Transcript Document

Social Housing Continuity in
IT Forum
Welcome & Housekeeping
•
•
•
•
•
•
Mobile phones/PDAs to silent please
Fire alarms / evacuation procedures
Refreshments at 11:20 & lunch at 12:30
Toilets
Presentations available after the event
Special offer
About our Birmingham site
Business Continuity & Workarea Recovery Centre
•
•
•
•
•
Workarea, IT, Mobile & Datacentre facility
15 self-contained recovery suites
450 fully equipped positions each with DDI telephony
450 high specification PCs with TFT screens
Auxiliary office equipment including faxes/photocopiers/printers
• 4 meeting/managers rooms
• 1 conference room
• Teleconferencing facilities
• Incident command/war room
• Secure reception area
• Kitchen facilities available to all suites
• On-site parking
West Midlands
Business Continuity Centre
West Midlands Business Continuity Centre
Welcome!
Social Housing Continuity in IT Forum - Agenda
• 10:00 Welcome, introductions & objectives – Mike Osborne, MD
• Including common customer concerns
• 10:30
ICO report & warning to Housing Associations – discussion points around compliance
• 10:50
Customer examples of achieving data protection standards
• 11:00
Is your BIA redundant? How to recover everyone in 24 hours (Service demonstration)
• 11:30
Networking & refreshment break (& demo*)
• 11:45 Tour & Cloud Backup & Recovery demo - discussion points around your data make-up and
archiving
• 12:45
Orbit Housing Group: Our Phoenix Journey - including BIA and managed recovery services
• 13:05
Summary, Q&A
ICO Report & Advisory
Information Commissioner’s Office Report
Some Context
In 2012/13 the ICO undertook nine advisory visits to social housing organisations to get a better
understanding of the processing they undertake and the circumstances in which they operate.
Advisory visits are a one day informal visit to look at how an organisation handles personal
information where the ICO staff provide practical advice and guidance on site and a short report
after the visit. The visits typically focus on information security and records management.
Since 2011 the ICO has also undertaken four audits of social housing organisations. Audits are aimed
at larger organisations that have the basics in place but are looking for assurance that their policies
and procedures are working in practice. The audits normally look at defined scope areas, such as
governance, subject access request (SAR) handling, records management, and result in a detailed
report.
Information Commissioners Office Report
ICO advisory visits to social housing organisations
• Challenges and remedies
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Data sharing agreements
Retention schedules
Encryption of portable devices
Remote working
Training
Physical security
Secure printing
End point controls
Role based access
Monitoring
System access
Password requirements
Records inventory
Fair processing information
Staff awareness
Data protection leadership
Fax machines
Data protection policies
Information Commissioners Office Report
Retention Schedules
Housing organisations often do not have formal retention schedules in place for personal data.
Under data protection legislation, organisations should not hold personal data for longer than
necessary. Where there are retention schedules implemented they are often only applied to
physical records. Good examples of retention schedules and associated policy:
•
•
•
•
•
•
•
specify who is responsible for destroying records;
justify the retention of records based on the type;
set out how any exceptions to retention schedules are applied and reviewed;
list appropriate disposal methods and security requirements;
apply to both electronic and manual records;
set out the requirements for recording records as destroyed; and
implement checks to ensure the retention schedule is applied.
How we help you achieve this
Retention Schedules
Phoenix provides Housing Association customers with solutions that allow you to archive older
backup data for long term, either for cost or for regulatory compliance reasons which:
• Easily define specific retention schedules for each data type within every backup job
• Save money while still offering data protection by archiving obsolete versions, deleted data,
and old data
• Enables compliance with backup regulations by allowing periodic copy archiving, and by
providing data destruction (with certificate)
• Includes offsite replication option for additional redundancy and compliance
Information Commissioners Office Report
Encryption of portable devices
Portable devices that store personal data (for example laptops, USB sticks and DVD/CD media) pose
a high risk to data security. The Information Commissioner believes that portable devices that store
personal data should use encryption to protect the information. Enforcement action taken by the
Information Commissioner is often in relation to organisations failing to encrypt personal data
stored on portable devices.
Since 2010 the ICO has issued nine civil monetary penalties totalling £895,000 in cases where
personal data held on portable devices was not encrypted. While many of the housing organisations
we visited implemented encryption methods to protect personal data, not all did so.
How we help you achieve this
Encryption of portable devices
Phoenix provides Housing Association customers with integrated solutions that not only protect
the data within the data centre but can expand this capability to any endpoint device. Endpoint
data management is enhanced by offering the ability to:
• All data protected in an encrypted format to FIPS140-2 government standards (AES256)
• Remotely wipe data with selective data destruction without impacting personal data on the
same device
• Schedule periodic cleansing of enterprise data to limit the time critical resides on the device
• Geo-locate devices with your data to make fast decisions about possible breaches of data
security by location
• Provide secure, isolated, remote access from any device in a disaster with Emergency Office
Information Commissioners Office Report
Data protection leadership
Having a data protection lead helps drive compliance throughout the organisation. Most housing
organisations did not have a data protection lead. Having a lead for data protection has most
positive impact if they:
• are at board level or report directly to the board;
• have oversight (for example, through monitoring) of compliance;
• sign off on any information governance requirements for the annual statement of assurance or
equivalent; and
• are able to drive any changes required for better data protection compliance.
How we help you achieve this
Data protection leadership
Phoenix helps the IT department to share the responsibility of compliance through effective
communication and consulting services that provide:
• BC & DR gap analysis that highlight stakeholder roles & responsibilities
• Current State Assessment, BIA and BCM (part/full time)
• Bi-annual internal communications for regular updates to plans
• Software to automate the process of housekeeping and overall BC management
Information Commissioners Office Report
Data protection policies
The use of formal policies and procedures is essential for any organisation to ensure compliance
with data protection requirements. There were a number of housing organisations that
demonstrated good practice in relation to management of these policies. This included policies:
•
•
•
•
having clear owners;
being reviewed annually;
having version numbering to ensure the latest version could be identified; and
being promoted, with any training needs they raise being identified and implemented.
How we help you achieve this
Data protection policies
Phoenix provides consulting services on information security via its ITRS/BCM team . A
combination of this consulting expertise and implementation of technology can offer maximum
benefits that enable:
• IT & the wider business to work together & highlight potential gaps
• Implementation of simplified data protection solutions that compliment DR/BC
• Policy-based deletion of data through technology that provides full audit trail
• Annual testing helps to highlight any data retention issues before they become a compliance
issue
Customer Examples
Castle Vale Community Housing Association
Who they are and how we helped
Employing 100+ staff, CVCHA is a forward looking housing association
responsible for the management and maintenance of 2,400 properties in the Midlands.
Problems
• Ensure timely and effective business continuity, including provision of data recovery and backup
• Maintain staff productivity and enabling continuity or service to CVCHA residents during process
Solution & Benefits
• Phoenix implemented a Business Continuity service including Cloud Backup & Recovery and offsite
data storage
• Ship-to-site hardware replacement
• Has ensured continuity of critical business operations such as finance and housing management
• Reduced burden and reliance on internal IT staff
• Improved IT service to residents and staff
Castle Vale Community Housing Association
Proof Points
Customer of Phoenix for 10 years and have first-hand experience of disasters! Fortunately, we have
worked together to provide the expected during the unexpected.
Invocations
• Recovery at CVHA site
• Recovery at Phoenix
• Data Recovery and ship to site
Town and Country Housing Group
Who they are & how we helped
Employing 150+ staff, Town and Country Housing Group (TCHG) has a strong
commitment to quality & was the first HA in the UK to achieve the ICS’s ServiceMark.
TCHG is responsible for the management and maintenance of 9,000 properties in
Kent & the South East
Problems
• Backup & Recovery of their Housing Management System (HMS) based on Solaris
• Integrating the recovery of the HMS with existing Cloud Backup provider
Solution & Benefits
• Phoenix Cloud Backup & Recovery for HMS
• Recovery in Aston and recovered system presented securely to suite in Phoenix
Sevenoaks
• Network connectivity to Cloud Backup provider from Phoenix Sevenoaks
• Integrated recovery solution with improved RTO
Yorkshire Housing Ltd
Who they are & how we helped
Employing 750+ staff & with an annual T/O of £82M Yorkshire Housing’s mission is to be one
of the best providers of homes and support. Yorkshire Housing is responsible for the
management and maintenance of 16,000 properties throughout Yorkshire.
Problems
• Existing DR solution not designed for MPLS which limits user access in a disaster
• Tapes manually taken offsite to 2nd location in Leeds city centre
• Pressure from regulator, ICO FCA, HSE & Quality Care Commission to meet obligations
Solution & Benefits
• Disk-based backup solution with automated offsiting of encrypted data to Phoenix
• Ship to site hardware with integrated data recovery
• Remove manual process around tape management
• Annually tested to ensure audit requirements are met
• Varying data retention policies maintained by software
Tour & Cloud Backup
Demonstration
Our Phoenix Journey
Chris Page, ICT Infrastructure Manager, Orbit Group
Established 50 years
Centralised Services
37,000 properties
22 Physical HP Hosts
100,000 customers
200 Virtual Servers
1200+ staff
Citrix XenApp 6
16 regional offices
NetApp SAN
8th largest builder in UK
VMWare 5.5
80 seat Customer Contact Centre
HP Networking
Help To Buy Centre
BT MPLS to all sites
Service Matters
Checkpoint Firewalls
IS027001
W7/Win2008/SQL2008/Office365 (2015)
The Technology
The Business
About Orbit
2011 – A good year!
Group
Structure
Review
ISO27001
accreditation
Leadership
Team Review
Introduction of
Group 2020
Vision
Infrastructure
Refresh
Risk and
Compliance
Team created
IT Team
Review
IG Specialist
assigned to IT
Our challenges
Stale DR
BC a ‘hot potato’
Assumptions
Lack of DR and BC skills
Ownership
Inconsistent documentation
RPO’s driven by IT
RTO’s varied
ISO27001 assessments
Internal Audits
Additional DR storage needed
Keeping the costs down
The Solution
Managed Service for DR Recovery
Current State
Assessment
Full Process/Documentation review
Gap and Risk Analysis exercises
Addition of10TB vFiler
Work Area
Recovery
Business Impact
& Risk Analysis
(BIA)
Addition of VRP platform
Full BIA exercise
Revised contracts
Risk and Compliance own BC
BC training/advice for staff
IT Disaster
Recovery (ITDR)
Emergency
Response &
Crisis
Management
The Benefits
Benefits of the new solution
Increased ownership internally
Benefits of using Phoenix
Proven DR/BC specialists
More reliable RTO’s
Comprehensive portfolio of services
Increased skills and awareness
Fit for purpose
Enterprise class, market leading technologies
Innovative (cloud recovery)
Access to reliable, trusted and skilled engineers
Reduced risk
High level and scope of accreditations
( ISO27001)
Standardised documentation
30 minutes down the road!
Better partnership working
Q+A
Thank you for your time
Any questions?
Together, we can achieve more…
What Next?
Introducing Archive as a Service
Upcoming Phoenix archiving services
• File Archive
• Email Archive
• SharePoint Archive
• Global File Services
• Secure File Sharing
• Data Analytics
% Data in an Organisation
Importance of data over time
• 100% of Data Created today is Business Critical…
… but, under 5% of this will be business critical in a year
• 20% of Data is Critical to Running your Business
Tier 1 Data needing Backup and Business Continuance
• 80% of Data is Important to your Business
Tier 2+ Data suited to Archiving over Backup
• Annual Data Growth is 40% per Year
Capacity
optimised
Performance
optimised
How Data Ages Over Time
Phoenix Archive as a Service
Why archive?
• Remove data from expensive T1 disk
• Remove up to 80% of file data from backup
• Remove up to 80% of file data from recovery
• Remove 80% of cost from capacity-based backup software costs
• Offsite archive data to Phoenix
• Improve storage utilisation, backup and recovery!
How can you Recover Smarter with Phoenix?
Integrated Data Protection & Recovery
Faster RTO
Data Replication Services
RPO 0/RTO 1Hr
Cloud Backup & Recovery
RPO 24hrs/RTO 72Hrs
Traditional Recovery Services
RPO 24Hrs/RTO 96Hrs
Reduced Cost
Meeting Business Objectives
Thank you!
Finally!
Please complete the survey and you will receive:
• The Essential Guide to DRaaS
• The ICO Report (if requested)
Building 54 – Demo over lunch
Social Housing App for Void Properties, estate
and day to day inspection surveys
Lunch