OPERATIONAL CIRCULAR



Similar documents
IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

RECORDS MANAGEMENT POLICY

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

State Records Office Guideline. Management of Digital Records

CORK INSTITUTE OF TECHNOLOGY

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Territory Records (Records Disposal Schedule Disaster Recovery (Human Services) Records) Approval 2005 (No 1)

Records Management Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Records Management Policy

RECORDS MANAGEMENT POLICY MANUAL

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

Scotland s Commissioner for Children and Young People Records Management Policy

University of Liverpool

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING

Disaster Recovery Plan Documentation for Agencies Instructions

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Life Cycle of Records

UNIVERSITY OF MANITOBA PROCEDURE

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Business continuity management policy

Data Security Policy

MARQUIS DISASTER RECOVERY PLAN (DRP)

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

Technology Recovery Plan Instructions

UMHLABUYALINGANA MUNICIPALITY

Disposal Authorisation for Information and Technology Management Records. Administrative Schedule No. 4

This policy is not designed to use systems backup for the following purposes:

Business System Recordkeeping Assessment - Digital Recordkeeping Compliance

Information Security Policy

User Guide to Retention and Disposal Schedules Council of Europe Records Management Project

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

Management of Records

Records Management & Data Quality in the Contact Centre. Internal Audit Report 2013/14

General Disposal Authority. For encrypted records created in online security processes

Transition Guidelines: Managing legacy data and information. November 2013 v.1.0

General Records Authority 34

CORPORATE RECORDS MANAGEMENT POLICY

Information Management Advice 18 - Managing records in business systems: Overview

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

STANDARD OPERATING PROCEDURE FOR DATA RETENTION

Records Authority. Department of Health Private Health Insurance

Management of Official Records in a Business System

Overview of Business Continuity Planning Sally Meglathery Payoff

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

Information Management Advice 18 - Managing records in business systems Part 1: Checklist for decommissioning business systems

HSE P0801 HSE Document Control and Records Management Procedure

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

SECTION 15 INFORMATION TECHNOLOGY

RECORDKEEPING MATURITY MODEL

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Queensland recordkeeping metadata standard and guideline

5.3. CQUniversity records and information will be captured and managed within one of the following corporate systems:

Using Keyword AAA: A thesaurus of common administrative terms

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Records Management Plan. April 2015

RECORDS MANAGEMENT POLICY

National Statistics Code of Practice Protocol on Data Management, Documentation and Preservation

STATE RECORDS COMMISSION. SRC Standard 6 OUTSOURCING. A Recordkeeping Standard for State Organizations

WA Food Regulation: Temporary and Mobile Food Businesses

Disaster Recovery Policy

I.T. Disaster Recovery Plan

Archiving and Backup - The Basics

Information and records management. Purpose. Scope. Policy

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

IT Service Continuity Management PinkVERIFY

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008

Disaster Recovery Planning Procedures and Guidelines

Information Circular

Greater London Authority Records Management Policy

How To Use A Court Record Electronically In Idaho

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

Cloud Storage Policy (Draft for consultation)

ADRI. Statement on the Application of Digital Rights Management Technology to Public Records. ADRI v1.0

Ohio Supercomputer Center

Government Records Procedure GRO 3. Retrieving Records. Government Records Office Archives of Manitoba

NHS Business Services Authority Records Management Audit Framework

Title: DISASTER RECOVERY/ MAJOR OUTAGE COMMUNICATION PLAN

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Recordkeeping for Good Governance Toolkit. GUIDELINE 14: Digital Recordkeeping Choosing the Best Strategy

Administrative Procedure

Corporate Records Management Policy

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Decision on adequate information system management. (Official Gazette 37/2010)

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Records Management Policy

University of Sunderland Business Assurance Information Security Policy

RECORDS MANAGEMENT MANUAL

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Fermilab Computing Division Service Level Management Process & Procedures Document

Records Management Policy

ICT Strategy

Cloud Computing and Records Management

Computer System Validation for Clinical Trials:

ANU Electronic Records Management System (ERMS) Manual

IT Data Backup Policy

Information and Compliance Management Information Management Policy

Transcription:

OPERATIONAL CIRCULAR Enquiries to: Maureen Bradford - Tel: 9222 4300 Number: OP 1877/04 Supersedes: Date: 25 November 2004 Superseded by: File No: 95-00175 Subject: IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY The State Records Act was formally proclaimed in the Government Gazette on the 30th November 2001. Under the Act a State record is defined as any record of information (in any form) created, received or maintained by a government organisation or parliamentary department in the course of conducting its business activities. State records can come in any format on which information can be stored including maps, plans, photographs, films, and magnetic and optical media. A cornerstone of the legislation is an instrument of accountability called the "recordkeeping plan", a document to be formulated by every government organisation. The Department of Health s plan sets out the matters about which records are to be created, how those records are to be managed in the context of the organisation's functions, and for how long those records are to be kept. Several recordkeeping policies have been developed in concert with the recordkeeping plan. The IT Service Continuity as Related to the Management of Electronic Records Policy addresses the protection from unintended loss of all electronic records that are created and maintained in record keeping systems and business application systems so as to ensure that they satisfy record keeping requirements for operational and archival purposes over the medium to long term. This Policy is available from the Records Services Homepage on HOLII at URL http://intranet.health.wa.gov.au/records/policies.cfm. Des Hutchinson ACTING DIRECTOR INFORMATION POLICY OP 1877/04 1

Department of Health Government of Western Australia IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY 2004

Document Control Date Version Notes Author 10/11/2003 0.1 Initial draft Geoff Graham (InfoHEALTH) 12/11/2003 0.2 Updated after review Geoff Graham (InfoHEALTH) 21/01/2004 1.0 Modified S. 4 Gopal Warrier 6/2/2004 Final Principal Information Officer Previous Editions: Nil Revision due: November 2005 Format: Microsoft Word 2000 Authorisation Mike Daube Director General Department of Health This policy has been authorised by- Date- File 95-00175 2

CONTENTS 1. PURPOSE...4 2. POLICY STATEMENT...4 3. SCOPE...4 4. STRATEGIES...5 5. LEGISLATION AND STANDARDS...6 6. GLOSSARY...6 7. RESOURCES...7 APPENDIX A ELEMENTS OF A DISASTER RECOVERY PLAN...8 File 95-00175 3

1. PURPOSE The Department has an obligation to ensure that electronic records are preserved and kept accessible for as long as they are required. Part of this requirement is that the records be protected from loss, either by disaster, human error or technical failure. This paper describes the Department s policy regarding the protection from unintended loss of all electronic records that are created and maintained in record keeping systems and business application systems so as to ensure that they satisfy record keeping requirements for operational and archival purposes over the medium to long term. 2. POLICY STATEMENT The Department shall maintain the Information Technology systems and processes to ensure that any electronic record of continuing value remains available and accessible and may be completely recovered in the event of its loss. 3. SCOPE This Policy applies to: All business application systems and records keeping systems that capture, create and store records as defined in the State Records Act 2000 and the Freedom of Information Act 1992. Employees of the WA government health sector, ultimately reporting through to the Minister for Health. This includes Department of Health (DoH) entities, public hospitals, public community health services, public pathology laboratories, public health and mental health clinics and services, public nursing homes, DoH contracted services and any other WA government health sector organisational entities. Administrative records should be managed in accordance with the Sate Records Office of Wester Australia General Disposal Authority (GDA) for Administrative Records see: http://www.sro.wa.gov.au/pdfs/gdaadmin.pdf Patient records in accordance with the Patient Information Retention and Disposal Schedule see: http://intranet.health.wa.gov.au/hic/statistics/hiconsu/pirdsv22000.pdf This policy does not prescribe specific technological solutions for the availability and recovery of electronic records over the long term. File 95-00175 4

4. STRATEGIES Three requirements are demanded by this policy: Continued Availability The IT systems holding and making available the electronic records must have backup systems in place so that the records can continue to be available following a disaster. This requirement is addressed by building into the IT systems redundancy or backup systems that can take over in the event of failure of the primary systems. These systems must be capable of providing access to the vital records within a reasonable time following a failure of the primary system. Both the terms vital records and reasonable time must be assessed for each system with their values dependent on the criticality of the information held by the system and the consequences of its non-availability, including its impact on other record keeping systems. Record Recovery Any record that is lost, either through human error, technical failure or other factor, must be capable of being recovered in its entirety. This requirement is addressed by regularly copying (backing up) the records onto storage systems that are technically and physically separate from the original data. This must allow for the recovery of records that have been lost through any event from accidental erasure through to total catastrophic destruction. Standard IT practice must be followed to ensure that various generations of the copied data (backups) are retained over time to address the risk of error in the copied data How often the data is backed up and the time that backup generations are held must be assessed for each system and will depend on the volatility of the data and the risk of its loss. Suitable Processes A number of processes must be in place to ensure that the organisation maintains the efficiency of the technical systems defined above and is capable of restoring access to electronic records. These are: Application Classification Defines the reasonable time for the disaster recovery and vital records for the system. Backup Process Defines the process for backup of applications and data including the schedule, media rotation and media archiving. File 95-00175 5

Backup Test Process Disaster Process Disaster Test Process Audit/Review Process Defines the process for testing backups including the schedule and reporting requirements. Defines a plan for management of a disaster situation including roles and responsibilities during the disaster, rules for declaring a disaster, notification, escalation, alternative facilities and recovery tasks. Defines the process for periodic testing of the Disaster Plan. The test should exercise the relevant roles and responsibilities and the infrastructure provided for recovery during a disaster situation. Defines the process for periodic auditing and review of the continuity provisions (processes and infrastructure) and the corresponding changes to the continuity provisions to maintain the required level of assurance regarding continuous service delivery. 5. LEGISLATION AND STANDARDS The following legislation and Standards apply to the management of electronic records over time: Evidence Act 1906 State Records Act 2002 Electronic Transactions Act 2003 Freedom of Information Act 1992 Public Sector Management Act 1994 International Standard on Records Management AS ISO15489 Refer to the Department of Health s Record Keeping Plan and Records Management Policy for further detailed information regarding electronic records. The definitive definition of the IT Service Continuity process is provided by the ITIL best practice framework ( ITIL Service Support, ISBN 0 11 330015 8). 6. GLOSSARY For a full glossary of terms used for records and electronic records see the Depart of Health s Record Keeping Plan: http://intranet.health.wa.gov.au/records/implement.cfm File 95-00175 6

Additional terms are defined below: Disaster or Disaster Situation: An event that could not be normally be expected or anticipated and which disables the IT systems to the extent that prevents normal access to the electronic records. Data Backup: A copy of electronic records made for the purpose of safeguarding the data in the case of loss. 7. RESOURCES Electronic Records, The Impact of the Digital Age National Archives of Australia http://www.naa.gov.au/recordkeeping/er/summary.html Corporate Memory in the Electronic Age Statement of a Common Position on Electronic Records Keeping http://www.naa.gov.au/recordkeeping/er/manage_er/append_1.html e-government Policy Framework for Electronic Records Management http://www.pro.gov.uk/recordsmanagement/erecords/e-gov-framework.pdf Practical Experiences in Digital Preservation Conference 2003 http://www.pro.gov.uk/about/preservation/digital/conference/default.htm State Records Standard 5: Management of Electronic Documents in Networked Computer Environments http: //www.sro.wa.gov.au/src/policies.html State Records Standard 6: Management of Electronic Documents in Stand- Alone Computer Environments http://www.sro.wa.gov.au/src/policies.html Public Records Policy : 8 Policy for the ongoing management of electronic records designated as having archival value. Retention of Laboratory Records and Diagnostic Material National Pathology Accreditation Advisory Council 2002 Standard on Recordkeeping in the Electronic Business Environment State Records NSW http://www.records.nsw.gov.au/ File 95-00175 7

APPENDIX A ELEMENTS OF A DISASTER RECOVERY PLAN The following headings list the essential elements of a comprehensive Disaster Recovery Plan. Depending on the scale of the IT systems some, or all, of the following subjects should be addressed in the plan. Applications Each applications supported should be listed and allocated a priority so that, following an outage, the first effort can be given to recovering the most important applications first. The name of the group or organisation which has the responsibility to provide the main support for each application is also required to be listed. Computer System Components List the hardware and software components of each computer system used for the processing of the applications. Along with listing the vendor or supplier of the components, it is wise to list any alternative suppliers who may be approached if there is a need for urgent acquisition of replacement components or parts. Computer Room and Network Diagrams Copies of computer room diagrams and communication network diagrams in order to expedite recovery, replacement or reconstruction should some disastrous event occur. Computer System Security Description of the relevant features of the computer system security. Application and System Software Backup and Recovery Details of all relevant aspects of the recovery of backup data. Hardware and Software Maintenance Contracts Details of any hardware and software maintenance contracts including the vendor s name and contact details. Insurance Cover The details of any insurance cover for system components, communications equipment or the physical environment (although it must be understood that insurance cover is, by no means, an adequate alternative to a DRP). Arrangements for Replacement Equipment Description of any pre-arranged strategies (formally agreed) in place to make alternative equipment available should the normally-used equipment unavailable. Arrangements for Alternate Sites File 95-00175 8

Description of any pre-arranged strategies in place to relocate critical equipment, staff and supplies. Disaster Recovery Personnel Contact List Being able to contact key people at any time 24 hours a day, seven days a week may mean the difference between continuing business or failing to do so. Key people may be members of staff, equipment vendors, support people, air conditioning engineers, etc. Maximum Acceptable Computer System Outages Key users must justify the maximum time they can tolerate an outage of each application. The size of each tolerable outage provides the window for recovery. Any recovery procedure must be developed to fit within this window. It is not justifiable to develop recovery strategies which cost more than the cost of the outage. Recovery Elapsed Time Estimates A listing of the likely timing of a recovery (to be compared with the figures listed above). Limp-along Procedures Limp-along procedures are sometimes known as Downtime Procedures. They refer to alternative procedures, which users will invoke should the availability of the computer system be lost for any period of time. These procedures typically involve manual systems or PC based processing and should be developed and maintained by the business units. File 95-00175 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information