Continuity Planning and Management (Disaster Recovery) - Ch. 22
The stages of the life cycle in BCP are:
1.Organizational structure and objectives 2.Impact and threat analysis 3.Solution design 4.Implementation 5.Testing and acceptance 6.Maintenance
What does the BCP include?
All critical applications Resident data Web Database Networks File servers
Continuity planning and disaster recover
Are processes that help organizations prepare for disruptive events, whether the event is a hurricane or simply a power outage.
Common anti-disaster protection includes:
Automated backups Off-site media storage Data mirroring Server replication Remote data replication A virtual tape library that emulates multiple tape drives Snapshots of data at prescribed intervals
Criteria for a good backup system:
Backups must contain the requested data Backups must complete within the prescribed time frame Backups occur as scheduled - full backup on some days and incremental on others Backups must be set to expire on the correct time
Business continuity management (BCM)
Broadly defined as the process that seeks to ensure organizations are capable of withstanding any disruption to normal functioning
Examples of Accidents
Brownouts and power outages/grid failures file corruption transportation accidents chemical contamination toxic fumes
Goal of Data back up
Continuous delivery of services is the goal, but solutions to achieve zero downtime are expensive and not always possible
Minimal information included in impact analysis
Description, purpose, and origin of the information Information flows Recipients, or users, of the information Requirements for timeliness Implications of information unavailability
Processing and operating priorities
During this phase, the workgroup determines the equipment and telecommunication links and vital records needed to perform daily business functions and viable alternatives in the even that these are not available
Sarbanes-Oxley Act
Enacted by the federal government as a means to legislate corporate accountability and responsibility. Impacts the healthcare industry by increasing the demand for fiscal responsibility, accountability, and accurate financial reporting and disclosure.
Writing the plan
Enterprise software offers a proven track record but may be expensive, difficult to install and learn, and out-of-date in design. Web-based software is easy to use and provides version control and free access to extensive information and instant, interactive communication. It offers wide dissemination, the ability to incorporate questionnaires and surveys, automated contract management, and security.
Threats to Business Operation and Information Systems (IS)
Environmental disasters Human error Sabotage Acts of terrorism and bioterrorism High-tech crime Viruses Overtaxed infrastructure Power fluctuations and outages Equipment failure Operating system or application software bugs
Federal Information Privacy and Security Act of 2002
Established a minimum standard of performance for the protection of information and information systems managed by federal agencies, their contractors, and other agencies acting on their behalf, or required the institution of continuity plans for information systems supporting the operations of the agency
A BCP manual
For a small organization it may simply be a printed manual stored safety away from the primary work location, containing the names, addresses, and phone numbers for crisis management staff members, clients, and vendors along with the location of the off-site data backup storage media, copies of insurance contracts, and other critical materials necessary for organizational survival. In its more sophisticated form, a BCP manual may outline a secondary work site, technical requirements and readiness, regulatory reporting requirements, work recovery measures, the means to reestablish physical records, the means to establish a new supply chain, or the means to establish new production centers. Organizations should make sure that their BCP manual is realistic and easy to use during a crisis. BCP should be considered as important as crisis management and disaster recovery planning and become a part of an organization's overall risk management strategy.
First Line of Defense
Hardware redundancy—first line of defense Allow operations to continue when individual components fail May have redundancy onsite or at two separate sites
Advantages of Continuity planning
Identifies strategies for correction of vulnerabilities within the organization Provides a reasonable amount of protection against interruption in services, downtime, and data loss Ensures continuity of the client record and delivery of care Expedites reporting of diagnostic tests Captures charges and supports billing and processing of reimbursement claims in a timely fashion Ensures open communication with employees and ensures customers of availability of services or interim arrangements Provides a mechanism to capture information needed for regulatory and accrediting bodies Helps to ensure complianc with HIPPA legislation and requirements of the Joint Commission Establishes backup and restoration procedures for systems, databases, and important files Allows time for restoration of equipment, the facility, and services
Continuity Strategies
Implementation of policies and procedures Contracts with vendors and service providers needed to ensure business continuity in the event of a threat or disaster
Disaster
Is an event that disrupts or disables essential organizational functions and has the potential to disrupt and potentially destroy an organization by destroying financial, administrative, legal, contractual, personnel, inventory, and, in the case of healthcare organizations, clinical data needed for ongoing operations. Disasters may strike without warning and require immediate action.
Server replication
Is recommended for the most widely used applications because it ensures continuity by providing a reliable secondary infrastructure.
What is disaster planning and recovery primarily focused on?
It is primarily focused on the risks to IS and the data that they utilize.
Continuity of business is?
It is the back-up plan to ensure business as usual in the event of a natural or man-made disaster. Also address alternative means to support the retrieval and processing of information in the event that systems fail.
Example of manual backup alternative
It is the completion of paper requests for laboratory tests that are then delivered to the laboratory, instead of selecting ordered tests from menus on computer screens. The decision to use manual alternatives when a system has failed or is otherwise unavailable has implications for the delivery of care, the cost of care provided, record management, and employee system training. Costs vary by length of "downtime" Not feasible to resort to downtime procedures for very short periods of time
The purpose of the documented plan and associated manual:
It is to reduce adverse stakeholders impacts determined by both the scope of a disruption in terms of whom and what it affected and the duration of a disruption
The continuity plan should ensure:
It should ensure continued availability, reliability, and recoverability of all IT resources, including data as well as equipment, supplies, processes, personnel, and lines of communication. It should balance the costs of risk management with the opportunity cost of not taking action in preparing for disasters. It should provide an enterprise wide, risk-based approach, covering people, processes, technology, and the extended enterprise to ensure continued availability of operational support systems and minimize disruption risks.
Joint Commission and HIPPA
Require that healthcare providers: Perform a BIA and crisis management analysis Conduct employee training Implement ongoing continuity play reviews Plan for information technology disasters and recovery Audit their continuity plan processes
The Health Insurance Portability and Accountability Act (HIPAA)
Requires continuity planning and disaster recovery processes All healthcare organizations must have a data backup plan; a recovery plan, an emergency mode of operation plan, and testing and evaluation procedures. Demands safeguards for the security of protected healthcare information while operating in both normal and emergency modes. These safe guards encompass the creation, access, storage, and destruction of manual records.
The recovery plan
Restores full operational IS capabilities
Impact analysis
Results in the differentiation between critical (urgent) and noncritical (nonurgent) organization functions/activities.
Steps in a Planning process
Secure top management support and commitment of resources. Select the business continuity workgroup members. Perform a risk assessment. Set processing and operating priorities. Collect data needed to support the plan Write the plan
Electronic vaulting
Sends backups over telecommunication links to secure storage facilities. This approach eliminates labor costs and the need to physically transport tapes. It also improves data integrity and shortens recovery efforts.
The Joint Commission
Set disaster preparedness standards as a requirement for hospital accreditation. Standards focused on disaster and accidents such as power plant failures and chemical spills. Introduced new emergency management standards for hospitals, long-term care facilities, and behavioral health and ambulatory care that focus on the concept of community involvement in the management process. These guidelines address information security, disaster preparedness, and recovery planning. Also must consider bioterrorism.
Security Officer
Should have a key role in continuity and disaster planning, starting with a basic understanding of the plan development process to help direct the effect. Part of the security role is the protection of information. Data security is particularly important in order to comply with federal mandates and accreditation requirements.
Remote backup service (RBS)
Staff protects both data and data integrity. Data retrieval when needed, is limited only by the speed of the communication link. RBSs also provide reports to show which files have been backed up. Tape and other older media do not support fast data recovery efforts. Recovery may require 12 - 48 hours depending on recovery location and the number of critical systems that must be rebuilt before applications and data can be loaded.
Continuity and Recovery Options
The 24/7 operations of healthcare. Although continuity planning must encompass all aspects of daily operations, the focus on information should guide the selection of computer services, hardware and software for day-to-day operations, backup, and recovery.
Required amount of drills per year:
The Joint Commission suggests that organizations conduct at least 2 emergency drills per year with one community-wide drill.
Recovery time objective
The acceptable amount of time to restore the function
Recovery point objective
The acceptable latency of data that will be recovered
Recovery time actual
The actual amount of time to restore data and functionality based on testing
Business impact analysis (BIA)
The analysis stage in the development of a BCP plan is also referred to as a BIA and consists of impact analysis, threat analysis, and impact scenarios, which results in the BCP plan requirements documentation. Analysis involves the examination of a business or problem situation and separating it into its components or elements in order to understand them and how they are related to the business situation. Determine critical functions of the organization and information vital to maintain these operations: Information needed for healthcare delivery Information that supports the organization
A comprehensive plan consists of:
The emergency plan The backup plan The recovery plan The test plan The maintenance plan
Latest version of a management system
The latest versions of a most Database Management Systems, such as SQL Server or Oracle, provide for database replication across a network as well as incremental and full backup capabilities.
Business continuity plan
The logistical plan. A critical aspect of an organization's risk management strategy and is instrumental to its survival should a disaster occur Can ensure institutional survival Development is the most difficult aspect of business continuity Requires expertise from many disciplines Building continuity into infrastructure helps to prevent many disruptions
Measurable BIA areas
These areas are where hazards and threats reside: Civil, economic, natural, and technical
Functional requirements
These include mainframe and/or server capacity, printers, storage devices, network and communication equipment and services, sufficient cabling, power, and uninterrupted power source, air conditioning and space for a help desk, and an operations cent and test room
What is the primary responsibility of IT staff?
They are primarily responsible for disaster planning and recovery in the area of business continuity.
A managed hosting site
This eliminates the need to purchase server and networking equipment, disk and tape storage hardware and media, telecommunications lines; perform backups; rent space; and purchase anti-virus and firewall software and is available wherever there is an Internet connection using Remote Desktop software or Virtual Private Network software.
Data needed to support the plan
This phase entails a determination of available resources. This includes external resources such as backup and duplication systems, recovery services, and internal resources. Internal assets include staff information; inventories of vital records, equipment, supplies, or forms; policies and procedures; contact lists for staff, vendors, and other service providers; a review of security systems; and a evaluation of facilities for potential problems
The backup plan
This plan outlines steps to ensure the availability of key employees, vital records, and alternative backup facilities for ongoing business and IS processing operations
The emergency plan
This plan provides direction during and immediately after an incident. This may include a provision to switch to duplicate hardware and networks as a means to minimize disruption of services
The maintenance plan
This plan provides guidelines ensuring that the entire plan is kept up to date
Risk assessment
Types and probabilities of various types of disasters; risks range from low to high Potential impact of a particular disaster scenario Estimated costs of lost/damaged information/records and lost time and customer confidence Costs to replace and restore equipment, and facilities, as well as to hire or replace staff, versus the costs to develop and maintain the disaster plan. Risk of the worst case scenario striking the organization.
The test plan
Uncovers and corrects defects in the plan before a real disaster occurs
Information that supports the organization
Vendor contracts Personnel files Financial or claim documentation Important e-mails Permits Building blueprints Regulatory compliance documentation Equipment manuals Reporting data
Plan Components
Vital record inventory Policies and procedures Emergency call list Key employee responsibilities Troubleshooting Floor plans for water, gas, oxygen, cable and power lines, and exits Diagrams for servers and networks, ports Insurance documents Resources needed for key services Alternative plans to maintain services Repair and restoration procedures
Types of Cyber attacks
White hat - breaks security for nonmalicious reasons Gray hat - has ambiguous ethics and/or borderline legality Black hat - uses technology for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activities Script kiddie - breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding
3.In the continuity planning process, which of the following is not a phase of the planning process? a.Evaluation b.selecting a committee c.risk assessment d.data collection
a. Evaluation Rationale: Continuity planning requires a determination of all potential threats before plans to avert or contain those same threats. Continuity planning is a major effort that requires a committee effort. Evaluation per se is not part of the continuity planning process
8._______ is the key to the design and implementation of a better continuity plan for future use. a.Feedback b.Information technology c.Completion of information strategic planning d.Maturation of the life cycle
a. Feedback Rationale: Even with extensive planning the absolute best continuity plans may fail to consider something and it is for this reason feedback is solicited and reviewed post-disaster to discovere plan weaknesses and strengths to improve plans for any future events.
6._______ is a set of data that provides information about how, when, and by whom data are collected. a.Metadata b.Microdata c.Megadata d.Recovered data
a. Metadata Rationale: Metadata provides the details on what, how, when, and by whom data are collected. Microdata would refer to information the tinest level, Megadata conveys that it would
5.Continuity plans should be tested _______. a.bi-annually b.annually c.monthly d.every quarter
a. bi-annually Rationale: Continuity plans should be tested often enough to see if they are appropriate but not so often as to cause people to take them lightly or create a major inconvenience.
9.A company that provides backup services for customers from an off-site location to another off-site location is otherwise known as: ________________ a.remote backup service (RBS) b.a hot site service c.document imaging d.virtual server service
a. remote backup service (RBS) Rationale: Continuity plans typically call for the ability to send information to another site away from threats or to have the ability to run operations from an alternative site. Contractors that perform backup services are known as RBSs.
4.Continuity plans should include _________. a.system policies and procedures, alternative communication methods, and floor plans b.work schedules, office telephone numbers, and pagers c.the names of all department heads d.program code
a. system policies and procedures, alternative communication methods, and floor plans Rationale: Continuity plans need to clearly delineate current policies and procedures, floor plans, and alternative communication methods such as pagers and cellphones. It is important to review plans frequently to ensure that information, including current personnel, is up-to-date.
Equipment failure
application, media, and data damage
Operating system failure
application, media, and data damage
Examples of Natural disasters
avalanche flood earthquake tsunamis hurricanes tornadoes blizzards pandemics
2.What is the first step in the continuity planning process? a.to secure management support and commitment b.to determine the critical functions of the organization and information vital to maintain operations c.to set processing and operating priorities d.implementation of strategies to maintain business continuity
b. to determine the critical functions of the organization and information vital to maintain operations Rationale: The first step to continuity planning is to determine the critical functions of the organization and information vital to maintain operations. After mission critical functions and information are determined priorities can be set and strategies to maintain business continuity developed.
Electrical
blackout or brownout
10.During the third step of contingency planning, it is important to _________. a.evaluate the plan for weak spots b.identify the purpose of the plan c.implement strategies to maintain business continuity d.do post-disaster briefing
c. implement strategies to maintain business continuity Rationale: Strategies must be put into place to ensure critical operations—which in this case center on patient care—else operations will be disrupted in the case of a threat.
1.The process of ensuring the continuation of critical business services regardless of any event that may occur is ____________. a.system security approach b.disaster planning c.continuity planning d.data integrity
c.continuity planning Rationale: Increasingly access to data 24x7 is essential for operations in businesses. This is particularly critical in healthcare delivery where the consequences of unavailability of information range from inconvenience, redundant diagnostic tests, missed treatment information, and may even threaten patient safety.
7.When restarting a hospital information system after a disaster, which system should be restored first? a.the pharmacy system b.the nursing information system c.the clinical information systems d.the administrative information systems
d. the administrative information systems Rationale: While it would seem that clinical information systems would be the most critical to ensure that disruptions to patient care are kept to a minimum the rationale is that administrative information systems contain tool to run the organization's operations effectively.
Cyber attack
data, application, and operating system damage
Application system failure
data, media, and operational failure
Systems, data, and applications that can be impacted include:
electronic medical records, order entry, patient accounting, radiology/imaging services, reports, and distribution workflow. Other areas to be considered are emergency care, care management, patient monitoring, clinical profiles, lab dictaphones, physicians' portals, medical supplies, and a variety of other applications.
Utility outage
equipment, media, data, and application failure
Examples of Malicious or violent acts
hackers bombs terrorism and bioterrorism electromagnetic pulse civil unrest armed conflict
Examples of Internal disasters
hardware or software errors water line breaks construction accidents fire sabotage theft ex-employee violence
Pandemic and All-Hazards Preparedness Act
o The purpose of this law was to improve the nation's public health and medical preparedness and response capabilities for emergencies, whether deliberate, accidental, or natural. This law authorized development of a national, near-real-time information network to coordinate federal and state response to public health emergencies within 2 years of enactment.
Sabotage
obstruction, disruption, and/or destruction of buildings, data, equipment, media, or availability of personnel
Disease
reduces key personnel availability
The BCP for IT should include:
servers, storage devices and media, networking equipment, connectivity links, vendors, suppliers, partners, and IT personnel, as well as air-conditioning and power supplies.
Earthquake
structural, utility, media, and equipment damage
Flood
structural, utility, media, and equipment damage
Terrorism
structural, utility, media, and equipment damage
Fire
structural, utility, media, and equipment damage Flood - structural, utility, media, and
Hurricane
structural, utility, media, and equipment damage plus availability of key personnel
Accreditation Standards mandate:
that healthcare organizations have an emergency plan that identifies potential hazards, their impact on services, and measures to handle and recover from emergencies.
Continuity planning or Business continuity planning (BCP)
the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical functions within a predetermined time after a disaster or extended disruption. Continuity planning is the process of ensuring the uninterrupted operations of critical services regardless of any event that may occur.
Social upheaval
union strike, social protests, and so forth reduce the availability of personnel and supplies
Telecommunications
wire line or wireless