Item - 2008.AU7.3
Tracking Status
- City Council adopted this item on May 26, 2008 without amendments and without debate.
- This item was considered by the Audit Committee on April 22, 2008 and adopted without amendment. It will be considered by City Council on May 26, 2008.
AU7.3 - Disaster Recovery Planning for City Computer Facilities
- Decision Type:
- ACTION
- Status:
- Adopted on Consent
- Wards:
- All
City Council Decision
City Council on May 26 and 27, 2008, adopted the following motions:
1. The City Manager develop a formal disaster recovery planning and preparedness protocol with the agencies, boards and commissions. The protocol should ensure co-ordination, collaboration and communication related to computer facility disaster recovery planning and preparedness.
2. The City Manager implement a disaster recovery and business continuity program that includes divisional roles and responsibilities, resource and training requirements, and simulation and plan maintenance schedules.
3. The Chief Information Officer report to the Business Advisory Panel on a periodic basis, such reporting to include updates on disaster recovery planning and preparedness for information technology systems.
4. The Chief Information Officer take action to ensure management responsible for maintaining City computer systems receive timely direction, guidance and training on preparing consistent City-wide disaster recovery plans.
5. The Chief Information Officer review the backup and storage procedures of City information technology units for:
a. compliance with acceptable standards and practices for data backup and storage requirements; and
b. divisions with the opportunity to participate in existing data storage arrangements within the City or with the outside service provider.
6. The City Manager, in consultation with the Chief Information Officer, direct divisions to test information technology disaster recovery plans on a regular basis.
7. The Chief Information Officer develop disaster recovery testing guidelines and provide training necessary to ensure cross-divisional consistency.
Background Information (Committee)
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12053.pdf
Appendix 1 - Disaster Recovery Plan
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12054.pdf
Appendix 2 - Management's Response to Auditor's Report
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12055.pdf
AU7.3 - Disaster Recovery Planning for City Computer Facilities
- Decision Type:
- ACTION
- Status:
- Adopted
- Wards:
- All
Committee Recommendations
The Audit Committee recommends that:
1. The City Manager develop a formal disaster recovery planning and preparedness protocol with the Agencies, Boards and Commissions. The protocol should ensure coordination, collaboration and communication related to computer facility disaster recovery planning and preparedness.
2. The City Manager implement a disaster recovery and business continuity program that includes divisional roles and responsibilities, resource and training requirements, and simulation and plan maintenance schedules.
3. The Chief Information Officer to report to the Business Advisory Panel on a periodic basis. Such reporting to include updates on disaster recovery planning and preparedness for information technology systems.
4. The Chief Information Officer take action to ensure management responsible for maintaining City computer systems receive timely direction, guidance and training on preparing consistent City-wide disaster recovery plans.
5. The Chief Information Officer review the backup and storage procedures of City information technology units for:
a. compliance with acceptable standards and practices for data backup and storage requirements; and
b. divisions with the opportunity to participate in existing data storage arrangements within the City or with the outside service provider.
6. The City Manager, in consultation with the Chief Information Officer, direct divisions to test information technology disaster recovery plans on a regular basis.
7. The Chief Information Officer develop disaster recovery testing guidelines and provide training necessary to ensure cross-divisional consistency.
Decision Advice and Other Information
Mr. Alan Ash, Director, Auditor General's Office, and Mr. Dave Wallace, Chief Information Officer, made a presentation to the Audit Committee on Disaster Recovery Planning for City Computer Facilities, and filed a copy of their presentation materials.
Origin
Summary
Certain additional work is needed in order to protect and maintain critical City information technology resources in the event of an extended service disruption or disaster. As the City’s Information Technology Governance and Transformation Project unfolds, management should place a high priority on addressing the challenges and gaps identified in this report in disaster recovery planning and preparedness.
The implementation of the recommendations in the report will improve the City’s approach to disaster recovery planning for City computer facilities to minimize the negative effects of extended computer service interruptions and maintain critical public services in the event of a disaster.
Financial Impact
The implementation of recommendations in this report will improve management controls over disaster recovery planning for City computer facilities. The extent of any resources required or potential cost savings resulting from implementing the recommendations in this report is not determinable at this time.
Background Information
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12053.pdf
Appendix 1 - Disaster Recovery Plan
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12054.pdf
Appendix 2 - Management's Response to Auditor's Report
https://www.toronto.ca/legdocs/mmis/2008/au/bgrd/backgroundfile-12055.pdf