Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June Report 6c Page 1 of 15

Size: px
Start display at page:

Download "Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15"

Transcription

1 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15

2 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13 Appendix 2 - Staff Interviewed 14 Statement of Responsibility 15 Disaster Recovery Planning 6c 2006/2007 Audit Ref: 723 p 2 of 15

3 Executive Summary Introduction & Background 1. This audit forms part of the 2006/2007 Internal Audit Plan, which has been approved by the Mayor and the Audit Panel. The plan entails a review of the Authority s Disaster Recovery Planning arrangements. 2. In light of events, including the 7/7 terrorist attacks and the Bunsfield Oil depot explosion, both occurring in 2005, the need for effective disaster recovery arrangements has been forcibly demonstrated. To some extent both of these events served to test the adequacy of the Authority s disaster recovery plans, which showed that they were generally effective, although some lessons have been learnt. 3. The aim of Disaster Recovery Planning (DRP), is to identify potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and brand. In essence, the GLA needs to maintain Disaster Recovery Plans to ensure the continuation of business activities in the event of a disaster or any incident or circumstances that could potentially cause disruption to normal business activities, and to ensure that the Mayor and Assembly are given proper support to carry out their roles in the event of any major incident or London-wide emergency. 4. The Technology Group is responsible for the management, maintenance and execution of the Disaster Recovery Plan. They are accountable for preparing for, responding to and the recovery of technology systems for any major City Hall incident. 5. Overall, Disaster Recovery is well managed and the Disaster Recovery site is very well equipped to ensure that in the event of a disaster, the Authority s critical business systems would be recoverable within agreed and acceptable timeframes. The Disaster Recovery Plan is also tested on a bi-annual basis and further ad-hoc tests, for example, when new systems are implemented, are also undertaken as and when required. However, some areas for further potential improvement in the control framework were identified during the course of the audit, and five recommendations were raised and agreed with management and detailed in the body of the report and highlighted below: Updating Disaster Plan Documentation; Updating Major Incident Plan Documentation; Contact List Record Maintenance; Off Site Recovery and Reconfiguration Data; and Completeness of Test Log Records. 6. Key staff was interviewed and prime source documents pertaining to the financial year 2006/2007 were selected and reviewed to evaluate the adequacy of the Disaster Recovery Plan framework and plans currently in operation. Our audit work was carried out during the period of February and March 2007 and a summary of the audit findings is given in the following paragraphs. Report 6c page 3 of 15

4 Critical Business Functions 7. The Authority has identified critical business locations and critical systems within the Disaster Recovery Plan (entitled Technology Group Business Continuity and Disaster Recovery Plan v 2.2 dated February 2006). However, on examination it was noted that not all current systems are included in the Plan and we were advised that the Technology Group are currently updating the Plan to include all new systems. The Plan also categorises type I and II systems in accordance with their criticality, i.e. Category I systems are to be recovered within 24 hours and Category II systems within 5 days of a major incident. However, it was noted that not all systems listed have been included in the corresponding Appendices that contain details of the hardware and software required, restore and recovery procedures and resources. Furthermore, the Plan does not give details of the 3 rd Party NDR Disaster Recovery fallback site, nor does the Plan make any reference to the 3 rd party supplier responsible for the offsite data backup tape storage. In addition, despite the Plan making specific reference to the fact that the Technology Group are responsible for the full deployment of Category I, II and III systems, there is no list of Category III systems included. One recommendation has been raised following our review of this area: Updating Disaster Plan Documentation Disaster Risk Assessment 9. A detailed formal risk assessment has been undertaken covering environmental, organised and deliberate disruption, loss of utilities and services; equipment or systems failure, serious information security incidents, other emergency situations including acts of violence in the workplace and disruption to Public transport. In addition, a Component Failure Impact Analysis was also undertaken and a Business Impact Analysis was conducted for all services and critical business processes for all Departments, including the Mayor s office, Assembly & Secretariat, Chief Executive, Corporate Services, Finance & Performance, Media & Marketing and Policy and Partnership. No recommendations have been made following our review of this area. Contact List Maintenance 10. The Technology Group Disaster Recovery Pack 2006 is a critical pack of documents that contains information and items that may be required in the event of an incident at City Hall. It includes a Technology Group Contact List. It was noted that the contact list was not up to date or complete. One recommendation has been made following our review of this area: Contact List Record Maintenance. Disaster Escalation Procedures 11. It was confirmed that adequate disaster escalation procedures have been created, discussed, agreed and communicated to all relevant staff. The procedures also include relevant sections for invocation of the Major Incident Plan. In addition, specific Invoke and Standby procedures have also in place and have been distributed to all relevant staff. Report 6c page 4 of 15

5 No recommendations have been made following our review of this area. Emergency Action Procedures 12. Communication is key to effective implementation of Disaster Recovery Plans. The Authority has introduced a staff emergency number that contains a recorded message, which all staff are encouraged to ring if they hear of any incident within the vicinity of City Hall whilst on their way to work. The standard default message is that there are no incidents reported and staff should come into work as normal, but this will be updated in the event of any incident to advise staff as to what action they should take. 13. In addition, the Major Incident Plan and the Invoke and Standby procedures, which form part of the Disaster Recovery documentation suite, have also been distributed to all relevant staff. It has been noted at 8 above, that the Major Incident Plan requires updating. 14. Each Directorate has a telephone list of key contacts that in turn are able to cascade messages on to their own groups (i.e. Heads of Service to team managers to staff). Each of the plans maintained centrally by Corporate Services, were reviewed and it was noted that many of them are supported by a confidential contact list for the respective directorates. However, further testing showed that whilst some lists are held centrally, each directorate maintains their own master telephone list and arrangements to allow effective communication to their staff during times of emergency, in accordance with the approved procedures. 15. A distribution list of all blackberry users (managers and team leaders) is maintained on the Outlook public folders of the Authority s network. This record is maintained to allow quick and effective communication. 16. All messages to the public in City Hall are conveyed via tannoy announcement and by security staff. Otherwise the public website or news bulletins/press releases will be used to get messages out to the wider public. It was confirmed that the tannoy is tested on a weekly basis during the fire alarm test. 17. In the event of a major incident, the Mayor has a direct link to Gold Control at Scotland Yard from his briefing room in City Hall. Furthermore, there is equipment in place to enable broadcasting form City Hall, so that the Mayor is able to make public statements. 18. The Technology Group Incident Log Book that is maintained once a disaster scenario has been invoked, has two contact numbers in operation; one for personnel to contact the Duty Disaster Recovery Person to telephone and second number that connects to an up to date recorded message giving details of disaster recovery status report and announcement during the emergency situation. No recommendations have been made following our review of this area. Salvage Procedures 19. Adequate salvage procedures are included in the Disaster Recovery Plan. Salvage procedures are the responsibility of the Operational Recovery Team, whom in turn report to the Strategic Recovery Team, on the extent of the damage, and make recommendations regarding possible reactivation and relocation of data centre and Report 6c page 5 of 15

6 user operations. In the event of a disaster, the Salvage exercise is headed by the Operations Manager and activated during the initial stage of an emergency. No recommendations have been raised following our review of this area. Disaster Recovery Procedures 20. A Disaster Recovery documentation suite has been produced in conjunction with business Departments and distributed to all relevant staff. The procedures are adequate for there purpose, however, see Recommendations with regard to updating the Plan, the Major Incident Plan and the Contact Lists, detailed above. 21. There are two main suppliers of Disaster Recovery services to the GLA. The first is NDR who supply the actual Disaster Recovery site and equipment. It is a hot site but only has provision for 30 staff initially, although there is an option to increase to a maximum space of 200 desks. The site has all attendant technical support and infrastructure as required. 22. The second major supplier of Disaster Recovery services is Data Protect UK who manages the offsite storage of data back up tapes. 23. Site visits to both companies ascertained that facilities, services and related procedures are of a high standard and would be adequate in the event of a disaster scenario. 24. However, it was evidenced that at the Disaster Recovery site the Black Box which contains critical Disaster Recovery documentation, information, hardware and software and as detailed in the Plan was not complete. Whilst there are incomplete systems lists, recovery procedures and incomplete items in the Black Box in the event of a disaster, timely recovery of critical systems may not be achieved. One recommendation has been raised following our review of this area: Off Site Recovery and Reconfiguration Data. Temporary Arrangements 25. The Major Incident Plan refers to the activation of temporary facilities in the event of a disaster. The facility is GLA owned and is Telstar House, London W2 6LG. Telstar House is a facility provided by Facilities Management and is part of the overall GLA plan offering. However, this facility would be for use by a very limited number of essential Disaster Recovery staff. 26. However, the majority of staff are configured for remote access and home working, so this could be an option if City hall were not available. No recommendations have been raised following our review of this area. Finance 27. Up to date and adequate copies of insurance certificates are available in the Plan as detailed under the contents of the Black Box. Insurance in place covers the entire computer suite both at City Hall and the Disaster Recovery sites and virus attacks and malicious code, however, please see item 23 above, for details concerning the lack of up to date information and equipment in the Black Box.. Report 6c page 6 of 15

7 28. Additional financial funding in the event of a disaster is also available and is governed by the Major Incident Teams. No recommendations have been raised following our review of this area. Disaster Recovery Testing 29. The Disaster Recovery facility is tested on a bi-annual basis. A planning meeting is undertaken approximately one month prior to test date and test requirements are documented and circulated to all relevant staff. The last test undertaken was October 2006 and was deemed to be overall successful. However, there were two key systems that were not successfully restored, due to problems encountered during testing. However, the systems were subject to individual testing in January In addition to the bi-annual test, for new systems implementation, various ad-hoc testing of components and systems are tested. 31. During a Disaster Recovery test, test results are maintained, via Technical Log and an Incident Log Book. However, neither of these had been fully completed for the October 2006 test. 32. Following testing, a post-test meeting is held and all relevant personnel attend. Lessons learnt are noted and the Disaster Recovery suite of documentation and procedures are updated accordingly. 33. The next Disaster Recovery test is scheduled for April One recommendation has been made following our review of this area: Completeness of Test Log Records. Audit Opinion Substantial Assurance Evaluation Opinion: While there is a basically sound system, there are areas of weakness which put some of the system objectives at risk, Testing Opinion: and/or there is evidence that the level of non-compliance with some of the controls may put some of the system objectives at risk. Report 6c page 7 of 15

8 Observations and Recommendations In order to assist management in using our reports: We categorise our opinions according to our assessment of the controls in place and the level of compliance with these controls Full Assurance Substantial Assurance Limited Assurance No Assurance There is a sound system of control designed to achieve the system objectives and the controls are being consistently applied. While there is a basically sound system, there are areas of weakness which put some of the system objectives at risk, and/or there is evidence that the level of non-compliance with some of the controls may put some of the system objectives at risk. Weaknesses in the system of controls are such as to put the system objectives at risk, and /or the level of non-compliance puts the system objectives at risk. Control is generally weak, leaving the system open to significant error or abuse, and/or significant non-compliance with basic controls leaves the system open to error or abuse. b) We categorise our recommendations according to their level of priority. Priority 1 Priority 2 Priority 3 Major issues for the attention of senior management. Other recommendations for local management action. Minor matters. Report 6c page 8 of 15

9 Risk Assessment & Impact 1. Updating Disaster Plan Documentation (Priority 2) Recommendation It is recommended that the Technology Group Business Continuity and Disaster Recovery Plan v 2.2 should: be updated to ensure that all systems are listed and categorised in accordance with their criticality. This should include updating the Disaster Recovery site information; be reviewed to ensure that all Category I, II and III systems have been identified and cross referenced to corresponding Appendices; include reference to 3 rd Party resource responsible for the safe offsite storage of all data and archive tapes. Once the above actions have been implemented, the Plan should be circulated to all relevant personnel forthwith; and include definitive systems lists that are agreed with the 3 rd party supplier. Rationale A formally produced, tested and up to date Disaster Recovery Plan suite of documentation ensures that a business s systems and processes are recoverable within an acceptable and agreed timescale. It also ensures that in the event of a disaster, there is minimum disruption and loss of services to both users and customers alike. At present, the Disaster Recovery suite of documentation is out of date and incomplete. Whist the Disaster Recovery suite of documentation is out of date and incomplete, there is a risk that GLA the Organisations systems as deemed critical in the event of a disaster, would not be available within an agreed and acceptable timeframe. This could lead to financial and reputational damage and statutory compliance failures e.g. meeting the time requirements of Freedom of Information Act requests. Management response: Technology Group Operations Manager Implemented - At the time of the audit approval to update the contract with our Disaster Recovery partner to include additional equipment was being sought. This has now been approved and the Disaster Recovery plan has now been updated to include this equipment. The plan has now been updated to categorise all systems and will agree the list of systems to be covered with the third party supplier. A reference has been made to the 3 rd party responsible for safe offsite storage data and archive tapes. Report 6c page 9 of 15

10 Contact Details 2. Contact List Record Maintenance (Priority 2) Recommendation It is recommended that contact lists for all corresponding Disaster Recovery documentation, including the Business Continuity and Disaster Recovery Plan v2.2 the Major Incident Plan and the TG DR Pack 2006 contact list, is verified, updated and distributed to all relevant personnel forthwith. Rationale Up to date contact information is essential to the success of a disaster recovery scenario being invoked. It was noted that contact information within the Disaster Recovery Suite of information, was in some cases, incomplete and out of date. There is a risk that in the event of a disaster occurring, key contact personnel would not be contactable. This could jeopardise the Disaster Recovery exercise and may lead to systems unavailability within an acceptable timeframe to the business and customers. This may lead to reputational and financial loss and possibly legal action (in the event of information being unavailable within agreed timeframes to customers.) Management response: Technology Group Operations Manager Agreed The Technology Group regularly updates and circulates its contact list (monthly or as soon as change is made). This has already been implemented. Report 6c page 10 of 15

11 Disaster Recovery Procedures 3. Off Site Recovery and Reconfiguration Data (Priority 2) Recommendation It is recommended that the NDR Disaster Recovery site, all documentation, information, software and hardware as deemed critical in the Plan and named Black Box, is complete and up to date. Rationale A complete and adequate set of recovery and reconfiguration procedures is a key component of a Disaster Recovery Plan and test. It was noted that the 3 rd Party NDR Contract and the Systems List, did not correspond in V2.2. of the GLA Disaster Recovery suite documentation. An inspection of the offsite Black Box held at the NDR Disaster Recovery site found that, only ten of the thirty-three items listed as critical, were present and recovery and reconfiguration data were not in place for all systems. Whilst there are incomplete systems lists, recovery procedures and incomplete items from the critically deemed Black Box, there is a risk that Disaster Recovery would not be successful, or that the systems were not recovered within an acceptable timeframe to both the business and customers alike. Management response: Technology Group Operations Manager Agreed When audited some contract information was missing from the Black box. The Black box now has a complete set of relevant documentation. This has already been implemented Report 6c page 11 of 15

12 Disaster Recovery Testing 4. Completeness of Test Log Records (Priority 2) Recommendation It is recommended that the Technical Log and the Incident Log Book that is maintained during testing and in the event of a disaster, should be completed for all actions noted. Rationale The Technical Log and the Incident Log Book are an important management information and analysis tool that ensure that problems identified during testing are timely resolved and disaster recovery documentation is updated accurately. During a Disaster Recovery test, test results are maintained, via the Technical and the Incident Log Books. However, examination of the for the October 2006 test records noted that neither of these logs were fully completed. There is a risk that testing results will not be properly analysed and that lessons will not be learnt, or reported which could lead to disaster recovery documentation being out of date and inaccurate and hinder future testing of the disaster recovery scenario. This could lead to unavailability of systems and or data. Management response: Technology Group Operations Manager Agreed A person will now be designated as the owner of the incident and technical log. A Disaster Recovery test exercise will take place during April and the test and incident logs will be examined following this. This has been implemented Report 6c page 12 of 15

13 Appendix 1 Audit Framework Audit Objectives The audit was designed to ensure that management has formulated adequate and effective plans and contingency arrangements to be instigated in the event of any incident that has an impact on business continuity. Audit Approach and Methodology The audit approach was developed with reference to an assessment of risks and management controls operating within each area of the scope. The following procedures were adopted: identification of the role and objectives of each area; identification of risks within the systems, and controls in existence to allow the control objectives to be achieved; and evaluation and testing of controls within the systems. From these procedures we have identified weaknesses in the systems of control, produced specific proposals to improve the control environment and have drawn an overall conclusion on the design and operation of the system. Areas Covered Audit work was undertaken to cover controls in the following areas: Critical Business Functions; Disaster Risk Assessment; Contact Details; Disaster Escalation Procedures; Emergency Action Plan; Salvage Procedures; Disaster Recovery Procedures; Temporary Arrangements; Finance; and Disaster Recovery Test Plan. Report 6c page 13 of 15

14 Appendix 2 - Staff Interviewed We would like to thank all staff that provided assistance during the course of this audit, and in particular: Operations Manager, Technology Group Internal Systems Manager, Technology Group NDR Representative Data Protect UK Representative Report 6c page 14 of 15

15 Statement of Responsibility We take responsibility for this report, which is prepared on the basis of the limitations set out below. The matters raised in this report are only those, which came to our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact before they are implemented. The performance of internal audit work is not and should not be taken as a substitute for management s responsibilities for the application of sound management practices. We emphasise that the responsibility for a sound system of internal controls and the prevention and detection of fraud and other irregularities rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify all circumstances of fraud or irregularity. Auditors, in conducting their work, are required to have regards to the possibility of fraud or irregularities. Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas as identified by management as being of greatest risk and significance and as such we rely on management to provide us full access to their accounting records and transactions for the purposes of our audit work and to ensure the authenticity of these documents. Effective and timely implementation of our recommendations by management is important for the maintenance of a reliable internal control system. Deloitte & Touche Public Sector Internal Audit Limited St Albans June 2007 In this document references to Deloitte are references to Deloitte & Touche Public Sector Internal Audit Limited. Deloitte & Touche Public Sector Internal Audit Limited is a subsidiary of Deloitte & Touche LLP, which is the United Kingdom member firm of Deloitte Touche Tohmatsu ( DTT ), a Swiss Verein whose member firms are separate and independent legal entities. Neither DTT nor any of its member firms has any liability for each other s acts or omissions. Services are provided by member firms or their subsidiaries and not by DTT Deloitte & Touche Public Sector Internal Audit Limited. All rights reserved. Deloitte & Touche Public Sector Internal Audit Limited is registered in England and Wales with registered number Registered office: Stonecutter Court, 1 Stonecutter Street, London EC4A 4TR, United Kingdom. Report 6c page 15 of 15

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

Report 6c. Final Internal Audit Report Network and Communications. April 2008

Report 6c. Final Internal Audit Report Network and Communications. April 2008 Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results

More information

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

Draft Internal Audit Report Software Licensing Audit. December 2009

Draft Internal Audit Report Software Licensing Audit. December 2009 Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement

More information

Dacorum Borough Council Final Internal Audit Report

Dacorum Borough Council Final Internal Audit Report Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service

More information

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,

More information

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating: Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director

More information

Avon & Somerset Police Authority

Avon & Somerset Police Authority Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:

More information

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating: Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation

More information

The procurement is for hardware only and the cost will not exceed 85,000.

The procurement is for hardware only and the cost will not exceed 85,000. REQUEST FOR DIRECTOR DECISION DD1155 Title: Additional IT data replication appliance Executive Summary: Approval is sought to conduct a procurement exercise to purchase an additional data replication appliance.

More information

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South

More information

South Northamptonshire Council

South Northamptonshire Council South Northamptonshire Council Windows Active Directory Final Internal Audit Report - September Distribution list: Mike Shaw IT & Customer Services Manager David Price Director of Community Engagement

More information

Essex Fire Authority

Essex Fire Authority Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013

More information

FINAL. Internal Audit Report. Data Centre Operations and Security

FINAL. Internal Audit Report. Data Centre Operations and Security FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

IT Assurance - Business Continuity and Disaster Recovery

IT Assurance - Business Continuity and Disaster Recovery Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10) Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28

More information

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06 Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Business Planning & Budgetary Control 2012/13

Business Planning & Budgetary Control 2012/13 Cymdeithas Tai Cantref Cyf Final Internal Audit Report Business Planning & Budgetary Control 2012/13 Date of fieldwork: October November 2012 Date of draft report: November 2012 Date of final report: November

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Growth by acquisition.

Growth by acquisition. Forward thinking Growth by acquisition. A practical guide for owner-managed businesses Acquisitions can be an excellent means of enhancing shareholder value in a privately owned business. However, selecting

More information

Internal Audit Report Disaster Recovery / Business Continuity Planning

Internal Audit Report Disaster Recovery / Business Continuity Planning Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,

More information

Corporate Business Continuity Plan

Corporate Business Continuity Plan Corporate Business Continuity Plan Introduction The Council is a major business in the Town, and as part of its Quality Management System must ensure that it can recover quickly from a disaster which affects

More information

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section Appendix 1 Oadby and Wigston Borough Council Information and Communications Technology (I.C.T.) Section Information Communication Technology Contingency and Disaster Recovery Plan Version 0.1 10/04/09

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Internal Audit Report 2010/11 North Norfolk District Council. February 2011

Internal Audit Report 2010/11 North Norfolk District Council. February 2011 Internal Audit Report 2010/11 North Norfolk District Council NN/11/17 Network Infrastructure, Security and Telecommunications February 2011 This report has been prepared on the basis of the limitations

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15 Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Departmental Business Continuity Framework. Part 2 Working Guides

Departmental Business Continuity Framework. Part 2 Working Guides Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions

More information

Information Technology Services (ITS)

Information Technology Services (ITS) Information Technology Services (ITS) Disaster Recovery Plan Version 2.11 DOCUMENT VERSION CONTROL Version Date Description/Notes Author/s V2.00 02/06/2014 New plan based on updated Standby plan. V2.10

More information

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs Balancing and Settlement Code BSC PROCEDURE BSCP537 QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs APPENDIX 3 GUIDANCE NOTES ON COMPLETING THE SAD Version 2.0 Date: 10 September 2007

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN Plan Ref No: [INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN PLAN DETAILS Date Written Plan Owner Plan Writer Version Number Review Schedule 6 monthly Annually Date of Plan Review Date of Plan Exercise

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance FRAMEWORK FOR THE PREPARATION OF ACCOUNTS Best Practice Guidance Revised Edition April 2010 PUBLISHED IN APRIL 2010 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF SCOTLAND This document is published by the

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet

More information

BSI audited HCPC on the 6 May 2014, as the second audit of the new three year audit cycle across the whole organisation.

BSI audited HCPC on the 6 May 2014, as the second audit of the new three year audit cycle across the whole organisation. Audit Committee, 24 June 2014 BSI ISO 9001:2008 Audit Report Executive summary and recommendations Introduction BSI audited HCPC on the 6 May 2014, as the second audit of the new three year audit cycle

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager

More information

Business Continuity and Disaster Recovery Plan

Business Continuity and Disaster Recovery Plan Business Continuity and Disaster Recovery Plan 1.0 Introduction Our plan relies upon excellent communications and this is reviewed on a regular basis to identify any weakness and forms part of our board

More information

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management For Small to Medium-Sized Businesses Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our

More information

Business Continuity Planning advice for Businesses with 50-250 employees

Business Continuity Planning advice for Businesses with 50-250 employees Business Continuity Planning advice for Businesses with 50-250 employees Where to begin? A business continuity plan should consist of a business and contingencies analysis. It needs to be developed by

More information

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM October 2010 Practice Note 10 (Revised) AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM The Auditing Practices Board (APB) is one of the operating bodies of the Financial Reporting

More information

ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING

ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING Report by Director of Finance and Corporate Resources PURPOSE OF REPORT To bring before the Sub-Committee

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll Coleg Gwent Internal Audit Report 2012/13 Payroll and HR Assurance Rating: Payroll HR Distribution List: Final Report Audit Committee Principal Vice Principal, (Finance, Estates and Information Services)

More information

SCHEDULE 25. Business Continuity

SCHEDULE 25. Business Continuity SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or which TfL considers likely to render, it necessary or desirable

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations

More information

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Introduction

More information

NHS 111 National Business Continuity Escalation Policy

NHS 111 National Business Continuity Escalation Policy NHS 111 National Business Continuity Escalation Policy 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning Development Finance Human

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity

More information

Joint Audit Report for South Lakeland District Council. & Eden District Council

Joint Audit Report for South Lakeland District Council. & Eden District Council Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information

More information

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action

More information

Business Continuity Plan. MakeStuff Ltd

Business Continuity Plan. MakeStuff Ltd Business Continuity Plan of MakeStuff Ltd Unit 1 Factory Way Makerville Anyshire MA1 2FG in relation to The recorded version of this plan is 2008A Table of Contents Introduction and Plan Details Roles

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

(Instructor-led; 2 Days)

(Instructor-led; 2 Days) Protecting Your Revenues: A Risk Management Approach to Business Continuity Planning (Instructor-led; 2 Days) Module I. Project Initiation and Management A. DRII/BCI Project initiation and control B. Business

More information

Business Continuity Planning Manual. Version 1

Business Continuity Planning Manual. Version 1 Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20

Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20 Comhairle nan Eilean Siar Internal Audit Review Final Report 12/13-20 8 th January 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4-9 SECTION 3 -

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE

disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information