

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

Avon & Somerset Police Authority

Avon & Somerset Police Authority Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

Neumeier Poma Investment Counsel LLC Disaster Recovery Policies & Procedures. August 2014

Neumeier Poma Investment Counsel LLC Disaster Recovery Policies & Procedures. August 2014 Neumeier Poma Investment Counsel LLC Disaster Recovery Policies & Procedures August 2014 TABLE OF CONTENTS Page I. Business Impact Analysis... 1 II. Identification of Key Systems... 1 A. Mission Critical

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

ROLE PROFILE. Business Function: Software Operations Managed Cloud Services eg s Head Office, Dunston Business Village, Staffordshire

ROLE PROFILE. Business Function: Software Operations Managed Cloud Services eg s Head Office, Dunston Business Village, Staffordshire ROLE PROFILE Job Title: MCS Service Manager Grade/Salary Banding: Reporting To: Head of Software Operations Business Function: Software Operations Managed Cloud Services Location eg s Head Office, Dunston

More information

BUSINESS CONTINUITY STRATEGY

BUSINESS CONTINUITY STRATEGY BUSINESS CONTINUITY STRATEGY January 2009 CONTENTS Page BACKGROUND 1 OVERVIEW 1 AIM AND OBJECTIVES 1 CORE BUSINESS OF THE COUNCIL 2 ORGANISATION STRUCTURE 2 RISK IDENTIFICATION AND MITIGATION STRATEGIES

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (

More information

(Audit Committee 23 September 2010)

(Audit Committee 23 September 2010) Somerset County Council Audit Committee - 23 September 2010 (Audit Committee 23 September 2010) Paper E Item No. 9 Business Continuity and Disaster Recovery Corporate Director: Sonia Davidson Grant Lead

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Review of housing benefit overpayments 2008/09 to 2011/12

Review of housing benefit overpayments 2008/09 to 2011/12 Review of housing benefit overpayments 2008/09 to 2011/12 Prepared by Audit Scotland January 2013 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability (Scotland)

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Annual Report of Internal Audit 2012/13

Annual Report of Internal Audit 2012/13 Open Decision Item 4 Audit & Governance Committee 19 th June 2013 Annual Report of Internal Audit 2012/13 SYNOPSIS To report on Internal Audit s opinion of the overall adequacy and effectiveness of the

More information

FINAL. Internal Audit Report. Data Centre Operations and Security

FINAL. Internal Audit Report. Data Centre Operations and Security FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve

More information

Annual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11

Annual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11 Annual Audit Letter Kettering General Hospital NHS Foundation Trust Audit 2010/11 Contents Key messages 2 Audit opinion and financial statements 2 Value for money 2 Limited assurance opinion on the Quality

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015 Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

London Borough of Merton

London Borough of Merton London Borough of Merton STRATEGIC BUSINESS CONTINUITY PLAN April 2014 Distribution List: Name Ged Curran Caroline Holland Yvette Stanley Simon Williams Chris Lee Title Chief Executive Director of Corporate

More information

BUSINESS CONTINUITY PLANNING

BUSINESS CONTINUITY PLANNING BUSINESS CONTINUITY PLANNING INDEX Description Page Index 1 Template 1 - Plan Version Control 2 Background 3 Purpose of Business Continuity Plan 3 Roles and Responsibilities 3 Complimentary Links 4 Service/

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information