Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Business continuity for information systems


Published on

for COOP Project

  • Be the first to comment

  • Be the first to like this

Business continuity for information systems

  1. 1. Business Continuity for Information Systems State of Utah – October 2006
  2. 2. Business Continuity <ul><li>The Critical Infrastructure Protection Directive (PDD-63) calls for a national-level effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States. </li></ul><ul><li>The State of Utah provides many critical services, supported by information technology) that would be essential during an emergency </li></ul>
  3. 3. Why is it important? <ul><li>Services must be provided when emergencies occur, such as: </li></ul><ul><ul><li>Fire </li></ul></ul><ul><ul><li>Flooding </li></ul></ul><ul><ul><li>Other weather-related hazards </li></ul></ul><ul><ul><li>Hazardous chemicals </li></ul></ul><ul><ul><li>Cyber-attacks and system failures are a reality </li></ul></ul><ul><ul><li>Earthquake </li></ul></ul><ul><ul><li>Terrorism </li></ul></ul>
  4. 4. Continuity of Operations (COOP) <ul><ul><li>An internal effort within an organization to assure that the capability exists to continue essential business functions across a wide range of potential emergencies. </li></ul></ul>
  5. 5. Elements of a Viable COOP <ul><li>A Succession Plan and Delegation of Authority </li></ul><ul><li>Alternate facilities </li></ul><ul><li>Safekeeping of Vital Records </li></ul><ul><li>Security </li></ul><ul><li>Interoperable Communications </li></ul><ul><li>A regular COOP Training, Testing and Exercise program </li></ul><ul><li>source: GSA Emergency Management Office </li></ul>A viable COOP needs to include:
  6. 6. Systems Assessment <ul><li>In 2006, DTS, in cooperation with Public Safety, completed an assessment of information systems and IT infrastructure: </li></ul><ul><li>Reviewed 1500 information systems and components </li></ul><ul><li>Hardware Infrastructure </li></ul><ul><li>Communications systems </li></ul><ul><li>Analyzed systems based on criticality in an emergency scenario </li></ul>
  7. 7. Key Infrastructure Capabilities <ul><li>Redundant, Self-Healing Network </li></ul><ul><ul><li>SONET Ring </li></ul></ul><ul><ul><li>Geographic Hubs </li></ul></ul><ul><li>Alternate Data Center in Richfield </li></ul><ul><ul><li>Alternate internet connection </li></ul></ul><ul><ul><li>Redundant paths to SONET ring </li></ul></ul><ul><li>Voice Communications </li></ul><ul><ul><li>3 Omnilink controllers connect 800 MHz, VHF, and other radio communications statewide </li></ul></ul>
  8. 8. COOP Tiers <ul><li>System is critical during the first 24 hours of the emergency / disaster </li></ul><ul><li>System must be available within the first 7 days following the disaster </li></ul><ul><li>System must be available within the first 30 days </li></ul>
  9. 9. Funding requirement To bring all systems that have been identified as having Tier 1 and Tier 2 COOP requirements up to that level of preparedness would require estimated funding of $18.9 million . * see COOP systems report for detail
  10. 10. Business Continuity Needs <ul><li>Based on a total estimated need (tier 1 and 2) of $18.9 million </li></ul><ul><li>Data does not include: Courts, Legislature, Higher Education, Public Education </li></ul>Values are in millions of dollars
  11. 11. Key Functions for Business Continuity <ul><li>Authentication Infrastructure </li></ul><ul><li>Support for vulnerable populations </li></ul><ul><li>Financial systems </li></ul><ul><li>Emergency response systems </li></ul><ul><li>Alert and notifications </li></ul><ul><li>Voice and data communications </li></ul><ul><li>Information systems supporting emergency support functions </li></ul>
  12. 12. Emergency Support Functions <ul><li>Transportation </li></ul><ul><li>Communications </li></ul><ul><li>Public Works and Engineering </li></ul><ul><li>Firefighting </li></ul><ul><li>Emergency Management </li></ul><ul><li>Mass Care, Housing, and Human Services </li></ul><ul><li>Long Term Community Recovery </li></ul><ul><li>Public Health and Medical Services </li></ul><ul><li>Resource Support </li></ul><ul><li>Urban Search and Rescue </li></ul><ul><li>Oil & Hazardous Materials </li></ul><ul><li>Agriculture and Natural Resources </li></ul><ul><li>Energy </li></ul><ul><li>Public Safety and Security </li></ul>
  13. 13. Tier 1 State of Utah Systems <ul><li>Offender Tracking (Corrections) </li></ul><ul><li>Utah Law Enforcement Intelligence Network (Public Safety) </li></ul><ul><li>Vital Records (Health) </li></ul><ul><li>Utah Notification Information System (Health) </li></ul><ul><li>Financial Systems (DAS) </li></ul><ul><li>Statewide Radio Connectivity (DTS) </li></ul><ul><li>Utah Criminal Justice Information System (UCJIS) </li></ul><ul><li>Utah Highway Patrol Information System (DPS) </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  14. 14. Risk of not addressing Tier One <ul><li>Disruption in financial payments to employees, citizens, and state vendors during a critical outage </li></ul><ul><li>Inability of first responders to communicate effectively across the state </li></ul><ul><li>Loss of life </li></ul><ul><li>Increased property damage and financial loss during an emergency </li></ul>
  15. 15. Tier 2 State of Utah Systems <ul><li>Claims Management (DAS) </li></ul><ul><li>Special Needs Housing (DHS) </li></ul><ul><li>Insurance Licensing & Regulation (Insurance) </li></ul><ul><li>Drivers License (DPS) </li></ul><ul><li>Motor Carrier (UDOT) </li></ul><ul><li>Licensing Enforcement (Commerce) </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  16. 16. Risk of not addressing Tier Two <ul><li>Reduced ability to respond to claims during a period of substantially increased demand </li></ul><ul><li>Limited ability to care for vulnerable populations </li></ul><ul><li>Reduced ability to deal with need of increased transport for goods and services </li></ul><ul><li>Increased risk to the public </li></ul>
  17. 17. Tier 3 Examples <ul><li>Safe Drinking Water Information System </li></ul><ul><li>Laboratory Support Systems </li></ul><ul><li>Medicaid </li></ul><ul><li>Air Quality Monitoring Network </li></ul><ul><li>Unemployment Insurance </li></ul><ul><li>Core Tax Systems </li></ul><ul><li>* these are representative, not all inclusive </li></ul>
  18. 18. Richfield Alternate Data Center Capabilities: different earthquake zone from Wasatch Front, 4 microwave and 1 fiber path to core state network, backup mainframe, backup power (UPS and generator), alternate internet connection, staffed 24x7 Can be used to house all business resumption capabilities. * Will need to be expanded if tier 1,2, and 3 COOP is implemented
  19. 19. Richfield Systems <ul><li>University Hospital </li></ul><ul><li>Administrative Computing (U. of Utah) </li></ul><ul><li>Davis School District </li></ul>These systems (outside the executive branch) are currently housed at the Richfield data center to provide business continuity services:
  20. 20. In Summary <ul><li>Information Systems </li></ul><ul><ul><li>Tier One: 14 systems in 4 agencies Est. Tier One: $5,342,500 </li></ul></ul><ul><ul><li>Tier Two: 63 systems in 11 agencies Est. Tier Two: $8,040,000 </li></ul></ul><ul><ul><li>Systems Implemented: ORSIS, ABC business systems, some Public Safety systems </li></ul></ul><ul><li>Infrastructure: Much of the core infrastructure for business continuity is already in place. </li></ul><ul><ul><li>Est. Infrastructure: $1,376,000 </li></ul></ul><ul><li>Communications: $1,600,000 </li></ul><ul><li>Est. Personnel and Training: $2,400,000 </li></ul>