Dec - Jan - 20189GOVERNMENT CIO OUTLOOKservices could impact police response, or health services, or child protection.1. Analysis--Prioritizing the recovery ­ understanding the State's missionWorking with the governor's office, we created the DR priority foundation ­ what are the most important services to recover:1. Essential Communications ­ we cannot function without email, telecom. These elements come first. 2. Citizen Health and Safety - Whether it is a regional event disrupting life for citizens, or a local event impacting a state data center, it is imperative that public safety officials be able to function. They must be able to communicate, to retrieve critical data, and have information regarding events.3. Direct Citizen services - Citizens depend on the state for a myriad of services, from supporting daily business through business licensing and information, to daily critical services like food and medical support.4. State Revenue - For longer outages, we need to ensure that the state can function financially5. Economic Development - Businesses depend on state services and regulations. 2. Analysis with the agencies ­ the detailed work The first DR / BC step in working with the agencies, like Health and Human Services, or Public Safety, or Department of Corrections, or Agriculture or the Department of Labor, is to determine which of their hundreds of services should be restored first. For us, that means working with them to complete their BIAs (Business Impact Analysis document). The BIA analysis includes:· Defining agency business functions· Determine business function criticality, recovery prioritization, and recovery objectives · Resources (both technical and business) needed to recover the business functionsIn addition, the agencies create emergency response plans (fire, building evacuation, active shooter, etc.) and communication and incident response plans.3. After analysis ­ Planning and ExecutionBuild those business partnerships and together determine what business functions must be there. Business Continuity is an operational activity ­ finding new space (if needed), setting priorities, getting the work done in a more limited fashion, communication with citizens ­ these are business activities. Next steps after business priority and department BIAs:o Obtain business continuity software, if desired. It can really be an efficiency gain for communications and planningo Review redundancy for IT components ­ network, telcom, storage, applications, etc· How will you recover enterprise IT? Duplicate data center? DRaaS (disaster recovery as a service) through a third party?· How long will it take to rebuild IT infrastructure, if you are doing it internally?Vendor, SaaS review ­ what are your vendors DR plans? How often are they tested? How are they tested, desktop exercise or actually pulling the plug? Review the disaster recovery clause in all your contacts.4. Test and Practice, Practice, Practice A desktop DR plan is only as good as? In truth, a desktop plan is only a first step in testing. Disaster recovery really demands rigorous, full scale testing ­ disabling a system, rebuilding it, and restarting it. The actual problems you will encounter in a secondary data center or with a vendor service won't appear in a desk top exercise. It is imperative that you conduct a full-scale DR exercise. If you can't find the funding, the SMEs, the time to do a full-scale test? Then your first step should be testing an actual, up-to-date, comprehensive DR call tree. Can you reach employees, management, and vendors at 6 am? Can you reach them at 11 pm? Make sure you can get to your critical resources.I am not sure when the state of Maine will be covered in another 4-inch blanket of ice; but I am sure that there will be future disrupting events. We need to plan and practice recovery to be ready. Jim Smith
< Page 8 | Page 10 >