Business continuity for Information Systems


Published on

for COOP process

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business continuity for Information Systems

  1. 1. Business Continuity for Information Systems State of Utah – October 2006
  2. 2. Business Continuity <ul><li>The Critical Infrastructure Protection Directive (PDD-63) calls for a national-level effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States. </li></ul><ul><li>The State of Utah provides many critical services, supported by information technology) that would be essential during an emergency </li></ul>
  3. 3. Why is it important? <ul><li>Services must be provided when emergencies occur, such as: </li></ul><ul><ul><li>Fire </li></ul></ul><ul><ul><li>Flooding </li></ul></ul><ul><ul><li>Other weather-related hazards </li></ul></ul><ul><ul><li>Hazardous chemicals </li></ul></ul><ul><ul><li>Cyber-attacks and system failures are a reality </li></ul></ul><ul><ul><li>Earthquake </li></ul></ul><ul><ul><li>Terrorism </li></ul></ul>
  4. 4. Continuity of Operations (COOP) <ul><ul><li>An internal effort within an organization to assure that the capability exists to continue essential business functions across a wide range of potential emergencies. </li></ul></ul>
  5. 5. Elements of a Viable COOP <ul><li>A Succession Plan and Delegation of Authority </li></ul><ul><li>Alternate facilities </li></ul><ul><li>Safekeeping of Vital Records </li></ul><ul><li>Security </li></ul><ul><li>Interoperable Communications </li></ul><ul><li>A regular COOP Training, Testing and Exercise program </li></ul><ul><li>source: GSA Emergency Management Office </li></ul>A viable COOP needs to include:
  6. 6. Systems Assessment <ul><li>In 2006, DTS, in cooperation with Public Safety, completed an assessment of information systems and IT infrastructure: </li></ul><ul><li>Reviewed 1500 information systems and components </li></ul><ul><li>Hardware Infrastructure </li></ul><ul><li>Communications systems </li></ul><ul><li>Analyzed systems based on criticality in an emergency scenario </li></ul>
  7. 7. Key Infrastructure Capabilities <ul><li>Redundant, Self-Healing Network </li></ul><ul><ul><li>SONET Ring </li></ul></ul><ul><ul><li>Geographic Hubs </li></ul></ul><ul><li>Alternate Data Center in Richfield </li></ul><ul><ul><li>Alternate internet connection </li></ul></ul><ul><ul><li>Redundant paths to SONET ring </li></ul></ul><ul><li>Voice Communications </li></ul><ul><ul><li>3 Omnilink controllers connect 800 MHz, VHF, and other radio communications statewide </li></ul></ul>
  8. 8. COOP Tiers <ul><li>System is critical during the first 24 hours of the emergency / disaster </li></ul><ul><li>System must be available within the first 7 days following the disaster </li></ul><ul><li>System must be available within the first 30 days </li></ul>
  9. 9. Funding requirement To bring all systems that have been identified as having Tier 1 and Tier 2 COOP requirements up to that level of preparedness would require estimated funding of $18.9 million . * see COOP systems report for detail
  10. 10. Business Continuity Needs <ul><li>Based on a total estimated need (tier 1 and 2) of $18.9 million </li></ul><ul><li>Data does not include: Courts, Legislature, Higher Education, Public Education </li></ul>Values are in millions of dollars
  11. 11. Key Functions for Business Continuity <ul><li>Authentication Infrastructure </li></ul><ul><li>Support for vulnerable populations </li></ul><ul><li>Financial systems </li></ul><ul><li>Emergency response systems </li></ul><ul><li>Alert and notifications </li></ul><ul><li>Voice and data communications </li></ul><ul><li>Information systems supporting emergency support functions </li></ul>
  12. 12. Emergency Support Functions <ul><li>Transportation </li></ul><ul><li>Communications </li></ul><ul><li>Public Works and Engineering </li></ul><ul><li>Firefighting </li></ul><ul><li>Emergency Management </li></ul><ul><li>Mass Care, Housing, and Human Services </li></ul><ul><li>Long Term Community Recovery </li></ul><ul><li>Public Health and Medical Services </li></ul><ul><li>Resource Support </li></ul><ul><li>Urban Search and Rescue </li></ul><ul><li>Oil & Hazardous Materials </li></ul><ul><li>Agriculture and Natural Resources </li></ul><ul><li>Energy </li></ul><ul><li>Public Safety and Security </li></ul>
  13. 13. Tier 1 State of Utah Systems <ul><li>Offender Tracking (Corrections) </li></ul><ul><li>Utah Law Enforcement Intelligence Network (Public Safety) </li></ul><ul><li>Vital Records (Health) </li></ul><ul><li>Utah Notification Information System (Health) </li></ul><ul><li>Financial Systems (DAS) </li></ul><ul><li>Statewide Radio Connectivity (DTS) </li></ul><ul><li>Utah Criminal Justice Information System (UCJIS) </li></ul><ul><li>Utah Highway Patrol Information System (DPS) </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  14. 14. Risk of not addressing Tier One <ul><li>Disruption in financial payments to employees, citizens, and state vendors during a critical outage </li></ul><ul><li>Inability of first responders to communicate effectively across the state </li></ul><ul><li>Loss of life </li></ul><ul><li>Increased property damage and financial loss during an emergency </li></ul>
  15. 15. Tier 2 State of Utah Systems <ul><li>Claims Management (DAS) </li></ul><ul><li>Special Needs Housing (DHS) </li></ul><ul><li>Insurance Licensing & Regulation (Insurance) </li></ul><ul><li>Drivers License (DPS) </li></ul><ul><li>Motor Carrier (UDOT) </li></ul><ul><li>Licensing Enforcement (Commerce) </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  16. 16. Risk of not addressing Tier Two <ul><li>Reduced ability to respond to claims during a period of substantially increased demand </li></ul><ul><li>Limited ability to care for vulnerable populations </li></ul><ul><li>Reduced ability to deal with need of increased transport for goods and services </li></ul><ul><li>Increased risk to the public </li></ul>
  17. 17. Tier 3 Examples <ul><li>Safe Drinking Water Information System </li></ul><ul><li>Laboratory Support Systems </li></ul><ul><li>Medicaid </li></ul><ul><li>Air Quality Monitoring Network </li></ul><ul><li>Unemployment Insurance </li></ul><ul><li>Core Tax Systems </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  18. 18. Richfield Alternate Data Center Capabilities: different earthquake zone from Wasatch Front, 4 microwave and 1 fiber path to core state network, backup mainframe, backup power (UPS and generator), alternate internet connection, staffed 24x7 Can be used to house all business resumption capabilities. * Will need to be expanded if tier 1,2, and 3 COOP is implemented
  19. 19. Richfield Systems <ul><li>University Hospital </li></ul><ul><li>Administrative Computing (U. of Utah) </li></ul><ul><li>Davis School District </li></ul>These systems (outside the executive branch) are currently housed at the Richfield data center to provide business continuity services:
  20. 20. In Summary <ul><li>Information Systems </li></ul><ul><ul><li>Tier One: 14 systems in 4 agencies Est. Tier One: $5,342,500 </li></ul></ul><ul><ul><li>Tier Two: 63 systems in 11 agencies Est. Tier Two: $8,040,000 </li></ul></ul><ul><ul><li>Systems Implemented: ORSIS, ABC business systems, some Public Safety systems </li></ul></ul><ul><li>Infrastructure: Much of the core infrastructure for business continuity is already in place. </li></ul><ul><ul><li>Est. Infrastructure: $1,376,000 </li></ul></ul><ul><li>Communications: $1,600,000 </li></ul><ul><li>Est. Personnel and Training: $2,400,000 </li></ul>