SOUTH LAKELAND DISTRICT COUNCIL

INTERNAL AUDIT FINAL REPORT IT 11-02

IT Backup, Recovery and Disaster Recovery Planning

Executive Summary

Introduction

As part of the 2011/12 Audit Plan and following discussions with the IT Services Manager, a
computer audit was undertaken to review South Lakeland District Council’s and Eden District
Council’s IT back-up and recovery arrangements and disaster recovery planning.
Effective data back-up is essential to enable the Councils to recover business information in the
event of a system failure or disk crash, and to ensure that all important information can be
restored without disruption in a timely way.
IT Disaster Plans provide for a structured and timely recovery of services in the event of an IT
disaster and supports the Councils’ overall business continuity plans. They can reduce
disruption to an acceptable level, should a significant IT incident occur.

Audit Objectives
Key Points
The objective of the audit was to provide reasonable assurance that
effective back-up and recovery procedures in place and to confirm Substantial Assurance
that, suitable plans have been developed relating to IT Disaster
Recovery Planning, which will minimise data loss and contain No major issues
identified.
disruption to Council business to an acceptable level.
Five important issues.
The work involved discussions with management and key staff at both
sites responsible for back-up and recovery operations and for Three minor issues.
development, implementation and operation of the disaster recovery
strategy, together with a review of procedures and associated logs and
observation of the back-up process.
The objectives of the audit were discussed and agreed in advance with Ben Wright, IT Services
Manager. Details of the audit methodology are provided in Appendix 1.

Audit Conclusion – Substantial Assurance

As a result of the audit we have concluded that while there is a basically sound system of
control, there are weaknesses, which may put some of the system objectives at risk.
This review covers two related areas, Data Backup and Recovery, and Disaster Recovery
Planning. These are listed separately as detailed below.
Regarding the Backup and Recovery arrangements, the existing backup regime appears to be
technically sound, providing a solid basis for the recovery of data when this becomes necessary.
Internal Audit have however, raised one important recommendation, which relates to updating
and publishing the strategy to user management.
In addition we have also raised two minor issues, which cover:

Furness Audit August 2012

Page 1
South Lakeland District Council Final Report IT 11-02

• updating procedure documentation, and;

• introducing checks on media age and quality.
In relation to Disaster Recovery Planning, it is considered that although basic plans are in place,
some updating and further development is required. As a result four important
recommendations have been raised, which relate to:
• completion of the existing Disaster Recovery Plans;
• ensuring regular review and testing of the Plans;
• identifying alternative facilities for IT staff, and
• including loss of data communications within the Disaster Recovery Plans.
There is also one minor issue, which concerns further analysis of key technical risks.

Management Response
We have received a constructive management response from Ben Wright, IT Services Manager,
accepting each of our recommendations. It should be noted that the majority of responses relate
to the formulation of a Managed Backup Contract through an external provider; if this does not
proceed a different course of action would be required.

Acknowledgement
Internal Audit would like to thank IT staff at both Councils for their co-operation and assistance
during the review.

Furness Audit August 2012

Page 2
South Lakeland District Council Final Report IT 11-02

Recommendation 1 Responsibility: IT Services Manager Priority: 2

Management should ensure that the current backup strategy is updated to cover both sites,
and issued to user management. The document should specify the backup frequencies, and
include information regarding the “generations” being retained.

Rationale

It is important that there is a documented back-up strategy in place. This should provide a
simple, clear description of the approach to back-up and recovery of systems and data, and
include information on the retention of data. The Strategy should be published to user
management so that there is clear understanding and agreement regarding the cover provided.
The current strategy appears technically sound but is not fully documented for both South
Lakeland and Eden. Reference to data retention is covered within the Service Level Agreement
for both sites, but there is insufficient detail to assume user agreement is fully understood and
acknowledged.

Management Response

A managed backup and disaster recovery contract is being finalised for both Councils. Once in
place the backup and recovery documentation can be updated.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 3
South Lakeland District Council Final Report IT 11-02

Recommendation 2 Responsibility: IT Services Manager Priority: 3

The Council should ensure that backup and recovery procedure documentation is
updated as soon as practical.

Rationale

It is important that there are clearly documented procedures for each back-up and recovery
operation. Complete and up-to-date procedures ensure that the correct and consistent back-up
processes are followed and support skill sharing; currently being adopted to enable continuity of
service in the absence of key staff.
In the past these areas have been well documented but following the recent system/software
changes, updates have not yet been applied to the SLDC documentation.

Management Response

A managed backup and disaster recovery contract is being finalised for both Councils. Once in
place the backup and recovery documentation can be updated.

It should be noted that as part of the contract, the backup solution for both Councils will be
implemented, maintained and supported by an external company. Documentation will be
provided as part of the contract.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 4
South Lakeland District Council Final Report IT 11-02

Recommendation 3 Responsibility: IT Services Manager Priority: 3

The Council should ensure suitable life cycle and error thresholds for backup media are
agreed and that arrangements are put in place to monitor these.

Rationale

Good practice requires that suitable policies and monitoring arrangements are in place
regarding media life-cycles in order to ensure the integrity of stored data.
In practice it is likely that high numbers of errors would become apparent resulting in the
withdrawal of a faulty tape; however there are currently no formal monitoring arrangements at
either Council to ensure the effective management of backup media, including suitable lifecycle
arrangements.

Management Response

Dealing with Media Errors has been built into the contract for the provision of the managed
backup service. It will be the responsibility of the solution provider.

Accepted Implementation Deadline: December 2012

Furness Audit August 2012

Page 5
South Lakeland District Council Final Report IT 11-02

Recommendation 4 Responsibility: IT Services Manager Priority: 2

The Council should agree a target date for completion of the outstanding items in the
Disaster Recovery Plans (as marked within the documents).
In addition, the future approval process for these Plans should be clarified and
formalised.

Rationale

While an IT disaster, by definition, is likely to seriously impact upon Council activities, an IT

Disaster Plan can minimise disruption to services. Even a relatively basic and brief document
with a well-structured plan for restoration of systems may considerably reduce business
interruptions and minimise any delays to recovery.
Such documents are in place at both sites but although well advanced, are not fully complete,
with some items marked as “to be completed” or “under development”.
The existing Plans have previously been agreed by senior management but it is assumed that
future plans will be approved by the joint service board; however this point should be clarified.

Management Response

It is agreed that the Disaster Recovery Documents need to be updated along with the
implementation of the new managed backup contract.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 6
South Lakeland District Council Final Report IT 11-02

Recommendation 5 Responsibility: IT Services Manager Priority: 2

Management should ensure that arrangements are made for regular reviews of the
Disaster Recovery Plans to be undertaken and also that appropriate testing of the Plans is
carried out at agreed intervals.

Rationale

It is important that there is a process for reviewing, and if necessary updating the IT Disaster
Recovery Plans on a regular basis, so that they remain relevant and continue to support business
recovery. Also, in order to be useful, it is important that the IT Disaster Recovery Plan has
been proven to be clear and effective by regular, documented testing. A variety of tests can be
appropriate against the whole or part of the Plans, real or desk based.
Plans at both sites, South Lakeland and Eden, have been regularly reviewed in the past, but the
SLDC document has not been updated since September 2010.
There has been testing of recovery and of the Plans in the past but not for some time, the current
versions of the Plans have not been tested; however it should be noted that live or actual
recovery of data has occurred through the normal course of business. Previous testing of the
Plan and recovery has been undertaken, including the use of third party providers.

Management Response

The Disaster Recovery Plans will be reviewed Quarterly by IT services.

Recovering systems and associated testing is built into the Managed Backup and Disaster
Recovery contract and will be tested annually.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 7
South Lakeland District Council Final Report IT 11-02

Recommendation 6 Responsibility: IT Services Manager Priority: 2

It is recommended that possible alternative facilities and accommodation for IT support

staff should be identified and assessed; and included in the Disaster Recovery Plans.

Rationale

In the event that the Disaster Recovery Plan needs to be invoked, it is essential that alternative IT
site arrangements have been agreed, which will fully accommodate the required staffing and
equipment.
At both sites, the Plan refers to the use of off-site hosted computer facilities provided by a third
party, but does not appear to take any account of the possible need for an alternative location and
facilities for IT staff.

Management Response

It is agreed a review is required and the Disaster Recovery Documents will be updated to reflect
the outcome.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 8
South Lakeland District Council Final Report IT 11-02

Recommendation 7 Responsibility: IT Services Manager Priority: 2

Management should review and assess the loss of the various communication links; and
consider alternative remedies for inclusion within the Disaster Recovery Plans.

Rationale

It is important that consideration has been given to the timely replacement of support facilities,
including communications.
For both sites, the documentation contains references to telephone systems and data
communications support but their loss does not appear to be considered or explanations
provided relating to how such issues could be addressed.
Many key systems will not function without data communications, particularly the connection
to the internet, which would prevent the third party Disaster Recovery contract from being used.

Management Response

A review of network links is taking place as part of our risk assessment process.

Provision of an internet connection is built into the Disaster Recovery contract.

Disaster Recovery for the telephone systems will be reviewed as part of the implementation of
Microsoft Lync into both Councils.

Accepted Implementation Deadline: July 2013

Furness Audit August 2012

Page 9
South Lakeland District Council Final Report IT 11-02

Recommendation 8 Responsibility: IT Services Manager Priority: 3

The IT Services Manager should arrange for the key technical risks to be given more
detailed consideration and for possible remedies to be identified and listed within the
appropriate documentation.

Rationale

It is important that the main risks relating to possible IT Disaster incidents have been identified,
documented and addressed within the IT Disaster Recovery Plans.
For both sites, there is a list of general risks (fire, flood, power, telecommunications and
hardware) but there is no detailed analysis of risks and related impact, nor are any possible
remedies identified. Although the documentation appears to be too general, top level contacts
for each of these “facilities” are included (internal and external).

Management Response

As part of reviewing the Disaster Recovery Documentation we will add more detail covering
the areas suggested.

Accepted Implementation Deadline: March 2013

Furness Audit August 2012

Page 10
South Lakeland District Council Final Report IT 11-02

APPENDIX 1

AUDIT FRAMEWORK

Coverage
The review covered the following areas, which were agreed as part of the preliminary planning
stage:
- Data Backup and Storage
- Data Recovery
- Disaster Recovery Planning
- Business Continuity Arrangements (relating to IT)
- Disaster Recovery Plan Testing

Methodology
A system based audit approach has been used for this audit, involving the following key
procedures:
- determine specific management objectives for each area under review;
- identify the risk applicable to each area;
- evaluate controls against each of the key risks;
- test key controls to establish whether they are operating as prescribed; and
- report findings, with practical recommendations for improvement where appropriate.

Performance
Auditor: Mick McKinnell
The fieldwork was performed: May - June 2012

Furness Audit August 2012

Page 11
South Lakeland District Council
CLASSIFICATIONS
Assurance Level
Evaluation
Unqualified There is an adequate system of
controls designed to achieve the
system objectives.
Substantial While there is a reasonable system
of control, there are weaknesses,
which may put the system
objectives at risk.
Restricted Significant weaknesses have been
identified in the system of control,
which put the system objectives at
risk.
None Control is weak, causing the system
to be vulnerable to error abuse.
Audit Recommendations and Follow-up
Recommendation
Priority 1 Major issues that we consider need
to be brought to the attention of
senior management
Priority 2 Important issues which should be
addressed by management in their
areas of responsibility
Priority 3 Minor issues which provide scope
for operational improvement
Furness Audit
Page 12
Final Report IT 11-02
APPENDIX 2
Testing
The controls appear to be consistently
applied.
Evidence was identified to suggest
that the level of non-compliance with
controls may put some of the system
objectives at risk.
The level of non-compliance
identified places the system objectives
at risk.
Significant non-compliance with
controls was identified leaving the
system vulnerable to error and abuse.
Follow Up
Follow-up will be performed at
specific dates agreed with senior
management.
Follow-up of the recommendations
will be performed by the end of the
next audit year
Follow-up performed by the end of the
next audit year.
August 2012