business continuity for information systems
Post on 12-Jan-2015
759 Views
Preview:
DESCRIPTION
TRANSCRIPT
Business Continuity for Information Systems
State of Utah – October 2006
Emergency Medical ServicesHomeland Security
Business Continuity
• The Critical Infrastructure Protection Directive (PDD-63) calls for a national-level effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States.
• The State of Utah provides many critical services, supported by information technology) that would be essential during an emergency
Emergency Medical ServicesHomeland Security
Why is it important?
• Services must be provided when emergencies occur, such as:– Fire– Flooding– Other weather-related hazards– Hazardous chemicals– Cyber-attacks and system failures are a
reality– Earthquake– Terrorism
Emergency Medical ServicesHomeland Security
Continuity of Operations (COOP)
– An internal effort within an organization to assure that the capability exists to continue essential business functions across a wide range of potential emergencies.
Emergency Medical ServicesHomeland Security
Elements of a Viable COOP
• A Succession Plan and Delegation of Authority• Alternate facilities• Safekeeping of Vital Records• Security• Interoperable Communications• A regular COOP Training, Testing and Exercise
programsource: GSA Emergency Management Office
A viable COOP needs to include:
Emergency Medical ServicesHomeland Security
Systems Assessment
In 2006, DTS, in cooperation with Public Safety, completed an assessment of information systems and IT infrastructure:
• Reviewed 1500 information systems and components
• Hardware Infrastructure• Communications systems• Analyzed systems based on criticality in an
emergency scenario
Emergency Medical ServicesHomeland Security
Key Infrastructure Capabilities
• Redundant, Self-Healing Network– SONET Ring– Geographic Hubs
• Alternate Data Center in Richfield– Alternate internet connection– Redundant paths to SONET ring
• Voice Communications– 3 Omnilink controllers connect 800 MHz, VHF, and
other radio communications statewide
Emergency Medical ServicesHomeland Security
COOP Tiers
1. System is critical during the first 24 hours of the emergency / disaster
2. System must be available within the first 7 days following the disaster
3. System must be available within the first 30 days
Emergency Medical ServicesHomeland Security
Funding requirement
To bring all systems that have been identified as having Tier 1 and Tier 2 COOP requirements up to that level of preparedness would require estimated funding of $18.9 million.
*see COOP systems report for detail
Emergency Medical ServicesHomeland Security
Business Continuity Needs
• Based on a total estimated need (tier 1 and 2) of $18.9 million
• Data does not include: Courts, Legislature, Higher Education, Public Education
1.6
2.4
1.5
13.4
Information Systems
IT Infrastructure
Personnel Training andTestingCommunications
Values are in millions of dollars
Emergency Medical ServicesHomeland Security
Key Functions for Business Continuity
• Authentication Infrastructure
• Support for vulnerable populations
• Financial systems• Emergency response
systems
• Alert and notifications• Voice and data
communications• Information systems
supporting emergency support functions
Emergency Medical ServicesHomeland Security
Emergency Support Functions
• Transportation• Communications• Public Works and
Engineering• Firefighting • Emergency
Management• Mass Care, Housing,
and Human Services• Long Term Community
Recovery
• Public Health and Medical Services
• Resource Support• Urban Search and Rescue• Oil & Hazardous Materials• Agriculture and Natural
Resources• Energy• Public Safety and Security
Emergency Medical ServicesHomeland Security
Tier 1 State of Utah Systems
• Offender Tracking (Corrections)• Utah Law Enforcement Intelligence Network (Public
Safety)• Vital Records (Health)• Utah Notification Information System (Health)• Financial Systems (DAS)• Statewide Radio Connectivity (DTS)• Utah Criminal Justice Information System (UCJIS)• Utah Highway Patrol Information System (DPS)
* these are representative, not all inclusive
Emergency Medical ServicesHomeland Security
Risk of not addressing Tier One
• Disruption in financial payments to employees, citizens, and state vendors during a critical outage
• Inability of first responders to communicate effectively across the state
• Loss of life• Increased property damage and financial
loss during an emergency
Emergency Medical ServicesHomeland Security
Tier 2 State of Utah Systems
• Claims Management (DAS)• Special Needs Housing (DHS)• Insurance Licensing & Regulation (Insurance)• Drivers License (DPS)• Motor Carrier (UDOT)• Licensing Enforcement (Commerce)
* these are representative, not all inclusive
Emergency Medical ServicesHomeland Security
Risk of not addressing Tier Two
• Reduced ability to respond to claims during a period of substantially increased demand
• Limited ability to care for vulnerable populations
• Reduced ability to deal with need of increased transport for goods and services
• Increased risk to the public
Emergency Medical ServicesHomeland Security
Tier 3 Examples
• Safe Drinking Water Information System
• Laboratory Support Systems
• Medicaid
• Air Quality Monitoring Network
• Unemployment Insurance
• Core Tax Systems* these are representative, not all inclusive
Emergency Medical ServicesHomeland Security
Richfield Alternate Data Center
Capabilities: different earthquake zone from Wasatch Front, 4 microwave and 1 fiber path to core state network, backup mainframe, backup power (UPS and generator), alternate internet connection, staffed 24x7
Can be used to house all business resumption capabilities.
* Will need to be expanded if tier 1,2, and 3 COOP is implemented
Emergency Medical ServicesHomeland Security
Richfield Systems
• University Hospital
• Administrative Computing (U. of Utah)
• Davis School District
These systems (outside the executive branch) are currently housed at the Richfield data center to provide business continuity services:
Emergency Medical ServicesHomeland Security
In Summary
• Information Systems– Tier One: 14 systems in 4 agencies
Est. Tier One: $5,342,500– Tier Two: 63 systems in 11 agencies
Est. Tier Two: $8,040,000– Systems Implemented: ORSIS, ABC business systems, some
Public Safety systems
• Infrastructure: Much of the core infrastructure for business continuity is already in place.– Est. Infrastructure: $1,376,000
• Communications: $1,600,000• Est. Personnel and Training: $2,400,000
top related