Presentation on theme: "MHRA Inspection Information Management and Technology."— Presentation transcript:
MHRA Inspection Information Management and Technology
3 Possible Issues for Inspection Disaster recovery Appropriate computer systems & system security Data security & data backup
Disaster Recovery There is a University-wide disaster recovery procedure in place by Information Services (INSRV)! Includes: network infrastructure, networked data storage (S: and H: drives) and services under SLA with INSRV (Medic database & web server for e.g.) Does NOT include: your PCs hard disk, laptops, data storage device or server not under SLA with INSRV) INSRV Service Desk and Operations Team available between 8:00-22:00 week days.
HELP! Service Desk: (9:00-17:00) (9:00-17:00) Operations: (8:00-9:00 & 17:00-22:00)
Local Disaster Recovery Policy? For own servers / data storage devices not covered by INSRV or Trust SLA Written procedure should include: Named contacts & communication to end users Damage assessment and reporting Recovery procedure (location of backups, steps needed to recover data and service and by whom) Confirm services and data are restored to acceptable level Communication.
Appropriate computer systems Are computer systems fit for purpose? PC versus network server MS Access DB versus enterprise DB Be wary of using MS Access or Excel (limitations in restricting access to data and in locking down the data for analysis) Medical device that can be defined as a computer system (e.g. has its own in-built software) Appropriate documentation Supported workstations, are they in warranty etc?
Computer system security Do you have your own servers? Restricted physical access Appropriate location, air conditioning Secure data backup & restore procedures Anti-Virus & Firewall Policies Network security S: drive folders are locked down to ONLY the users who need access Appropriate password security Document these procedures!
Data security & data backup Can data be locked down to specific users? Yes: network storage (S: drive), servers No: either move to above and secure, or encrypt Laptops: If they HAVE to be used for trial, please install encrypted data volumes (speak to me!) CDs / Memory sticks: Avoid if at all possible or use encryption Encryption is only as good as the password Applies to live data and backed up data.
...Data security & data backup S: drive and servers under SLA are securely backed up by INSRV If not, ensure other means but do not rely on a single backup source (such as one external hard drive) Ensure backup drives are encrypted or locked away in fireproof safe Create a backup policy so you can retrieve not just last nights backup but the week or month before if necessary Conduct regular test restores. Document it.
IT Survey Please complete this short survey – it will give us a better idea of what is out there in order to prepare for MHRA.
Concerned? Please speak to me or one of my colleagues: Tel Thank you