To review progress on addressing any outstanding issues with regard to ICT Disaster Recovery (ICT Service and Performance Management Manager to report)
Minutes:
The ICT Service and Performance Management Manager provided the Committee with a verbal update on progress on implementing internal audit recommendations following the 2015/16 audit of ICT Disaster Recovery which found shortcomings in the governance, risk management and internal control arrangements in this area.
The Officer reported that the ICT Service is now in the advanced stages of designing a dedicated data back-up centre. The proposal in practice is for a second data centre away from the ICT suite in the Council’s main offices which will always be active along with the principal data centre and together, they will share the processing power of running the Council’s key systems. In the event of the main council offices becoming unusable, the second data centre will be able to run key services, namely those services identified as such e.g. social care and finance. There remains some work to do in confirming that the list of key services is up to date and an outstanding element in terms of design is the need to discuss the fire retardant element of the building which would determine for how long the data centre can survive in a fire. The data centre will have resilient power via an UPS and on site generator. Capital funding for the new facility is in place and the ICT Service is confident that the project will be delivered within budget and to a planned completion date of December, 2016. As well as a back-up, this is a high quality solution that is meant to meet the changing needs of the Council in allowing it to utilise the processing power as and when the business requires.
From the information presented the Committee took assurance that satisfactory progress has been made in responding appropriately to the issues identified by the 2015/16 internal audit report in terms of strengthening the controls with regard to Disaster Recovery to enable the risks in this area to be managed effectively. The Committee noted that it would be helpful for it to have sight of the plan for disaster recovery in due course. The ICT Service and Performance Management Manager said that the Disaster Recovery Plan i.e. the ability to respond to a disaster is limited by the existing infrastructure but that the Committee could be provided with a design of how the system would operate in the event of a disaster. Once the new infrastructure is in place that design would be included in the Disaster Recovery Plan which could be presented to this Committee. The Officer confirmed that it is intended to test the system prior to its going live in accordance with best practice requirements to ensure that it is functioning and that data can be restored promptly and reliably in a disaster event.
It was resolved to accept and to note the update information provided with regard to progress on ICT Disaster Recovery plans.
ACTION ENSUING: The Committee to be provided with a summary document of how the back-up system would operate in a disaster scenario.