24 September 2015 ITEM: 12. Standards and Audit Committee. Thurrock Council BCP and DR status. Key Decision: Key. Wards and communities affected: All



Similar documents
How To Manage A Business Continuity Strategy

Business Continuity Management

External Supplier Control Requirements BCM

Business Continuity Planning

BCP and DR. P K Patel AGM, MoF

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING

Risk Management Guidelines

Table of Contents... 1

Business Continuity Management

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

BUSINESS CONTINUITY POLICY RM03

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

ICT Disaster Recovery Plan

Annex 1. Business Continuity Management Policy

London Borough of Merton

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Business Continuity Planning and Disaster Recovery Planning

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Business Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management

SOMERSET COUNTY COUNCIL KEY DECISION TAKEN BY THE COMMERCIAL AND BUSINESS SERVICES DIRECTOR

Business Continuity Management Policy and Framework

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Disaster Recovery. Hendry Taylor Tayori Limited

1.0 Policy Statement / Intentions (FOIA - Open)

Manchester City Council Report for Information. Report to: Resource and Governance Overview and Scrutiny Committee - 15 December 2011

ASX SETTLEMENT OPERATING RULES Guidance Note 10

Business Continuity Policy and Business Continuity Management System

Desktop Scenario Self Assessment Exercise Page 1

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

An Introduction to. Business Continuity Planning

Creating the Resilient Corporation

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management - A Guide to the Italian Premier Control System

Internal Audit Report Disaster Recovery / Business Continuity Planning

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

How To Manage A Disruption Event

Business Continuity Management. Policy Statement and Strategy

BUSINESS CONTINUITY POLICY

IT Disaster Recovery and Business Resumption Planning Standards

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Welcome to My E-Book

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Plan For Disaster Recovery in the event of a Critical Incident

How To Improve The Shared Services Partnership Business Continuity Plan

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY CHALLENGES IN THE MULTILINGUAL CONTACT CENTRE ENVIRONMENT

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Principles for BCM requirements for the Dutch financial sector and its providers.

AUSTRACLEAR REGULATIONS Guidance Note 10

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity Planning for Risk Reduction

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

It s the Business! Business continuity considerations for all organisations

Cambridge City Council

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Business Continuity and Disaster Recovery for Law Firms CAROLINE POYNTON

Tyne and Wear Fire and Rescue Authority

Attachment N CPIC Vendor Resiliency Business Continuity Planning Questionnaire

The procurement is for hardware only and the cost will not exceed 85,000.

Business Continuity Management Policy

Business Continuity Plan Toolkit

Ohio Supercomputer Center

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity Management Framework

(Audit Committee 23 September 2010)

The 10 Minute Business Continuity Assessment

Business Continuity Policy

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning. Presentation and. Direction

FORMULATING YOUR BUSINESS CONTINUITY PLAN

BUSINESS RESILIENCE READY OR NOT

NHS 24 - Business Continuity Strategy

Business Continuity Management Policy and Plan

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

Overview of how to test a. Business Continuity Plan

REQUEST FOR MAYORAL DECISION MD405. Title: Disaster Recovery Services

University of Glasgow. Policy for. Business Continuity Management

QUICK FACTS. Replicating Canada-based Database Support at a New Facility in the U.S. TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

Business Continuity Policy & Plans

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

White Paper: ISO Business Continuity Management An Overview. ISO Business Continuity Management An Overview

It may also include denial of use of property, plant and equipment or the inability of employees to attend their place of work.

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Policy

ICT & Communications Services Disaster & Recovery Plan

HERTSMERE BOROUGH COUNCIL REPORT TO EXECUTIVE

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Transcription:

24 September 2015 ITEM: 12 Standards and Audit Committee Thurrock Council BCP and DR status Wards and communities affected: All Key Decision: Key Report of: Gary Staples, ICT Commercial Manager Accountable Head of Service: Kathryn Adedeji Accountable Director: David Bull This report is Public Executive Summary For clarity, it would be beneficial for the Committee to understand the context in which this report has been constructed relating to Business Continuity Planning (BCP) and Disaster Recovery (DR) interpretations: Business Continuity Plan means an overarching plan pertaining to each Service delivered by the Council. The BCP outlines how that particular Service / Services will continue to be delivered in the event that one of these four events disrupts it: o People - Loss of staff e.g. as a result of pandemic flu o Premises - Denial of access to buildings e.g. in the event of a fire or flood o Resources - Loss of access to data e.g. failure of one or more of the council s servers o Suppliers - Products and services supplied by third parties e.g. loss of utilities including gas, water, electricity or telecommunications. Disaster Recovery means a separate BCP in its own right that outlines how the Council will recover in the event that one of the four events above specifically affects the primary data centre at Civic Offices in Grays, Essex. This report sets out the position at Thurrock Council regarding the following requirements identified at previous committee meetings: It outlines the progress with updating non-serco Disaster Recovery (DR) plans It outlines the availability of an offsite location in the event of DR invocation The results of Thurrock Council s DR Test

It gives a summary of the ongoing activity to future proof Business Continuity for Thurrock Council. 1. Recommendation(s) 1.1 Standards and Audit Committee approve that, following ICT transformation completion (3 months following transfer back), officers carry out a new Business Impact Analysis (BIA) across Directorate Services to establish realistic Recovery Time Objectives (RTO) for each Service and report back in March 2016. 1.2 That officers, post transfer, correlate the Recovery Time Objective (RTO*) information from the Services and determine the appropriate DR solution required in order to meet them and report back in March 2016. *The RTO is the maximum sustainable time possible without critical ICT availability before a Service reaches an unacceptable level of risk towards: Endangering human life / well-being The Council suffering significant financial loss 1.3 Officers complete an appropriate DR solution that better suits the Council s modern technology, way of working and increased freedom to collaborate with other Local Authorities and report back in March 2016. 2. Introduction and Background For the past eleven years Thurrock Council has outsourced, amongst other services, its ICT service to Serco and has had very limited control over how the service has been delivered in order to meet the stipulations outlined in the agreement (the SSPA) that was made by the two parties in 2005. Recently it has been agreed that the contract between the two parties no longer reflects both parties requirements and a mutual termination has been agreed. DR Plan update Whilst the Serco ICT DR plan is quite comprehensive with regards to the detail it contains, it was found to still have a number of areas that require further review and updating. This is primarily to bring it in line with current staff positions; for example the ICT Commercial Manager is not included as a key Council staff member in the plan since the role didn t exist back in March 2015 when the plan was last reviewed. The plan was also found to have a different list of Critical Council Services to those that the Council felt needed to be prioritised in the event of invoking DR. Off-site location availability Whilst the Culver Centre has previously been identified as a suitable site to recover to in the event of a catastrophic failure at Civic Office there are two important things to bear in mind: The Culver Centre will no longer be a useable Thurrock Council property as of a yet to be determined date in 2016.

The Culver Centre is less than 4 miles away from the location of the Council s primary data Centre. Any major incident affecting the primary DC is likely to also affect the secondary location when they are this close. Off-site ICT DR Equipment Thurrock s main focus over at least the last two years has been to concentrate its resourcing and funding to procure and install a very resilient virtualised infrastructure at the main data centre in the Civic Office. This transformation of ICT is almost complete and following its completion the Council will be in a position to run virtually 100% live-live data replication to an offsite facility. DR Tests The majority of the Council s Server, Desktop and Application infrastructure is virtual and the infrastructure is spread across two separate halves of a server farm. There is a regular out of hour s monthly maintenance window that allows the ICT teams to work on each half of the farm in turn without any interruption to end-users. The nature of the work emulates the virtual environment effectively failing and for many months now work has been carried out on the virtual environment with 100% success and zero downtime thus proving its resilience and stability. The Council s hosted key Enterprise Applications such as Oracle, that underpins the HR and Finance systems, are carried out annually and the results are analysed by ICT and any improvements made accordingly. On-going activity Following the appointment of its ICT Commercial Manager Thurrock Council has recently established a BCP & DR Group to commence the reviewing of the current BCP and DR plans. This group consists of: Corporate Risk Officer ICT Commercial manager A Service representative from each Directorate. In order to take proactive advantage of its new flexibility available to it once services have transferred back to the Council, conversations have already commenced in order to share potential facilities with local authorities that can support a more appropriate off-site DR solution.

3. Issues, Options and Analysis of Options 3.1 Issues and options can only be analysed following a review of the requirements and cannot form part of this initial report. 4. Reasons for Recommendation 4.1 As a result of the SSPA termination and the transition back in-house of ICT Services, Thurrock Council is in a perfect position to carry out a fresh review of its business requirements as far as BCP and DR resources. Once the review is complete, options for any BCP/DR changes required to meet the Council s needs be submitted to the Director s Board for approval. As with all BCP and DR requirement vs solution debates it is always critical to be mindful of the balance between criticality and cost. 5. Consultation (including Overview and Scrutiny, if applicable) 5.1 Consultation and approval has been sought and granted at the Council s Digital Board. 6. Impact on corporate policies, priorities, performance and community impact 6.1 None. 7. Implications 7.1 Financial Implications verified by: Sean Clark Head of Corporate Finance 7.2 Legal There are no financial implications as a direct result of this report. However, as options and solutions are considered, there could well be additional costs that may require budget approval. Implications verified by: David Lawson Deputy Head of Legal & Governance There are no legal implications at this stage of the report. 7.3 Diversity and Equality

Implications verified by: Natalie Warren Community Development and Equalities Manager There are no diversity and equality implications at this stage of the report. 7.4 Other implications (where significant) i.e. Staff, Health, Sustainability, Crime and Disorder) N/A 8. Background papers used in preparing the report (including their location on the Council s website or identification whether any are exempt or protected by copyright): None 9. Appendices to the report None Report Author: Gary Staples ICT Commercial Manager Corporate Commercial Services

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information