Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section



Similar documents
BUSINESS CONTINUITY MANAGEMENT PLAN

Business Continuity Management. Policy Statement and Strategy

NHS Lancashire North CCG Business Continuity Management Policy and Plan

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Enterprise South Liverpool Academy

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Continuity Planning and Disaster Recovery Planning

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June Report 6c Page 1 of 15

How To Manage A Disruption Event

IT Disaster Recovery Plan Template

Business Continuity Policy and Business Continuity Management System

IT Disaster Recovery and Business Resumption Planning Standards

Offsite Disaster Recovery Plan

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Technology Recovery Plan Instructions

Business Continuity Management Policy and Plan

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

Business Continuity Management For Small to Medium-Sized Businesses

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Departmental Business Continuity Framework. Part 2 Working Guides

1.0 Policy Statement / Intentions (FOIA - Open)

How To Manage A Business Continuity Strategy

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster recovery planning.

Emergency Recovery. Corporate Business Continuity Plan

Business Continuity Management Policy and Plan

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ICT & Communications Services Disaster & Recovery Plan

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Business Continuity Policy

ICT Disaster Recovery Plan

ELMBRIDGE BOROUGH COUNCIL BUSINESS CONTINUITY PLAN

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

Business Continuity Plan. MakeStuff Ltd

APPENDIX 7. ICT Disaster Recovery Plan

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

ICT Contingency Plan Top Level Plan

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Business Continuity (Policy & Procedure)

It s the Business! Business continuity considerations for all organisations

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Business Continuity Management

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Rotherham CCG Network Security Policy V2.0

Processing Sites for Commonwealth Agencies

(Audit Committee 23 September 2010)

Business Continuity Management Policy

Business Continuity Policy

Birkenhead Sixth Form College IT Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan

SCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE

Aberdeen City Council IT Disaster Recovery

Business Continuity Exercise: Electricity Supply Failure Appendix 4.4

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

BUSINESS CONTINUITY PLANNING

Continuity of Operations Planning. A step by step guide for business

Security around the Oracle platform. Report by the Director of Finance and Head of ICT

Business Continuity Plan Toolkit

Disaster Recovery Plan The Business Imperatives

Disaster Recovery and Business Continuity Plan

Legislative Council Information Technology and Broadcasting Panel

South Norfolk Council Business Continuity Policy

DISASTER RECOVERY AND BUSINESS CONTINUITY

Business Continuity Planning in IT

SOMERSET COUNTY COUNCIL [NAME OF SETTING] BUSINESS CONTINUITY PLAN TEMPLATE

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Overview TECHIS Manage information security business resilience activities

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations

Information Commissioner's Office

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

Business Continuity Planning Manual. Version 1

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

BUSINESS CONTINUITY PLAN

EMERGENCY PREPAREDNESS POLICY

London Borough of Merton

Emergency Planning and Business Continuity Policy

Ohio Supercomputer Center

Business Continuity Guidance for Suppliers & Contractors. Blackburn with Darwen Borough Council

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Business continuity plan

APPENDIX 7. ICT Disaster Recovery Plan

Guidance Note XGN XXX.1

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

Prudential Practice Guide

Business Continuity Plan

Business Continuity and Disaster Recovery Plan

How To Ensure Network Security

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd.

How To Improve The Shared Services Partnership Business Continuity Plan

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Emergency Response Plans. More than a phone tree Less than an encyclopedia Doing it just right

Transcription:

Appendix 1 Oadby and Wigston Borough Council Information and Communications Technology (I.C.T.) Section Information Communication Technology Contingency and Disaster Recovery Plan Version 0.1 10/04/09 1

Document control information Title: Contingency and Disaster Recovery Plan Date: 10 Apr 2009 Version: 0.1 Reference: Author: Paul Langham Quality Assurance: REVISION DATE REVISION DESCRIPTION Revision History Revision Date Revision Description 0.1 10 April 09 Initial Draft Signatories Name Position Signed Date Paul Langham ICT Manager OWBC Alan Long Business Account Manager Steria 2

Contents 1. Introduction 2. Background 3. Purpose of the Plan 4. Scope of the Plan 5. Response 6. ICT Contingency Management Team 7. DR Funding Arrangements 8. Definitions Service Priority Disaster Classification 9. Resilience 10 Risks 11 Review Process 12 Testing Appendices A Contacts List B Contingency / DR CD Contents C - Comms IP Address and Locations D Application Failure Plans E Component Failure Plans F - Site Disaster Recovery Plans G Office Mobile Telephone Numbers H Financial Regulation Arrangements I - System contacts and Recovery J - NDR Callout Procedure 3

1. Introduction The Information Communication Technology Contingency and Disaster Recovery Plan describes how an organization is to deal with potential disasters, failures and disruptions. A Disaster, Failure or Disruption is an event that makes the continuation of normal functions impossible. The Contingency and Disaster Recovery plan consists of the precautions taken so that the effects of an event will be minimized, and details the steps the organization will take to either maintain or quickly resume mission-critical functions. The following Plan includes details of how to respond to an event, how it is categorized, priority actions and identifies key personnel. The plan also includes relevant definitions, scope and linkage with corporate emergency / business continuity plans, as well prevention and resiliency. The appendices to the plan include details of the systems, contacts and action to be taken in response to an event. 2. Background The Information Communication Technology Contingency and Disaster Recovery Plan outlines procedures for the recovery and resumption of technology based services in the event of a failure, disruption or disaster. The ICT Contingency Plan may either be invoked directly, as part of the wider OWBC - Generic Major Incident Plan, or as part of a service area Disaster Recovery Plan. The extent to which the Plan is invoked will be dependent on the nature of the disaster, its breadth, and the extent of the damage. The nature of the disaster will also determine the role of ICT within the overall recovery process. I.e. A central role for a solely ICT Disaster, or peripheral if instigated under the OWBC - Generic Major Incident Plan. ICT are responsible for - access and support for the data network services (email, internet, printing) - access and support for the applications software (CAPS, Academy, Orchard etc) - access and support for the telecommunications network services including the switchboard and voice mail system In the case of a major disaster, the first priority will be to ensure personnel safety followed by the restoration of telephone communications. Subsequent to this, the data network services will be restored, and finally the Applications. 4

3. Purpose of the Plan The purpose of this plan is to provide a framework to assist in minimising the operational and financial impact of the disaster and facilitating effective business continuity as early as possible. In the event of a disaster, this plan will establish a chain of command that will set into motion a number of activities to be performed by various staff members internally and externally by partner organisations and individual third-party support agreements. 4. Scope of the Plan This plan outlines the procedures and associated actions that will be taken by personnel within ICT Services to cope with various disasters, which may occur on any one of the Authorities sites. This plan does not define procedures used by the Authority to respond to largescale disasters affecting the organisation as a whole. These procedures are defined by the OWBC - Generic Major Incident Plan. However, both plans can work in conjunction. 5. Response Following a disaster, the ICT Contingency Management Team members will meet to discuss and formulate an action plan identifying key areas of coordination and responsibility. The following list is aimed to provide guidance at a generic level: Alert all IT Services staff to be on standby Establish Disaster Level (see below) Alert third-party suppliers to be prepared for providing support at short notice Arrange staff backup support Arrange mobile phones for all staff involved in the recovery process Notify all other emergency teams required for the specific situation Make the necessary arrangements for access to different buildings Make the necessary arrangements for transport between sites Establish Service Priority (see below) Establish action plan, assigning clear roles and responsibilities Establish Central Help Desk contact for information dissemination Members of the ICT Contingency Management Team will be required to bring together their staff to progress the identified actions Establish reporting protocols (time and place) Establish communication protocols Remind staff that direct statements to the media are not to be made. Any media contact is to be made via Council s Communications Officer. In addition to the above mentioned responsibilities, depending on the nature of the disaster, ICT Service staff will offer assistance on a priority basis to other Service Areas that work with critical business processes. 5

6. ICT Contingency Management Team Membership The ICT Contingency Management Team is led by the Interim Director of Resources or ICT Manager who is responsible for maintaining up-to-date communication with the Strategic Management Team / Corporate Business Continuity Team. The ICT Contingency Management team comprises all staff from within ICT Services and the most Senior Staff on site from Steria Ltd and the most senior officer responsible for buildings and estates. Specialist staff are co-opted to take on responsibilities in their area of expertise (See Appendix A). 7. DR Funding Arrangements Under DR conditions equipment can be ordered with authorization from the Chief Executive, Head of Finance or their deputy s. The document to be completed is given in Appendix H. 8. Definitions The following definitions refer to a Disaster Situation and relate to Service Priority and Type of Disaster. These definitions will enable the ICT Contingency Management Team to categorize the event and respond more effectively. 8.1 Service Priority The ICT Contingency Plan requires a level of prioritization, through which critical service areas can be addressed first. ICT categorises these into: Critical Critical services cannot be replaced by manual methods. Tolerance to interruption is very low and the recovery cost is very high. Examples of critical services include: central switchboard connection; Major Application Software system, Network Core Switch. Important These services cannot be performed by manual methods or can be performed manually for a very brief period. There is a slightly higher tolerance for the interruption providing the service is restored within a reasonable time, usually a 2/3 days. Examples of important services include: Internet connection; email services, Non Core Network Switches. Non-critical These services may be interrupted for longer periods with a lower risk to the organisation in general. Examples of non-critical services include: appointments scheduler, backup services, logging services. 8.2 Disaster Classification In all disasters, personnel (public, staff, contractors and visitors) safety will be paramount. OWBC is a multi-site organisation, which is geographically 6

dispersed. The probability of all sites being affected at the same time is highly unlikely, however, Bushlow House is the Hub for all ICT services and any disruption here will affect all sites. Threats to ICT Services can be divided into three categories: Major - Disaster affecting all services delivered from Argents Mead. This would be addressed by the Corporate Business Continuity Plan and other associated recovery plans including the ICT Contingency and DR Plan. Significant - These would include disasters at other Authority sites (Depot) and may invoke the Corporate Business Continuity Plan. The ICT Contingency Plan will play a major part in the recovery process if the disaster affects IT equipment, facilities and or service. Service Loss - Any event that affects the technical infrastructure significantly, one or more application or the telecommunications switches will give reason to invoke the ICT Contingency and DR Plan. 9. Resilience There are little resilient componants within the current ICT infrastructure. These are currently being addressed within the ICT Roadmap. Areas of critical importance are 9.1 Telephony The Telephony System is over 15 years old and it is becoming increasingly difficult to source replacement components. 9.2 Mobile Phones Mobile Phones offer an emergency backup for any failure of the telephony system, although this should be seen as a short term emergency solution. 9.3 Infrastructure The ICT Infrastructure has been improved during 2009, with new Comms Cabinets at Bushloe House, hot swappable Network Switches and secondary links to HBBC. These measures have improved resiliency although more work is required during 2010 to make further progress. 9.4 Data Security This section is left Blank for Security Reasons Contact ICT for further details 9.5 Disaster Recovery Contract A Disaster Recovery contract is in place with Sunguard, and can be called upon provide replacement equipment in the event of a disaster. It should be noted that this contract is being reviewed. 9.6 Off Site ICT Delivery 7

The Shared Service agreement with Hinckley and Bosworth Borough Council does provide the opportunity for off-site ICT Delivery. This option could be triggered where any disaster affected the OWBC Server Room, however the building itself were operational. 10 Risks This section is left Blank for Security Reasons Contact ICT for further details 11. Testing The ICT Contingency and DR Plan will be tested annually with a full scenario based test undertaken to assess the ICT Contingency Management Teams response. Individual components of the plan (telephone switches, Non-core switches, backup tapes) will be tested separately. Components, Applications and Site scenarios shown in Appendices D F should be tested annually, as should the Uninterrupted Power Supply (UPS) for those components. 12. Review Process Following any disaster situation, the ICT Contingency Management team will meet to review the response, action and the outcome. The ICT Manager will also consult and consider the Authority wide view of the recovery plan. The plan will be amended appropriately taking into account the customer viewpoint and any other lessons learned. 8

9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information