Corporate ICT Availability

Transcription

1 Policy Corporate ICT Availability Please note this policy is mandatory and staff are required to adhere to the content Summary DECD ICT facilities and information must be available during agreed operational times to ensure that access is available to authorised users. Table 1 - Document details Publication date February 2011 Review date January 2014 Related legislation/applicable section of legislation Related policies, procedures, guidelines, standards, frameworks Replaces Policy officer (position) Manager, ICT Infrastructure & Asset Management Policy officer (phone) Policy sponsor (position) Executive director responsible (position and office) Applies to Key words Assistant Director, ICT Technical Services Executive Director, Infrastructure All DECD Employees ICT, availability Status Approved by Approval date February 2011 Version 1 Corporate ICT Availability February 2011

2 Table 2 - Revision record Date Version Revision description 2 Corporate ICT Availability February 2011

3 Table of Contents Policy... 1 Corporate ICT Availability... Error! Bookmark not defined. 1. Title Purpose Scope Policy detail Roles and responsibilities Monitoring, evaluation and review Definitions and abbreviations Supporting documents References...6 Appendix Corporate ICT Availability February 2011

4 1. Title Corporate ICT Availability 2. Purpose DECD ICT facilities and information must be available during agreed operational times to ensure that access is available to authorised users. 3. Scope This policy applies to all DECD ICT services and facilities in corporate sites 4. Policy detail Support of ICT Facilities Problems encountered by users must be reported to the ICT Service Desk which will record the details in the help desk call management system for timely problem resolution. Requirements for out of hours support (other than remote access) must be negotiated with the ICT Service Desk. Equipment Suppliers Suppliers of ICT systems equipment must have resources or facilities available to repair, replace and maintain equipment in a timely manner. Maintenance Service level agreements must be in place with equipment and service suppliers. These agreements must provide adequate protection against excessive downtime and service interruption or degradation. Configuration Management Operating procedures for DECD information processing facilities must be documented and maintained. Risk Assessment A risk assessment must be conducted either biennially or with any configuration change to determine the potential risks to DECD, and allow appropriate security measures to be implemented. Environmental Controls Information processing and information storage facilities must be protected at all times from environmental threats which jeopardise the existence, functioning and availability of the information. Appropriate environmental controls for ICT infrastructure include climate controls for air temperature and humidity. Other environmental factors to be considered include dust, water, vibration and interference from sources including electromagnetic radiation. 4 Corporate ICT Availability February 2011

5 Recovery and Back-up Corporate data and systems on network file servers must be regularly backed up. The frequency of back-up for operating system software, application system software, production data, recovery procedures and critical documentation must be identified and specified in production systems, operational schedules and emergency procedures. Capacity Planning The capacity demands of DECD information assets must be monitored and future requirements assessed to ensure ICT facilities are able to continue to support DECD business needs. ICT Service Continuity Planning ICT service continuity plans must be prepared and then reviewed on a regular basis to ensure that the information systems and associated information are available to all users by being protected from errors, destruction and other disasters such as fire, flood and earthquake. ICT Service Continuity Testing The back-ups and established business continuity plans must be tested at regular intervals, particularly after a critical resource or system upgrade, to ensure that expected level of recovery is effectively provided. Alternative Facilities The requirements for alternative processing and back-up storage facilities must be determined and arranged according to business continuity requirements, and reviewed and tested on a regular basis. Human Resource Planning Plans must be established to ensure that the skills necessary to support and operate the ICT equipment and information systems allow for normal staff turnover. Contingency plans must include appropriate provision for the loss of human resource capacity during emergencies. Personal Computers Wherever possible, DECD information and data must not be stored on local drives of personal computers. Staff are responsible for developing contingency procedures for applications and data stored on individual personal computers. 5. Roles and responsibilities Table 2 - Roles and responsibilities Role Authority/responsibility for 5 Corporate ICT Availability February 2011

6 6. Monitoring, evaluation and review 7. Definitions and abbreviations Table 3 - Definitions and abbreviations Term Meaning 8. Supporting documents The following DECD policies are relevant and must be read in conjunction with this policy. GICT/P4.1 Security Information Security Management Framework (published by DAIS) DECD Policy ICT Security DECD Policy Corporate ICT Change Management 9. References N/A Appendix N/A 6 Corporate ICT Availability February 2011

7 7 Corporate ICT Availability February 2011