Professional Documents
Culture Documents
Executive Summary
Introduction
As part of the 2011/12 Audit Plan and following discussions with the IT Services Manager, a
computer audit was undertaken to review South Lakeland District Council’s and Eden District
Council’s IT back-up and recovery arrangements and disaster recovery planning.
Effective data back-up is essential to enable the Councils to recover business information in the
event of a system failure or disk crash, and to ensure that all important information can be
restored without disruption in a timely way.
IT Disaster Plans provide for a structured and timely recovery of services in the event of an IT
disaster and supports the Councils’ overall business continuity plans. They can reduce
disruption to an acceptable level, should a significant IT incident occur.
Audit Objectives
Key Points
The objective of the audit was to provide reasonable assurance that
effective back-up and recovery procedures in place and to confirm Substantial Assurance
that, suitable plans have been developed relating to IT Disaster
Recovery Planning, which will minimise data loss and contain No major issues
identified.
disruption to Council business to an acceptable level.
Five important issues.
The work involved discussions with management and key staff at both
sites responsible for back-up and recovery operations and for Three minor issues.
development, implementation and operation of the disaster recovery
strategy, together with a review of procedures and associated logs and
observation of the back-up process.
The objectives of the audit were discussed and agreed in advance with Ben Wright, IT Services
Manager. Details of the audit methodology are provided in Appendix 1.
Management Response
We have received a constructive management response from Ben Wright, IT Services Manager,
accepting each of our recommendations. It should be noted that the majority of responses relate
to the formulation of a Managed Backup Contract through an external provider; if this does not
proceed a different course of action would be required.
Acknowledgement
Internal Audit would like to thank IT staff at both Councils for their co-operation and assistance
during the review.
Management should ensure that the current backup strategy is updated to cover both sites,
and issued to user management. The document should specify the backup frequencies, and
include information regarding the “generations” being retained.
Rationale
It is important that there is a documented back-up strategy in place. This should provide a
simple, clear description of the approach to back-up and recovery of systems and data, and
include information on the retention of data. The Strategy should be published to user
management so that there is clear understanding and agreement regarding the cover provided.
The current strategy appears technically sound but is not fully documented for both South
Lakeland and Eden. Reference to data retention is covered within the Service Level Agreement
for both sites, but there is insufficient detail to assume user agreement is fully understood and
acknowledged.
Management Response
A managed backup and disaster recovery contract is being finalised for both Councils. Once in
place the backup and recovery documentation can be updated.
The Council should ensure that backup and recovery procedure documentation is
updated as soon as practical.
Rationale
It is important that there are clearly documented procedures for each back-up and recovery
operation. Complete and up-to-date procedures ensure that the correct and consistent back-up
processes are followed and support skill sharing; currently being adopted to enable continuity of
service in the absence of key staff.
In the past these areas have been well documented but following the recent system/software
changes, updates have not yet been applied to the SLDC documentation.
Management Response
A managed backup and disaster recovery contract is being finalised for both Councils. Once in
place the backup and recovery documentation can be updated.
It should be noted that as part of the contract, the backup solution for both Councils will be
implemented, maintained and supported by an external company. Documentation will be
provided as part of the contract.
The Council should ensure suitable life cycle and error thresholds for backup media are
agreed and that arrangements are put in place to monitor these.
Rationale
Good practice requires that suitable policies and monitoring arrangements are in place
regarding media life-cycles in order to ensure the integrity of stored data.
In practice it is likely that high numbers of errors would become apparent resulting in the
withdrawal of a faulty tape; however there are currently no formal monitoring arrangements at
either Council to ensure the effective management of backup media, including suitable lifecycle
arrangements.
Management Response
Dealing with Media Errors has been built into the contract for the provision of the managed
backup service. It will be the responsibility of the solution provider.
The Council should agree a target date for completion of the outstanding items in the
Disaster Recovery Plans (as marked within the documents).
In addition, the future approval process for these Plans should be clarified and
formalised.
Rationale
Management Response
It is agreed that the Disaster Recovery Documents need to be updated along with the
implementation of the new managed backup contract.
Management should ensure that arrangements are made for regular reviews of the
Disaster Recovery Plans to be undertaken and also that appropriate testing of the Plans is
carried out at agreed intervals.
Rationale
It is important that there is a process for reviewing, and if necessary updating the IT Disaster
Recovery Plans on a regular basis, so that they remain relevant and continue to support business
recovery. Also, in order to be useful, it is important that the IT Disaster Recovery Plan has
been proven to be clear and effective by regular, documented testing. A variety of tests can be
appropriate against the whole or part of the Plans, real or desk based.
Plans at both sites, South Lakeland and Eden, have been regularly reviewed in the past, but the
SLDC document has not been updated since September 2010.
There has been testing of recovery and of the Plans in the past but not for some time, the current
versions of the Plans have not been tested; however it should be noted that live or actual
recovery of data has occurred through the normal course of business. Previous testing of the
Plan and recovery has been undertaken, including the use of third party providers.
Management Response
Recovering systems and associated testing is built into the Managed Backup and Disaster
Recovery contract and will be tested annually.
Rationale
In the event that the Disaster Recovery Plan needs to be invoked, it is essential that alternative IT
site arrangements have been agreed, which will fully accommodate the required staffing and
equipment.
At both sites, the Plan refers to the use of off-site hosted computer facilities provided by a third
party, but does not appear to take any account of the possible need for an alternative location and
facilities for IT staff.
Management Response
It is agreed a review is required and the Disaster Recovery Documents will be updated to reflect
the outcome.
Management should review and assess the loss of the various communication links; and
consider alternative remedies for inclusion within the Disaster Recovery Plans.
Rationale
It is important that consideration has been given to the timely replacement of support facilities,
including communications.
For both sites, the documentation contains references to telephone systems and data
communications support but their loss does not appear to be considered or explanations
provided relating to how such issues could be addressed.
Many key systems will not function without data communications, particularly the connection
to the internet, which would prevent the third party Disaster Recovery contract from being used.
Management Response
A review of network links is taking place as part of our risk assessment process.
Disaster Recovery for the telephone systems will be reviewed as part of the implementation of
Microsoft Lync into both Councils.
The IT Services Manager should arrange for the key technical risks to be given more
detailed consideration and for possible remedies to be identified and listed within the
appropriate documentation.
Rationale
It is important that the main risks relating to possible IT Disaster incidents have been identified,
documented and addressed within the IT Disaster Recovery Plans.
For both sites, there is a list of general risks (fire, flood, power, telecommunications and
hardware) but there is no detailed analysis of risks and related impact, nor are any possible
remedies identified. Although the documentation appears to be too general, top level contacts
for each of these “facilities” are included (internal and external).
Management Response
As part of reviewing the Disaster Recovery Documentation we will add more detail covering
the areas suggested.
APPENDIX 1
AUDIT FRAMEWORK
Coverage
The review covered the following areas, which were agreed as part of the preliminary planning
stage:
- Data Backup and Storage
- Data Recovery
- Disaster Recovery Planning
- Business Continuity Arrangements (relating to IT)
- Disaster Recovery Plan Testing
Methodology
A system based audit approach has been used for this audit, involving the following key
procedures:
- determine specific management objectives for each area under review;
- identify the risk applicable to each area;
- evaluate controls against each of the key risks;
- test key controls to establish whether they are operating as prescribed; and
- report findings, with practical recommendations for improvement where appropriate.
Performance
Auditor: Mick McKinnell
The fieldwork was performed: May - June 2012
APPENDIX 2
CLASSIFICATIONS
Assurance Level
Evaluation Testing
Recommendation Follow Up
Priority 1 Major issues that we consider need Follow-up will be performed at
to be brought to the attention of specific dates agreed with senior
senior management management.
Priority 3 Minor issues which provide scope Follow-up performed by the end of the
for operational improvement next audit year.