Contact: Lynn Cox, Ext. 7426 ( [email protected])

Mike Fitch, Ext. 7846 ([email protected])

1. Purpose of Report

1.1 The reliance of the Council's business processes on IT systems and electronic information continues to grow. Every service now relies on high availability of Hantsnet - systems, internet and electronic information. Additionally, the County Council supports directly a large number of external public sector partners who use Hantsnet and other IT Services from the County Council.

1.2 This report provides an update to the Corporate Governance Committee on activities and work in progress relating to the Council's Business Continuity in the event of IT systems failure, and in reducing the risk of such failure occurring.

1.3 The work being undertaken falls largely into two categories -

· supporting wider business continuity planning for recovery or continuity of County Council services in the event of an IT service system affecting incident.

· improving the resilience of the computer suite environment in particular to avoid system failure;

2. Alignment with the Corporate Strategy

Aim 5: Improving Services

2.1 Business continuity and IT service availability is central to the operation of every part of the County Council's activities. It therefore supports all of the County Council's six aims, and in particular:

3. Business Continuity Planning

3.1 It is tempting to see the resilience of central technology (eg. the computer suite) as the single most important factor - and in terms of scale of potential disasters, this is true. However, there is a complex chain of service elements which ensure the availability of electronic information and systems, each of which must be considered in business continuity planning of County Council departments:

3.2 Additionally, service managers must consider what level of IT `insurance' is justified in business terms in order to meet the expectations of the public, and where more traditional contingency plans could be more cost effective in the event of an IT failure.

3.3 Reporting to the Risk Management Steering Group, IT Services are working with departments to identify those IT systems and applications that are critical to the Council's operations. Through a process of consultation and risk assessment, a list of critical applications has been agreed. Work is now in progress to identify and cost options for reducing the risk of an interruption to the delivery of these applications, and for expediting their recovery in the event of a failure. This could include, for example, separate "stand-by" facilities where justified.

3.4 Service heads are advised to tackle business continuity based on this and an understanding of the level of IT risks. They need to ensure business continuity planning is built into service improvement planning rather than simply assuming it is an `IT' issue about which they need not worry.

4. The Computer Suite Environment

4.1 A key consideration in managing the risk to the availability of IT systems is the environment in which the physical equipment is housed. During the last 12 months, PBRS and IT Services have reviewed and risk assessed the physical environment of the Computer Suite, producing a prioritised programme of investment to reduce the existing risk factors.

4.2 The first step was the replacement of the `chillers' and cooling tower last year. These are essential for running the hundreds of systems and applications support, and were close to end of life and were having difficulty coping with the load required to successfully cool the suite. In addition to unplanned failures, some devices had to be switched off in hot weather due to overload to protect critical applications. This work has been successful, with capacity for growth and resilience if an individual `chiller' fails.

4.3 Fire

4.3.1 Fire is a significant hazard for any computer suite containing a large number electronic equipment. Although fire detection systems are currently in place, there is no fire suppression system, and extensive damage could be caused before a fire was contained. PBRS have commissioned a modern fire detection and suppression system to mitigate this risk. Installation is anticipated to be in the first quarter of the new financial year.

4.3 Building Security

4.4.1 The location of the Computer Suite is in close proximity to a main Public Highway, Tower Street which could give rise to a potential breach of security. The following security measures are being developed and will be installed at the same time as the fire suppression system above:

· Security glazing to the Tower Street elevation of the Computer Suite.

· Upgraded door access control to the main Computer Suite.

· Installation of local CCTV to monitor visitor access to the Computer Suite.

4.5 Uninterrupted Power Supply

4.5.1 Interruption of electricity supply is perhaps the biggest single risk to Hantsnet services. Basically, the UPS in the computer suite is a large `battery' which provides short periods of protection in the event of a power cut or power `spike' It sustains the electricity supply at a steady level during minor power fluctuations or short outages, and provides sufficient time for a clean shut down of all systems during a sustained power outage. If the electricity supply failed without such protection, the entire infrastructure would `crash' in an uncontrolled manner. Recovering from such an incident would take significant time and effort, with residual problems which could last for months after the event.

4.5.2 The existing UPS provides power for just sufficient time for this shutdown at the moment, but its capacity has been reached, and has failed several times. A replacement programme is already underway, and a new UPS will be installed to provide a longer period of time for both covering short outages and this clean shutdown; it also has a measure of resilience and redundancy, so that if one UPS supply should fail, power cover is maintained. Installation is expected to occur in April/May 2005.

4.6 Electricity Generator

4.6.1 An on-going risk to the availability of IT systems is the lack of a sustained back-up power supply for the computer suite, such as a generator, and some measures are in place to mitigate this. Firstly, the UPS provides cover for short power outages.

4.6.2 In addition, the Computer Suite is served by its own dedicated electrical transformer, which ensures there are no third party demands on the electrical supply to the suite, which would otherwise be beyond the control of the County Council.

4.6.3 However, the absence of a second supply is a vulnerability and priority especially given its absence reduces our ability to persuade other public service organisations to work with the County Council (eg. the NHS). It will therefore be factored in to business case regarding the re-configuration of County Hall and possible relocation of the computer suite.

5. Recommendation

That this report is noted.