I.T. C ONTINGENCY Mark Gilmour Laboratory Quality Manager NHS Forth Valley.

Slides:

Advertisements

Similar presentations

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Advertisements

Business Plug-In B4 MIS Infrastructures.

SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.

ISO in Histopathology Louise O’Callaghan MSc FAMLS

Software Quality Assurance Plan

Service Design – Section 4.5 Service Continuity Management.

Business Continuity Disaster Recovery Risk Management How do these fit into a Framework?

ITIL: Service Transition

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

9 - 1 Computer-Based Information Systems Control.

Security Controls – What Works

Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Information Systems Security Officer

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Computer Security: Principles and Practice

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

THE SYSTEMS LIFE CYCLE ANALYSE DESIGN IMPLEMENT MAINTENANCE IDENTIFY/INVESTIGATE.

Quality Education for a healthier Scotland Nursing and Midwifery Workload and Workforce Planning Nursing & Midwifery Workload and Workforce Planning Planning.

QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO

S3: Module D Physikalisch-Technische Bundesanstalt Session 3: Conformity Assessment Module D Peter Ulbig, Harry Stolz Belgrade, 31 October.

Care Home Forum 19 th May 2015 Sarah Chittock – Merton Civil Contingencies Officer Taryn Milton – Emergency Planning Manager – Epsom St. Helier.

Discovery Planning steps (1)

Introduction to ISO New and modified requirements.

Product Quality, Testing, Reviews and Standards

Getting ready for the future: Preparing for the KS3 ICT onscreen test Sue Walton Project Director, KS3 ICT onscreen test development project Luton March.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

W ELCOME TO D E P AUL U NIVERSITY ’ S LDRPS 10: L IVING D ISASTER R ECOVERY P LANNING S OFTWARE.

David N. Wozei Systems Administrator, IT Auditor.

ITSC Writing an Operational Security Plan E. Jane Powanda FISSEA 2005 Conference March 22,

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Standard Operating Procedures Joe Wherton Queen Mary University of London

Information Systems Security Operational Control for Information Security.

Auditing Information Systems (AIS)

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 System Backup And Restore Utility.

Appendix C: Designing an Operations Framework to Manage Security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.

SecSDLC Chapter 2.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

The common structure and ISO 9001:2015 additions

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

CERN - IT Department CH-1211 Genève 23 Switzerland t A Quick Overview of ITIL John Shade CERN WLCG Collaboration Workshop April 2008.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Business Continuity Disaster Planning

Information Security tools for records managers Frank Rankin.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

EXPECT THE UNEXPECTED Prepare Your Business for Disaster.

Scientific data storage: How are computers involved in the following?

Business Continuity Management Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Welcome to the ICT Department Unit 3_5 Security Policies.

A Quick Overview of ITIL

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Network Management Functions

CAYMAN ISLANDS MONETARY AUTHORITY

Drew Hunt Network Security Analyst Valley Medical Center

5 POINT PLAN THE SYSTEMS LIFE CYCLE ANALYSE DESIGN

Developing and testing the Plan

IT OPERATIONS Session 7.

Awareness and Auditor training kit

Authority on Demand Control Authority Rights & Emergency Access

Presentation transcript:

I.T. C ONTINGENCY Mark Gilmour Laboratory Quality Manager NHS Forth Valley

ISO15189:2012 R EQUIREMENT Information system management “The laboratory shall have documented contingency plans to maintain services in the event of failure or downtime in information systems that affects the laboratory’s ability to provide service.”

E UDRALEX VOL 4 GMP A NNEX 11 C OMPUTERISED S YSTEMS 16. Business Continuity For the availability of computerised systems supporting critical processes, provisions should be made to ensure continuity of support for those processes in the event of a system breakdown (e.g. a manual or alternative system). The time required to bring the alternative arrangements into use should be based on risk and appropriate for a particular system and the business process it supports. These arrangements should be adequately documented and tested.

B USINESS C ONTINUITY M ANAGEMENT BS25999 “Requirement for Business Continuity Management” Defines BCM as... “the capability of the organisation to plan for and respond to incidents and business interruptions in order to continue business operations at acceptable pre-defined levels within agreed time frames”

B USINESS C ONTINUITY M ANAGEMENT The Civil Contingencies Act(CCA) 2004 The Civil Contingencies Act (Contingency Planning) (Scotland) Regulations 2005 NHS Scotland/Scottish Government “Business Continuity – A framework for NHS Scotland” Strategic Guidance for Organisations in Scotland

B USINESS C ONTINUITY M ANAGEMENT

B USINESS C ONTINUITY P LAN Scottish Government reviews arrangements of NHS Boards THE PLAN Section 2 (1)(c) of CCA makes this a statutory duty on each NHS Board

B USINESS I MPACT ANALYSIS 5 Key Elements Defining activities & their supporting processes and resources Mapping distinct stages of each activity & process Determining impacts of disruption over time Defining recovery time objectives Minimum resources required to meet these objectives

D EFINING ACTIVITIES & THEIR SUPPORTING PROCESSES AND RESOURCES Specimen In Examination Result Processes – Defined in QMS includes IT Resources Hardware Software Staff Server Rooms Terminals Barcode Scanners Have you documented this?

POPULAR MISCONCEPTIONS SPECIMEN INLAB RESULT OUT DATA ENTRYLIMS RESULT OUT

LIMS S ECURE OPERATING PROCEDURES Introduction The Application System Description Accountability Application Scope Application Software Application Users Hardware Location Hardware Environment System Configuration Software Data flow, Support and Responsibilities Technical Interfaces Application Availability Confidentiality Data Processed

LIMS S ECURE OPERATING PROCEDURES Risk Analysis & Security Principles Risk Assessment System Unavailability Disclosure Unauthorised Modification Threats Confidentiality/Legitimate Use Vulnerabilities Physical Security Administrative Security Audit Risk Analysis Recording

Administration of Security Document Control and Review Statutory Requirements Security Documentation Technical Documentation Contingency Planning Glossary Appendix Server Hardware Configuration

M APPING DISTINCT STAGES OF EACH ACTIVITY & PROCESS

LIMS D ISASTER RECOVERY SOP Identification of Failure Reporting Procedures Mon – Fri 9am to 5pm Out of Hours Notifications Pre prepared all user sent Requesting urgent samples only Restrict phone calls All urgent results will be telephoned Logging Fault with I-Soft Shut down and restart ilab & UNIX Hardware Failure Updates – includes projected time for resolution System Restore from Back up Resolution System Checks

D EPARTMENTAL C ONTINGENCY SOP Objective is to keep to hospital open Includes IT failure, Power Failure, Water etc Prioritise based on Urgency Emergency Dept ICU Maternity Theatres Making non urgent specimens safe Requirement for extra staff Sending samples elsewhere Record keeping Matching patients to results Records of phoned results Records of specimen disposal (too old for testing) Recovery Ensuring requests are entered into LIMS and matched to correct results Reports are run to ensure users/systems get the results

D OES IT WORK ? PROVE IT !! Have you validated a restore from back up? When you switch back on will the data transfer across the interface? How long can you run before everything else falls over? Can you get compatible replacement hardware? Can you get compatible replacement software? Do your staff know what to do? Is there enough expert knowledge available?

S UMMARY – W HAT YOU NEED Business Continuity Plan Board will have one which will show dependencies IT will have their own Data Flow Chart Data in and data out Secure System Operating Procedure Full system description Responsibilities Defined Risks Identified Equipment/Software Details IT Disaster Recovery SOP What to do if..... Departmental Contingency Plans How to function without an IT system