Columbus City Schools Office of Internal Audit
|
|
- Mitchell Johnson
- 8 years ago
- Views:
Transcription
1 Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management advisory and business process auditing services to the District. Internal Audit is an extension of management. Through our reviews we assist the Board of Education, Superintendent, Treasurer, and all Columbus City Schools personnel in carrying out their responsibilities.
2 Table of Contents Title Page Executive Summary 3 Results of DR Plan Testing Documentation Review 3 Background 4 Objectives 4 Scope and Methodology 5 Observations and Recommendations 5 Management Responses and Action Plans 7 2
3 Executive Summary On February 8, 2011, The (IA) completed an initial review of the testing documentation provided in support of the Information Technology Department Disaster Recovery Plan (DR Plan), last revised July The IT Operations Manager is responsible for executing DR Plan testing, documenting test results and completing the semi-annual update to the DR Plan, as described in the July 2010 plan. The following report summarizes our observations and the results of our testing documentation review. The report contains several recommendations designed to strengthen the testing procedures and the testing documentation included in the DR Plan. Results of DR Plan Testing Documentation Review The initial review of the July 2010, Information Technology DR Plan testing documentation indicated the testing documentation should be enhanced to support evidence of the execution of an effective, proactive DR Plan testing methodology. The DR Plan testing plan should establish the required minimum testing activity to be accomplished annually. The IT Operations Manager stores the core DR Plan Book, in hard copy and electronic copy, separate from the annual DR Plan testing support documentation. The DR Plan book (hard copy and electronic copy) should be expanded to include a reference to the location(s) where the evidentiary support for annual DRP testing is maintained. The current DR Plan document contains descriptions of IT Operation s reactions to various situations that present during daily operations, such as equipment malfunction and requests for data restorations, etc.. The documentation of successful recovery from the unanticipated event has been a mainstay of the DR Plan testing methodology and support documentation. The DR Plan testing methodology should be enhanced to include an effective forward looking annual testing plan. The plan should include documentation of the results of actual testing scenarios, lessons learned from the testing scenarios and documentation describing subsequent DR Plan changes which will be incorporated into the annual update of the DR Plan Book, hard copy and electronic copy. 3
4 Background Disaster recovery planning is the process, policy, and procedures related to preparing for recovery continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery, a subset of continuity planning focuses on the IT or technology systems that support business functions. The IT Operations Manager described the evolution of the Information Technology Disaster Recovery Plan for Columbus City Schools. Prior to the development of the District s disaster recovery plan the Information Technology (IT) Department maintained a book of system documentation/restore procedures. In the Information Technology Department identified the mission critical applications and built out the three data centers. The disaster recovery plan was formalized by critical application in accordance with the disaster recovery capabilities of the three generator backed up facilities. The IT Department supports 148 district buildings and over 250 departments. The IT department supports three data centers which house over 200 physical servers, approximately 29,000 traditional computer/thin client work stations, 4,000 laptop computers and over 1,000 unique software applications. Objectives The objectives of the review were the following: Determine District management continues to develop, test and refine the disaster recovery plan to respond to data processing demands and environmental changes within the district. Determine the plan includes documentation describing plan revisions including the sections modified, when modifications were completed, the individual(s) responsible for the modifications and documentation supporting change approval by senior management. Determine the plan includes documentation of the testing cycle and recent test results. Determine that critical personnel have a current copy of the plan and are aware of their roles and responsibilities during a disaster recovery. Determine that the applicable June 30, 2010 Auditor of State management letter recommendations have been addressed and documented in the disaster recovery plan. 4
5 Scope and Methodology The scope of the review is limited to the IT Department and the review of their DR Plan. During the review, IA interviewed the Chief Information Officer (CIO) and IT Operations Manager. IA referenced the Control Objectives for Information and related Technology (COBIT) and other guidance; researched reviews performed on IT DR Plans, and used the internet to research DR Plans & governance. COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. COBIT enables clear policy development and good practice for IT controls throughout organizations. Observations and Recommendations Observation Number 1 - The Information Technology (IT) Department DR Plan is not regularly tested. Disaster Recovery Plan testing should be a multi-step process. The preparation and execution of disaster recovery plan testing involves pre-planning, scenario building, scheduling of personnel and facilities, pre-test reviews, finalization of the actual disaster recovery plan and lastly, making sure all the resources you need are available when testing the plan. Effective disaster recovery plan testing helps to determine the readiness of all systems, people, and processes, helps identify gaps in the DR Plan, and allows IT Operations management to constantly improve the plan to ensure it is a living document. The last formal, pre-planned, IT Department table top exercise was performed in December The lack of scheduling and performing planned testing could lead to the District failing to protect intellectual property or sensitive information and files from loss or significant damage. Recommendation Nos. 1, 2 1. IA recommends IT Operations management perform scheduled testing of the DR Plan, conducted on a regular basis, at least annually. The testing at a minimum should include tabletop exercises. 5
6 2. IA recommends IT Operations management generate and retain supporting documentation as evidence of completion of the test objectives, the individuals involved, test results, lessons learned, and any procedural changes to be incorporated into the DR plan, so the plan evolves over time. Observation Number 2 - Lack of Consistent Reviews and Updates of the Disaster Recovery Plan. The current DR Plan, Administration Section 4.0, states: The Disaster Recovery Plan and Emergency Operation Manual will be reviewed by Information Technology personnel in June and December of each year. The review will be initiated by the IT Operations Manager and will consider hardware and operating system changes, application software changes, staffing changes and organizational changes. All modification documentation will be submitted to the IT Operations Manager. The DR Plan has been revised and updated twice, once in January 2009 and again in July Lack of a system to test and ensure controls are in place to properly update the disaster recovery plan could lead to outdated information being contained in the plan. Recommendation Nos. 3, 4, 5, & 6 3. IA recommends IT Operations management review and update the DR Plan at least annually. 4. IA recommends IT Operations management develop a mechanism to identify sections changed with date, and what was revised and/or changed during the review cycle. 5. IA recommends IT Operations management ensure that all individuals identified as required to have DR Plan have the most up-to-date copy. 6. IA recommends IT Operations management conduct an annual meeting with key personnel who would be involved in the disaster recovery, to ensure they know their roles and responsibilities during an event of a disaster. February 8, 2011 Status Update Received from IT Operations The IT Operations Manager revealed a significant effort is underway to update the July 2010 version of the DR Plan. The end of February 2011 is the target completion date for the latest DR Plan revision. Also stated was the intent to eliminate semi-annual DR Plan updates, replacing them with a single, annual DR Plan update to be scheduled for the month of February each year. The months of March and May of each year are to be dedicated for testing and documenting the results of DR Plan testing scenarios. 6
7 The IT Operations Manager indicated the electronic and hard copy versions of the DR Plan will be switched out during the first week of March The updated hard copies of the DR Plan will be provided to individuals identified in DR Plan Section 4.1. A 90 Day Review will be performed. Management Responses and Action Plans Recommendation No. 1 Annually we will be doing a tape restore test in March of each year and will be doing a walk through test of one of the critical system in May of each year. This is outlined in the DR Plan revised February 2011 in the Introduction, Section 5.2 Testing schedule, on page 11. Target Implementation date: March 2011 for the tape restore test and May 2011 for the walk through of the critical system. Recommendation No. 2 Ultimately the IT Operations Manager is responsible for ensuring the tests are completed and documented. The IT technical and applications teams will conduct the tests. Individuals will change depending on the system tested and the names of those involved will be noted in the test documentation. Target Implementation date: March 2011 for the tape restore test and May 2011 for the walk through of the critical system. Recommendation No. 3 The plan was updated in February of 2011 and will be done annually in February going forward. If there is a significant change to any of the recovery plans within the year, the plan will be updated accordingly. 7
8 Ultimately the IT Operations Manager is responsible for insuring the plan updated are completed and documented. The IT technical and applications teams will make the necessary changes. Individuals will change depending on the system documented. The names of those involved will be noted in the documentation. Target Implementation date: Annually in February Recommendation No. 4 For the update done in February 2011, the changes are noted in an excel spreadsheet. The spreadsheet includes section updated, the lead for the changes and the team members who made the changes. Going forward the change tracker will be turned on when the changes are made. Target Implementation date: Annually in February. Recommendation No. 5 & 6 For the individuals that are receiving a paper copy, the copies are delivered and signed for by the recipient once the old copy is turned over and the recipient understands their role in the plan. For those who have access to the electronic copy, a meeting is held to let the team members know the updates are complete, where the file is located. Once they have verified their access and understand their role in the plan, they sign a document confirming this. Target Implementation date: The first week of March annually. 8
OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationA Review of the Disaster Recovery Testing Process
To: LASERS Audit Committee; Cindy Rougeou, Executive Director Cc: Maris LeBlanc, Deputy Director; Lance Armstrong, IT Director; Dan Bowden, IT Deputy Director From: Ryan Babin, Audit Director; Blake Lee,
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationAudit of IMS Disaster Recovery Plan
Audit of IMS Disaster Recovery Plan Internal Audit 378-1-615 April 29, 2009 TABLE OF CONTENTS EXECUTIVE SUMMARY...II 1.0 INTRODUCTION...5 2.0 AUDIT OBJECTIVES AND SCOPE...7 3.0 AUDIT APPROACH AND METHODOLOGY...7
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationhi Information Technologies Change Management Standard
hi Information Technologies Change Management Standard Classification Service Delivery Standard # SVD-002 Approval Authority Chief Information Officer Implementation Authority Director, Service Delivery
More informationMANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION
MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit
More informationInternal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.
Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms
More informationDepartment of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006
Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive
More informationAudit of the Disaster Recovery Plan
Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE
More informationHealthcare Technology Audit Basics. Session Objectives
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More information3/17/2015. Healthcare Technology Audit Basics. Session Objectives. Jennifer McGill, CIA, CISA, CGEIT April 20, 2015
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More informationFINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001
FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems
More informationBusiness Continuity Management Review
Office of Internal Audit Business Continuity Management Review November 14, 2014 Internal Audit Team Shannon Henry Chief Audit Officer & Executive Director of Institutional Compliance Stacy Sneed Audit
More informationHong Kong Baptist University
Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012
More informationDATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.
More information
Dublin City University
Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationCITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR. Follow-up Audit of Information Technology Services Department. IT Contingency Planning
Follow-up Audit of Information Technology Services Department CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR Follow-up Audit of Information Technology Services Department Project No. AU13-F05 October 25,
More informationCRISP Technologies Inc.
Resumption Planning (BCRP ) Consulting with BCRP Methodology and Workflow CRISP Technologies Inc. Table of Contents TABLE OF CONTENTS... 2 1 CONSULTING WITH THE CRISP BCRP METHODOLOGY... 3 2 CRISP TECHNOLOGIES
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationDeveloping a Business Continuity Plan... More Than Disaster
Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationFinal Audit Report. Audit of Data Integrity MCCS Feeder System Interfacing with SAP
Final Audit Report Audit of Data Integrity MCCS Feeder System Interfacing with SAP April 2008 Table of Contents Executive Summary... ii Introduction...........1 Background... 1 Audit Objectives... 1 Scope
More informationHow To Recover From A Disaster
BELA-BELA LOCAL MUNICIPALITY Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 BELA-BELA 0480 Tel: 014 736 8000 Fax: 014 736 3288 Website: www.belabela.gov.za OFFICE OF THE MUNICIPAL MANAGER Information
More informationEXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of:
EXECUTIVE SUMMARY The Securities and Exchange Commission (SEC), Office of Inspector General (OIG) sought to determine whether the SEC s current data back-up procedures were reasonably effective in insuring
More informationI. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services
Date: June 30, 2015 To: Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services From: Craig Trujillo, CPA, Deputy Chief Auditor CST Tele: Office 860-757-9952 Mobile 860-422-3600 City
More informationGOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011
APPENDIX 1 GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT January 7, 2011 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS
More informationEvaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION
Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the
More informationAuditor General s Office. Governance and Management of City Computer Software Needs Improvement
Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City
More informationACTUALLY TEST YOUR PLAN. Disaster Recovery using Shadow Protect. March Madness Lunch & Learn. www.martinandassoc.com 1 AGENDA
AGENDA BEYOND BACKUP ENSURING RECOVER-ABILITY Identify and Quantify Exposure Risk Evolution of Recovery Technologies Build a Recover-Ability Solution Joe Gast Martin & Associates Maintenance Testing &
More informationDisaster Recovery Plan Test. Audit Report
ATTACHMENT 4 Disaster Recovery Plan Test Audit Report Internal Audit Report TABLE OF CONTENTS Section Page No. 1.0 MANAGEMENT SUMMARY...2 2.0 INTRODUCTION...2 3.0 OBJECTIVES AND SCOPE...3 4.0 METHODOLOGY...3
More informationREPORT 2015/112 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/112 Audit of information and communication technology hosting services provided by third parties to the Office of the United Nations High Commissioner for Refugees Overall
More informationDepartment of Information Technology Software Change Control Audit - Mainframe Systems Final Report
Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report March 2007 promoting efficient & effective local government Introduction Software change involves modifications
More informationOregon Employment Department: Computer Programs for Unemployment Tax Returns and Claims Need Attention
Secretary of State Audit Report Jeanne P. Atkins, Secretary of State Gary Blackmer, Director, Audits Division Oregon Employment Department: Computer Programs for Unemployment Tax Returns and Claims Need
More informationNOS for Network Support (903)
NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure
More informationDisaster Recovery Plan Documentation for Agencies Instructions
California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationUniversity of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010
` Official Audit Report Issued September 30, 2011 University of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010 State House Room 230 Boston, MA
More informationOverview of how to test a. Business Continuity Plan
Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test
More informationPRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report
An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act. PRIVY COUNCIL OFFICE Audit of Information Technology (IT) Security Audit
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationShared Services Update. What is a Shared Service? Governor s Directive 09 02 1/27/2011. FMAC Group January 27, 2011
Shared Services Shared Services Update FMAC Group January 27, 2011 What is a Shared Service? Washington State Government defines shared IT services as: The concentration of state and other related IT resources
More informationInternal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation
Department NeighborWorks America Audit Review of the Business Continuity Plan (BCP) and Documentation Project Number: ADMN.BCP.2013 Audit Review of of BCP Table of Contents Project Completion Letter...
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationDRAFT Disaster Recovery Policy Template
DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationAudit of. District s Information Technology Disaster Recovery Plan
Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #2014-03 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationIT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010
IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationUniversity of Ulster Policy Cover Sheet
University of Ulster Policy Cover Sheet Document Title Custodian Approving Committee Information Technology Disaster Recovery and Data Backup Policy 1.2 Deputy Director of Finance and Information Services
More informationCOMPUTER OPERATIONS AUDIT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES COMPUTER OPERATIONS AUDIT FINAL AUDIT REPORT Chief of Audits: James L. Pelletier, CIA, CICA IT Audit Manager: Lynne Prizzia,
More informationCOMPUTER OPERATIONS - BACKUP AND RESTORATION
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES COMPUTER OPERATIONS - BACKUP AND RESTORATION FINAL AUDIT REPORT Chief of Audits: Julie Nieminski, CPA, CIA, CFE, CISA, MPA
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationOFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT Chief of Audits: Juan R. Perez Senior Audit Manager:
More informationReport on Hong Kong SME Cloud Adoption and Security Readiness Survey
Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationINSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES
INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:
More informationYear 2000 Business Continuity and Contingency Planning: Day One Strategy (Report Number TR-AR-00-002)
December 7, 1999 CLARENCE E. LEWIS, JR. CHIEF OPERATING OFFICER AND EXECUTIVE VICE PRESIDENT SUBJECT: Year 2000 Business Continuity and Contingency Planning: (Report Number ) This audit report presents
More informationThe Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions Jim.Kates@cognizant.com
The Disaster Recovery Self-Assessment Guide and Validation Model Jim Kates Cognizant Technology Solutions Jim.Kates@cognizant.com How Would You Evaluate Your DRP? (Is it a Disaster Recovery Plan or a Dilbert
More informationMaryland Transportation Authority
Audit Report Maryland Transportation Authority March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationDel Mar College Job Description. Chief Information Technology Officer FLSA Status: Exempt. Position # 110035 Prepared: October 2006
BRIEF DESCRIPTION: The purpose of this position is to serve as the chief technology officer with leadership and responsibility for the operational and maintenance of the College s information technology
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This
More informationSOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning
SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions
More informationCentral Bank of India. Business Continuity Management Policy
Central Bank of India Business Continuity Management Policy DataCenter Version 1.0 February 2012 Table of Contents 1. Purpose... 3 2. Objective... 3 3. Scope... 4 4. Policy Statement... 4 5. Top Management
More informationThe Commonwealth of Massachusetts
A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE
More informationDistribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr.
Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr. Thomas Schlenker, Director, San Antonio Metropolitan Health District Robert
More informationUpdating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led
Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led Course Description There are two main reasons for the course.
More informationImplementation of ITIL in a Moroccan company: the case of incident management process
www.ijcsi.org 30 of ITIL in a Moroccan company: the case of incident management process Said Sebaaoui 1, Mohamed Lamrini 2 1 Quality Statistic Computing Laboratory, Faculty of Science Dhar el Mahraz, Fes,
More informationAudit Report. Natural Resources Conservation Service Water and Climate Information System Review of Application Controls Portland, Oregon
U.S. Department of Agriculture Office of Inspector General Western Region Audit Report Natural Resources Conservation Service Water and Climate Information System Review of Application Controls Portland,
More informationAudit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member
City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent
More informationREMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM
On a Mission to Transform Talent REMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM Table of Contents Module 1: Introduction to Hardware and Networking (Duration: 1.5 Weeks)...1 Module 2: Windows XP Professional
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationREGIONAL CENTER DISASTER RECOVERY PLAN
APPENDIX L REGIONAL CENTER DISASTER RECOVERY PLAN I. ADMINISTRATIVE INFORMATION: A. Introduction to Operational Recovery Plan B. Procedures to update and Distribute ORP C. Process to test ORP D. Plans
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationCONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT
CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity
More informationI. What benefits do you hope to achieve by engaging in this project? Ensuring that staff are
Capstone Project Summary I. What benefits do you hope to achieve by engaging in this project? Ensuring that staff are educated about the emergency procedures and plan in place to address actions during
More informationIT Risk Assessment Action Plan. South Staffordshire District Council Audit 2010/11
IT Risk Assessment Action Plan South Staffordshire District Council Audit 2010/11 The Audit Commission is a public corporation set up in 1983 to protect the public purse. The Commission appoints auditors
More informationEXECUTIVE SUMMARY...5
Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationVersion 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1
Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Table of Contents 1 1.0 Plan Introduction... 4 1.1 Mission and Objectives... 5 Compliance... 5 ISO Compliance Process...
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationSCHEDULE 3.9 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT DISASTER RECOVERY PLAN GUIDELINES
SCHEDULE 3.9 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT Disaster Recovery Plan Guidelines Northrop Grumman will provide a comprehensive disaster recovery plan that incorporates Disaster Recovery Institute
More informationA Message from Auditor of State Betty Montgomery INSIDE. The Ohio Auditor of State's. Volume 4, Issue 1 Winter 2007. BEST Practices.
The Ohio Auditor of State's Volume 4, Issue 1 Winter 2007 INSIDE Introduction 2 A Message from Auditor of State Betty Montgomery Disaster Recovery Planning Objectives Involve Elected Officials / Upper
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationReport No. D-2008-047 February 5, 2008. Contingency Planning for DoD Mission-Critical Information Systems
Report No. D-2008-047 February 5, 2008 Contingency Planning for DoD Mission-Critical Information Systems Additional Copies To obtain additional copies of this report, visit the Web site of the Department
More informationOffice of Information Technology
Office of Information Technology Core Services Resilience Plan Version 6.5.6 March 2010 Page 1 of 13 Table of Contents Overview... 3 Background... 4 OIT Organizational Resilience Program... 4 Data Centers...
More informationHow to Plan for Disaster Recovery and Business Continuity
A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions
More informationAudit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture
U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT
More informationBC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value
BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged
More informationIT DISASTER RECOVERY SAN FRANCISCO STATE UNIVERSITY. Audit Report 11-32 August 25, 2011
IT DISASTER RECOVERY SAN FRANCISCO STATE UNIVERSITY Audit Report 11-32 August 25, 2011 Members, Committee on Audit Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven M. Glazer William
More information