Password:
L to R: Julean Self (Business Continuity Planner), Janice Hunter (Business Continuity Analyst), Dean Jones (Business Continuity Administrator), George Bakolia (State Chief Information Officer), and Ann Garrett (Chief Security Officer)
Tornadoes. Hurricanes. Fires. Human error. Software failure. Any number of threats can strike a state and its government agencies. In the last three years alone, North Carolina has been hit with Hurricane Floyd, tornadoes, and extraordinary snow storms. A single event can jeopardize the state's information technology resources, which, in turn, can hamper the delivery of critical services to the state's citizens and government agencies.
The North Carolina Office of Information Technology Services (ITS) supports the technology infrastructure needs for most of the state's public sector, including all executive branch agencies and participating non-executive public sector entities, on a cost share basis. ITS supports multiple, large, statewide business applications for health and human services, revenue, transportation, prison and corrections enterprises, financial accounting, and unemployment insurance benefits. ITS operates around the clock, every day of the year, using two large IBM enterprise servers operating in a 64-bit operating environment, multiple distributed systems including mid-range processors, and both the UNIX and Microsoft environments. Because government relies heavily on information technology for its critical operations, the availability of information technology must be assured.
Recognizing the need for continuous service, ITS established a business continuity program. The program has three full-time employees who work with ITS and its customers to develop realistic plans for recovery of the systems in case a catastrophe destroys either accessibility to the application or the application itself.
The ITS Business Continuity Plan (BCP) has as its highest priority the protection of people. The second focus is data backup, with all records being copied and stored at a remote off-site facility. The third element is the provision of alternate locations, complete with compatible computers and telephones, and up-to-date contact numbers for employees, contractors and customers.
Emergency systems are tested. Several times a year ITS conducts "hot site" drills at emergency locations where information technology systems are recovered on a remote basis. The tests ensure that critical applications, from criminal history records to radioactive waste repositories, can be brought on line within 24 hours.
The plan is inherently flexible, able to respond to diverse situations. For example, a software failure earlier this year activated two plans simultaneously: 1) ITS called the software vendor to the site; and, 2) ITS loaded critical tapes onto trucks for transport to a hot site. Had the vendor not been able to fix the problem, the hot site would have been prepared to operate systems remotely. The ITS business recovery services contractor also provides mobile data centers based in 18-wheel trucks, should such a backup be necessary. Contact Information: Ann Garrett, Chief Security Officer, 4101 Mail Service Center, Raleigh, North Carolina 27699-4101, (919) 981-5310, Fax: (919) 981-5043, ann.garrett@ncmail.net SECOND PLACE: Washington Transact Washington THIRD PLACE: Virginia Virginia Security Awareness Training (VASAT) enterprise service
OTHER NOMINATIONS: Click on the link to download program submission. Florida Enterprise Information Security
Missouri Missouri IT Advisory Board State Security Committee
Nevada Security Policies and Standards
Texas Information Security Risk Management Program
Return to 2002 Awards Main Page
