80 likes | 312 Views
Department of Information Technology Office of Business Continuity. Disaster Recovery Assessment and Feasibility Study Close Out Certification Request July 28, 2010. Presented by: Mary Wanda Anaya, Business Continuity Manager Stephanie Gallegos, Business Continuity Analyst.
E N D
Department of Information Technology Office of Business Continuity Disaster Recovery Assessment and Feasibility StudyClose Out Certification Request July 28, 2010 Presented by: Mary Wanda Anaya, Business Continuity Manager Stephanie Gallegos, Business Continuity Analyst
Business Continuity Program Vision Statement A Business Continuity Program that strives to maintain continuity of operations for the State’s mission critical services by sustaining a high level of standards and excellence. Mission Statement Provide the planning methodology for how the Department of Information Technology will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. Prepare for future incidents that could jeopardize the State’s core mission critical systems.
FY 2008 C2 Appropriation The Department of Information Technology received $250,000 for a Disaster Recovery (DR) Assessment and Feasibility Study to determine the best approach for redundancy for its most critical Information Technology (IT) based services and applications. The purpose of this project was to determine the most cost effective means of providing this service. • DR Assessment -Threat and Risk Assessment • Enterprise Applications (Email, Share, Mainframe) • Site Visits – Colorado, Arizona, & Oregon • Feasibility Study – Critical Applications Assessment • BC-DR Questionnaire to Executive Agencies • Determine 12 Top Critical Applications • Interview 10 Agencies (Business & IT Staff) • Provided the BC and DR Recommendations • Training – Business Continuity Classes • Formal BC Class and Certification • Business Continuity Awareness (2 Classes) – Agencies • Business Continuity Planning (1 Class) - Agencies • Result of the Study - DoIT released a RFP for Data Resilience and Disaster Recovery Site Service 3
Project Time Line • 2009 • August Site Visit (Colorado, Arizona, Oregon) • March Contracted POD Inc. • August Conduct DR Assessment and Feasibility • Study • April Office of BC Formal Training and Attained Certification • (CBRM Certified Business resilience Manger). • November Developed and Released an RFP • Enterprise BC/DR Site Services • 2010 • January Vendors Submit RFP Proposals • April Evaluate RFP Proposals and Select Finalist • May Conduct Agency and DoIT Staff BC Training • June Close Out Contract • July Award Price Agreement • August Contract Enterprise BC/DR Site 4
Project Deliverables Received 4.2.2.1 State Government and Commercial Site Visits 4.2.2.2 Contract Del #1 Discovery Document 4.2.2.3 Contract Del #2 Threat Analysis Report 4.2.2.4 Contract Del #3 Risk Analysis Report 4.2.2.5 Contract Del #4 Threat & Risk Recommendations Document 4.2.2.6 Contract Del #5 Critical Applications Determination 4.2.2.7 Contract Del #6 Evaluate Selected agencies BC & DR Plans 4.2.2.8 Contract Del #7 Evaluate Twelve Critical Applications Architecture 4.2.2.9 Contract Del #8 Critical Applications Recommendations 4.2.2.10 Contract Del #9 Determine Disaster Recovery efforts for Developing Linkage of Like Applications and Platforms Report 4.2.2.11 Contract Del #10 Overall Disaster Recovery Recommendations 4.2.2.12 Business Continuity and Disaster Recovery Training 5
Lessons Learned • When the product of the project is a study, it is critical to the project to include a requirement in the contract for a technical writer. • When critical information is gathered through an interview process, note gathering should extend to include voice recording to assure all important information is documented. • Even in small projects it is difficult for the Project Manager and the Project Team Leader to be the same individual. • Continuous Business Continuity training is required within the State of New Mexico to educate the agencies that Business Continuity is not only Disaster Recovery and an IT responsibility, but an ongoing business process to continue providing critical services.
DoIT Price Agreement RFP# 00-361-00-01416 DoIT Disaster Recovery and Data Resilience Data Center Site(s) Category-1 Resilience Data Center Site (GOLD) Production/Failover Available 24x7x365 Category-2 Hot Data Center Site (SILVER) Host Equipment Operating System/Application Software/Copy of Data (test Available within 8 hrs Category-3 Warm Data Center Site (BRONZE) Racks, Power, Data Available within 24 hrs Category-4 Cold Data Center Site (PAPER) only floor space Available within 72 hrs 8