IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
|
|
- Joseph Atkins
- 8 years ago
- Views:
Transcription
1 NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor during the course of the internal audit review and are not necessarily a comprehensive statement of all the weaknesses that exist or all the improvements that might be made. This report has been prepared solely for management's use and must not be recited or referred to in whole or in part to third parties without our prior written consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended, for any other purpose. TIAA neither owes nor accepts any duty of care to any other party who may receive this report and specifically disclaims any liability for loss, damage or expense of whatsoever nature, which is caused by their reliance on our report.
2 INTRODUCTION - EXECUTIVE SUMMARY - 1. We have reviewed the Disaster Recovery arrangements at Nottingham City Homes. The review was carried out in July 2010 as part of the planned internal audit work for. SUMMARY 2. One Key Risk Control Objective was identified and based on the findings from this work an overall evaluation of the overall adequacy of the internal controls was established (figure 1). Figure 1 - Evaluation of the Effectiveness of the Internal Controls Evaluation Limited Assurance KEY FINDINGS 3. The key control and operational practice findings that need to be addressed in order to strengthen the control environment are set out in the Management and Operational Effectiveness Action Plans. The prioritisation of the recommendations are summarised below (figure 2). Figure 2 - Summary of Priorities of Recommendations Urgent Important Routine Operational MANAGEMENT RESPONSES 4. Recommendations for improvements should be assessed by the Company for their full impact before they are implemented. RELEASE OF REPORT 5. The table below sets out the history of this report. Date draft report issued: 1 st September 2010 Date management responses recd: 23 rd February 2011 Date final report issued: 23 rd February 2011 Page 1
3 MANAGEMENT ACTION PLAN PRIORITY 1, 2 AND 3 RECOMMENDATIONS Risk Finding Recommendation Priority Management Comments Implementation Timetable Responsible Officer Failure to direct the process through approved policy & procedures. It was ascertained that key IT systems and services had been identified and prioritised for recovery in a disaster situation, however, no evidence was provided to substantiate this. Recommendation 2: The prioritisation of IT systems and services be undertaken to identify the critical recovery path should such a disaster occur. 1 The information on key systems and services will be consolidated, allowing a critical recovery path to be identified and agreed with the NCH Business Continuity lead officer End of May 2011 Robert Allen Head of ICT Failure to direct the process through approved policy & procedures. There is no evidence to support the identification of risks associated with IT systems. Significant risks to systems must first be identified before a comprehensive recovery plan can be developed, tested and implemented. Recommendation 1: A risk assessment be undertaken to identify significant risks relating to the loss of IT systems and services. 2 A risk assessment will be carried out for all key systems/services identified in the response to Recommendation 2 to identify risks to system/service availability End of May 2011 Robert Allen Head of ICT PRIORITY GRADINGS 1 URGENT Fundamental control issue on which action should be taken immediately. 2 IMPORTANT Control issue on which action should be taken at the earliest opportunity. 3 ROUTINE Control issue on which action should be taken. Page 2
4 Risk Finding Recommendation Priority Management Comments Implementation Timetable Responsible Officer There is no procedure for restoring critical business systems following an incident. Backup and recovery of IT systems is undertaken by the Local Authority, who provide IT services to NCH under contract. It is understood that a comprehensive SLA has been sought with the Local Authority for some time and that a recent draft has been written. No evidence of the draft SLA was provided during the review. Recommendation 3: A comprehensive SLA with the Local Authority be sought to ensure that NCH is receiving acceptable levels of service and that value for money from the service provided can be demonstrated. 2 Formalisation of the backup and recovery arrangements for our systems is one of the reasons that NCH has been attempting to develop a comprehensive ICT SLA with NCC and progress against this recommendation is tied to the progress on the SLA. A deadline of March 2011 has been set to agree with NCC a new ICT SLA Action Plan. Once this is in place, timings for progress against this recommendation may be available. TBC Robert Allen Head of ICT PRIORITY GRADINGS 1 URGENT Fundamental control issue on which action should be taken immediately. 2 IMPORTANT Control issue on which action should be taken at the earliest opportunity. 3 ROUTINE Control issue on which action should be taken. Page 3
5 Risk Finding Recommendation Priority Management Comments Implementation Timetable Responsible Officer There is no procedure for restoring critical business systems following an incident. A backup schedule was provided to Internal Audit. A review of the schedule identified several servers that were not backed up, although it should be noted that there were some that had a legitimate reason for not being backed up. However, there were still servers that were not backed up and therefore information may not be recoverable should a disaster occur Recommendation 4: The current backup arrangements be reviewed to ensure that critical systems are effectively backed up and the schedule is sufficiently documented to reflect the actual arrangements. 2 COMPLETE All of NCH s critical business systems are backed up appropriately. Further checks have ensured that the missing information leading to the audit finding has been added to the backup schedule document. N/A Robert Allen Head of ICT PRIORITY GRADINGS 1 URGENT Fundamental control issue on which action should be taken immediately. 2 IMPORTANT Control issue on which action should be taken at the earliest opportunity. 3 ROUTINE Control issue on which action should be taken. Page 4
6 Risk Finding Recommendation Priority Management Comments Implementation Timetable Responsible Officer There is no procedure for restoring critical business systems following an incident. There is no formal documented Disaster Recovery plan in place with reliance placed upon the Nottingham City Council (NCC) to provide a recovery service. Whilst this process is appropriate for NCH, there was no evidence to suggest that NCC has a detailed disaster recovery plan which has been tested to ensure that NCH s IT systems can be fully and accurately recovered should a disaster occur. Recommendation 5: Confirmation be sought from NCC that they have a fully tested and detailed Disaster Recovery plan that identifies NCH s critical systems and that these can be effectively recovered should a disaster occur. 3 Confirmation has been sought and NCH are awaiting a response from NCC. End of March 2011 Robert Allen Head of ICT PRIORITY GRADINGS 1 URGENT Fundamental control issue on which action should be taken immediately. 2 IMPORTANT Control issue on which action should be taken at the earliest opportunity. 3 ROUTINE Control issue on which action should be taken. Page 5
7 OPERATIONAL EFFECTIVENESS MATTERS Item Management Comments No Operational Effectiveness Matters were identified. ADVISORY NOTE Operational Effectiveness Matters need to be considered as part of management review of the procedures, rather than on a one-by-one basis Page 6
8 SCOPE AND LIMITATIONS OF THE REVIEW 6. The review considered the extent to which the organisation has put into place arrangements which provides reasonable but not absolute assurance that the impact on the organisation of any major incident will be minimised. The scope of the review did not include providing assurance that the actual testing of hardware/software etc has been carried out effectively. 7. The limitations and the responsibilities of management in regard to this review are set out in the Annual Plan. ASSESSMENTS OF THE KEY RISK CONTROL OBJECTIVES 8. This review identified and tested the controls that are being operated by the Organisation and an assessment of the combined effectiveness of the controls in mitigating the key probity risks is provided. The assessments are: Substantial Assurance robust series of internal controls in place which should ensure continuous and effective achievement of the control objective. Reasonable Assurance reasonable number of internal controls in place, however may not be operated all the time. Limited Assurance the controls in place are not sufficient to ensure the continuous and effective achievement of the control objective. No Assurance fundamental breakdown or absence of core internal controls. MATERIALITY 9. NCH places reliance of the Local Authority to provide ICT services. These services included the recovery of IT systems in the event of a disaster scenario. Page 7
9 Risk Failure to direct the process through approved policy & procedures. Risk Control Objective Arrangements in place provide for compliance with established policies, procedures, laws and regulations. Evaluation Limited Assurance 10. The following matters were identified in reviewing the Key Risk Control Objective: Risk: Critical business systems are not identified and as a consequence are not considered a priority for restore and recovery There is no evidence to support the identification of risks associated with IT systems. Significant risks to systems must first be identified before a comprehensive recovery plan can be developed, tested and implemented. Recommendation 1: A risk assessment be undertaken to identify significant risks relating to the loss of IT systems and services It was ascertained that key IT systems and services had been identified and prioritised for recovery in a disaster situation, however, no evidence was provided to substantiate this. Recommendation 2: The prioritisation of IT systems and services be undertaken to identify the critical recovery path should such a disaster occur It was demonstrated that, for new systems and projects, the requirements for resilience and recovery were addressed at the time of inception. Risk: There is no procedure for restoring critical business systems following an incident Backup and recovery of IT systems is undertaken by the Local Authority, who provide IT services to NCH under contract. It is understood that a comprehensive SLA has been sought with the Local Authority for some time and that a recent draft has been written. No evidence of the draft SLA was provided during the review. Recommendation 3: A comprehensive SLA with the Local Authority be sought to ensure that NCH is receiving acceptable levels of service and that value for money from the service provided can be demonstrated A backup schedule was provided to Internal Audit. A review of the schedule identified several servers that were not backed up, although it should be noted that there were some that had a legitimate reason for not being backed up. However, there were still servers that were not backed up and therefore information may not be recoverable should a disaster occur. Recommendation 4: The current backup arrangements be reviewed to ensure that critical systems are effectively backed up and the schedule is sufficiently documented to reflect the actual arrangements. Page 9
10 10.6 There is no formal documented Disaster Recovery plan in place with reliance placed upon the Nottingham City Council (NCC) to provide a recovery service. Whilst this process is appropriate for NCH, there was no evidence to suggest that NCC has a detailed disaster recovery plan which has been tested to ensure that NCH s IT systems can be fully and accurately recovered should a disaster occur. Recommendation 5: Confirmation be sought from NCC that they have a fully tested and detailed Disaster Recovery plan that identifies NCH s critical systems and that these can be effectively recovered should a disaster occur. Risk: Data is lost and/or is irrecoverable The current data centre contains a mixture of physical and virtual servers. Plans are underway to move the data centre from its current location with a separate recovery location being available. During this migration it is understood that more systems will be virtualised, where possible, and a storage area network will also be implemented. It is anticipated that data will be replicated across sites and therefore provide online resilience for network systems and services. Regular backups should still be taken for archive purposes Page 9
REVIEW OF THE FIREWALL ARRANGEMENTS
WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationInternal Audit Report Disaster Recovery / Business Continuity Planning
Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06
Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15
Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationDisaster Recovery and Contingency Planning
ITEM: 7(ii) AUDIT COMMITTEE 2 NOVEMBER Nottingham City Homes Disaster Recovery and Contingency Planning June Final Report Executive Summary & Action Plan Assurance Level: Partly meets expectations Audit
More informationBusiness Continuity Business Impact Analysis arrangements
Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary
More informationAberdeen City Council IT Disaster Recovery
Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationIT Assurance - Business Continuity and Disaster Recovery
Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for
More informationFINAL. Internal Audit Report. Data Centre Operations and Security
FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement
More informationNHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015
Internal Audit Annual Report 2014/15 May 2015 Internal Audit Annual Report INTRODUCTION This is the 2014/15 Annual Report by TIAA on the internal control environment at Dorset Clinical Commissioning Group.
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationSummary of Information Technology General Control Environment Findings for the year ended 30 June 2015
Summary of Inmation Technology General Control Environment Findings the year ended 30 June 2015 1 Change management Complete Revisiting the Change Management control process documentation and updating
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationColeg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)
Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28
More informationAudit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction
Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20
Comhairle nan Eilean Siar Internal Audit Review Final Report 12/13-20 8 th January 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4-9 SECTION 3 -
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationSOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning
SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions
More informationGlasgow Life Risk Management & Business Continuity Planning. Final Report
Glasgow Life Risk Management & Business Continuity Planning Final Report INTERNAL AUDIT October 2014 Glasgow City Council Internal Audit 1 Glasgow Life Risk Management & Business Continuity Planning Table
More informationGravesham Borough Council
Gravesham Borough Council Report to: Finance & Audit Committee Date: 21 February 2008 Reporting officer: Subject: Senior Auditor Audit Opinion of Unsatisfactory Council Tax Purpose and summary of report:
More informationJoint Audit Report for South Lakeland District Council. & Eden District Council
Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit
More informationInternal audit report Information Security / Data Protection review
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
More informationReview of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013
Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included
More informationA Review of the Disaster Recovery Testing Process
To: LASERS Audit Committee; Cindy Rougeou, Executive Director Cc: Maris LeBlanc, Deputy Director; Lance Armstrong, IT Director; Dan Bowden, IT Deputy Director From: Ryan Babin, Audit Director; Blake Lee,
More informationAvon & Somerset Police Authority
Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:
More informationIT Services. Service Level Agreement
IT Services Service Level Agreement Contents 1 Purpose... 3 2 IT Services Objectives... 3 3 IT Helpdesk... 3 3.1 Issues... 3 3.2 Service Requests... 4 3.3 Development Requests... 4 4 Priorities... 4 5
More informationSOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011
SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationINTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)
2008/09 SUMMARY Location Subject Business Sponsor Staff engaged Coleg Gwent Information Technology (Business Continuity) Lynda Roberts Sue Harris Head of Internal Audit Gaynor Rains Manager David Bratt
More informationInformation Commissioner's Office
Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:
More informationAberdeen City Council
Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates
More informationInternal Audit Strategic and Annual Plans 2015/16
Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the
More informationEssex Fire Authority
Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013
More informationInformation Commissioner's Office
Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com
More informationBalancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs
Balancing and Settlement Code BSC PROCEDURE BSCP537 QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs APPENDIX 3 GUIDANCE NOTES ON COMPLETING THE SAD Version 2.0 Date: 10 September 2007
More informationInformation Commissioner's Office
Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager
More informationESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012
ESSEX FIRE AUTHORITY Internal Audit Progress Report Audit Sub-Committee Meeting: April Essex Fire Authority CONTENTS Section Page 1 Introduction 1 2 Final reports 1 3 Key Findings from Internal Audit Work
More informationInterim Audit Report. Borough of Broxbourne Audit 2010/11
Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes
More informationInternal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited
Appendix 1 Internal Audit Monitoring Report Audit Report status Assurance Payroll Final Limited The Payroll system was reviewed to seek assurance that processes and procedures are operating effectively
More informationHow To Write An Audit And Governance Committee Report On An Itd Plan
Public Document Pack Worcestershire County Council Agenda Audit and Governance Committee Friday, 12 September 2014, 10.00 am County Hall, Worcester This document can be made available in other formats
More informationInternal Audit Report Project Management
Audit Committee, 20 Internal Audit Report Project Management Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14 Mazars have undertaken a review of arrangements
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationDERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY
DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1
More informationHow To Audit World Health Organisation (Whoa)
WORLD HEALTH ORGANIZATION FIFTY-SIXTH WORLD HEALTH ASSEMBLY A56/29 Provisional agenda item 16.1 10 April 2003 Interim report of the External Auditor The Director-General has the honour to transmit herewith
More informationColeg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:
Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation
More informationWest Dunbartonshire Council. Follow-up data protection audit report
West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationThe Scrutiny Panel heard from Fiona Kordiak, Audit Scotland, the Council s auditors and the Director of Finance.
+ ED I N BVRG H + THE CITY OF EDINBURGH COUNCIL Item no \8 External Audit Reports Received Executive of the Council 16 December 2003 Purpose of report 1 To refer a recommendation arising from consideration
More informationCode Subsidiary Document No. 0007: Business Continuity Management. September 2015
Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationJoint ICT Service ICT Strategy 2014-17
Document History Document Location This document is only valid on the day it was printed. The source of the document will be found in (see footer) Revision History Date of this revision: 19 th May 2014
More informationBusiness Continuity Plan Template
Business Continuity Plan Template Disclaimer This publication has been produced to provide a guide for people anticipating going into business and for business owners. It should not be regarded as an
More informationBACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January
More informationWhite Paper: Cloud Solutions for Continuity
White Paper: Cloud Solutions for Continuity 2014, igroup ltd. All rights reserved. INTELLECTUAL PROPERTY DISCLAIMER This white paper is for informational purposes only and is provided as is with no warranties
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationInformation and Communications Technology Controls Report 2013 14
Information and Communications Technology Controls Report 2013 14 Victorian Auditor-General s Report October 2014 2014 15:12 V I C T O R I A Victorian Auditor-General Information and Communications Technology
More informationHouse of Commons Corporate Governance Framework
House of Commons Corporate Governance Framework What is Corporate Governance? 1. Good corporate governance is fundamental to any effective organisation and is the hallmark of any well-managed corporate
More informationOUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015
OUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015 Disclaimer and Copyright While APRA endeavours to ensure the quality of this publication, it does not accept any responsibility
More informationInsurance Commission of Western Australia
Summarised Version March 2014 1. Executive summary 1.1 Background As part of the routine internal audit program, ICWA has requested Ernst & Young (EY) to undertake a claims management review of RiskCover
More informationInternal Audit at the University of Cambridge.
Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc
More informationReport to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability
Financial and Assurance audit Report to Parliament No. 4 for 2011 Information systems governance and security ISSN 1834-1128 Enhancing public sector accountability RTP No. 4 cover.indd 1 15/06/2011 3:19:31
More informationNHS TRUST DEVELOPMENT AUTHORITY PUBLIC BOARD MEETING, 24 JANUARY 2013 PAPER F: TRANSITION ARRANGEMENTS - TRANSFER ORDER AND TRANSFER SCHEMES
NHS TRUST DEVELOPMENT AUTHORITY PUBLIC BOARD MEETING, 24 JANUARY 2013 PAPER F: TRANSITION ARRANGEMENTS - TRANSFER ORDER AND TRANSFER SCHEMES Board Meeting 24 January 2013 Agenda Item 6 Paper F Title: Transition
More informationSmart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)
Smart Meters Programme Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Amendment History
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationAdvisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities
Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No
More informationBusiness Continuity Plans
Version Number Issue 2 Business Continuity Policy Date Revision Complete Policy Owner Author Reason for Revision Proof Read April 2016 Business Improvement Manager Emma Earle, Business Services Officer
More informationWalton Centre. Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt. Monitoring & Audit
Page 1 Walton Centre Monitoring & Audit Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt Page 2 Table of Contents Section Contents 1 Introduction 2 Responsibilities Within This
More informationOffice of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary
Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations
More informationGovernance and Audit Committee 23 November 2015
Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on
More informationAberdeen City Council. Performance Management Process. External Audit Report o: 2008/19
Aberdeen City Council Performance Management Process External Audit Report o: 2008/19 Draft Issued: 11 February 2009 Final Issued: 6 April 2009 Contents Pages Pages Management Summary Introduction 1 Background
More informationWebnet2000 DataCentre
Webnet2000 DataCentre WEBNET2000 have been enabling organisations develop their Internet presence for over 10 Years. The Webnet2000 Datacentre features the very latest world class resilient infrastructure,
More informationBedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 16 September 2015 Item No. 11
For Publication REPORT AUTHOR(S): Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 16 September 2015 Item No. 11 ASSISTANT CHIEF OFFICER (HUMAN RESOURCES AND ORGANISATIONAL
More informationPOLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management
POLICY Policy Title: Management Descriptors: 1) Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management Category: Risk Management Intent Organisational Scope Definitions Policy
More informationBig Data Analytics Service Definition G-Cloud 7
Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated
More informationReport 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010
Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set
More informationNottinghamshire County Council. Data protection audit report
Nottinghamshire County Council Data protection audit report Executive summary October 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationFINAL Internal Audit Report. IT Disaster Recovery
FINAL Internal Audit Report IT Disaster Recovery Document Details: Reference: 2.5c/2014.15 Senior Manager, Internal Audit & Assurance: David Jenkins ext. 6567 Engagement Manager: Auditor: Date: 07 August
More informationICT Internal Audit Strategy 2009-10 to 2011-12. Report by the Head of Finance
Audit Committee 24 September 2009 Item No. 12 ICT Internal Audit Strategy 2009-10 to 2011-12 Report by the Head of Finance This report introduces the ICT Internal Audit Strategy and asks the Audit Committee
More informationI will cover. Cyber Security and other recent performance audits. Report # 8 Why this audit? Background. Audit objective.
I will cover. Report # 8 Security of information communications technology infrastructure Cyber Security and other recent performance audits Report # 9 TMAG: compliance with the National Standards for
More informationIT Service Continuity Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationPerformance Management 2012/ 13: Quarter 4
Performance Management 2012/ 13: Quarter 4 Policy and Resources Committee Chief Executive Director of Finance and Corporate Resources Director of Social and Community Services Director of Technical Services
More informationData Storage And Backup
Data Storage And Backup The availability of Superfast Broadband enables you to take advantage of a range of cloud-based storage and backup solutions capable of handling vast volumes of digital data. Data
More informationICT Strategy 2010-2013
ICT Strategy 2010-2013 If you would like to receive this publication in an alternative format (large print, tape format or other languages) please contact us on 01832 742000. East Northamptonshire Council
More informationAPPENDIX 4 GREATER LONDON AUTHORITY SUN ACCOUNTS UNIX REVIEW FINAL AUDIT REPORT. Auditor: Chris Power & Michael Lacey Date: April 2003 Reference: 320
APPENDIX 4 GREATER LONDON AUTHORITY SUN ACCOUNTS UNIX REVIEW FINAL AUDIT REPORT Auditor: Chris Power & Michael Lacey Date: April Reference: 320 Table of Contents 1 INTRODUCTION 2 Page 2 OBJECTIVES AND
More informationAudit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance
Audit Report for South Lakeland District Council People and Places Directorate Neighbourhood Services Audit of Grounds Maintenance Cumbria Shared Internal Audit Service: Internal Audit Report 7 th November
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationCambridgeshire and Peterborough Fire Authority. Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014
Cambridgeshire and Peterborough Fire Authority Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014 Cambridgeshire & Peterborough Fire Authority 1 Introduction This report
More informationLFRS Business Continuity Planning
LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources
More informationANNEXURE D 2. OBJECTIVE
OVERSIGHT REPORT OF THE CITY OF JOHANNESBURG GROUP AUDIT COMMITTEE ON THE MONITORING OF THE 30 JUNE 2014 STATUTORY YEAR END AUDIT, THE EVALUATION OF THE FINAL AUDITED ANNUAL FINANCIAL STATEMENTS, THE AUDITOR
More informationThe Learning Zone - Project Management Arrangements
Coleg Gwent Internal Audit Report () 6 June 2012 Overall Opinion The Learning Zone - Project Management Arrangements CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations
More informationCONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT
CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity
More information