TxDOT Internal Audit Report Disaster Recovery - IT

Size: px
Start display at page:

Download "TxDOT Internal Audit Report Disaster Recovery - IT"

Transcription

1 TxDOT Internal Audit Report Disaster Recovery - IT Objective Determine if adequate plans and the ability to ensure critical TxDOT operations are not impacted by business interruptions to IT infrastructure. Determine whether testing, debriefs, and remediation plans have been developed and implemented. Opinion Based on the audit scope areas reviewed, control mechanisms require improvement and only partially address risk factors and exposures considered significant relative to impacting operational execution, and regulatory compliance. The organization's system of internal controls requires improvement in order to provide reasonable assurance that key goals and objectives will be achieved. Significant improvements are required to correct control gaps and mitigate residual risk that may result in potentially significant negative impacts to the organization including the achievement of the organization's business/control objectives. Overall Engagement Assessment Needs Improvement Finding 1 Finding 2 Title Disaster Recovery Plan (April 1, 2013) does not Include Sufficient Recovery Instructions for all IT Systems Outdated Technical Recovery Instructions Findings Control Design x Operating Effectiveness x Rating Needs Improvement Needs Improvement Management concurs with the above findings and prepared management action plans to address deficiencies. Internal Environment Since July 2012 services in the Texas Data Center Services (DCS) program, including disaster recovery, have been delivered through a multi-source integrated contract. Taking over provisions of services from previous service provider was completed on December 31, TxDOT IT staff was heavily involved during the transition of services. In addition, recent focus of the TxDOT IT function has been on updating and aligning internal business processes. Current management is aware of the need to re-assess IT System recovery priorities and plans for a comprehensive evaluation have been discussed. Current management is also aware that existing Disaster Recovery Plan (DRP) does not include sufficient recovery instructions for all IT Systems and is working on a solution.

2 Summary Results Finding Scope Area Evidence Audit work identified 318 of 397 (80%) division managed IT systems without sufficient recovery instructions in the current DRP [52 of 397 (13%) mission critical; 345 (87%) are non- critical]. 1 Disaster Recovery Planning IT Systems: 30 of 52 (58%) systems do not include sufficient recovery instructions in the existing DRP documentation. Non-critical IT Systems: 287 of 345 (83%) non-critical IT systems do not include sufficient recovery instructions in the existing DRP documentation. 2 Disaster Recovery Plan Execution and Testing Disaster Recovery Activities 4 of 4 (100%) of the Run Book updates associated with action items identified in the 2012 DR Test Exercise remain incomplete. Audit Scope The audit coverage included: Disaster recovery planning, testing and sustaining activities for TxDOT IT production systems both in and out-of-scope of the statewide data center services contracts (DCS). Limited testing was performed for systems administered by third party vendors. The audit was performed by Patti Drummer, Dennis Frazier, Justan Lopez (Co-Lead) and Karin Faltynek (Engagement Lead). The audit was conducted during the period from April 22, 2013 to July 19, Methodology The methodology(s) used to complete the objectives of this audit included the following: Multiple sources of documented information for TxDOT production servers and applications provided by the client were analyzed and compared to existing Disaster Recovery Plan documentation. The Data Application Inventory System (DAIS) was used as a primary source. Additional information was obtained through interviews with knowledgeable internal and service provider staff. 2 of 12 August 28, 2013

3 Records of the two most recent disaster recovery tests were reviewed and the status of identified action items was determined through the review of applicable documentation. Additional information was obtained through Interviews with knowledgeable internal staff. Data center and remote site walk-throughs and observation of on-going activities were followed up with documentation review and interviews with knowledgeable staff. These procedures were applied as necessary to perform the audit fieldwork. Background This report is prepared for the Transportation Commission, TxDOT Administration, and Management. The report presents the results of the Disaster Recovery IT Audit which was conducted as part of the Fiscal Year 2013 Audit Plan. Disaster recovery is a sub-set of business continuity. Disaster recovery is the process, policies and procedures related to pre-disaster planning. It is essential for recovery and continuation of technology infrastructure that is vital to an organization after a natural or human-induced disaster. Established key metrics for various business data recovery point objectives (RPO) and data recovery time objectives (RTO) are essential elements in disaster recovery planning. The RTOs and RPOs are generally found in the business continuity plan. Incomplete RTOs and RPOs can quickly derail a disaster recovery plan, leading to significant problems that can extend the disaster s impact. Once the recovery point and time are known, the underlying IT systems (applications and infrastructure supporting those systems) are identified and prioritized for recovery. Technical information related to the infrastructure and application interdependencies is recorded in Run Books. IT system metrics are documented in a Disaster Recovery Plan (DRP). The DRP is periodically updated and validated through DRP test exercises. DRP test exercise results are recorded in a disaster recovery test exercise issue log. Technical documentation related to issues discovered is updated to correct the deficiencies found during testing. Technical documentation is also updated on an on-going basis as a result of infrastructure changes or other related technical updates. As required by the Texas Government Code, TxDOT participates in the Texas Data Center Services (DCS) program. In 2006, TxDOT executed a 10 year interagency contract with DIR for the majority of existing IT Systems. TxDOT received permission to exclude some IT systems from DCS services. Those IT systems are referred to as outof-scope. The data in two of the out-of-scope IT systems is managed by third party service providers, the remaining are managed by TxDOT. The DCS and other third party service providers manage the IT Systems, including disaster recovery planning based on information provided by TxDOT. This information must include data, like RPO, RTO, and IT System interdependencies. While this information is generally based on comprehensive business analysis, current TxDOT IT System classification is primarily based on input from the IT System OPR. 3 of 12 August 28, 2013

4 We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A defined set of control objectives was utilized to focus on operational and regulatory goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against operational sub-optimization or regulatory non-compliance, particularly in areas not included in the scope of this audit. 4 of 12 August 28, 2013

5 Detailed Findings and Management Action Plans (MAP) Finding No. 1: Disaster Recovery Plan (April 1, 2013) does not Include Sufficient Recovery Instructions for all IT Systems Condition 318 of 397 (80%) of TxDOT s division Office of Primary Responsibility (OPR) managed IT systems do not have sufficient recovery instructions in the current disaster recovery plan. IT Systems The disaster recovery plan does not include sufficient recovery instructions for 30 of 52 (58%) IT systems previously identified as agency/mission critical by the IT system s OPR. While the Data Center Services (DCS) contract includes recovery priorities for servers; the interdependencies for specific IT Systems located on those servers is not included in the Disaster Recovery Plan. Technical recovery documentation for IT systems associated with the existing DCS disaster recovery plan includes Run Books with date/time stamps 1 year or older. Third Party data center service providers were able to provide disaster recovery documentation for the Toll Operation Management and Electronic Bidding Systems. However, the disaster recovery plan for the Toll Operation Management IT System was outdated due to recent infrastructure updates. Non-critical IT Systems The existing DCS disaster recovery plan does not include 287 of 345 (83%) IT systems identified as non-critical by the IT system s OPR. Technical recovery documentation for IT systems includes Run Books with date/time stamps 1 year or older. Effect/Potential Impact TxDOT operations would be impacted by business interruptions to IT infrastructure. After a disaster, the agency would not be able to continue its essential operations. Criteria & Cause Exhibit 16 of the Data Center Services Multi-sourcing Service Integrator Master Services Agreement IT Service Continuity Management states: Service Provider shall develop, maintain and implement a comprehensive Disaster Recovery Plan (DRP) for Services provided to DIR Customers and in relation to any DIR Customer-specific DRP s in each case subject to the DIR Customer s prior review and approval. Texas Administrative Code 202, Title 1, Part 10, Subchapter B, Rule states, State agencies shall maintain written Business Continuity Plans that address information resources so that the effects of a disaster will be minimized, and the state agency will be able either to maintain or quickly resume missioncritical functions. 5 of 12 August 28, 2013

6 Disaster Recovery Plans should include information that reflect IT system interdependencies, business priorities, recovery time objectives (RTO) and recovery point objectives (RPO). This information is used by the service provider to assign appropriate server service tiers, including disaster recovery priority. A process for the development and continuous update of a comprehensive disaster recovery plan is not in place. Although the DCS service provider has been provided information for non-critical systems in the past, TxDOT has not validated that this information has been included in the Disaster Recovery Plan in accordance with the contract. Efforts to create a critical systems list have been made by TxDOT staff, but a business analysis to establish IT System RTO has not yet been performed. Establishing RTO is a critical task in developing and documenting a disaster recovery plan and for transformation of servers to a consolidated data center environment. Evidence Not all existing IT systems are documented in the existing disaster recovery plan. The evidence obtained in the review included: IT Systems: Review of the Data Application Inventory System (DAIS) identified 397 production systems managed by division OPRs. Fifty-two (13%) of those systems are classified by the IT system s OPR as critical. The existing disaster recovery plan only provides information for 21 of 52 critical systems. 30 critical IT systems are not included in the existing DRP. 1 of the 52 critical IT systems, Toll Operations Management, is excluded from DCS and managed by a third party service provider. The review of the disaster recovery plan for the Toll Operations Management IT system indicates that the technical recovery documentation is out-of-date. Separate documented disaster recovery guidance for 30 critical systems does not exist. See Appendix A for a list of the 30 mission/agency critical IT systems at risk that were reviewed. Date/time stamps on existing technical recovery documentation for critical IT Systems are more than 1 year old. A process for on-going validation of existing technical recovery documentation for critical IT systems was not found. In addition, the July 2013 update of the disaster recovery plan indicates that the recovery period for 5 critical applications was downgraded due to TxDOT providing insufficient recovery instructions and description of application dependencies. Non-critical IT Systems Review of the Data Application Inventory System (DAIS) identified 397 IT systems managed by division OPRs. Three hundred forty-five (87%) of those IT systems are classified by the IT system s OPR as non-critical. The current disaster recovery plan only covers and discusses 58 (17%) of the non-critical IT systems. 6 of 12 August 28, 2013

7 Separate documented disaster recovery guidance for 287 non-critical IT systems does not exist. Date/time stamps on existing technical recovery documentation for non-critical IT systems are more than 1 year old. A process for on-going validation of existing technical recovery documentation for non-critical IT systems was not found. In addition, the July 2013 update of the Disaster Recovery Plan indicates that the recovery period for 20 non-critical IT applications was downgraded due to insufficient recovery instructions and description of application dependencies. Management Action Plans (MAPs): MAP Owners: Margaret Dixon, Risk & Security Strategy Manager; Jamie Hahn, Risk Analyst The following MAP activities will address the deficiencies by ensuring disaster recovery guidance, processes, and documentation are created and maintained for TxDOT s IT systems, and included in the disaster recovery plan document MAP IT has two transformation projects scheduled which will provide: Business evaluation of applications and systems Performance of application rationalization of the list of systems These two projects will provide necessary input to determine current system criticality. Expected outcomes of these projects include: An updated list of critical applications. The service provider, NTT DATA, was provided a preliminary list of 46 critical applications Recovery time objectives (RTO) for critical applications Priority tiers for applications Completion Date: December 15, 2013 MAP TxDOT will implement an on-going process to establish a quarterly review of critical Run Books: A quarterly review process of TxDOT s DR plan is currently in place. This review is conducted by Capgemini/Xerox. TxDOT will direct NTT DATA to inform Capgemini/Xerox. TxDOT will be using the same updating cycle to update the Run Books on a quarterly basis. TxDOT will review the list of critical applications upon completion of the above transformation project. TxDOT will then develop a process to update or create outstanding critical Run Books on a quarterly schedule. TxDOT will give the quarterly list to NTT who will then direct Capgemini/ Xerox to update the portion of the application s list to be updated or created. At the end of the quarter, TxDOT will review the portal on the TxDOT Department of Information Resources website to ensure the critical application s Run Books have been updated or created. 7 of 12 August 28, 2013

8 The contract between Capgemini and Xerox has a schedule for the creation and updating of Run Books based on Tier Service Groups listed in the Capgemini/Xerox DR Program Overview, page 22. TxDOT will conform to the contract agreement. Completion Date: June 15, 2014 MAP TxDOT will create and implement a process to recover non-critical applications. Completion Date: March 15, of 12 August 28, 2013

9 Finding No. 2: Outdated Technical Recovery Instructions Condition Run Books are out of date and do not reflect current disaster recovery operations. Effect/Potential Impact Continuation of business processes reliant on IT system components required to be functional would be delayed or result in an unsuccessful recovery of the targeted IT systems. Criteria & Cause Exhibit 16 of the Data Center Services Multi-sourcing Service Integrator Master Services Agreement Disaster Recovery Testing states: Service Provider will implement and track corrective actions until resolved. An on-going process to validate Run Books is not in place. Evidence 4 of 4 (100%) required updates to associated Run Books were not completed. A review of Run Books for the mainframe applications testing during the Oct 2012 Disaster Recovery (DR) exercise indicates that issues identified during this test have not been updated in the Run Books. Management Action Plan (MAP): MAP Owners: Margaret Dixon, Risk & Security Strategy Manager Jamie Hahn, Risk Analyst MAP The MAP owners agree the run books need to be updated and kept current. Creating and maintaining the Run Books is performed by Capgemini/Xerox with TxDOT s input. There are four application s Run Books which require updating: TPX, ADABAS, Enterprise Extender and CTC Adaptors. The fifth application, Websphere, is a Dept. of Motor Vehicle issue, and is not the responsibility of TxDOT as noted in the Issue column of the document. o TxDOT will direct NTT DATA to contact Capgemini/Xerox to affect the necessary updates identified during the 2012 DR test. The updates will be reflected in the datacenter portal documentation. o TxDOT will request version control and the name or title be added to the Run Book documentation. o TxDOT will notify TxDMV of their potential risk regarding Websphere. Completion Date: November 15, of 12 August 28, 2013

10 Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed with Information Technology Division management and staff. We appreciate the assistance and cooperation received from the TxDOT IT Organization contacted during this audit. 10 of 12 August 28, 2013

11 Appendix Table 1 System Name Active Directory Non-Mainframe Agency/ Systems as of May 2013 System Description An implementation of LDAP directory services by Microsoft for use in Windows environments. Assigned Priority Agency Advanced Traffic Management System Provides the ability to manage traffic through the use of cameras and automated signs. BAMS - Decision Support System Used for the analysis of transportation construction project data. BAMS-DSS BAMS client-server Central Authorization and Authentication System (CAAS) is a front-end system that manages access to TxDOT applications. Agency Comprehensive Occupational Safety Management Optimized System Crash Records Information System Crash Reporting and Analysis for Safer Highways Document Tracking System Electronic Bidding System Electronic Grants HR Online Intelligent Transportation System Tracks claims, produces reports, letters, payment vouchers, contracts, releases, and spreadsheets. Collects and disseminates crash information for the Department of Public Safety (DPS) and the Texas Department of Transportation (TxDOT). Used to transfer of motor vehicle crash data from law enforcement agencies to the Crash Records Information System (CRIS). Internal and External TxDOT Document/ /Phone Request Tracking System from any source, used daily by DDOR''s The Electronic Bidding System (EBS) permits electronic submission of digitally signed bids by qualified vendors. Processes and stores all transactions related to processing and accounting for federal/state grants available through TxDOT. (HR Online) is an application that uses PeopleSoft software to manage TxDOT employee information. Used to monitor traffic flows on major freeways. Agency LoadRunner Used for examining system behavior and performance. Lonestar Statewide Advanced Traffic Management System (ATMS) Memorial Sign Project MicroStrategy Intelligence Server Application for crash survivors to purchase memorial signs placed by districts. Texas Register Required. Production since 2/18/2004. Provides the core analytical processing and job management for all reporting, analysis and monitoring applications. 11 of 12 August 28, 2013

12 System Name Novell edirectory PONTEX Rail & Bridge Funding Prioritization System Description Centrally manages access to resources on multiple servers and computers within a given network. Stores complete bridge inventory and inspection data Used for prioritizing federal, state, and private fund allocation for bridge construction and highway-rail crossing construction including safety controls. Assigned Priority Agency Rail Hotline SiteManager Used for real time tracking/documentation and on-site action by federal rail inspectors in RRD. The application includes the two subsystems Site Manager Financial Interface (SMFI) and Site Manager Interface Controller (SMIC). Agency SPEEDZONE Used speed zone detail production. State HazMat Call Log Used for tracking and recording all HazMat calls from across the state and how the call was handled. Taskmaster Used to support crash report scan activities for Crash Records Information System (CRIS). Texas Maintenance Assessment Program A computer application used by TxDOT to satisfy the requirements of the Government Accounting Standards Board Texas Rail Information Management System Texas Traffic Operations Assessment Program Toxicology TRF Enterprise Document Management System (GASB) Statement 34. Manage all railroad-related projects and project information including crossing upgrade projects and construction projects that involve the railroad. Assessment of traffic control devices in each district for the purpose of evaluating and enhancing the safety of highways. Stores Medical Examiner/Coroners records, death certificates, cause of death event sequence hierarchy, and integration with state and federal systems. Tracks documents related to Traffic Operations Division business operations, such as consultant contract and administrative documents. 12 of 12 August 28, 2013

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing

More information

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452 Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,

More information

Audit of. District s Information Technology Disaster Recovery Plan

Audit of. District s Information Technology Disaster Recovery Plan Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #2014-03 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy: Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance

More information

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:

More information

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International BCP Definitions Business Continuity Plan: An ongoing process supported by senior management

More information

February 22, 1995. Dear Ms. Kastrin:

February 22, 1995. Dear Ms. Kastrin: February 22, 1995 Ms. Deborah C. Kastrin Executive Director Texas Department of Commerce Stephen F. Austin State Office Building 1700 North Congress, Suite 100 Austin, Texas 78711 Dear Ms. Kastrin: The

More information

Technical Considerations in a Windows Server Environment

Technical Considerations in a Windows Server Environment Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations

More information

Checklist For Business Recovery

Checklist For Business Recovery Checklist For Business Recovery Completed By: Name: Company: Room: Street: City, State, Zip: Phone #: Business Recovery Plan for: Business Recovery Plan (BRP)--LEVEL 1 (Executive Awareness/Authority) 1.

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

November 2009 Report No. 10-016

November 2009 Report No. 10-016 John Keel, CPA State Auditor An Audit Report on The Financial Responsibility Verification Program (TexasSure) Report No. 10-016 An Audit Report on The Financial Responsibility Verification Program (TexasSure)

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Corrective Actions to Address the Disaster Recovery Material Weakness Are Being Completed June 27, 2011 Report Number: 2011-20-060 This report has cleared

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

The State of Global Disaster Recovery Preparedness

The State of Global Disaster Recovery Preparedness Computer Network Solutions Disaster Recovery Preparedness Benchmark Survey The State of Global Disaster Recovery Preparedness ANNUAL REPORT 2014 The Disaster Recovery Preparedness Council publishes this

More information

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010 IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret

More information

Texas Municipal Courts Education Center

Texas Municipal Courts Education Center TexasSure Bringing Insurance Verification Into the 21 st Century Texas Municipal Courts Education Center 2008-2009 Academic Year Session Learning Objectives: By the end of the session, participants should

More information

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk Building your Server for High Availability and Disaster Recovery Witt Mathot Danny Krouk Terminology Whoa! Resiliency High Availability RTO Round Robin Business Continuity A Spectrum, Not a Switch Backup

More information

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013 Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included

More information

DEFINING THE RIGH DATA PROTECTION STRATEGY

DEFINING THE RIGH DATA PROTECTION STRATEGY DEFINING THE RIGH DATA PROTECTION STRATEGY The Nuances of Backup and Recovery Solutions By Cindy LaChapelle, Principal Consultant, ISG www.isg-one.com INTRODUCTION Most organizations have traditionally

More information

Audit of the Department of State Information Security Program

Audit of the Department of State Information Security Program UNITED STATES DEPARTMENT OF STATE AND THE BROADCASTING BOARD OF GOVERNORS OFFICE OF INSPECTOR GENERAL AUD-IT-15-17 Office of Audits October 2014 Audit of the Department of State Information Security Program

More information

Evaluation Report. Office of Inspector General

Evaluation Report. Office of Inspector General Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury

More information

Planning a Backup Strategy

Planning a Backup Strategy Planning a Backup Strategy White Paper Backups, restores, and data recovery operations are some of the most important tasks that an IT organization performs. Businesses cannot risk losing access to data

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Table of Contents 1. Introduction to Business Continuity Planning and Disaster

More information

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient?

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? As the enterprise IT landscape becomes more complex, customers more demanding, and computing devices more abundant

More information

Ongoing Help Desk Management Plan

Ongoing Help Desk Management Plan Ongoing Help Desk Management Plan HELP DESK IMPLEMENTATION /MANAGEMENT The Vendor shall provide in its Response to DIR a Help Desk Implementation Plan which shall include, but not be limited to: a. Customer

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12 Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

More information

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise Why Policy Management Matters... 3 Data Protection Service Management: An Overview... 3 Policy Management s Role

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Appropr iated Accounts Department-wide Systems and Capital Investment Program

Appropr iated Accounts Department-wide Systems and Capital Investment Program Department-wide Systems and Capital Investment Program Mission: To modernize business processes and increase efficiencies throughout the Department of Treasury through technology investments. Program Summary

More information

IT Risk & Security Specialist Position Description

IT Risk & Security Specialist Position Description Specialist Position Description February 9, 2015 Specialist Position Description February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level

More information

Microsoft Services Premier Support. Security Services Catalogue

Microsoft Services Premier Support. Security Services Catalogue Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated

More information

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

TEXAS REAL ESTATE COMMISSION Austin, Texas. Annual Internal Audit Report Fiscal Year 2011 TABLE OF CONTENTS. Internal Auditors Report...

TEXAS REAL ESTATE COMMISSION Austin, Texas. Annual Internal Audit Report Fiscal Year 2011 TABLE OF CONTENTS. Internal Auditors Report... Austin, Texas Annual Internal Audit TABLE OF CONTENTS Internal Auditors...1 Introduction...2 Internal Audit Objectives...3 Page Executive Summary Compliance with Public Funds Investment Act Background....

More information

EXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of:

EXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of: EXECUTIVE SUMMARY The Securities and Exchange Commission (SEC), Office of Inspector General (OIG) sought to determine whether the SEC s current data back-up procedures were reasonably effective in insuring

More information

Request for Resume (RFR) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information

Request for Resume (RFR) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information Section 1 General Information RFR Number: (Reference BPO Number) Functional Area (Enter One Only) R00B4400129 FUNCTIONAL AREA 7 INFORMATION SYSTEM SECURITY LABOR CATEGORY Security, Computer Systems Specialist

More information

NetApp SnapMirror. Protect Your Business at a 60% lower TCO. Title. Name

NetApp SnapMirror. Protect Your Business at a 60% lower TCO. Title. Name NetApp SnapMirror Protect Your Business at a 60% lower TCO Name Title Disaster Recovery Market Trends Providing disaster recovery remains critical Top 10 business initiative #2 area for storage investment

More information

SOLUTION BRIEF KEY CONSIDERATIONS FOR BACKUP AND RECOVERY

SOLUTION BRIEF KEY CONSIDERATIONS FOR BACKUP AND RECOVERY SOLUTION BRIEF KEY CONSIDERATIONS FOR BACKUP AND RECOVERY Among the priorities for efficient storage management is an appropriate protection architecture. This paper will examine how to architect storage

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

Disaster Recovery Plan The Business Imperatives

Disaster Recovery Plan The Business Imperatives Disaster Recovery Plan The Business Imperatives Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to

More information

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

With 57% of small to medium-sized businesses (SMBs) having no formal disaster Disaster Recovery For Business Owners Practical Guidance for a Critical Operation With 57% of small to medium-sized businesses (SMBs) having no formal disaster recovery plan (Symantec, 2011), and 52% believing

More information

Top 5 Disaster Recovery Reports IT Risk and Business Continuity Managers Live For

Top 5 Disaster Recovery Reports IT Risk and Business Continuity Managers Live For Whitepaper Top 5 Disaster Recovery Reports IT Risk and Business Continuity Managers Live For 1. Disaster Recovery Runbook Report 2. Disaster Recovery Compliance Report 3. Disaster Recovery Listing: Virtual

More information

Columbus City Schools Office of Internal Audit

Columbus City Schools Office of Internal Audit Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management

More information

U.S. Nuclear Regulatory Commission

U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

Technology Consulting

Technology Consulting Dallas Area Rapid Transit Authority Dallas, Texas EHIBIT H STATEMENT OF WORK Technology Consulting Purpose Dallas Area Rapid Transit (DART) is seeking a master service agreement with two qualified Contractors

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

The Business in Business Intelligence. Bryan Eargle Database Development and Administration IT Services Division

The Business in Business Intelligence. Bryan Eargle Database Development and Administration IT Services Division The Business in Business Intelligence Bryan Eargle Database Development and Administration IT Services Division Defining Business Intelligence (BI) Agenda Goals Identify data assets Transform data and

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Software Industry KPIs that Matter

Software Industry KPIs that Matter Software Companies Run Better on NetSuite. Software Industry KPIs that Matter Sponsored by Improved Results from Businesses Like Yours Business Visibility 360 o Visibility & Actionable Insight Increased

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? Disaster recovery strategic planning: How achievable will it be? Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Christopher Rivera Ernst & Young Advisory Services, Manager

More information

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all Whitepaper Disaster Recovery as a Service (DRaaS): A DR solution for all Disaster Recovery as a service: A DR solution for all Disaster Recovery (DR) is more important today than ever before. Why? Because

More information

Leading the evolution of global stock plan management TO INSOURCE OR OUTSOURCE? Four Steps to Gauge Your Equity Plan Needs

Leading the evolution of global stock plan management TO INSOURCE OR OUTSOURCE? Four Steps to Gauge Your Equity Plan Needs Leading the evolution of global stock plan management TO INSOURCE OR OUTSOURCE? Four Steps to Gauge Your Equity Plan Needs TO INSOURCE OR OUTSOURCE? FOUR STEPS TO GAUGE YOUR EQUITY PLAN NEEDS Administering

More information

ADDENDUM 5 TO APPENDIX 5 TO SCHEDULE 3.3 DESKTOP COMPUTING

ADDENDUM 5 TO APPENDIX 5 TO SCHEDULE 3.3 DESKTOP COMPUTING ADDENDUM 5 TO APPENDIX 5 TO SCHEDULE 3.3 TO THE DESKTOP COMPUTING Statement of Technical Approach for Desktop Computing Services The desktop service area delivers a common desktop operating environment

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. SERVICES BRONZE

More information

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

Two Approaches to PCI-DSS Compliance

Two Approaches to PCI-DSS Compliance Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,

More information

1. Back to Business: Planning for Disasters 2. The Benefits of Desktop Procedures 3. Disaster Recovery 4. Chaotic Ethical Decisions

1. Back to Business: Planning for Disasters 2. The Benefits of Desktop Procedures 3. Disaster Recovery 4. Chaotic Ethical Decisions Shane Creel Ph.D., CCEP Director, Risk Management & Sustainability Texas A&M University Kingsville February 27, 2012 1. Back to Business: Planning for Disasters 2. The Benefits of Desktop Procedures 3.

More information

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,

More information

Disaster Recovery and Business Continuity

Disaster Recovery and Business Continuity Disaster Recovery and Business Continuity Barbara Nollau Rupert King/Getty Images Computer Systems Quality and Compliance discusses practical aspects of computer systems and provides useful information

More information

U.S. Department of Labor. Office of Inspector General Office of Audit RECOVERY ACT: EFFECTIVENESS OF NEW YORK

U.S. Department of Labor. Office of Inspector General Office of Audit RECOVERY ACT: EFFECTIVENESS OF NEW YORK U.S. Department of Labor Office of Inspector General Office of Audit REPORT TO EMPLOYMENT AND TRAINING ADMINISTRATION RECOVERY ACT: EFFECTIVENESS OF NEW YORK IN DETECTING AND REDUCING UNEMPLOYMENT INSURANCE

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

TITLE III INFORMATION SECURITY

TITLE III INFORMATION SECURITY H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

More information

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................

More information

Joint Audit Report for South Lakeland District Council. & Eden District Council

Joint Audit Report for South Lakeland District Council. & Eden District Council Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

University System of Maryland University of Maryland, College Park Division of Information Technology

University System of Maryland University of Maryland, College Park Division of Information Technology Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND

More information

Hitachi Cloud Service for Content Archiving. Delivered by Hitachi Data Systems

Hitachi Cloud Service for Content Archiving. Delivered by Hitachi Data Systems SOLUTION PROFILE Hitachi Cloud Service for Content Archiving, Delivered by Hitachi Data Systems Improve Efficiencies in Archiving of File and Content in the Enterprise Bridging enterprise IT infrastructure

More information

Consulting Solutions Disaster Recovery. Yucem Cagdar

Consulting Solutions Disaster Recovery. Yucem Cagdar Consulting Solutions Disaster Recovery Yucem Cagdar Disaster Recovery Strategy How efficient is your DR Plan? Many are not prepared: 42% are not adequately armed with modern disaster recovery solutions,

More information

Statement of Service Enterprise Services - AID Microsoft IIS

Statement of Service Enterprise Services - AID Microsoft IIS Statement of Service Enterprise Services - AID Microsoft IIS Customer Proprietary Rights The information in this document is confidential to Arrow Managed Services, Inc. and is legally privileged. The

More information

Process Description Incident/Request. HUIT Process Description v6.docx February 12, 2013 Version 6

Process Description Incident/Request. HUIT Process Description v6.docx February 12, 2013 Version 6 Process Description Incident/Request HUIT Process Description v6.docx February 12, 2013 Version 6 Document Change Control Version # Date of Issue Author(s) Brief Description 1.0 1/21/2013 J.Worthington

More information

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans Disaster Recovery Plan Review Checklist A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans November 2008 DISASTER RECOVERY PLAN REVIEW CHECKLIST - FOR INTERNAL

More information

A Modern Guide to Optimizing Data Backup and Recovery

A Modern Guide to Optimizing Data Backup and Recovery Structured: Cloud Backup A Modern Guide to Optimizing Data Backup and Recovery What to Consider in an Enterprise IT Environment A Modern Guide to Optimizing Data Backup and Recovery Data is the lifeblood

More information

APPENDIX 4 TO SCHEDULE 3.3

APPENDIX 4 TO SCHEDULE 3.3 EHIBIT J to Amendment No. 60 - APPENDI 4 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 4 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT J to Amendment No.

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

VIRGINIA DEPARTMENT OF MOTOR VEHICLES IT SECURITY POLICY. Version 2.

VIRGINIA DEPARTMENT OF MOTOR VEHICLES IT SECURITY POLICY. Version 2. VIRGINIA DEPARTMENT OF MOTOR VEHICLES IT SECURITY POLICY Version 2., 2012 Revision History Version Date Purpose of Revision 2.0 Base Document 2.1 07/23/2012 Draft 1 Given to ISO for Review 2.2 08/15/2012

More information

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL. Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms

More information

Smart Start: How New Technology Mitigates Operational Risks in Schools

Smart Start: How New Technology Mitigates Operational Risks in Schools Smart Start: How New Technology Mitigates Operational Risks in Schools Like any institution, every school district faces the challenges of having enough time and resources to effectively mitigate risk.

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Network Computing Architects Inc. (NCA) Network Operations Center (NOC) Services

Network Computing Architects Inc. (NCA) Network Operations Center (NOC) Services Network Computing Architects Inc. (NCA), provides outsourced IT services by monitoring and managing clients computing assets. Included Services: For all systems covered under NOC Support, the following

More information

Reducing Corporate Risk: Best-practices Data Protection Strategy. for Remote and Branch Offices (ROBOs) Best-practices Data Protection Strategy

Reducing Corporate Risk: Best-practices Data Protection Strategy. for Remote and Branch Offices (ROBOs) Best-practices Data Protection Strategy UBISTOR WHITE PAPER: Reducing Corporate Risk: Best-practices Data Protection Strategy for Remote and Reducing Branch Corporate Offices (ROBOs) Risk: Best-practices Data Protection Strategy for Remote and

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK BACKGROUND The National Institute of Standards and Technology (NIST) Special Publication 800-53 defines a comprehensive set of controls that is the basis

More information

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2 Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls

More information