Presentation on theme: "Information Management and Technology"— Presentation transcript:
1Information Management and Technology MHRA InspectionInformation Management and Technology
23 Possible Issues for Inspection Disaster recoveryAppropriate computer systems & system securityData security & data backup
3Disaster RecoveryThere is a University-wide disaster recovery procedure in place by Information Services (INSRV)!Includes: network infrastructure, networked data storage (S: and H: drives) and services under SLA with INSRV (Medic database & web server for e.g.)Does NOT include: your PC’s hard disk, laptops, data storage device or server not under SLA with INSRV)INSRV Service Desk and Operations Team available between 8:00-22:00 week days.A plan for re-establishing or reproducing computer operations after a catastrophic event, such as a fire or earthquake.Over the last 5 years I have had to initiate2 disaster recovery procedures. One time there was a flood in a computer machine room. Second time we were a victim of a hacker.I have known Information Services to initiate a DR plan a few times, including when contractors have dug up fibre optic data cables. Must not be complacent.
4HELP! Service Desk: InsrvConnect@cf.ac.uk (9:00-17:00) (9:00-17:00)Operations:(8:00-9:00 & 17:00-22:00)Suddenly find the network down – don't presume someone else has contacted the Service Desk – this is the first port of call if you get in to trouble. They will coordinate appropriate action and initiate the DR procedure if appropriate.
5Local Disaster Recovery Policy? For own servers / data storage devices not covered by INSRV or Trust SLAWritten procedure should include:Named contacts & communication to end usersDamage assessment and reportingRecovery procedure (location of backups, steps needed to recover data and service and by whom)Confirm services and data are restored to acceptable levelCommunication.
6Appropriate computer systems Are computer systems fit for purpose?PC versus network serverMS Access DB versus enterprise DBBe wary of using MS Access or Excel (limitations in restricting access to data and in locking down the data for analysis)Medical device that can be defined as a computer system (e.g. has its own in-built software)Appropriate documentationSupported workstations, are they in warranty etc?Documentation – manufactures documentation, standards & kite marks (medical devices)
7Computer system security Do you have your own servers?Restricted physical accessAppropriate location, air conditioningSecure data backup & restore proceduresAnti-Virus & Firewall PoliciesNetwork securityS: drive folders are locked down to ONLY the users who need accessAppropriate password securityDocument these procedures!
8Data security & data backup Can data be locked down to specific users?Yes: network storage (S: drive), serversNo: either move to above and secure, or encryptLaptops: If they HAVE to be used for trial, please install encrypted data volumes (speak to me!)CDs / Memory sticks: Avoid if at all possible or use encryptionEncryption is only as good as the passwordApplies to live data and backed up data.What Encryption technology? FIPS standard. Contact me for information.
9...Data security & data backup S: drive and servers under SLA are securely backed up by INSRVIf not, ensure other means but do not rely on a single backup source (such as one external hard drive)Ensure backup drives are encrypted or locked away in fireproof safeCreate a backup policy so you can retrieve not just “last night’s backup” but the week or month before if necessaryConduct regular test restores. Document it.
10IT SurveyPlease complete this short survey – it will give us a better idea of what is “out there” in order to prepare for MHRA.
11Concerned? Please speak to me or one of my colleagues: Tel.Thank you