Department of Information Technology Office of Business Continuity Disaster Recovery Assessment and Feasibility StudyClose Out Certification Request July 28, 2010 Presented by: Mary Wanda Anaya, Business Continuity Manager Stephanie Gallegos, Business Continuity Analyst
Business Continuity Program Vision Statement A Business Continuity Program that strives to maintain continuity of operations for the State’s mission critical services by sustaining a high level of standards and excellence. Mission Statement Provide the planning methodology for how the Department of Information Technology will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. Prepare for future incidents that could jeopardize the State’s core mission critical systems.
FY 2008 C2 Appropriation The Department of Information Technology received $250,000 for a Disaster Recovery (DR) Assessment and Feasibility Study to determine the best approach for redundancy for its most critical Information Technology (IT) based services and applications. The purpose of this project was to determine the most cost effective means of providing this service. • DR Assessment -Threat and Risk Assessment • Enterprise Applications (Email, Share, Mainframe) • Site Visits – Colorado, Arizona, & Oregon • Feasibility Study – Critical Applications Assessment • BC-DR Questionnaire to Executive Agencies • Determine 12 Top Critical Applications • Interview 10 Agencies (Business & IT Staff) • Provided the BC and DR Recommendations • Training – Business Continuity Classes • Formal BC Class and Certification • Business Continuity Awareness (2 Classes) – Agencies • Business Continuity Planning (1 Class) - Agencies • Result of the Study - DoIT released a RFP for Data Resilience and Disaster Recovery Site Service 3
Project Time Line 2009 August Site Visit (Colorado, Arizona, Oregon) March Contracted POD Inc. August Conduct DR Assessment and Feasibility Study April Office of BC formal training and attain certification. November Develop and Release an RFP for Enterprise BC/DR Site Services. 2010 January Vendor prepare and submit RFP proposals. April Evaluate RFP proposals and select finalist May Conduct Agency and DoIT staff BC training June Close Out Contract July Award Price Agreement August Contract Enterprise BC/DR Site 4
Project Deliverables Received Del #1 Discovery Document Del #2 Threat Analysis Report Del #3 Risk Analysis Report Del #4 Threat & Risk Recommendations Document Del #5 Critical Applications Determination Del #6 Evaluate Selected agencies BC & DR Plans Del #7 Evaluate Twelve Critical Applications Architecture Del #8 Critical Applications Recommendations Del #9 Determine Disaster Recovery efforts for Developing Linkage of Like Applications and Platforms Report Del #10 Overall Disaster Recovery Recommendations 5
Lessons Learned • When the product of the project is a study, it is critical to the project to include a requirement in the contract for a technical writer. • When critical information is gathered through an interview process, note gathering should extend to include voice recording to assure all important information is documented. • Even in small projects It is difficult for the Project Manager and the Project Team Leader to be the same individual.
Price Agreement RFP# 00-361-00-01416 DoIT Disaster Recovery and Data Resilience Data Center Site(s) Category-1 Resilience Data Center Site (GOLD) Production/Failover Available 24x7x365 Category-2 Hot Data Center Site (SILVER) Host Equipment Operating System Application Software Copy of Data – test Available within 8 hrs Category-3 Warm Data Center Site (BRONZE) Racks, Power, Data Available within 24 hrs Category-4 Cold Data Center Site (PAPER) only floor space Available within 72 hrs 8