Disaster Recovery Policy by user002

VIEWS: 1,030 PAGES: 5

									ICT Disaster Recovery Policy

Policy No: TBD

Status: Final v1.0

Date of Effect: 01/09/05

Revision date: 01/09/06

ICT POLICY ICT Disaster Recovery Policy
1. Policy Statement
Victorian Government Departments and Agencies will use identified standards and guidelines to support the effective recovery of critical business applications and ICT Services.

2. Context
This policy should be read in conjunction with the Disaster Recovery Standards and other guidelines, which may be issued from time to time.

3. Objectives
The objective of the policy is to target and achieve “ fit for purpose” Disaster Recovery that supports the Governments intent to be able to deliver continuity of service to the Victorian Community Well-established ICT operational and management disciplines and structures need to be in place to achieve this effectively and efficiently. This policy will support the WoVG investment in physical Disaster Recovery Centre(s) and will facilitate greater confidence in ongoing service delivery

Page 1

ICT Services Management Policy

4. Exemptions
There are no exemptions from this Policy

5. Policy Priority, Rationale and Assumptions
This policy is categorised as a high priority across Victorian Government. The key drivers to support the policy on DR are: • • Improve continuity of service delivery Reduction in impact of ICT incident risk

6. Detailed Policy Statements The Victorian Government uses ICT to support delivery on the objectives of Growing Victoria Together 2 (GVT2), Fairer Victoria, and Putting People at the Centre. ICT is a critical infrastructure providing many valuable services for the Victorian Government and the Victorian Community. The Victorian Government currently invests significant resources on ICT. Therefore each Victorian Government Department and Agency must be accountable and responsible, via their Secretary/Agency Head, for the development of an ICT Disaster Recovery Plan that ensures first the recovery of ICT and its data assets, and the subsequent continuity of ICT- dependent Victorian government services/processes. To achieve this each Department/Agency must develop and implement an ICT Disaster Recovery Plan that is fit for purpose for their business operations based on the application of the WoVG ICT Disaster Recovery Framework consisting of policy, standards and guidelines. Such plans shall be: • • Consistent with the Victorian Government’s Continuity of Operations principles; Integrated and aligned with each department’s Crisis Management Plan and Business Continuity Plan both of which reflect the department’s business needs; Developed following the WoVG approved Disaster Recovery Planning process; Regularly tested; Properly maintained and audited; Communicated to all concerned Aligned to business/operational needs and Have a formally appointed owner

• • • • • •

7. Scope
Page 2

ICT Services Management Policy

The policy is applicable to all departments and agencies within the inner budget sector.

8. Transition and Implementation Issues
Primary issues that must be recognised are: • Departments and agencies are at different levels of implementation and maturity in the management of Disaster Recovery. Not all are using common methods for planning, validation of the plan, physical facilities or management of outsourced arrangements. Compliance dates will be agreed with each department and agency.


9. Target Date Proposed

10. Key Stakeholders
Key stakeholders associated with this policy are:

• • • • •

CIO CTO The IT Directors and CIOs of all departments and agencies Expert reference group for the DR project Business reference group for the DR project

Page 3

ICT Services Management Policy

11. Applicable Standards
The standards applicable to this policy are those developed during the Disaster Recovery framework project, namely: Standard DR01: Disaster Planning DR02: Site Review DR03: Integration to related plans DR04: Business recovery demands Recovery Aim To ensure plan effectiveness and longevity in providing recoverable ICT services by developing the plan in the prescribed manner To identify and mitigate any preventable disasters by conducting an annual high level site review To ensure that the ICT DR Plan is integrated and aligned with the Crisis and Business Continuity plans so that the business recovery process and plans are synchronized The business must dictate the recovery priorities and timetable, not ICT. The information to enable this will normally come from a Business Impact analysis conducted by the Business Continuity project To pre-determine and implement the type of recovery strategies required for all ICT infrastructure contingency facilities, arrangements, and procedures The recovery effort shall be organized via dedicated roles who at the time of testing and a disaster, form into DR teams which have tasks to be carried in sequence and to deadlines Detailed Recovery Operations Training shall be provided to all participants in the ICT recovery teams. Disaster Recovery Awareness Training shall be provided to all other ICT staff Testing of the Detailed Recovery Plan shall be carried out by each ICT DR recovery team annually The DR Plan shall be updated following each test, as required for other changes or at a minimum, annually To provide a means of : co-ordination and management of DR Teams so that recovery deadlines can be managed either in test or actual disaster situations; to announce major recovery milestones as part of the progress towards recovery keeping all stakeholders informed of progress; and to declare DR Stand down procedures at the end of the Disaster period to signal a return to normal duties and responsibilities DR11: DR Recovery Review Plan – Post Performance To enable a review of the recovery performance to be conducted as soon as possible to capture any “lessons learnt”

DR05: Recovery strategies – IT infrastructure DR06: Detailed Recovery Plans

DR07: DR Training

DR08: DR Testing DR09: DR Maintenance DR10: DR Plan – Active Mode Management

Page 4

ICT Services Management Policy

12. Principal Policy Domain
Disaster Recovery

13. Linkages to other Policies and Policy Domains
Relates closely with Business Continuity Policy

14. Glossary
For the purposes of this document: • • • ICT includes Information Technology, Data Communications and Voice Communications. ICT Disaster Recovery Plans address the recovery of ICT services to businessdefined timetables. Crisis Management Plans address the “first response” to a crisis alert received by Crisis Management who will investigate and may or may not declare a disaster, and then communicate the decision to ICT DR Management, and Business Continuity Management. Business Continuity Plans address the recovery of critical business functions utilizing workarounds and key dependencies such as ICT.


15. Further Information
For further information: • • • Go to Select Select http://www.dpc.vic.gov.au Office of the Chief Information Officer Shelly.Oldham@dpc.vic.gov.au

Page 5

To top