Bengkel Pengurusan Kesinambungan Perkhidmatan (BCM) Sektor Awam Anjuran MAMPU

Di Pusat latihan NUBE, Port Dickson

25 Ogos 2008 (Isnin)

For

Disaster Recovery for POWER System2

POWER SystemDisaster Recovery FacilityDisaster Recovery Project Activity

Risks Assessment

DRP Development

Asset Acquisition

DR Testing & Maintenance

Lessons LearntQ/A

Presentation Scope

Disaster Recovery for POWER System3

POWER System

Pensions integrated system (October 2004, outsourced)

Pensions portal (September 2005, in-housed) 548 users (Putrajaya, Kota Kinabalu, Kuching & Maju Junction),

Post: 625

512,000 pensioners & pensions recipients RM550M – 720M pensions benefits paid monthly

(RM7.04billion for 2007, RM6.73billion for 2008)

ICT maintenance 2007: RM931K (Servers, Network & DRF: RM781K; PCs, NBs, printers, scanners: RM150K)

ICT maintenance 2008: < RM800K Year 2008: DR services & PCs & printers maintenance - in house

(RM355K in 2007)

Pensions Online Workflow EnviRonment

Disaster Recovery for POWER System4

POWER System & Pensions Portal

SPPP

POWER DB

SPT

SKAP

SKP

Portal

POWERWEB

KNOWLEDGEBASE

Data

Information, queries

PensionsActs & Policies

Data

Image

Data

Data

Documents, Data

Data

Data

Data snapshot

Image

Image

Data

AA

AB

Feedbacks

Queries,Acknowledgement

Documents

Cheques

Warrants

Image

Statistics

POWERApplication

http://www.jpapencen.gov.my

IMAGEDB

EXTERNAL AGENCIES DB

AA

AB

Entities which provide or receive information to/or from POWER System including JPA top Mgt and external agencies

Pensioners & pensions recipients, Pensions Dept. Staff, public

SPPP: Pensions Registration & Processing System SPT : Derivative Pension SystemSistem Penyelarasan Pencen & Sistem Perubatan

SKAP: Pensions Financial & Accounting SystemSKP : Pensions Control & Enforcement System

Disaster Recovery for POWER System5

Disaster Recovery Facility

2004 – Qtr1 2008 HeiTech Padu DR Centre

Kelana Jaya/Bkt Jelutong

Services: offsite data storage facility, DR test facility & test reports, DRP maintenance, DRF (6 servers, 4 printers, LAN, 10 PCs, office equipment, work area)

Max. 10 users

3 tests per year

Set up: RM128,400

Service: RM260K per year

Qtr2 2008 onwards Kaunter Perkhidmatan JPA,

Maju Junction, Kuala Lumpur

Offsite data storage

DRF facility (H/W, S/W, LAN, physical security equipment): acquisition process (RM1milion)

Max 25 users

Temporary: 4 servers, 10 PCs, printers

2 tests: Sept 08 & Nov 08

In-house

Standby facility for processing of critical POWER applications

Disaster Recovery for POWER System6

DR Project Activity

Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy

Phase 2 – DR Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan

Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP

Phase 3 – Infrastructure Acquisition • If outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,

office equipment, etc.

Disaster Recovery for POWER System7

Risks Assessment Functions Assessment:

SKAP: most critical application

SPPP & SPT

SKP, Sistem Penyelarasan & Sistem Perubatan: least critical

Facilities & Data Evaluation: Physical security, power supply, air condition

Anti-virus protection for all (servers and PCs)

Backup procedure

“Clean desk” environment

Select Recovery Strategy: Location of DRF (building access, not disaster prone)

Hot, warm, cold site? Networked?

Offsite data storage facility

Disaster Recovery Cycle

Disaster Recovery for POWER System8

Disaster Recovery Cycle

Declare Disaster ?

Repair/Stay Home

Return to Normalcy

Implement Plan1. Assemble Team2. Retrieve Data/Docs3. Recovery Steps

Recovery Complete

Yes

No

Recovery

Incident

Supervisor

Damage Assessment& Recommendation

Escalation

Non Life Threatening

Life Threatening EmergencyResponse

Incident Report

Disaster Recovery for POWER System9

DR Project Activity

Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy

Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan

Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP

Phase 3 – Infrastructure Acquisition • Outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,

office equipment, etc

Disaster Recovery for POWER System10

Disaster Management Team

Recovery Manager•Plan Implementation•Viability of the Plan•ICT Continuity

Recovery Coordinator•Plan Maintenance•Plan Testing•Staff Recovery Training

Corporate•Legal / Compliance•Image (public/customers)•Financial Loss

Operations•Effectiveness•Business Continuity•Resources Availability

Technology•Availability•Data Integrity & Security•Communications

Administration•Facilities & Security•Safety (staff & public)•Staff Availability

General Responsibilities

Authorized toDeclare Disaster

Management Team

Damage Assessment Team

Recovery CoordinatorPn. Siti Jauyah Sibo

Recovery Manager &Assessment Leader

Hjh Nor'ini Ab. Rahman

Corporate

Pn Munirah Abd Bajanudin

Technology

En Zulkarnain Rahimi

Operations

Pn Manuriani Tahir

Administration

En. David A/L Rowbin

Disaster DeclarersDato’ Yeow Chin Kiong - PrimaryPn Sadiah Abu Samah - Alternate

ICT Recovery Team Leaders

En Fadhil bin AwangDB, Image & Branch

En Zulhaizal ZulkifliNetworks & Technical

En Mokhzani MahmoodBatch, Apps & Web

Disaster Recovery for POWER System11

DR Plan - ContentsExecutive Overview Section1. Purpose of the Plan2. Scope & Assumptions3. Crisis Management4. Team Responsibilities5. Initiating Recovery6. Plan Administration7. Test Procedures8. Procurement9. Home Site Restoration

AppendicesA. Management Call ListB. Critical Functions ListC. Vendor/Suppliers ListD. Policy StatementsE. Recovery SiteF. Additional ContactsG. Insurance InfoH. Command CentersI. Contingency Planning Basics

Recovery Procedures Section1. Team Assembly2. Data Retrieval Procedures3. Detailed Recovery Steps

● Batch server● Application Server● Database Server● Image Server● Branch Server● Web Server

4. Return to Normalcy

AppendicesA. Department Call ListB. Critical InventoryC. Configuration Diagram

Disaster Recovery for POWER System12

DR Project Activity

Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy

Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan

Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP

Phase 3 – Infrastructure Acquisition

• Outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,

office equipment, etc.

Disaster Recovery for POWER System13

DR Project Activity

Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy

Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan

Phase 4 - Plan Testing &Maintenance• Periodic Testing • Review DRP• Amend DRP

Phase 3 – Infrastructure Acquisition • Outsource: vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,

office equipment, etc)

Disaster Recovery for POWER System14

DRP Testing & Maintenance

Plan Testing Define Test Objectives

Define Activity, Activity Schedule

Walkthrough

Test Monitoring

Post-mortem report

Plan Maintenance Review DRP against

current operations

Review DRP against Test Report

Update DRP

Redistribute to key personnel

Disaster Recovery for POWER System15

Lessons Learnt Disaster Recovery Approach

Can afford downtime?

Down time - how long? <24 hours??

Data & application classification (very important, important, not so, etc)

Infrastructure: availability, accessibility

Compliance & investments on infrastructure

Interactions with management, users, vendors, suppliers

DRF location:● Building (not disaster prone, easy to access )● Physical Security (building, Server Room, work

area)● Office facility (air conditioner, telephones, coffee

corner, etc)

Disaster Recovery for POWER System16

Lessons Learnt (cont.)DR Test

Walkthrough session: users availability

Identify testers, test script preparation, data for testing

Logistics for testers (transport, meals, etc.)

Test Activity Log & Test Report

Post Mortem

DRP Management :Difficult to update

Back up procedures:● Data Centre & Offsite

Outsource or in-house ???

Disaster Recovery for POWER System17

Conclusion

BC or DR provides the tools to plan and react in a positive way. It eliminates the stress in case of a disaster, because:

- the framework is in place - the decision process is thought through- the action to be taken is prescribed

All we need to do “to recover” is just to activate the plan…..and … to keep our fingers cross..!

Thank Younorini@jpa.gov.my