Business continuity for Information Systems

Business Continuity for Information Systems

State of Utah – October 2006

Emergency Medical ServicesHomeland Security

Business Continuity

• The Critical Infrastructure Protection Directive (PDD-63) calls for a national-level effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States.

• The State of Utah provides many critical services, supported by information technology) that would be essential during an emergency


Why is it important?

• Services must be provided when emergencies occur, such as:– Fire– Flooding– Other weather-related hazards– Hazardous chemicals– Cyber-attacks and system failures are a

reality– Earthquake– Terrorism


Continuity of Operations (COOP)

– An internal effort within an organization to assure that the capability exists to continue essential business functions across a wide range of potential emergencies.


Elements of a Viable COOP

• A Succession Plan and Delegation of Authority• Alternate facilities• Safekeeping of Vital Records• Security• Interoperable Communications• A regular COOP Training, Testing and Exercise

programsource: GSA Emergency Management Office

A viable COOP needs to include:


Systems Assessment

In 2006, DTS, in cooperation with Public Safety, completed an assessment of information systems and IT infrastructure:

• Reviewed 1500 information systems and components

• Hardware Infrastructure• Communications systems• Analyzed systems based on criticality in an

emergency scenario


Key Infrastructure Capabilities

• Redundant, Self-Healing Network– SONET Ring– Geographic Hubs

• Alternate Data Center in Richfield– Alternate internet connection– Redundant paths to SONET ring

• Voice Communications– 3 Omnilink controllers connect 800 MHz, VHF, and

other radio communications statewide


COOP Tiers

1. System is critical during the first 24 hours of the emergency / disaster

2. System must be available within the first 7 days following the disaster

3. System must be available within the first 30 days


Funding requirement

To bring all systems that have been identified as having Tier 1 and Tier 2 COOP requirements up to that level of preparedness would require estimated funding of $18.9 million.

*see COOP systems report for detail


Business Continuity Needs

• Based on a total estimated need (tier 1 and 2) of $18.9 million

• Data does not include: Courts, Legislature, Higher Education, Public Education

1.6

2.4

1.5

13.4

Information Systems

IT Infrastructure

Personnel Training andTestingCommunications

Values are in millions of dollars


Key Functions for Business Continuity

• Authentication Infrastructure

• Support for vulnerable populations

• Financial systems• Emergency response

systems

• Alert and notifications• Voice and data

communications• Information systems

supporting emergency support functions


Emergency Support Functions

• Transportation• Communications• Public Works and

Engineering• Firefighting • Emergency

Management• Mass Care, Housing,

and Human Services• Long Term Community

Recovery

• Public Health and Medical Services

• Resource Support• Urban Search and Rescue• Oil & Hazardous Materials• Agriculture and Natural

Resources• Energy• Public Safety and Security


Tier 1 State of Utah Systems

• Offender Tracking (Corrections)• Utah Law Enforcement Intelligence Network (Public

Safety)• Vital Records (Health)• Utah Notification Information System (Health)• Financial Systems (DAS)• Statewide Radio Connectivity (DTS)• Utah Criminal Justice Information System (UCJIS)• Utah Highway Patrol Information System (DPS)

* these are representative, not all inclusive


Risk of not addressing Tier One

• Disruption in financial payments to employees, citizens, and state vendors during a critical outage

• Inability of first responders to communicate effectively across the state

• Loss of life• Increased property damage and financial

loss during an emergency


Tier 2 State of Utah Systems

• Claims Management (DAS)• Special Needs Housing (DHS)• Insurance Licensing & Regulation (Insurance)• Drivers License (DPS)• Motor Carrier (UDOT)• Licensing Enforcement (Commerce)

* these are representative, not all inclusive


Risk of not addressing Tier Two

• Reduced ability to respond to claims during a period of substantially increased demand

• Limited ability to care for vulnerable populations

• Reduced ability to deal with need of increased transport for goods and services

• Increased risk to the public


Tier 3 Examples

• Safe Drinking Water Information System

• Laboratory Support Systems

• Medicaid

• Air Quality Monitoring Network

• Unemployment Insurance

• Core Tax Systems* these are representative, not all inclusive


Richfield Alternate Data Center

Capabilities: different earthquake zone from Wasatch Front, 4 microwave and 1 fiber path to core state network, backup mainframe, backup power (UPS and generator), alternate internet connection, staffed 24x7

Can be used to house all business resumption capabilities.

* Will need to be expanded if tier 1,2, and 3 COOP is implemented


Richfield Systems

• University Hospital

• Administrative Computing (U. of Utah)

• Davis School District

These systems (outside the executive branch) are currently housed at the Richfield data center to provide business continuity services:


In Summary

• Information Systems– Tier One: 14 systems in 4 agencies

Est. Tier One: $5,342,500– Tier Two: 63 systems in 11 agencies

Est. Tier Two: $8,040,000– Systems Implemented: ORSIS, ABC business systems, some

Public Safety systems

• Infrastructure: Much of the core infrastructure for business continuity is already in place.– Est. Infrastructure: $1,376,000

• Communications: $1,600,000• Est. Personnel and Training: $2,400,000

Business continuity for Information Systems

Documents

coop systems

systems assessment

emergency disaster system

business continuity

coop tiers system

information technology

business continuity

critical services