Columbus City Schools Office of Internal Audit

Size: px
Start display at page:

Download "Columbus City Schools Office of Internal Audit"

Transcription

1 Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management advisory and business process auditing services to the District. Internal Audit is an extension of management. Through our reviews we assist the Board of Education, Superintendent, Treasurer, and all Columbus City Schools personnel in carrying out their responsibilities.

2 Table of Contents Title Page Executive Summary 3 Results of DR Plan Testing Documentation Review 3 Background 4 Objectives 4 Scope and Methodology 5 Observations and Recommendations 5 Management Responses and Action Plans 7 2

3 Executive Summary On February 8, 2011, The (IA) completed an initial review of the testing documentation provided in support of the Information Technology Department Disaster Recovery Plan (DR Plan), last revised July The IT Operations Manager is responsible for executing DR Plan testing, documenting test results and completing the semi-annual update to the DR Plan, as described in the July 2010 plan. The following report summarizes our observations and the results of our testing documentation review. The report contains several recommendations designed to strengthen the testing procedures and the testing documentation included in the DR Plan. Results of DR Plan Testing Documentation Review The initial review of the July 2010, Information Technology DR Plan testing documentation indicated the testing documentation should be enhanced to support evidence of the execution of an effective, proactive DR Plan testing methodology. The DR Plan testing plan should establish the required minimum testing activity to be accomplished annually. The IT Operations Manager stores the core DR Plan Book, in hard copy and electronic copy, separate from the annual DR Plan testing support documentation. The DR Plan book (hard copy and electronic copy) should be expanded to include a reference to the location(s) where the evidentiary support for annual DRP testing is maintained. The current DR Plan document contains descriptions of IT Operation s reactions to various situations that present during daily operations, such as equipment malfunction and requests for data restorations, etc.. The documentation of successful recovery from the unanticipated event has been a mainstay of the DR Plan testing methodology and support documentation. The DR Plan testing methodology should be enhanced to include an effective forward looking annual testing plan. The plan should include documentation of the results of actual testing scenarios, lessons learned from the testing scenarios and documentation describing subsequent DR Plan changes which will be incorporated into the annual update of the DR Plan Book, hard copy and electronic copy. 3

4 Background Disaster recovery planning is the process, policy, and procedures related to preparing for recovery continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery, a subset of continuity planning focuses on the IT or technology systems that support business functions. The IT Operations Manager described the evolution of the Information Technology Disaster Recovery Plan for Columbus City Schools. Prior to the development of the District s disaster recovery plan the Information Technology (IT) Department maintained a book of system documentation/restore procedures. In the Information Technology Department identified the mission critical applications and built out the three data centers. The disaster recovery plan was formalized by critical application in accordance with the disaster recovery capabilities of the three generator backed up facilities. The IT Department supports 148 district buildings and over 250 departments. The IT department supports three data centers which house over 200 physical servers, approximately 29,000 traditional computer/thin client work stations, 4,000 laptop computers and over 1,000 unique software applications. Objectives The objectives of the review were the following: Determine District management continues to develop, test and refine the disaster recovery plan to respond to data processing demands and environmental changes within the district. Determine the plan includes documentation describing plan revisions including the sections modified, when modifications were completed, the individual(s) responsible for the modifications and documentation supporting change approval by senior management. Determine the plan includes documentation of the testing cycle and recent test results. Determine that critical personnel have a current copy of the plan and are aware of their roles and responsibilities during a disaster recovery. Determine that the applicable June 30, 2010 Auditor of State management letter recommendations have been addressed and documented in the disaster recovery plan. 4

5 Scope and Methodology The scope of the review is limited to the IT Department and the review of their DR Plan. During the review, IA interviewed the Chief Information Officer (CIO) and IT Operations Manager. IA referenced the Control Objectives for Information and related Technology (COBIT) and other guidance; researched reviews performed on IT DR Plans, and used the internet to research DR Plans & governance. COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. COBIT enables clear policy development and good practice for IT controls throughout organizations. Observations and Recommendations Observation Number 1 - The Information Technology (IT) Department DR Plan is not regularly tested. Disaster Recovery Plan testing should be a multi-step process. The preparation and execution of disaster recovery plan testing involves pre-planning, scenario building, scheduling of personnel and facilities, pre-test reviews, finalization of the actual disaster recovery plan and lastly, making sure all the resources you need are available when testing the plan. Effective disaster recovery plan testing helps to determine the readiness of all systems, people, and processes, helps identify gaps in the DR Plan, and allows IT Operations management to constantly improve the plan to ensure it is a living document. The last formal, pre-planned, IT Department table top exercise was performed in December The lack of scheduling and performing planned testing could lead to the District failing to protect intellectual property or sensitive information and files from loss or significant damage. Recommendation Nos. 1, 2 1. IA recommends IT Operations management perform scheduled testing of the DR Plan, conducted on a regular basis, at least annually. The testing at a minimum should include tabletop exercises. 5

6 2. IA recommends IT Operations management generate and retain supporting documentation as evidence of completion of the test objectives, the individuals involved, test results, lessons learned, and any procedural changes to be incorporated into the DR plan, so the plan evolves over time. Observation Number 2 - Lack of Consistent Reviews and Updates of the Disaster Recovery Plan. The current DR Plan, Administration Section 4.0, states: The Disaster Recovery Plan and Emergency Operation Manual will be reviewed by Information Technology personnel in June and December of each year. The review will be initiated by the IT Operations Manager and will consider hardware and operating system changes, application software changes, staffing changes and organizational changes. All modification documentation will be submitted to the IT Operations Manager. The DR Plan has been revised and updated twice, once in January 2009 and again in July Lack of a system to test and ensure controls are in place to properly update the disaster recovery plan could lead to outdated information being contained in the plan. Recommendation Nos. 3, 4, 5, & 6 3. IA recommends IT Operations management review and update the DR Plan at least annually. 4. IA recommends IT Operations management develop a mechanism to identify sections changed with date, and what was revised and/or changed during the review cycle. 5. IA recommends IT Operations management ensure that all individuals identified as required to have DR Plan have the most up-to-date copy. 6. IA recommends IT Operations management conduct an annual meeting with key personnel who would be involved in the disaster recovery, to ensure they know their roles and responsibilities during an event of a disaster. February 8, 2011 Status Update Received from IT Operations The IT Operations Manager revealed a significant effort is underway to update the July 2010 version of the DR Plan. The end of February 2011 is the target completion date for the latest DR Plan revision. Also stated was the intent to eliminate semi-annual DR Plan updates, replacing them with a single, annual DR Plan update to be scheduled for the month of February each year. The months of March and May of each year are to be dedicated for testing and documenting the results of DR Plan testing scenarios. 6

7 The IT Operations Manager indicated the electronic and hard copy versions of the DR Plan will be switched out during the first week of March The updated hard copies of the DR Plan will be provided to individuals identified in DR Plan Section 4.1. A 90 Day Review will be performed. Management Responses and Action Plans Recommendation No. 1 Annually we will be doing a tape restore test in March of each year and will be doing a walk through test of one of the critical system in May of each year. This is outlined in the DR Plan revised February 2011 in the Introduction, Section 5.2 Testing schedule, on page 11. Target Implementation date: March 2011 for the tape restore test and May 2011 for the walk through of the critical system. Recommendation No. 2 Ultimately the IT Operations Manager is responsible for ensuring the tests are completed and documented. The IT technical and applications teams will conduct the tests. Individuals will change depending on the system tested and the names of those involved will be noted in the test documentation. Target Implementation date: March 2011 for the tape restore test and May 2011 for the walk through of the critical system. Recommendation No. 3 The plan was updated in February of 2011 and will be done annually in February going forward. If there is a significant change to any of the recovery plans within the year, the plan will be updated accordingly. 7

8 Ultimately the IT Operations Manager is responsible for insuring the plan updated are completed and documented. The IT technical and applications teams will make the necessary changes. Individuals will change depending on the system documented. The names of those involved will be noted in the documentation. Target Implementation date: Annually in February Recommendation No. 4 For the update done in February 2011, the changes are noted in an excel spreadsheet. The spreadsheet includes section updated, the lead for the changes and the team members who made the changes. Going forward the change tracker will be turned on when the changes are made. Target Implementation date: Annually in February. Recommendation No. 5 & 6 For the individuals that are receiving a paper copy, the copies are delivered and signed for by the recipient once the old copy is turned over and the recipient understands their role in the plan. For those who have access to the electronic copy, a meeting is held to let the team members know the updates are complete, where the file is located. Once they have verified their access and understand their role in the plan, they sign a document confirming this. Target Implementation date: The first week of March annually. 8

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL. Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

I. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

I. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services Date: June 30, 2015 To: Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services From: Craig Trujillo, CPA, Deputy Chief Auditor CST Tele: Office 860-757-9952 Mobile 860-422-3600 City

More information

Information and Communication Technology. Disaster Recovery Policy

Information and Communication Technology. Disaster Recovery Policy BELA-BELA LOCAL MUNICIPALITY Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 BELA-BELA 0480 Tel: 014 736 8000 Fax: 014 736 3288 Website: www.belabela.gov.za OFFICE OF THE MUNICIPAL MANAGER Information

More information

Disaster Recovery Plan Test. Audit Report

Disaster Recovery Plan Test. Audit Report ATTACHMENT 4 Disaster Recovery Plan Test Audit Report Internal Audit Report TABLE OF CONTENTS Section Page No. 1.0 MANAGEMENT SUMMARY...2 2.0 INTRODUCTION...2 3.0 OBJECTIVES AND SCOPE...3 4.0 METHODOLOGY...3

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

NOS for Network Support (903)

NOS for Network Support (903) NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure

More information

EXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of:

EXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of: EXECUTIVE SUMMARY The Securities and Exchange Commission (SEC), Office of Inspector General (OIG) sought to determine whether the SEC s current data back-up procedures were reasonably effective in insuring

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Final Audit Report. Audit of Data Integrity MCCS Feeder System Interfacing with SAP

Final Audit Report. Audit of Data Integrity MCCS Feeder System Interfacing with SAP Final Audit Report Audit of Data Integrity MCCS Feeder System Interfacing with SAP April 2008 Table of Contents Executive Summary... ii Introduction...........1 Background... 1 Audit Objectives... 1 Scope

More information

Audit of. District s Information Technology Disaster Recovery Plan

Audit of. District s Information Technology Disaster Recovery Plan Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #2014-03 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education

More information

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010 IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy: Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance

More information

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led Course Description There are two main reasons for the course.

More information

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:

More information

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly

More information

Office of Information Technology

Office of Information Technology Office of Information Technology Core Services Resilience Plan Version 6.5.6 March 2010 Page 1 of 13 Table of Contents Overview... 3 Background... 4 OIT Organizational Resilience Program... 4 Data Centers...

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

Central Bank of India. Business Continuity Management Policy

Central Bank of India. Business Continuity Management Policy Central Bank of India Business Continuity Management Policy DataCenter Version 1.0 February 2012 Table of Contents 1. Purpose... 3 2. Objective... 3 3. Scope... 4 4. Policy Statement... 4 5. Top Management

More information

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Table of Contents 1 1.0 Plan Introduction... 4 1.1 Mission and Objectives... 5 Compliance... 5 ISO Compliance Process...

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller

Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller Audit of System Backup and Recovery Controls for the City of Milwaukee Datacenters MARTIN MATSON City Comptroller AYCHA SIRVANCI, CPA Audit Manager City of Milwaukee, Wisconsin July 2014 TABLE OF CONTENTS

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

The State of Global Disaster Recovery Preparedness

The State of Global Disaster Recovery Preparedness Computer Network Solutions Disaster Recovery Preparedness Benchmark Survey The State of Global Disaster Recovery Preparedness ANNUAL REPORT 2014 The Disaster Recovery Preparedness Council publishes this

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Audit of the Data Center Consolidation Initiative at NARA. OIG Draft Audit Report No. 12-09. May 10, 2012

Audit of the Data Center Consolidation Initiative at NARA. OIG Draft Audit Report No. 12-09. May 10, 2012 Audit of the Data Center Consolidation Initiative at NARA OIG Draft Audit Report No. 12-09 May 10, 2012 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit

More information

5 Things You Didn t Know About Cloud Backup

5 Things You Didn t Know About Cloud Backup 5 Things You Didn t Know About Cloud Backup 1. Data privacy can easily be compromised by encryption key holders. Encryption is vital to data protection and most backup solutions offer it. However, encryption

More information

Better secure IT equipment and systems

Better secure IT equipment and systems Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government

More information

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information

More information

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 SP1

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 SP1 Course 10165A: Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 SP1 OVERVIEW About this Course There are two main reasons for the course. Firstly,

More information

Federal Data Center Consolidation Initiative

Federal Data Center Consolidation Initiative Federal Data Center Consolidation Initiative Data Center Consolidation Plan for the U.S. Small Business Administration Maintained by: The Office of the Chief Information Officer Paul Christy, CIO Revised:

More information

ICT & Communications Services Disaster & Recovery Plan

ICT & Communications Services Disaster & Recovery Plan ICT & Communications Services Disaster & Recovery Plan Advanced IT Services with George Spencer Academy www.aitn.co.uk Advanced IT Services - Arthur Mee Road, Stapleford, Nottingham. NG9 7EW Email: info@advanceditservices.co.uk

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International BCP Definitions Business Continuity Plan: An ongoing process supported by senior management

More information

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013 Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included

More information

Cisco Data Center Optimization Services

Cisco Data Center Optimization Services Cisco Data Center Optimization Services Conquer Your Most Compelling Business Challenges and Capitalize on Future Opportunities by Making Efficient Use of Your Data Center Resources Challenge Just sustaining

More information

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology 6G Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology TABLE OF CONTENTS Page Report on Internal Controls Related to Information Technology Network and Network Security 1

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Optimizing the Data Center for Today s Federal Government

Optimizing the Data Center for Today s Federal Government WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,

More information

Change Management Process. June 1, 2011 Version 2.7

Change Management Process. June 1, 2011 Version 2.7 Change Management Process June 1, 2011 Version 2.7 Contents Document Control... 3 Overview... 4 Definition of a Change... 5 Description... 5 Objectives... 5 Key Terms & Definitions... 6 Change Management

More information

INFORMATION TECHNOLOGY PLAN. THE ENLARGED CITY SCHOOL DISTRICT OF TROY, NEW YORK 2920 Fifth Avenue, Troy, NY 12180 2012-2015

INFORMATION TECHNOLOGY PLAN. THE ENLARGED CITY SCHOOL DISTRICT OF TROY, NEW YORK 2920 Fifth Avenue, Troy, NY 12180 2012-2015 INFORMATION TECHNOLOGY PLAN for the THE ENLARGED CITY SCHOOL DISTRICT OF TROY, NEW YORK 2920 Fifth Avenue, Troy, NY 12180 2012-2015 Revised by the District Technology Committee TABLE OF CONTENTS Overview:

More information

System/Data Requirements Definition Analysis and Design

System/Data Requirements Definition Analysis and Design EXECUTIVE SUMMARY This document provides an overview of the Systems Development Life-Cycle (SDLC) process of the U.S. House of Representatives. The SDLC process consists of seven tailored phases that help

More information

Microsoft Services Premier Support. Security Services Catalogue

Microsoft Services Premier Support. Security Services Catalogue Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated

More information

How to Design and Implement a Successful Disaster Recovery Plan

How to Design and Implement a Successful Disaster Recovery Plan How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing

More information

HR Shared Services. HR/Payroll Shared Services Service Level Agreement. April 2013

HR Shared Services. HR/Payroll Shared Services Service Level Agreement. April 2013 HR Shared Services HR/Payroll Shared Services Service Level Agreement April 2013 SERVICE LEVEL AGREEMENT Contents GENERAL INFORMATION... 3 Purpose... 3 Vision... 3 SERVICE PERFORMANCE... 3 Mission... 3

More information

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13

More information

The Cyber Security Leap: From Laggard to Leader. April 2015

The Cyber Security Leap: From Laggard to Leader. April 2015 The Cyber Security Leap: From Laggard to Leader April 2015 How do some organizations achieve better security performance? We compared organizations that were able to leapfrog their security effectiveness

More information

STAND THE. Data Center Optimization. Q&A with an Industry Leader

STAND THE. Data Center Optimization. Q&A with an Industry Leader Q&A with an Industry Leader Government is faced with exploding demand to provide services to end users, be they ordinary citizens or war fighters. The data center is a primary resource that overworked

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Cisco Disaster Recovery: Best Practices White Paper

Cisco Disaster Recovery: Best Practices White Paper Table of Contents Disaster Recovery: Best Practices White Paper...1 Introduction...1 Performance Indicators for Disaster Recovery...1 High Level Process Flow for Disaster Recovery...2 Management Awareness...2

More information

Best Practices in Healthcare IT Disaster Recovery Planning

Best Practices in Healthcare IT Disaster Recovery Planning BUSINESS WHITE PAPER Best Practices in Healthcare IT Disaster Recovery Planning Assessing your options for leveraging the cloud to enhance compliance, improve recovery objectives, and reduce capital expenditures

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing

More information

Standard Operating Procedure Contingency Planning Guidance

Standard Operating Procedure Contingency Planning Guidance Standard Operating Procedure Contingency Planning Guidance Version Date: 20080702 Effective Date: 20080707 Expiration Date: 20110707 Responsible Office: Office of the Chief Information Officer 1 Document

More information

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452 Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Device Lifecycle Management

Device Lifecycle Management Device Lifecycle Management 1 (8) Table of Contents 1. Executive summary... 3 2. Today's challenges in adapting to lifecycle management... 3 3. How is Miradore different?... 5 4. Conclusion... 8 2 (8)

More information

Disaster Prevention and Recovery for School System Technology

Disaster Prevention and Recovery for School System Technology The Optimal Reference Guide: Disaster Prevention and Recovery for School System Technology Extraordinary insight into today s education topics Glynn D. Ligon, Ph.D., ESP Solutions Group Evangelina Mangino,

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing

More information

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015 Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy June 23, 2015 What is egrc? A management system for compliance requirements, policies, risk

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services Information Services Standing Service Level Agreement (SLA) Firewall and VPN Services Overview This service level agreement (SLA) is between Information Services (IS), and any unit at the University of

More information

VENDOR-AGNOSTIC EXPLANATIONS AND ADVICE FOR THE INFORMATION TECHNOLOGY BUYER. Recovery in Perspective Ensuring Access to Enterprise Data

VENDOR-AGNOSTIC EXPLANATIONS AND ADVICE FOR THE INFORMATION TECHNOLOGY BUYER. Recovery in Perspective Ensuring Access to Enterprise Data P iscsi SANs Panacea or Placebo? Clipper Notes VENDOR-AGNOSTIC EXPLANATIONS AND ADVICE FOR THE INFORMATION TECHNOLOGY BUYER New in 2007 Report #TCG2007043 Updated March 31, 2007 Recovery in Perspective

More information

Planning for Disaster Disaster

Planning for Disaster Disaster Planning for Disaster Ramesh Ramani CISM CGEIT Ramesh Ramani CISM CGEIT Paramount-Dubai Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster

More information

A Guide to Choosing the Right Data Backup Solution for your School. March 2015.

A Guide to Choosing the Right Data Backup Solution for your School. March 2015. A Guide to Choosing the Right Data Backup Solution for your School. March 2015. Contents Introduction.... 3 Why introduce a remote data backup solution?... 4 What is the difference between onsite & offsite

More information

Riverhead Central School District

Riverhead Central School District Riverhead Central School District Data Disaster Recovery Plan The following pages outline the data recovery process for the Riverhead Central School District **This document should be kept in paper form**

More information

2014 Audit of the CFPB s Information Security Program

2014 Audit of the CFPB s Information Security Program O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-C-020 2014 Audit of the CFPB s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL

More information

Enable unified data protection

Enable unified data protection Business white paper Enable unified data protection HP Data Protector Table of contents 3 The latest backup and recovery strategies 3 Are legacy approaches meeting current challenges? 4 The deployment

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Corrective Actions to Address the Disaster Recovery Material Weakness Are Being Completed June 27, 2011 Report Number: 2011-20-060 This report has cleared

More information

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236. February 25, 2011

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236. February 25, 2011 THOMAS P. DiNAPOLI COMPTROLLER STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236 STEVEN J. HANCOX DEPUTY COMPTROLLER DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY

More information

industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud

industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud 1 A Brief Introduction Today, cloud computing offers government the opportunity to re-imagine how services are delivered. But

More information

Building a Disaster Recovery Testing Program

Building a Disaster Recovery Testing Program Building a Disaster Recovery Testing Program Presented by Steve Carroll Email: scarroll@aboundresources.com Phone: 717-256-1865 About Our Speaker Steve Carroll is a Senior Consultant with Abound Resources.

More information

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy Organizational Functional Area: Policy for: Executive Division Bank Disaster Recovery Program Board Reviewed: September 14, 2011 Department/Individual Responsible for Maintaining/Updating

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

2-1-1 DISASTER SUPPORT COLLECTIVE

2-1-1 DISASTER SUPPORT COLLECTIVE 2-1-1 DISASTER SUPPORT COLLECTIVE Disaster Exercise After Action Report 09/05/12 Information maintained and distributed by 211 LA County serving as administrative lead for the 2-1-1 Disaster Support Collective.

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

Utica College. Information Security Plan

Utica College. Information Security Plan Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles

More information

Frequently Asked Questions about Cloud and Online Backup

Frequently Asked Questions about Cloud and Online Backup Frequently Asked Questions about Cloud and Online Backup With more companies realizing the importance of protecting their mission-critical data, we know that businesses are also evaluating the resiliency

More information

BITS FRAMEWORK FOR MANAGING TECHNOLOGY RISK FOR SERVICE PROVIDER RELATIONSHIPS

BITS FRAMEWORK FOR MANAGING TECHNOLOGY RISK FOR SERVICE PROVIDER RELATIONSHIPS BITS FRAMEWORK FOR MANAGING TECHNOLOGY RISK FOR SERVICE PROVIDER RELATIONSHIPS NOVEMBER 2003 REVISED IN PART FEBRUARY 2010 BITS 1001 Pennsylvania Avenue NW, Suite 500 South Washington, DC 20004 (202) 289-4322

More information

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise Why Policy Management Matters... 3 Data Protection Service Management: An Overview... 3 Policy Management s Role

More information

Table of contents 3 4 4 5 5 6 7

Table of contents 3 4 4 5 5 6 7 Business white paper Unified data protection with HP Data Protector Leverage on-premise, cloud, and hybrid backup and recovery strategies Table of contents 3 Introduction 4 Are legacy approaches meeting

More information

Decision on adequate information system management. (Official Gazette 37/2010)

Decision on adequate information system management. (Official Gazette 37/2010) Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Presentation to Joint Legislative Oversight Committee on Information Technology

Presentation to Joint Legislative Oversight Committee on Information Technology Presentation to Joint Legislative Oversight Committee on Information Technology George Bakolia State October 15, 2008 1 Topics Update on Western Data Center Electronic Document Pilot ITS Operational Excellence

More information