Business Continuity and Disaster Recovery Policy



Similar documents
I.T. Disaster Recovery Plan

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES

Disaster Recovery Plan Documentation for Agencies Instructions

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Technology Recovery Plan Instructions

Smart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)

Emergency Support Function #14 RECOVERY & MITIGATION

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

How To Manage A Disruption Event

Business Continuity Planning and Disaster Recovery Planning

Chapter II: Business Continuity Management Organization

Appendix 3 Disaster Recovery Plan

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Planning (800)

Business Continuity Plan

Internal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation

CISM Certified Information Security Manager

MHA Consulting. Business Continuity Management 101

Overview of Business Continuity Planning Sally Meglathery Payoff

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

South Puget Sound Community College Emergency Operations Plan Annex H RECOVERY

Business Continuity and Disaster Planning

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Business Continuity & Recovery Plan Summary

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity & Recovery Plan Summary

Business Continuity Overview

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

BUSINESS CONTINUITY PLANNING

Documentation. Disclaimer

NAIT Guidelines. Implementation Date: February 15, 2011 Replaces: July 1, Table of Contents. Section Description Page

EMERGENCY MANAGEMENT POLICY

BUSINESS CONTINUITY STRATEGY

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Emergency Support Function (ESF) #14 Long-Term Community Recovery

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

BUSINESS CONTINUITY PLAN OVERVIEW

Emergency Support Function 14 Long-Term Community Recovery and Mitigation

IT Disaster Recovery and Business Resumption Planning Standards

External Supplier Control Requirements BCM

Creating a Business Continuity Plan for your Health Center

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Plan Development Getting from Principles to Paper

Vendor Management. Outsourcing Technology Services

Clinic Business Continuity Plan Guidelines

IT Disaster Recovery Plan Template

A Business Continuity Plan for Government. George Bomar Dianne Casey Texas Department of Licensing and Regulation

Business Continuity Planning. Description and Framework. White Paper. Preface. Contents

Planning for Disaster. Ramesh Ramani CISM CGEIT 02 June 2010

How to Plan for Disaster Recovery and Business Continuity

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

NCUA LETTER TO CREDIT UNIONS

PBSi Business Continuity Planning

Clinic Business Continuity Plan Guidelines

Domain 1 The Process of Auditing Information Systems

Offsite Disaster Recovery Plan

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

Disaster Recovery and Business Continuity Plan

Overview of how to test a. Business Continuity Plan

AUDIT REPORT INTERNAL AUDIT DIVISION. Audit of business continuity and disaster recovery planning at UNON

Company Management System. Business Continuity in SIA

Supervisory Policy Manual

Business Continuity Planning for Risk Reduction

1.0 Policy Statement / Intentions (FOIA - Open)

Chatham County Disaster Recovery Plan Recovery Planning Update. Mark Misczak, Brock Long, & Corey Reynolds Hagerty Consulting April 7, 2015

Planning for Disaster Disaster

BCP and DR. P K Patel AGM, MoF

BUILDING A SECURITY CONSCIOUS BUSINESS CONTINUITY MANAGEMENT (BCM) PROGRAM

Business Resiliency Business Continuity Management - January 14, 2014

How To Plan A Crisis Management Program

Governmental Oversight and Accountability Committee

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Change Management Policy

Information Services IT Security Policies B. Business continuity management and planning

Why Should Companies Take a Closer Look at Business Continuity Planning?

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

A BCP Tale: From Theory to Practice

Business Continuity (Policy & Procedure)

I. What benefits do you hope to achieve by engaging in this project? Ensuring that staff are

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Business Continuity Position Description

Business Continuity Planning Preparing Your Organization

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd.

Transcription:

Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology (OIT), like any other Maine State Government entity, is exposed to potential risks that could disrupt or destroy critical business functions and/or service delivery. OIT has developed this policy in support of a comprehensive program for OIT Business Continuity, Disaster Recovery, and overall business survivability. II. Purpose Maine State Government and its citizens expect that critical government services will continue to function in the event of a disruption or major disaster. This policy outlines OIT s strategy to plan and respond to a major crisis in order to ensure OIT functions and services continue to operate as near to normal performance as possible while ensuring the safety and security of OIT employees. III. Applicability This policy ONLY applies to OIT, all of its functional areas, and employees. It does not apply to agencies external to OIT, even though they may consume services provided by OIT. IV. Responsibilities A. Planning, Testing, and Program Maintenance 1. Business Continuity / Disaster Recovery (BC/DR) Steering Committee: Provides guidance and oversight for the BC/DR Program Provides input and approval of project objectives, scope, and timeframes Assists in the definition of BC/DR roles and responsibilities Provides support and resources for BC/DR projects and the BC/DR Manager Provides high-level coordination and support during BC/DR plan development 2. Business Continuity / Disaster Recovery Manager: Page 1 of 7

Obtains BC/DR Steering Committee support for the BC/DR program, projects, and initiatives Gathers, researches, and reports information relevant to the BC/DR Program Organizes and provides oversight for BC/DR projects (defines objectives, assesses risk, plans details) Tracks and reports on project progress to the BC/DR Steering Committee Manages all organizational change requirements pertaining to BC/DR within OIT (e.g. culture, structure, mission & strategy, polices, processes) Coordinates, synchronizes, and facilitates general operations within the OIT Emergency Operations Center. 3. Business Continuity / Disaster Recover Planning Team: Provides support to OIT BC/DR projects and external state organizations as required Individuals provide subject matter expertise from their functional areas throughout the development, implementation, and maintenance of the BC/DR program Develops BC/DR program guidelines, methodologies, standards, and best practices Ensures all BC/DR planning activity adhere to OIT policies, procedures, and standards B. Declaration of a Disaster or Emergency Response 1. Crisis Management Team (CMT): Overall responsible for managing the crisis response Gathers facts and analyzes conditions regarding the crisis Allocates internal resources Coordinates with external agencies for required resources Coordinates OIT disaster response with external agencies Develops and controls communication plans and official external communications Manages and directs Disaster Recovery Team(s) 2. Disaster Recovery Team(s) (DRT): Responds to a disaster at the direction of the CMT Maintains proficiency in OIT BC/DR related procedures within their specialty areas Conducts damage assessments and documents/reports findings to CMT Provides for stabilization and resumption of operations after a disaster V. Directives A. The Major Incident Procedure 1 sets command, control, and communication protocol. B. Each OIT Business Unit must assign a representative to the BC/DR Planning Team. Representatives will provide current and comprehensive content for the OIT business continuity plan (BCP) and will provide status updates on actions assigned to their area of responsibility. As applicable, some representatives will also be responsible for Disaster Recovery planning content 1 http://www.maine.gov/oit/policies/majorincidentprocedure.htm Page 2 of 7

to ensure that any damage or disruptions to critical assets (both within OIT and our customers within State Government) is mitigated and that these assets can be restored to normal or nearnormal operations as quickly as possible. C. OIT will use the ISO 22301:2012 standard for its BC/DR plan. D. OIT will use the ISO 22317 standard for Business Impact Analysis. E. The BC/DR plan will include procedures and support agreements to ensure on-time availability and delivery of required business functions and services. F. The OIT Business Impact Analysis (BIA) and the Risk Assessment (RA) will be reviewed annually by the BC/DR Planning Team. Changes will be annotated as required based on any changes to the new business operating environment. The BIA and the RA will be certified by the BC/DR Manager and approved by the BC/DR Steering Committee. G. BIAs and RAs may need to be reviewed before the annual review if there are major changes in the business environment that affect the data contained in the BIA and/or RA. The BC/DR Planning Team representatives are responsible for notifying the BC/DR Manager of any major changes that would require amendments to the BIA. The modified BIA and/or RA must be approved by the BC/DR Steering Committee. H. The BC/DR plan must be certified annually by the BC/DR Manager and approved by the BC/DR Steering Committee. I. The BC/DR Manager will prepare and present a bi-annual report to the BC/DR Steering Committee. The report will encompass the current status of BC/DR projects, initiatives, and overall readiness of the organization. J. Resolution of issues in the development of, or support of, all OIT BC/DR plans, initiatives, and associated activities will be coordinated through the BC/DR Manager. K. BC/DR compliance verification is managed by the BC/DR Manager with support from the BC/DR Planning Team. Each Business Unit must take appropriate action to address gaps identified in the Business Impact Analysis. L. OIT Employees must participate in training exercises and drills as directed by the BC/DR Steering Committee. M. OIT will conduct (at a minimum) two table top exercises annually as well as one operational exercise that includes simulated execution of the BC/DR Plan in a mock disaster scenario. N. Restoration Priority Order (Based upon criteria established by the Governor's Office): (1) Essential Communications (2) Citizen Health & Safety (3) Direct Citizen Services (4) State Revenue (5) Economic Development (6) Routine Government Services Page 3 of 7

VI. Definitions A. Business Continuity: Ongoing process to ensure that necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services. B. Business Continuity / Disaster Recovery Manager: Coordinates planning and implementation for the overall recovery of the organization or business units. C. Business Continuity / Disaster Recovery Planning Team: Responsible (in coordination with the BC/DR Manager) for planning, developing, and implementing business continuity related plans and projects. See appendix B. D. Business Continuity / Disaster Recovery Steering Committee: Provides direction, advice, guidance, and financial approval for BC/DR programs. E. Business Unit: A group of individuals organized to perform specific duties based on the functions performed within the organization. Examples of business units are: Finance, Operations, Applications Development, Client Technologies, Network Data Services, etc. F. Crisis Management Team: Senior managers from each functional area (usually the BC/DR Steering Committee members) responsible for developing and implementing a comprehensive plan for responding to a disaster. G. Disaster Recovery: The technical aspect of Business Continuity. The collection of resources and activities to re-establish IT services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption. Disaster recovery includes subsequent resumption and restoration of operations at a more permanent site. NOTE: DR does NOT have to occur at an alternate site if the current location is still suitable for DR procedures, but this is not typical. H. Disaster Recovery Team(s): A team (or teams) directed by the CMT to respond to a disaster. Can be comprised of multifunctional team members or divided into multiple specialty teams depending on the scope of the disaster. Led by the DRT leader (as appointed by the CMT). I. OIT Emergency Operations Center: Default command and control location (51 Commerce Drive, Room 412). VII. References A. Good Practice Guidelines 2013 Global Edition - Paul Kirven, Business Continuity Institute B. International Glossary for Resiliency - Disaster Recovery Institute International VIII. Document Information Initial Issue Date: August 13, 2015 Latest Revision Date: August 27, 2015 to update Document Information. Point of Contact: John Driscoll, Business Continuity & Disaster Recovery Manager, OIT, 207- Page 4 of 7

441-7038. Approved By: James R. Smith, Chief Information Officer, OIT, 207-624-7568. Enforced By: John Driscoll, Business Continuity & Disaster Recovery Manager, OIT, 207-441- 7038. Legal Citation: Title 5, Chapter 163: Office of Information Technology 2 Waiver Process: See the Waiver Policy 3. IX. Appendixes Appendix A BC/DR Steering Committee Composition Appendix B BC/DR Planning Team Composition 2 http://legislature.maine.gov/statutes/5/title5ch163sec0.html 3 http://maine.gov/oit/policies/waiver.htm Page 5 of 7

Appendix A BC/DR Steering Committee Composition The BC/DR Steering Committee meets quarterly to discuss BC/DR strategy, projects, resourcing, exercises, and tests and consists of the following members: 1. Chief Information Officer 2. Chief Technology Officer 3. Associate Chief Information Officer Applications 4. Associate Chief Information Officer - Infrastructure 5. Director of Architecture, Security & Policy 6. Director of Finance 7. Director of Project Management Office 8. Director of Technology Business Consultants Page 6 of 7

Appendix B BC/DR Planning Team The BC/DR Planning Team meets as directed by the BC/DR Manager and consists of the managers or designated representatives from select business units within OIT: 1. Applications Development 2. Client Technologies 3. Enterprise Architecture, Security & Policy Group 4. Network Data Services 5. Network Radio Services 6. Network Voice Services 7. Operations Management 8. Project Management Office 9. Technology Business Consultants 10. UNIX, Oracle, DBA and Storage Team 11. Vendor Management Office 12. Windows Application & Hosting Group 13. Workforce Development Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information