IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

Transcription

1 Department of Health Government of Western Australia IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY 2004

2 Document Control Date Version Notes Author 10/11/ Initial draft Geoff Graham (InfoHEALTH) 12/11/ Updated after review Geoff Graham (InfoHEALTH) 21/01/ Modified S. 4 Gopal Warrier 6/2/2004 Final Principal Information Officer Previous Editions: Nil Revision due: November 2005 Format: Microsoft Word 2000 Authorisation Mike Daube Director General Department of Health This policy has been authorised by- Date- File

3 CONTENTS 1. PURPOSE POLICY STATEMENT SCOPE STRATEGIES LEGISLATION AND STANDARDS GLOSSARY RESOURCES...7 APPENDIX A ELEMENTS OF A DISASTER RECOVERY PLAN...8 File

4 1. PURPOSE The Department has an obligation to ensure that electronic records are preserved and kept accessible for as long as they are required. Part of this requirement is that the records be protected from loss, either by disaster, human error or technical failure. This paper describes the Department s policy regarding the protection from unintended loss of all electronic records that are created and maintained in record keeping systems and business application systems so as to ensure that they satisfy record keeping requirements for operational and archival purposes over the medium to long term. 2. POLICY STATEMENT The Department shall maintain the Information Technology systems and processes to ensure that any electronic record of continuing value remains available and accessible and may be completely recovered in the event of its loss. 3. SCOPE This Policy applies to: All business application systems and records keeping systems that capture, create and store records as defined in the State Records Act 2000 and the Freedom of Information Act Employees of the WA government health sector, ultimately reporting through to the Minister for Health. This includes Department of Health (DoH) entities, public hospitals, public community health services, public pathology laboratories, public health and mental health clinics and services, public nursing homes, DoH contracted services and any other WA government health sector organisational entities. Administrative records should be managed in accordance with the Sate Records Office of Wester Australia General Disposal Authority (GDA) for Administrative Records see: Patient records in accordance with the Patient Information Retention and Disposal Schedule see: This policy does not prescribe specific technological solutions for the availability and recovery of electronic records over the long term. File

5 4. STRATEGIES Three requirements are demanded by this policy: Continued Availability The IT systems holding and making available the electronic records must have backup systems in place so that the records can continue to be available following a disaster. This requirement is addressed by building into the IT systems redundancy or backup systems that can take over in the event of failure of the primary systems. These systems must be capable of providing access to the vital records within a reasonable time following a failure of the primary system. Both the terms vital records and reasonable time must be assessed for each system with their values dependent on the criticality of the information held by the system and the consequences of its non-availability, including its impact on other record keeping systems. Record Recovery Any record that is lost, either through human error, technical failure or other factor, must be capable of being recovered in its entirety. This requirement is addressed by regularly copying (backing up) the records onto storage systems that are technically and physically separate from the original data. This must allow for the recovery of records that have been lost through any event from accidental erasure through to total catastrophic destruction. Standard IT practice must be followed to ensure that various generations of the copied data (backups) are retained over time to address the risk of error in the copied data How often the data is backed up and the time that backup generations are held must be assessed for each system and will depend on the volatility of the data and the risk of its loss. Suitable Processes A number of processes must be in place to ensure that the organisation maintains the efficiency of the technical systems defined above and is capable of restoring access to electronic records. These are: Application Classification Defines the reasonable time for the disaster recovery and vital records for the system. Backup Process Defines the process for backup of applications and data including the schedule, media rotation and media archiving. File

6 Backup Test Process Disaster Process Disaster Test Process Audit/Review Process Defines the process for testing backups including the schedule and reporting requirements. Defines a plan for management of a disaster situation including roles and responsibilities during the disaster, rules for declaring a disaster, notification, escalation, alternative facilities and recovery tasks. Defines the process for periodic testing of the Disaster Plan. The test should exercise the relevant roles and responsibilities and the infrastructure provided for recovery during a disaster situation. Defines the process for periodic auditing and review of the continuity provisions (processes and infrastructure) and the corresponding changes to the continuity provisions to maintain the required level of assurance regarding continuous service delivery. 5. LEGISLATION AND STANDARDS The following legislation and Standards apply to the management of electronic records over time: Evidence Act 1906 State Records Act 2002 Electronic Transactions Act 2003 Freedom of Information Act 1992 Public Sector Management Act 1994 International Standard on Records Management AS ISO15489 Refer to the Department of Health s Record Keeping Plan and Records Management Policy for further detailed information regarding electronic records. The definitive definition of the IT Service Continuity process is provided by the ITIL best practice framework ( ITIL Service Support, ISBN ). 6. GLOSSARY For a full glossary of terms used for records and electronic records see the Depart of Health s Record Keeping Plan: File

7 Additional terms are defined below: Disaster or Disaster Situation: An event that could not be normally be expected or anticipated and which disables the IT systems to the extent that prevents normal access to the electronic records. Data Backup: A copy of electronic records made for the purpose of safeguarding the data in the case of loss. 7. RESOURCES Electronic Records, The Impact of the Digital Age National Archives of Australia Corporate Memory in the Electronic Age Statement of a Common Position on Electronic Records Keeping e-government Policy Framework for Electronic Records Management Practical Experiences in Digital Preservation Conference State Records Standard 5: Management of Electronic Documents in Networked Computer Environments http: // State Records Standard 6: Management of Electronic Documents in Stand- Alone Computer Environments Public Records Policy : 8 Policy for the ongoing management of electronic records designated as having archival value. Retention of Laboratory Records and Diagnostic Material National Pathology Accreditation Advisory Council 2002 Standard on Recordkeeping in the Electronic Business Environment State Records NSW File

8 APPENDIX A ELEMENTS OF A DISASTER RECOVERY PLAN The following headings list the essential elements of a comprehensive Disaster Recovery Plan. Depending on the scale of the IT systems some, or all, of the following subjects should be addressed in the plan. Applications Each applications supported should be listed and allocated a priority so that, following an outage, the first effort can be given to recovering the most important applications first. The name of the group or organisation which has the responsibility to provide the main support for each application is also required to be listed. Computer System Components List the hardware and software components of each computer system used for the processing of the applications. Along with listing the vendor or supplier of the components, it is wise to list any alternative suppliers who may be approached if there is a need for urgent acquisition of replacement components or parts. Computer Room and Network Diagrams Copies of computer room diagrams and communication network diagrams in order to expedite recovery, replacement or reconstruction should some disastrous event occur. Computer System Security Description of the relevant features of the computer system security. Application and System Software Backup and Recovery Details of all relevant aspects of the recovery of backup data. Hardware and Software Maintenance Contracts Details of any hardware and software maintenance contracts including the vendor s name and contact details. Insurance Cover The details of any insurance cover for system components, communications equipment or the physical environment (although it must be understood that insurance cover is, by no means, an adequate alternative to a DRP). Arrangements for Replacement Equipment Description of any pre-arranged strategies (formally agreed) in place to make alternative equipment available should the normally-used equipment unavailable. Arrangements for Alternate Sites File

9 Description of any pre-arranged strategies in place to relocate critical equipment, staff and supplies. Disaster Recovery Personnel Contact List Being able to contact key people at any time 24 hours a day, seven days a week may mean the difference between continuing business or failing to do so. Key people may be members of staff, equipment vendors, support people, air conditioning engineers, etc. Maximum Acceptable Computer System Outages Key users must justify the maximum time they can tolerate an outage of each application. The size of each tolerable outage provides the window for recovery. Any recovery procedure must be developed to fit within this window. It is not justifiable to develop recovery strategies which cost more than the cost of the outage. Recovery Elapsed Time Estimates A listing of the likely timing of a recovery (to be compared with the figures listed above). Limp-along Procedures Limp-along procedures are sometimes known as Downtime Procedures. They refer to alternative procedures, which users will invoke should the availability of the computer system be lost for any period of time. These procedures typically involve manual systems or PC based processing and should be developed and maintained by the business units. File