Docstoc

ICT Information Circular_IC_ and RFC to Country Offices No

Document Sample
ICT Information Circular_IC_ and RFC to Country Offices No Powered By Docstoc
					              ICT Information Circular (IC) to Country Offices No. 2011/003 and Request for
              Comments (RFC)




Subject: ICT Emergency Preparedness (IEP) for Country Offices

Purpose
The intent of this Information Circular (IC) on ICT Emergency Preparedness (IEP) is to:

     a. Provide a consolidated list of existing policies, standards, best practices, and information
        supporting ICT Emergency Preparedness for UNDP Offices (especially Country Offices - COs)
     b. Refer to standard procedures and equipment that should be in place, validated and tested
     c. Refer to existing mechanisms for sharing information such as Business Continuity Plans (BCP)
        and Disaster Recovery Plans (DRP), emergency contact details of ICT staff, as well as satellite
        phone/BGAN terminals, etc. that make them readily fit for use
     d. Suggest support roles for Country Offices, OIST, and Security Office personnel

During an emergency, it is vital and critical to have basic ICT functionality to allow COs to conduct
critical operations. They have to be available and operational when an emergency breaks out.
Otherwise the safety of staff and UN response may be severely hampered. There are policies, standards,
procedures, and information in place across the organization, and this IC and the resulting single-page
ICT Emergency Preparedness Guidelines for UNDP Offices Guidelines provides a consolidated list of key
crisis support information. It does not specify individual crisis-prone COs, introduce new policies or
standards, survey COs on IEP, or request further information.

A follow-up request will be issued to gather Country-Office-specific information pertinent to crisis
support and compliance with business continuity, ICT security, and other ICT policies and standards.

Applicability
This IC, while written in the context of RBAS crisis situations, applies to all offices (COs in particular), so
that they may all be adequately prepared in crisis situations. BoM/OIST will subsequently review all COs,
based on information that they provide, together with Security Office/BoM, BCPR, and respective
Regional Bureaux, and inform offices that need to undertake ICT emergency preparedness activities as
outlined by this IC.

Background
The outbreak of crisis situations in several countries in the RBAS region over the past few weeks has
reinforced the need to address ICT Emergency Preparedness (IEP) as well as regularly review and update
Country Office ICT Disaster Recovery Plans (DRP). Recent events in the Arab States region caused loss of
Internet connectivity, causing immediate disruption to critical online applications such as e-mail, Atlas,
and the Intranet. In the event of a crisis/emergency, there is a high risk of Internet connectivity


ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                Page 1 of 8
disruption due to government restrictions, inaccessible or loss of data centers due to forced evacuation,
looting or physical damage, or loss of local telecommunications infrastructure and facilities. In some
cases, there had been incidents of interfering and blocking satellite communications. Without adequate
DRP and IEP, COs are exposed to loss of essential communications facilities and institutional memory.

As per guidance documents below, COs should have in place proper mitigation measures to ensure that
mission-critical ICT applications and assets such as messaging (e-mail), network security devices, shared
data, CO websites and their contents, etc., are located outside of the CO premises to the extent
possible, and that COs have access to independent communication tools such as VSAT, BGAN or satellite
phones, including potentially facilities outside of host government control. These should be completely
independent from any national telecommunications infrastructure that can be shut down, disconnected,
or filtered by local authorities. COs need to ensure that critical local data (documents on file servers,
email messages of Option 3 COs, etc.) is frequently backed up and deposited in a secured off-site
location, because data could be lost or destroyed along with the CO ICT equipment.

In compliance with the UNDP Information Security policy and its ICT Disaster Recovery Standards for
UNDP Offices, COs have been asked to review their ICT infrastructure and facilities in order to identify
vulnerabilities, addressing them before crises/emergencies arise. The best practices guidelines provided
below help ensure that this assessment can be done as soon as possible, particularly in crisis-prone
areas. ICT Emergency Preparedness measures undertaken by UNDP Haiti serve as a good example for
many offices; nine months before the devastating January 2010 Earthquake, the Haiti CO migrated from
a locally hosted e-mail solution to the enterprise Managed Messaging Services (MMS) arrangement. As a
result of this measure, UNDP was the only UN agency in Port-au-Prince with uninterrupted e-mail
communications once there was connectivity to the Internet.

ICT Emergency Preparedness Best Practices Guidelines
The best practices guidelines found in the following annexes provide information and references to help
ensure ICT Emergency Preparedness. UNDP COs are reminded to review their ICT infrastructure and
facilities in order to identify vulnerabilities and address them before crises/emergencies arise. Please
address any queries to bom.oist.gia@undp.org.

List of Annexes:

         Annex A: ICT Emergency Preparedness Best Practices Guidelines
         Annex B: Equipment Specifications and Ordering Procedures
         Annex C: Support from BoM/OIST and BoM/Security Office

Requests for Comments
All requests for comments and/or clarifications should be sent to bom.oist.gau@undp.org by 15 March
2011.




ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                          Page 2 of 8
Annex A: ICT Emergency Preparedness Best Practices Guidelines

Measures                                Guidance
                                             Obtain a copy from the DRR/Operation Managers
                                             Ensure that ICT Emergency Preparedness (IEP) aspect is included,
1. Business           Continuity
                                              also covering a link to a list of Emergency Telecommunication
Plan (BCP)
                                              procedures with satellite phone numbers, BGAN, VHF network, ICT
                                              staff contact information, etc.

                                              Develop a Disaster Recovery plan using the ICT Disaster Recovery
                                               Standards for UNDP Offices and ICT Disaster Recovery Plan
                                               Template
                                              If possible, establish formal off-site storage arrangements with a
                                               commercial service provider or a trusted third-party (e.g. another UN
                                               agency, adjacent UNDP CO, etc.)
2. Disaster Recovery Plan
                                              Ensure back up of all servers and ICT systems are in accordance with
(DRP)
                                               the recommended standards if the UNDP Disaster Recovery standard
                                              Ensure the ICT facility (e.g. server room) is being maintained in
                                               accordance with the recommended standards of the UNDP Disaster
                                               Recovery standard.
                                              Establish, ahead of time, an alternative mode of connecting to the
                                               Internet during a disaster

                                             The Fast Track Procedures (FTPs) (requires email address and
                                              password credentials for log-in) provide COs with expanded and
                                              extraordinary authority and tools to quickly respond to emergencies
3. Fast-Track-Procedures
                                              OIST will ensure priority to ICT related requests from COs under FTP,
(FTP)
                                              in particular services related to e-mail accounts, connectivity (VSAT,
                                              link load balancing and Wi-Max), short-term deployment of ICT staff
                                              from roster of ICT experts and procurement of ICT goods and services

                                             Ensure availability of the equipment listed under Annex B, in
                                              accordance with the Emergency Relief Items Specifications document,
                                              and that it is tested periodically as part of the overall periodic BCP test.
                                             If CO does not possess all or part of the equipment listed, liaise with
4.          Emergency
                                              BOM/SO and proceed with procurement immediately.
Telecommunications
                                             Please contact OIST Global ICT Advisory services at
                                              bom.oist.gia@undp.org          for     information       on      Emergency
                                              Telecommunications Cluster (ETC) and FITTEST/WFP arrangement,
                                              including MOU with WFP for emergency telecommunications

                                             If CO does not have a VSAT, refer to the OIST ICT Service Catalogue,
                                              and liaise with bom.oist.gia@undp.org for purposes of initiating
5.          Connectivity
                                              procurement and planning of implementation. A VSAT link is important
Preparedness
                                              for a CO in a crisis prone country since it ensures independence from
                                              the national telecommunications infrastructure
                                             If CO does not have a link-load balancing device, refer to the OIST ICT

ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                           Page 3 of 8
                                              Service Catalogue, and liaise with bom.oist.gia@undp.org for
                                              purposes of initiating procurement and planning of implementation.
                                             Additional details are available at IC No. 2010/004 Guidance on
                                              Connectivity and at IC 2010/004 Connectivity Improvement and
                                              Monitoring Project

                                             COs with email facilities installed and operated locally are extremely
                                              vulnerable in the event of a major crisis. This could lead to e-mail
                                              services being disrupted. COs in crisis prone COs are advised to
                                              migrate to Managed Messaging Services (MMS II) immediately as per
6.   E-Mail     Disaster                      the     OIST      ICT    Service    Catalogue       and     liaise    with
Recovery Preparedness                         bom.oist.gia@undp.org for implementation of this service. MMS II
                                              offers high resiliency and continuous availability to ensure reliable and
                                              secured communications facility to UNDP offices. Please see the
                                              provisioning guide available from Fast Track Procedures (requires
                                              email address and password credentials for log-in)

                                             The CO Website should best be hosted outside of the data center of
                                              the CO and outside the country in a purpose-built facility. This will
                                              ensure availability of vital information about the UNDP programme in
                                              the country to the general public and UNDP´s stakeholders during a
7. CO    Website                and           crisis situation. If this was not yet implemented, refer the OIST ICT
Webhosting                                    Service Catalogue and liaise with bom.oist.gia@undp.org for
                                              participation in the Webhosting service. Please also consult the Fast
                                              Track Procedures for countries currently under crisis
                                             Provide login details to Office of Communications, who will take charge
                                              of the Website management in the event the CO is unable to do so

                                             Ensure off site back-up of mission critical data in an off-site location.
                                              OIST is in the process of establishing a facility for on-line back-up,
                                              which will be ready towards the end of 2011.
                                             Implement Intranet-in-a-Box (refer to the OIST ICT Service Catalogue
                                              and liaise with bom.oist.gia@undp.org for participation). This will
                                              provide UNDP users with internal, secure business process workflow
                                              management, document management and record retention, outside of
8. Data Backup
                                              the CO network and the country since the Sharepoint 2010 facility for
                                              Country Office Intranets is hosted in Geneva. When implementing the
                                              Intranet-in-a-Box, the CO will have a designated area (e.g.
                                              https://intranet.undp.org/country/XX where XX is the country name)
                                              and below that the CO will be able to create sub-sites as needed. In
                                              summary, a high degree of ICT disaster preparedness can be ensured
                                              if UNDP users adopt the habit of posting all important documents and
                                              mission critical information on the Intranet where integration to other
                                              corporate systems, such as email and Atlas is available.

9.   Implementation    of
                                             If CO is not yet under managed security (firewall), refer to page 26 in
Managed          Security
                                              the    OIST      ICT    Service    Catalogue     and       liaise  with
Services
                                              bom.oist.gia@undp.org for participation in Managed Security Services


ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                         Page 4 of 8
                                              (MSS II). Implementation of MSS II will secure the CO network and will
                                              furthermore enable COs to establish Virtual Private Network (VPN)
                                              with the HQ, which is necessary for OIST to provide remote
                                              management and support to the CO ICT infrastructure including CO
                                              file servers in the event that the CO data centers and resources are
                                              physically inaccessible or when CO ICT support personnel are unable
                                              to carry out their regular functions in an event of crisis or emergency.
                                             Please also refer to Information Circular # 2011/001 on Transition of
                                              Managed Security Services 1st Generation (MSS-I) to MSS-II, which
                                              provides the guidelines for the roll-out of the new framework for
                                              Managed Security Services (firewall) in UNDP.

                                        These procedures cover the first three months after a crisis. They provide
                                        an institutional and operational framework, enabling critical decisions and
                                        actions to be taken in a timely manner. There are three parts to the Levels
10.    BCPR    Standard
                                        of Organizational Response Procedures. Part one covers the role of UNDP
Operating    Procedures
                                        in crisis countries and the rationale plus development process behind the
(SOPs) - Immediate Crisis
                                        Procedures. Part two describes the three levels of immediate crisis
Response
                                        response, while the final part details the five phases of response:

                                             https://shp.undp.org/sites/surge/surgetoolkit/Pages/SOP.aspx




ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                       Page 5 of 8
Annex B: Equipment Specifications and Ordering Procedures
BoM/OIST has standardized the following equipment for use by UNDP Country Offices.

Satellite           telephone        Technical Specifications            Approximate    Subscription
                                                                                    1
terminals                                                                cost (FCA)     services (TO      BE
                                                                                        DEVELOPED)

Thuraya 2510                         Handheld Thuraya terminal for       U$ 500         -Monthly subscription
                                     voice, SMS and low speed data.                     fee;

                                     See Chapter 1 on link pointed                      -Charge per minute:
                                     below

Iridium 9555                         Handheld Iridium terminal for       U$ 1,400       -Monthly subscription
                                     voice, SMS and low speed data                      fee;

                                     See Chapter 1on link pointed                       -Charge per minute:
                                     below

BGAN          Terminals
(Thrane & Thrane)

Explorer 500                         Portable BGAN Terminal for          U$ 2,800       -Monthly subscription
                                     voice, data, fax and SMS                           fee;
                                     services.     464/448      kbps
                                     background IP, 32/64/128 kbps                      -Charge per Kb:
                                     streaming, 160 character SMS

                                     See Chapter 1 on link pointed
                                     below

Explorer 700                         Portable BGAN terminal for voice,   U$ 4,600       -Monthly subscription
                                     data, fax and SMS services.                        fee;
                                     492/492 kbps background IP,
                                     32/64/128/256 kbps streaming, 2                    -Charge per KB:
                                     x 64 kbps ISDN, 160 character
                                     SMS

                                     See Chapter 1 on link pointed
                                     below



VHF                                  As per MOSS




1
 To be used for budgetary purposes only. Formal prices to be provided through spot quotations and based on
possible quantity discounts

ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                 Page 6 of 8
HF                                   As per MOSS

Smartphone                                All essential staff
                                          Although very vulnerable in
                                           time of political and civil
                                           unrest, they have proven to
                                           be very useful in case of
                                           natural disaster. They allow
                                           receiving     email,      instant
                                           messaging       and      Internet
                                           access.
                                          Recent earthquakes in New
                                           Zealand and Haiti have
                                           shown that this mean of
                                           communication saved life by
                                           allowing        survivor       to
                                           communicate.

Delivery times:                      All above items are normally available either ex-
                                     stock or with very short delivery lead times.




Detailed technical specifications for the above and other ICT equipment (VHF radios and HF radios, GPS,
etc.) used in Crisis and Emergency Relief is available in the Emergency Relief Items Specifications
document.

Sourcing Options/Ordering Procedures:

         PSO/BoM Copenhagen has extensive experience in supporting UNDP COs procurement needs
          and can be used for accelerated procurement and delivery of required equipment and related
          services (i.e. installation, post-paid service agreements, pre-paid cards, etc.)
         UNDP- PSO is able to source the equipment (and required services) either from existing Long
          Term Agreements (LTAs) or through MOUs established with WFP/FESO-FITTEST and UNHRD

For additional details                or     ordering    information      contact   cpr.procurement@undp.org   or
alfonso.buxens@undp.org




ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                                   Page 7 of 8
Annex C: Support from BoM/OIST and BoM/Security Office
COs will be supported by OIST and the Security Office in implementing their ICT Emergency Preparedness. The
matrix below indicates the division of responsibilities between the two HQ units of BoM/OIST and BoM/SO. COs
are requested to contact the appropriate office as appropriate.

Tasks                                                             Responsible Office

Emergency Comms for RR (BGAN 500 and Sat phone)                   Security Office (SO)

Acquisition and deployment of emergency comms for CO              SO
(BGAN 700 and Sat phone)

Emergency Comms for UNDP Security --Advisor where                 SO
applicable (BGAN 500 and Sat phone)

Adequate VHF as per MOSS (available through CO Security           SO
Focal Point)

Adequate HF as per MOSS (available through CO Security            SO
Focal Point)

Adequate warden communications, tested regularly                  SO

Communications plan, tested regularly                             SO

Communications with Safe Haven                                    SO

Contact details of key personnel, CO and HQ                       SO

Migration/provisioning of email accounts and data (where          OIST
possible) to centrally managed environment under Fast Track

ICT infrastructure availability and needs assessment              OIST

immediate/interim ICT support placement to backfill/ramp up       OIST
ICT support needs

Remote management of ICT facilities and infrastructure in         OIST
event of crisis/emergency

Restoration/operationalization of file server and shared data     OIST
facilities in event of crisis/emergency

Restoration/establishment of data communications facility         OIST
utilizing satellite equipment deployed by SO (e.g. VSAT,
BGAN, etc.) in event of crisis/emergency

Coordinate with ETC and WFP/FITTEST for emergency                 OIST
telecommunications facility




ICT Information Circular and RFC No. 2011/003,
ICT Emergency Preparedness (IEP) for Country Offices                                             Page 8 of 8

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:11/16/2011
language:English
pages:8