Agenda item

ict disaster recovery preparation and testing

Mark Sheldon, Director Resources – see recommendation(s)

Minutes:

Andy Barge and Giles Rothwell, introduced the report as circulated with the agenda.  Andy explained that this progress report followed on from the assurance report which was considered by the committee on 26 March 2014.  He explained that any recovery strategy needed to be proportionate, balancing protection and recovery costs versus the risk to the business, suggesting that if recovery was assessed as taking less than a week, that rather than initiating the ICT Disaster Recovery Plan (ITDR) the council would instead initiate a Service Business Continuity Plan (SBCP).  Members were referred to part 3 of the report which set out progress that had been made in the previous 12 months.  He highlighted that in March 2015 status had progressed from red and with a maturity level of 1-2, as at October 2014, to amber with a maturity level of 3.  He stressed that on the basis that a primary point of the councils ITDR framework was to balance protection and recovery costs against the risk to the business, the maximum maturity level target was 4.  Paragraph 3.5 of the report set out areas of focus for the ensuing 12 months and this included finalising documentation and integration with service business continuity plans.

 

As a point of clarification the officers explained the difference between ITDR and SBCP, though admittedly there was a fine line between the two.  As part of the framework development, a number of plans had identified that there were a number of services which could continue to be delivered without ICT.  The ITDR would be initiated if a server was lost and it was not possible to get IT where it needed to be. 

 

The Governance, Risk and Compliance Officer explained that plans were in place across the shared services which would allow for staff to relocate to different sites if necessary and that there was a number of staff who would be able to work from home.  BCP was a standing item on the agenda of the Joint Security Working Group and all Service Managers would soon be contacted and asked to review their BCP and before testing was undertaken.  Testing had recently been carried out with the Elections team, with staff being relocated and included a full system shut down.  The data had then been tested and lessons were learned which could be applied to other service areas.  Members needed to be aware that a key risk to any service was the loss of people, not just infrastructure, and as such ICT had produced step-by-step guides for various tasks. 

 

The Director of Resources accepted that there was still some work to do but felt that good progress had been made and that the council was in a better position than it had been 12, or even 6 months ago, with the council’s ability to respond to an incident far improved.  He emphasised how integral investment had been in enabling this level of progress. 

 

Officers gave the following response to member questions and comments;

 

·         Part of the investment into IT had been used to make the system more robust by creating a ring design which meant that broken links could be bypassed.

·         There were two broadband routes to Coleford from Cheltenham, one provided by BT and the other by Virgin, so should one connection be lost, there would in theory be another broadband connection that was still functioning.  Most sites now had two routes. 

 

Upon a vote it was unanimously

 

RESOLVED that the report be noted. 

Supporting documents: