Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP.

Published byGrace Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP."— Presentation transcript:

1 Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP

2

3  How can the state achieve a coordinated approach to IT disaster recovery?  How will we recover critical services and infrastructure knowing that we share services, platforms, and customers that rely on each other for data during the recovery?  How do we expose the risks, identify the gaps and move toward meeting recovery time objectives?  How do we ensure that the capacity to recover aligns with the risk tolerance of state leadership?

4 1. Establish and empower a central authority for ‘Enterprise’ (Statewide) D/R Planning 2. Standardize and consolidate IT Infrastructure where ever possible to ease D/R Planning 3. Practice D/R Planning at the ‘Enterprise’ (not agency) level 4. Mandate D/R planning for all IT systems 5. Develop and document State guidelines on ‘risk appetite’

5 Resilience and Recoverability (R/R)

6 Leadership is about change! Shared Vision: Changes on the horizon  Standardization & Consolidation  System Level R/R Focus  R/R Designed into All Systems  Risk Tolerance and Oversight

7  Senior Level Sponsorship  State Agencies’ Partnership  Strategic and Tactical Leadership  Strategic = Resilience  Tactical = Recoverability

8 Governor Emergency Management Council State Agency Liaisons DIS, OFM, DOP, DOT, etc.

9 Comprehensive Emergency Management Plan - CEMP ISB Standards State Agencies’ Plans

10 Existing Catch 22  Change agency-centric approach to statewide R/R solution  Establish shared vision for funding R/R Integrate R/R into Spending Plans  Develop policy that cements R/R funding into IT initiatives

11  Establish Ownership and Oversight  Align R/R efforts with similar or preexisiting efforts  Emergency management groups  Agencies’ leadership teams  Establish new teams or partnerships as needed  Establish policies for:  Compliance  Success Metrics  Change Management

12  LEADERSHIP!!!  Proactive = Resilience  Reactive = Recovery  Close Gaps and Remove Roadblocks  Leverage Existing or Empower new Program

13  Hardware and software consolidation and standardization is becoming the driving force behind organizations evaluating their Disaster Recovery plans.  A 2009 survey from Symantec Corporation found that 64% of organizations are creating or re- evaluating their DR plans based on a plan to consolidate and standardize their infrastructure.

14

15

16  Adopt a cost effective enterprise High Availability Architecture solution (Resilience).  Future investments in Infrastructure and Applications should include Resilience and Recoverability.

17  Planning for Resilience and Recoverability should be at the Enterprise Level.  Planning for recovery by agency, technology, or individual application is not effective for an enterprise class system.

18 Enterprise Level Planning is complex, and must be done for Essential Systems.  Essential Systems support Essential Agency Functions as defined in agency COOP plans  Must consider core agency systems - run by agency or service provider  Must consider dependencies such as infrastructure and interface services  Must consider dependant trading partner systems  Must consider enterprise data at recovery point  Must include procedures for assuring data integrity at recovery point

19 OFM Example - The State Payment Process  Payment Process based upon AFRS and all systems that it connects to  Historical DR Plan “DIS will recover the mainframe and all will be good”  Look at interfaces to partner agencies  Look at known single points of failure

20 Enterprise Class Planning requires someone to focus on getting it done for essential systems!  A single organization must facilitate Enterprise planning  Enterprise system owner and Stakeholders must fully participate in development and testing of R/R Plans

21  Enterprise Planning is HARD!  Enterprise Class Systems are COMPLEX!  Someone Needs to GET ‘er DONE!

22 Many, if not most, recent IT systems developed without Disaster Recovery – Why?  Elimination viewed as a ‘Cost Reduction’ strategy.  This is a ‘false economy’ – a calculated risk Real consequences to State citizens:  Missing vital systems after a disaster Or  Spend too much to ensure their availability

23 Creation of WSRRO  Mandate all new IT systems include R/R  Review and approve Criteria  Agency impact analysis  Integration impact analysis  Validate appropriateness of plan

24 Types of ‘valid’ plans:  ‘Resilience’  ‘Warm site’  ‘Cold site’  Data protection only  No recovery plan

25

26  Mandate R/R planning for all IT systems  Scope for critical functions only  Ensure ‘Enterprise’ context

27  If your house was on-fire, what would you save?  We all live in the same house, we need to decide what is going to be saved! And how much! We won’t be able to save it all. Be careful what you choose!

28 What is important to the WA State Enterprise?  Public Safety (EMD/WSP/DOC/Roads/others?)  Citizen Systems – Licensing, Social Systems, others?  Financial Systems - How we dispense and receive funds.  H/R Systems, Data Centers? State Enterprise Approach!

29 How much and what loss is acceptable?  Data? E-mail? File Systems?  Hardware/infrastructure  Network s, communications?  Applications used by Citizens?  Applications used by Agencies? What does this look like? How do we determine what and how much? Identify and Develop a Risk Matrix!

30  Now we know what, How do we really know it will work?  What are our expectations for Disaster Recovery?  How do we ensure that RECOVERY WILL work?  LEADERSHIP!  Identify and apply standardized comprehensive testing (Know what and how much to test and test it the same way across the board!  Perform Resilience and Recoverability Plans  Review Results and apply Process Improvement! (Do it better next time!)

31  Target Enterprise (State Level) Programs/Systems NOT silo agencies  Identify how much of it we really need! RISK MATRIX!  Standardized Comprehensive Testing applied  Regularly perform Resilience and Recoverability Testing  Process Improvement

32 1. Establish and empower a central authority for ‘Enterprise’ (Statewide) R/R Planning 2. Standardize and consolidate IT Infrastructure where ever possible to ease R/R Planning 3. Practice R/R Planning at the ‘Enterprise’ (not agency) level 4. Mandate R/R planning for all new IT systems 5. Develop and document State guidelines on ‘risk appetite’

33  Thank you!  Scott Andersen, WSDOT  Gary Duffield, DIS  Doug Selix, OFM  Thelma Smith, WSDOT  Brian Sylvester, DOP

Download ppt "Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP."

Similar presentations

Opening Doors: Federal Strategic Plan to Prevent and End Homelessness

Opening Doors: Federal Strategic Plan to Prevent and End Homelessness
A BPM Framework for KPI-Driven Performance Management

A BPM Framework for KPI-Driven Performance Management
Program Management Office (PMO) Design

Program Management Office (PMO) Design
How to commence the IT Modernization Process?

How to commence the IT Modernization Process?
A De-Centralized Approach for Diverse Organizations.

A De-Centralized Approach for Diverse Organizations.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Richalene (Ricki) M. Kozumplik, Owner AHA Consulting 134 West Third Street, Peru, IN 46970 Phone: 765-472-1495 Fax: 765-472-1457

Richalene (Ricki) M. Kozumplik, Owner AHA Consulting 134 West Third Street, Peru, IN Phone: Fax:
Promoting the Enterprise IPMA 2005 Executive Seminar September 21, 2005 Gary Robinson, Director Department of Information Services Scott Came, Director.

Promoting the Enterprise IPMA 2005 Executive Seminar September 21, 2005 Gary Robinson, Director Department of Information Services Scott Came, Director.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
ISS IT Assessment Framework

ISS IT Assessment Framework
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.
1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.

1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Similar presentations

Ads by Google