risk assessment and disaster recovery
Post on 25-Nov-2021
4 Views
Preview:
TRANSCRIPT
Risk Assessment and Disaster Recovery Page 1 of 58 Version 1.0 October 2016
Standard Operating Procedure 1 (SOP 1)
Risk Assessment and Disaster Recovery
Why we have a procedure? (Background)
Preparing for a data loss disaster before it occurs can speed up the Disaster Recovery process tremendously. The dependency on computers exponentially increases the Social and Healthcare/Legal/Commercial risks associated with failure of any component of that system. Data corruption, viruses, hard disk failure, power failure, accidental or malicious data deletion, theft and natural disasters are all situations that necessitate attention for a meaningful disaster recovery policy. Typically when a computer crashes, the first and foremost task is for ICT to rebuild and reconfigure the system, restoring mission-critical applications and data without excessive downtime. Overall disaster risk assessment pertaining to monetary, customer, legal and regulatory exposures, as well as interdepartmental dependencies should be considered. Recovery and data freshness windows should also be considered when building a disaster recovery plan to ensure the recovery time objectives can be attained during a full-scale restore operation. This document forms the Business continuity from an ICT perspective and covers anything to do with service provision including server/personal computing, telephony, physical/information security and data. Business Continuity is not a single defined document, process, policy or set of instructions. Business continuity is comprised of a number of processes and policies, organised and documented outlining emergency and contingency planning with cost and risk based analysis.
What overarching policy the procedure links to?
BCPFT-ICT-POL-01 ICT Change Control BCPFT-ICT-POL-02 ICT Email and Internet Acceptable Use BCPFT-ICT-POL-03 ICT Security BCPFT-ICT-POL-04 ICT Portable Devices and Portable Media Security BCPFT-ICT-POL-05 ICT Remote Access BCPFT-ICT-POL-06 ICT Telecommunications BCPFT-ICT-POL-07 ICT Priority 1 Incident Handling BCPFT-ICT-SOP-03-4 ICT Security - SOP 04 - Password Protection BCPFT-ICT-SOP-03-3 ICT Security - SOP 03 - Identity Management BCPFT-ICT-SOP-02-1 ICT Email and Internet Acceptable Use - SOP 01 - Web Access Service for Patients
Risk Assessment and Disaster Recovery Page 2 of 58 Version 1.0 October 2016
BCPFT-ORG-POL-03 – Business Continuity Management Policy
Which services of the trust does this apply to?
Corporate/ICT Services
Where is it in operation?
Delta House.
Who does the procedure apply to? (staff roles and responsibilities)
All members of the ICT Department.
When should the procedure be applied? (Context)
In the event of a disaster rendering business critical systems out of use.
Risk Assessment and Disaster Recovery Page 3 of 58 Version 1.0 October 2016
How to carry out this procedure (step step-by-step information)
1.0 Determine the needs
For each operating system, service and application component we should consider the following. These questions should be addressed for each system that is supported by ICT.
What are the possible failure scenarios?
- Environment failure - Server hardware Failure - Disk/Raid Failure - Network Failure
Where is the critical data?
- Oasis Applications - Finance Server - Datix - File Stores - E-mail
How often should backups be performed? - Full daily backups are run on all critical servers
Should backups be performed on-line while users are working, or off-line? - Backups are run “off-line” so that all files are backed up.
Will backups be done manually or via an automatic scheduling process? - We run automated daily schedules on all Servers that require backups.
How can we verify that a backup was successfully performed? - The backup log files are error checked and “signed” for on a daily basis.
The file is held in the ICT documentation drive.
How will we determine if the backups are useable? - Restores are carried out through normal helpdesk requests and
restoring data to an alternative destination checks tapes. - Test Restores will be carried out on a quarterly basis by the ICT
department, at file and server level. - These trial restorations will be logged into the evidence file on the ICT
documentation drive.
How long will we save backups before reusing the medium? - For tape media we use we keep monthly and annual tapes to one side. - For Disk based backups we currently keep 2 years of weekly backups on-
line.
How much time will it take to restore from the last back up?
Risk Assessment and Disaster Recovery Page 4 of 58 Version 1.0 October 2016
- Depends on the amount of data to restore, typically we can restore 120 GB + in just over 3 hours if need be.
Where will our backup media be stored? - Tape media is stored in a secure room in a secured separate building to
where the servers are physically located.
Do appropriate personnel have access to backup media for restores? - All ICT staffs have access to the backup media and they are capable of
restoring data.
If the ICT System Administrator(s) is (are) not available, is there a source for acquiring system passwords and procedures to back ups, and if necessary, perform restores? - There will always be a member of the ICT department available to enable
these requests. - Any request should be reported to the helpdesk for the ICT department
engineers to action. Escalation should be via the ICT Support team leader then the ICT Services Manager.
2.0 Developed Practices
An effective backup strategy can only be developed by understanding data management goals and requirements then effectively creating guidelines for daily operation. Here are a few common practices that have been taken into consideration when developing our Disaster Recovery contingency plans.
Develop backup and restore procedures with appropriate resources. We do.
Test the procedures, ensuring that we can recover data in a timely manner. We do.
Ensure we have a designated backup and restore administrator(s). We do.
Backup our entire system volume to prepare for the hopefully unlikely event of a catastrophic disk failure, providing the ability to restore the entire volume in a single operation. We do.
Backup our local directory services database (Active Directory) to prevent loss of user accounting and security information. We have
Keep backup logs available to enable faster, granular file restores. We do.
Periodically perform trial restorations to verify that files are being backed up properly. Usually trial restorations will uncover any hidden hardware anomalies. We do.
Ensure procedures are in place to prevent a system administrator from restoring data onto the wrong server
Risk Assessment and Disaster Recovery Page 5 of 58 Version 1.0 October 2016
We have.
3.0 Additional Considerations
Keep detailed asset management information up to date. This information will help us in the event of a severe hardware failure and forced to rebuild or replace the system.
Keep system owners informed of any remedial maintenance required on servers that they manage and liaise with them on defining or changing the backup schedules and definitions.
See section 4.0 of this document.
Ensure that the following are readily available: O/S distribution media, patches, service packs, and OEM specific drivers. Copies of the Critical OS and other media have been made and are kept at a different site, for disaster recovery requirements.
See section 5.0 of this document.
Maintain an updated profile of each system configuration including network settings (TCP/IP configuration), machine names, domain information, account information, disk configuration, disk partition layouts, partition sizes, partition file system format type, and O/S patches installed. Always maintain a list of current patches installed on each of the corresponding systems.
See section 6.0 of this document.
4.0 Asset Database
The ICT Department maintains an up-to-date Asset spreadsheet, which is located within: - Hooch\ICT\Hardware\Asset Spreadsheet This spreadsheet is kept current by ICT staff following the procedure laid out in the Asset Management guidance, which can be found on the Trust Intranet in the relevant folder.
5.0 Software Library
The ICT department keeps an up to date register of all software procured through agreed Standing Financial Instructions (SFIs). All software is checked to ensure compatibility and integrity with Trust systems, before being installed in the “live” environment.
Risk Assessment and Disaster Recovery Page 6 of 58 Version 1.0 October 2016
6.0 Critical Server Information
The majority of Trust servers* now sit within a virtualised environment based within the Delta house Trust site. Virtualised server systems provide the Trust with more resilience, stability and flexibility for providing high availability services for the purpose of providing health care.
The configuration documentation for the virtualised system resides in a secure folder within the ICT department resource share and access to the physical hardware is restricted. Only senior members of the ICT support team have privilege to manage the virtualised environment.
*Some exceptions are located off site.
7.0 Risk Assessment; Servers and Services
This risk assessment has been carried out to ascertain the effect of a critical server or service failure on Trust staff and performance.
The Trust IT department is formally involved within departmental and group level business impact assessments thereby ensuring the identification of realistic and mutual awareness of system Recovery Time Objectives (RTO). Recovery Time Objectives are reflected within this risk assessment in hours.
The risk assessment does not suit the Australia 5x5 system of risk scoring and as such the “R.A.G.” system has been used; Red, Amber, Green.
Resultant documentary evidence on the Risk assessment is hypothetical, sought through experience and knowledge gained through previous work carried out by senior members of the ICT department.
The Following pages are dynamic, in that, the information they contain may change from time to time. For that reason, the pages will be a separate document that needs to be updated regularly and incorporated when modified, into this document.
Disaster Recovery, Process and Procedure Page 7 of 58 Version 1.0 October 2016
Risk Assessment of ICT Infrastructure, Services and Servers.
This document will form part of the Business Continuity and Disaster Recovery plan. Officer responsible for document: ICT Services Manager.
RAG
Rating Definition
Target
Initial
Response
Time
Target Call Update/
Escalation Time, every
Target
Resolution Time
(During Standard
Working Hours)
Response
Red
Total Loss of service. - Any fault that renders a critical System or Service inoperative or prevents absolutely necessary business transactions. For example: Complete system failure impacting on critical business processes or clinical care
30 Minutes
1 hour 8 hours (Excluding faults caused by a third
party system)
Response within 10 minutes, by incident number, time to fix or advice within 1 hour, updates at a time period to be agreed with the ICT Management Team. Reasonable endeavours will be used to provide a fix within half a working day where it is entirely in the Service Provider’s control.
Am
ber
Partial Loss of Service - Any fault which prevents Trust staff from performing normal day-to-day business transactions. For example: Partial system failure impacting on critical business processes or clinical care and affecting all users.
1 Hour 2 Hours or such longer period as agreed
between the parties
16 Hours (Excluding faults caused by a third
party system)
Response within 10 minutes, by incident number, time to fix or advice within 1 hour, updates at a time period to be agreed with the ICT Management Team. Reasonable endeavours will be used to provide a fix within 1 working day where it is entirely in the Service Provider’s control.
Gre
en Degraded Service State - Any
other fault that causes the Trust staff inconvenience in performing normal day-to-day business transactions.
2 Hours 4 Hours or such longer period as agreed
between the parties
24 Hours (Excluding faults caused by a third
party system)
Response within 10 minutes, by incident number, time to fix or advice within 1 hour, updates at a time period to be agreed with the ICT Management Team. Reasonable endeavours will be used to provide a fix within 2 working days where it is entirely in the Service Provider’s control.
Disaster Recovery, Process and Procedure Page 8 of 58 Version 1.0 October 2016
Service Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Hardware Firewall
Main firewall
Handles VPN connections from other Fortinet sites
Provides Trust with protection from outside
world.
Security & Rules for all outgoing traffic.
Limits inbound traffic to absolute
minimum.
Red 1 Hour
Loss of connectivity from other Fortinet sites.
Loss of wireless at Delta House.
Dual sets of hardware to provide resilience, if one fails the second will
step in.
Internet Central for Software & Hardware
Support.
N/A
Sites using Fortinet lose complete system access with possible impact on service users as services cannot be accessed.
N/A
Disaster Recovery, Process and Procedure Page 9 of 58 Version 1.0 October 2016
Fortigate Roles and responsibilities:
Description Detail Notes
Owner ICT Department Central Hub of Fortinet VPN
Daily Maintenance / Support ICT
Extraordinary Support ICT / Internet Central
Change management ICT / Internet Central
IP12200 Location Delta House Server room
Edge Devices One at each VPN site
Annual Maintenance/Licence costs Subs and licence
Maintenance/Licence responsibility ICT Services Manager
Cost to replace all VPN Hardware
Disaster Recovery, Process and Procedure Page 10 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Virtualised Server
Management console for Checkpoint
Firewall.
Log file host for usage
tracking.
Amber 12.0 hours
Loss of log transactions.
Loss of control of the Firewalls.
Consultancy with Cygnia for Software & Hardware.
Normal service will not be affected by an outage of this server.
None
Edge devices continue to protect each site. Only affect is inability to update rules base and push out updates.
Disaster Recovery, Process and Procedure Page 11 of 58 Version 1.0 October 2016
FW-1 Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT We pay for Checkpoint SW & Licences Annually £16,000.00
Extraordinary Support ICT / Hytec Hytec have support of Checkpoint
Change management ICT / Hytec
Location Delta House Server room
Cost to replace Hardware £1500.00 Standard PC.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 12 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Mitigation
Meshed VPN Checkpoint firewalls IP12208 IP4607 IP2205 UTM-132 Edge Devices (x 16) Edge Devices (x 32)
Edge Devices (x U)
Meshed VPN over N3 Links. Inter-site
connectivity.
Provides Trust with protection from outside
world.
Security & Rules for all outgoing
traffic.
Limits inbound traffic to absolute minimum.
RED
Site affected
Loss of outgoing transactions.
Loss of outgoing e-mail.
Loss of outgoing Internet
access.
Dual sets of hardware to provide resilience, if one fails the second
will step in.
Consultancy with Hytec for Software & Hardware
Support.
N/A
N/A Support £387.27 Subs £78.62 Support £580.91 Subs £117.94 Support £968.19 Subs £196.56
“Star VPN” Roles and responsibilities:
Disaster Recovery, Process and Procedure Page 13 of 58 Version 1.0 October 2016
Description Detail Notes
Owner ICT Department Central Hub of VPN
Daily Maintenance / Support ICT
Extraordinary Support ICT / Hytec Cygnia have support of Checkpoint
Change management ICT / Hytec
IP12200 Location Delta House Server room
Edge Devices One at each VPN site
Annual Maintenance/Licence costs Subs and licence £16k per annum
Maintenance/Licence responsibility ICT Services Manager
Cost to replace all VPN Hardware £113,000.00
Disaster Recovery, Process and Procedure Page 14 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Servers
Datix: Risk Incident reporting System
Amber 12.0 hours
Loss of Incident reporting
SLA and Maintenance contract with Datix Technologies.
Restore server image from Blade backup regime
Restore data from backup tapes
None
Not 24/7 business critical
Localised to Medical secretarial staff for inputting and clinical managers for reporting on incidents
Datix Roles and responsibilities:
Description Detail Notes
Owner Risk Manager HTTP local based service
Daily Maintenance / Support ICT
Extraordinary Support ICT / Datix Annual Maintenance & Licence charge £6000.00
Change management Datix
Location Web and DB server local
Cost to replace Hardware N/A
Maintenance/Licence responsibility Risk Manager
The system owner for Datix has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 15 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Virtualised Servers
Integra: Procurement and finance System
Red RTO:
4.0 hours RTO: 12.0
hours
Loss of Ledger
Loss of procurement
SLA and Maintenance contract with Integra Solutions.
Restore server image from Blade backup regime
Restore data from backup tapes
None
Provide resilience with standby hardware
Datix Roles and responsibilities:
Description Detail Notes
Owner Head of Estates & Facilities HTTP local based service
Daily Maintenance / Support ICT
Extraordinary Support ICT / Integra Annual Maintenance & Licence cost: Database and Application - £12K. Help
Desk - £9.6K
Change management Integra
Location Web and DB server local
Cost to replace Hardware N/A
Maintenance/Licence responsibility Head of Estates & Facilities
The system owner for Integra has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 16 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Intranet Server
Green 12.0 hours
Loss of links
to some internal applications: helpdesk, Datix
Loss of immediate access to policies and
trust forms
Consultancy with Creative
Mark Ltd.
None
Provide fail over
software
Provide resilience with standby
hardware
Fawkes Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support N/A
Extraordinary Support ICT / Creative Mark Ltd.
Change management Creative Mark Ltd.
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 17 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
ICT helpdesk
Clinical supervision
portal
Green 4.0 hours
Loss of some Internal applications
-Helpdesk
Consultancy with Creative
Mark Ltd.
None
Provide fail over
software
Provide resilience with standby hardware
Molly Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support N/A
Extraordinary Support ICT / Creative Mark Ltd.
Change management Creative Mark Ltd.
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 18 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Servers
Email gateways
RED 4 Hours
Loss of external email communications.
Consultancy with Creative Mark Ltd.
Switch all Services to other server.
None
Provide fail over software
Provide resilience with standby
hardware
Auror and Walter Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support N/A
Extraordinary Support ICT / Creative Mark Ltd.
Change management Creative Mark Ltd.
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 19 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Email Archive
Green 12.0 hours
Loss of external email Archival
facilities
Consultancy
with Creative
Mark Ltd.
Restore
server image from Blade backup regime
Restore data from backup tapes
None
Provide fail
over
software
Provide resilience with standby hardware
Friar roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support N/A
Extraordinary Support ICT / Creative Mark Ltd.
Change management Creative Mark Ltd.
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 20 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Key cabinet
controller
Green 12.0 hours
Loss of Documentation of key issue.
Traka
Restore
server image from Blade backup regime
Restore data from backup tapes
None
Provide fail
over
software
Provide resilience with standby hardware
Auror and Walter Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support N/A
Extraordinary Support ICT / Traka
Change management Traka
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Head of Estates & Facilities
Disaster Recovery, Process and Procedure Page 21 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Anti-Virus Server
Amber 12.0 hours
Loss of management of anti-virus
updates
Loss of real time monitoring anti-virus
statistics
Consultancy
via Caretower Ltd. For
software
Rebuild AV
image from backup and
restore data
None
Provide fail
over software
Provide resilience with standby
hardware
Currently protected PCs and servers stay
protected
Morpheus Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Annual Maintenance charge £2500.00
Extraordinary Support ICT / Caretower Ltd
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 22 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
PAS Database Server
Amber 4 Hours
Effects only reporting
managers
SLA with Oasis Medical Solutions on Software
Maintenance.
Four Hour Response for Hardware maintenance.
N/A
No direct impact but care could potentially be affected
Patient paper records available. Clinic appts printed off. Employ data warehousing solutions. Provide fail over software Provide resilience with standby hardware
Merlin Roles and responsibilities:
Description Detail Notes
Owner Head of Business Intelligence
Daily Maintenance / Support ICT / Head of Business Intelligence / OMS
User admin, App administration
Extraordinary Support ICT / OMS Network, Hardware Faults
Change management Head of Business Intelligence / OMS Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £2510.00 Rack Server.
Maintenance/Licence responsibility Head of Business Intelligence
Disaster Recovery, Process and Procedure Page 23 of 58 Version 1.0 October 2016
Servers Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds
Service User Impact
Mitigation
Internal only Virtualised Servers
Business Objects Reporting
Amber RTO: 1.0 hour RTO: 8.0 hours RTO: 4.0 hours
Effects only reporting managers
SLA with Oasis Medical Solutions on Software Maintenance
.
Four Hour Response for Hardware maintenance
.
N/A
No direct impact but care could potentially be affected
Patient paper records available. Clinic appts printed off. Employ data warehousing solutions. Provide fail over software Provide resilience with standby hardware
Figg Roles and responsibilities:
Description Detail Notes
Owner Head of Business Intelligence
Daily Maintenance / Support Head of Business Intelligence / OMS User admin, App administration
Extraordinary Support ICT / Head of Business Intelligence / OMS
Network, Hardware Faults
Change management Head of Business Intelligence / OMS Upgrades/Projects £99,000.00 per annum for support
Location Delta House Server room
Cost to replace Hardware £2510.00 Rack Server.
Maintenance/Licence responsibility Head of Business Intelligence
The system owner has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system.
Disaster Recovery, Process and Procedure Page 24 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Authentication
File & Print resource.
Accounts resource
E-Mail accounts resource
DNS Server -
Secondary
Amber 12 Hours
Loss of Logons
Loss of
Authentication
Loss of accounts
administration
Loss of resource administration
Re-build from
config build backup approximately one hour, restore data
Promote
another AD server to
be master
Temporarily locate file resources to another File Server
None
Training
required for ICT staff to administer, manage and
support AD
Vincent Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 25 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Authentication
Accounts resource
DNS Server - Primary
DHCP Server
Amber 8 Hours
Loss of Logons
Loss of Authentication
Loss of accounts
administration
Loss of resource
administration
Loss of workstation
functionality
Consultancy
via Hytec.
Four Hour Response for Hardware maintenance.
Promote
another AD server to be
master
Temporarily locate DHCP
None
Training required for
ICT staff to administer, manage
and support AD
Hedwig Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £2842.00 Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 26 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Authentication
Accounts resource
DNS Server - Primary
DHCP Server
Amber 8 Hours
Loss of Logons
Loss of Authentication
Loss of accounts administration
Loss of resource administration
Loss of workstation
functionality
Consultancy
via Hytec.
Four Hour Response for Hardware maintenance
.
Promote
another AD server to
be master
Temporarily locate
DHCP
None
Training
required for ICT staff to administer, manage and support AD
Terance Roles and Responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £3682.45 Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 27 of 58 Version 1.0 October 2016
Hedwig Roles and responsibilities:
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
E-mail application Server
Red 4 Hours
Loss of
access to Mailboxes
Loss of Blackberry
Service
Consultancy via Hytec.
Four Hour Response for Hardware
maintenance.
N/A
None
Provide standby hardware
Fred Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £2991.00 Blade Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 28 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
E-mail application Server
Red 4 Hours
Loss of access to
Mailboxes
Loss of Blackberry
Service
Consultancy via Hytec.
Four Hour Response for Hardware maintenance.
N/A
None
Provide standby hardware
George Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £3782.46 Blade Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 29 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
User F: drives.
Amber 4.0 hours
Loss of access to
files
Loss of access to some network printers
Consultancy via Hytec.
Four Hour Response for Hardware
maintenance.
Temporarily locate file resources to another File
Server
None
N/A
Draco Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 30 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
User F: drives.
Amber 8.0 hours
Loss of access to files
Loss of access to some network
printers
Consultancy via Hytec.
Four Hour Response for Hardware
maintenance.
Temporarily locate file resources to another File Server
None
N/A
Malfoy Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 31 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Profile Server
Amber 8.0 hours
Loss of access to
files
Consultancy via Hytec.
Four Hour Response for Hardware
maintenance
.
Temporarily locate file resources to another File
Server
None
N/A
Newt Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 32 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Terminal Server Profile Server
Amber 4.0 hours
Loss of access to
files
Consultancy
via Hytec.
Four Hour Response for Hardware
maintenance
.
Temporarily
locate file resources to another File
Server
None
N/A
Binns Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 33 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Terminal Server Session Manager
Amber 8 Hours
Loss of access to Terminal Server
sessions
Consultancy
via Hytec.
Restore
server image from Blade backup regime
Restore data from backup tapes
None
Fast Image
Restore is
available
TS00 Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A Rack Server.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 34 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Terminal Services
Green 24 Hours
Loss of Terminal Server Access, Remote working.
Consultancy via
Hytec.
Four Hour Response for Hardware maintenance.
Rebuild server
on new Hardware.
None
The system
works as a team, with built in resilience and load
balancing.
TS01 to TS07 Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £2500 Blade Server.
Maintenance/Licence responsibility ICT Services Manager
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Disaster Recovery, Process and Procedure Page 35 of 58 Version 1.0 October 2016
Internal only Virtual IP
Terminal Services
Amber 8Hours
Loss of Terminal Server Access
control
Consultancy via LoadBalancers.com
Next day replacement of failed
equipment.
The system is comprised of a High availability
pair.
None
Switch to backup unit is
automatic.
Load Balancers Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware £5000.00 Rack Appliance.
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 36 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Print Server
Amber 8.0 hours
Printing at Delta
Consultancy via Computerworld.
Consultancy
via Hytec.
Four Hour Response for Hardware maintenance.
Rebuild server on new Hardware.
None
Provide resilience with standby
hardware
“Hagrid” Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 37 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Windows
Update
Server
Amber 12 Hours
Inability to update workstations with the latest
patches
Consultancy
via Computerworl
d.
Consultancy via Hytec.
Four Hour Response for Hardware
maintenance.
Rebuild
server on new
Hardware.
None
Provide
resilience with standby
hardware
“Crabbe” Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Department User admin, App administration
Extraordinary Support ICT Department Network, Hardware Faults
Change management ICT Department Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 38 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds
Service User Impact
Mitigation
Internal only Virtualised Server
Finance Application
Server
Amber
Loss of access to historical accounts
records
Consultancy via TAH for Sage application
Consultancy via Hytec.
Four Hour Response for Hardware maintenance.
N/A
None
Employ data warehousing
solutions.
Provide fail over software
Provide resilience with standby
hardware
Localised to Finance staff.
“BCMHFIN” Roles and responsibilities:
Description Detail Notes
Owner Costing and Contracting Accountant Mandip Bal
Daily Maintenance / Support Finance Department User admin, App administration
Extraordinary Support ICT Department / Datel Group Network, Hardware Faults
Change management Finance Department / Datel Group Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Deputy Director of Finance
The system owner has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 39 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
MAPs Application and DB servers for MAPS
Green
None, only kept as a staging point until confidence is gained on the new on-line service.
SLA with
Manpower on Software
Maintenance.
N/A
None
Employ data
warehousing solutions.
Provide fail over
software
Provide resilience with standby
hardware
Flitwick Roles and responsibilities:
Description Detail Notes
Owner Bank & Rostering Manager Sarah Bennett
Daily Maintenance / Support Bank & Rostering Manager / Manpower Software.
User admin, App administration
Extraordinary Support ICT / Manpower Health. Network, Hardware Faults
Change management Bank & Rostering Manager / Manpower Software.
Upgrades/Projects
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Bank & Rostering Manager
The system owner has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 40 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Anti-Virus Server
Green 12.0 hours
Loss of management of anti-virus
updates
Loss of real time monitoring anti-virus
statistics
Consultancy
via Caretower Ltd. For
software
Rebuild AV
image from backup and
restore data
None
Provide fail
over software
Provide resilience with standby
hardware
Morpheus Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT Annual Maintenance charge £3000.00
Extraordinary Support ICT / Caretower Ltd
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 41 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Business Objects
Green 12.0 hours
Reporting on Oasis
N/A
Rebuild from backup and restore data
None
N/A
Neville Roles and responsibilities:
Description Detail Notes
Owner Head of Business Intelligence
Daily Maintenance / Support ICT / Information dept. S Clifton maintains universes
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Head of Business Intelligence
The system owner has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 42 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Qlikview
Green 12.0 hours
Integrated reporting
system
N/A
Rebuild from backup and restore data
None
N/A
Zabini Roles and responsibilities:
Description Detail Notes
Owner Finance Dept Mani Bal
Daily Maintenance / Support ICT / Information / Finance Mani Bal/Steve Clifton
Extraordinary Support ICT /Qliktech Network, Hardware Faults
Change management Finance/Qliktech
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Deputy Director of Finance
The system owner has been made aware of disaster recovery processes and timescales, is aware of backup schedules and processes and has agreed to the working practices employed by ICT in support and facilitation of the system. The system owner will be informed of any change to any of the schedules or processes. Any change of system owner will result in the newly named system owner being asked to agree current working practises.
Disaster Recovery, Process and Procedure Page 43 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
GFI USB control Software for AD
Amber 12.0 hours
Loss of control over USB access
N/A
Rebuild from
backup and
restore data
None
Current USBs remain controlled, just unable to add more devices
Millicent Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT £1000+ per annum licence
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 44 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Document management server
Green 4.0 hours
Loss of scanning capability and electronic
invoicing
N/A
Rebuild from backup and restore data
None
N/A
Uric Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support Creative Mark & KnowledgeTree £1800
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 45 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Resource shares
Amber RTO: 4.0 hours RTO: 4.0 hours
Loss of access to shared drives
N/A
Rebuild from backup and restore data
None
Data stored on SAN, could be moved to different LUN quickly
Hooch Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 46 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Log server for Internet proxy
Green 12.0 hours
Loss of Internet
use reports
N/A
Rebuild from
backup and
restore data
None
Can be done manually
Sawmill Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 47 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Snow
Green 12.0 hours
Loss of software
audit
N/A
Rebuild from
backup and
restore data
None
Current reporting not affected
Fudge Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 48 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Door Entry system
Green 8.0 hours
Loss of door entry
control
N/A
Rebuild from
backup and
restore data
None
Only unable to produce new cards or alter settings
Blaise Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT / Feedback systems
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Head of Estates & Facilities
Disaster Recovery, Process and Procedure Page 49 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Door Entry system
Green 8.0 hours
Loss of door entry
control
N/A
Rebuild from
backup and
restore data
None
Only unable to produce new cards or alter settings
Marge Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT / Feedback systems
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility Head of Estates & Facilities
Disaster Recovery, Process and Procedure Page 50 of 58 Version 1.0 October 2016
Server Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Virtualised Server
Blackberry
Amber 8 Hours
Loss of Blackberry
mail service
N/A
Rebuild from backup and
restore data
None
Limited staff affected, non-clinical - but Directors
Malkin Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT / Orange BB support
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 51 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
FOG Image management
Amber
Inability to quickly rebuild
computers
N/A
Manual Rebuild
None
Limited staff affected, non-clinical - but Directors
Agrippa Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Server Service Effect and Impact (R.A.G
and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only Amber
Disaster Recovery, Process and Procedure Page 52 of 58 Version 1.0 October 2016
OBSOLETE
VSphere Controller for all VMware and SAN
Loss of control over VMware
configuration
High availability and failover already built into system
Rebuild from backup and restore data
None High availability and failover already built into VMware system
Agrippa Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT / Dell VSphere specialist support
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 53 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Backup scheduler and controller
Amber 12 Hour
Loss of physical based server backups
N/A
Rebuild from backup and restore
data
None
Can copy data manually as a temporary backup and server rebuilt within hours
Peeves Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 54 of 58 Version 1.0 October 2016
Server Service Effect and Impact (R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Internal only
Backup scheduler and controller
Amber 12 Hours
Backup of VMware information to tapes
for offsite storage.
N/A
Rebuild from backup and restore data
None
Can copy data manually as a temporary backup and server rebuilt within hours
Spore Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT
Change management ICT
Location Delta House Server room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 55 of 58 Version 1.0 October 2016
Service Service Effect and Impact
(R.A.G and RTO)
Control Measures In Place
Workarounds Service User Impact
Mitigation
Remote Working Solution Internal only
Remote access Solution
Green 12 Hours
Loss of
Remote access to Trust
resources
Backup running in High Availability Mode
Maintenance and support contracts with Internet
Central
None
N/A
RWS Roles and responsibilities:
Description Detail Notes
Owner ICT Department
Daily Maintenance / Support ICT
Extraordinary Support ICT / Internet Central
Change management ICT
Location Delta House Comms room
Cost to replace Hardware N/A
Maintenance/Licence responsibility ICT Services Manager
Disaster Recovery, Process and Procedure Page 56 of 58 Version 1.0 October 2016
Service Service Effect and Impact (R.A.G.)
Control Measures In Place
Workarounds Service User Impact
Mitigation
COIN – 10Mb between remote 5 main sites and
corporate LAN.
All connectivity All services
Amber Obsolete
Loss of all services
SLA & Maintenance contract with ZEN.
Four hour response and eight hour fix
No direct impact but care could potentially be affected
Manual fail over to N3 circuits for each Site
VPN – over N3
Links between remote sites and corporate LAN.
All connectivity All services
Red 8 Hours
Loss of all services
SLA & Maintenance contract with N3
Maintenance & consultancy
Cygnia.
Four hour response and eight
hour fix
No direct impact but care could potentially be affected
Provide Fail over Circuits for each Site (Meshed Network)
PSN – Private
Network
Links between remote sites and corporate
LAN.
All connectivity All services
Red 8 Hours
Loss of all services
SLA & Maintenance contract with
Virgin Media.
Maintenance & consultancy
Cygnia.
Four hour response and eight
hour fix
No direct impact but care could potentially be affected
Provide Fail over Circuits for each Site (Meshed Network)
Localised for individual site and staff where problem with Bandwidth provider has occurred
If central VPN connector then all remote VPN sites affected.
Disaster Recovery, Process and Procedure Page 57 of 58 Version 1.0 October 2016
Where do I go for further advice or information?
ICT Department, Delta House, Greets Green Road, West Bromwich, B70 9PL Tel: 0121 612 8001. Self service portal: http://fusion.smhsct.local/staff/
Training Staff may receive training in relation to this procedure, where it is identified in their appraisal as part of the specific development needs for their role and responsibilities. Please refer to the Trust’s Mandatory & Risk Management Training Needs Analysis for further details on training requirements, target audiences and update frequencies Monitoring / Review of this Procedure In the event of planned change in the process(es) described within this document or an incident involving the described process(es) within the review cycle, this SOP will be reviewed and revised as necessary to maintain its accuracy and effectiveness.
Equality Impact Assessment Please refer to overarching policy
Data Protection Act and Freedom of Information Act Please refer to overarching policy
Disaster Recovery, Process and Procedure Page 58 of 58 Version 1.0 October 2016
Standard Operating Procedure Details
Review and Amendment History
Version Date Description of Change
1.0 Oct 2016 New SOP for BCPFT to support ICT Change Control Policy
Unique Identifier for this SOP is BCPFT-ICT-SOP-01-1
State if SOP is New or Revised New
Policy Category ICT
Executive Director whose portfolio this SOP comes under
Director of Strategy, Estates and ICT
Policy Lead/Author Job titles only
ICT Manager
Committee/Group Responsible for Approval of this SOP
Information Governance Steering Group
Month/year consultation process completed
Month/year SOP was approved February 2016
Next review due October 2019
Disclosure Status ‘B’ can be disclosed to patients and the public
top related