1 / 18

Strategic Initiatives Office October 25, 2005

Information Technology Advisory Board. Strategic Initiatives Office October 25, 2005. Michael Singletary, Enterprise IT Manager. Agenda.

aquene
Download Presentation

Strategic Initiatives Office October 25, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Advisory Board Strategic Initiatives OfficeOctober 25, 2005 Michael Singletary, Enterprise IT Manager

  2. Agenda • In a post-911 world, and after the experience of Louisiana in Hurricane Katrina, are North Carolina’s state agencies and their IT systems ready for a disaster? • What steps have been taken to ensure our preparedness? • What steps still need to be taken? • How can the ITAB help? • Questions

  3. Are We Ready? • The short answer is that it depends on the disaster’s level of severity. Hurricane Floyd • IT • Business (records) Progress has been made in a just a few years. • Cornerstones of Progress: • Legislation requiring that agencies prepare Business Continuity Plans • Business Impact Analysis tool was purchased and agencies trained in its use. • Hot Site and routine tests of it.

  4. Governing StatuteGS 147-33.89 • Each state agency shall develop and continually review and update as necessary a business and disaster recovery plan with respect to information technology: • Consider the organizational, managerial, and technical environments. • Assess the types and likely parameters of disasters most likely to occur and the resultant impacts. • List protective measures to be implemented in anticipation of a natural or man-made disaster. • Each agency shall submit its disaster recovery (business continuity) plan on an annual basis to the State CIO (June).

  5. Business Impact Assessment Per the Governing Statute: Each state agency shall “assess the types and likely parameters of disasters most likely to occur and the resultant impacts.” Based on a recommendation from the statewide security assessment: ITS was advised to “leverage the Business Impact Assessment tool to help each agency understand its risks and what assets need to be protected.”

  6. BIA Process • Starting in January/February 2005 workshops were held for agencies. • Each agency’s Business Continuity planner completed a self-administered Business Impact assessment using a nationally recognized tool. Strohl Systems provided consultation. • The surveys were submitted to Strohl Systems for consolidation, review and report generation.

  7. BIA Report Results • Alternate Business Site (s) needed • Employees will need equipment and secure network for work-from-home strategy to be considered viable • Test system and data recoverability • Strategy for on-site paper records recovery needed

  8. BIA Report Results - Graphs

  9. BIA Report Results - Graphs What Percentage of Business Units Are Difficult to Recover?

  10. BIA Report Results - Graphs

  11. BIA Report Results - Graphs Types of Disruptions Fire Website Hacking Flooding Severe Weather Loss of Data Communications Power Loss Loss/Corrupted Data Business Disruption/Physical move Loss of Tape Drives Loss of Local LAN Severs Loss of Water

  12. BIA Report Results - Graphs

  13. BCP ResultsPlans submitted to SCIO

  14. BCP Results 15 agencies are ITS customers eligible for hot site services

  15. BCP ResultsAgencies w/ Critical Apps/Processes Listed

  16. How can the ITAB Help? • Raise the importance of the issues with agencies and the General Assembly. • Promote testing of critical business processes located on hardware in agency facilities • Establish agency policy • Review your own agency’s plan. Could you recover your mission critical processes with just the material in your plan?

  17. Next Steps • Strohl Systems will provide statewide training on new versions of the tools (October/November 2005) • Agencies encouraged to use BIA information to prepare their BCPs • SIO works closely with agencies on process improvements pertaining to BIA, Risk Management and BCP • BCPs will be submitted to SIO by June 30, 2006

  18. Questions?

More Related