Upload
jonathan-cox
View
224
Download
4
Tags:
Embed Size (px)
Citation preview
MHRA Inspection
Information Management and Technology
3 Possible Issues for Inspection
Disaster recovery
Appropriate computer systems & system security
Data security & data backup
Disaster Recovery
There is a University-wide disaster recovery procedure in place by Information Services (INSRV)! Includes: network infrastructure, networked data
storage (S: and H: drives) and services under SLA with INSRV (Medic database & web server for e.g.)
Does NOT include: your PC’s hard disk, laptops, data storage device or server not under SLA with INSRV)
INSRV Service Desk and Operations Team available between 8:00-22:00 week days.
HELP! Service Desk:
[email protected] (9:00-17:00) 029 20 874 487 (9:00-17:00)
Operations: 029 20 874 400 (8:00-9:00 & 17:00-22:00)
Local Disaster Recovery Policy? For own servers / data storage devices not
covered by INSRV or Trust SLA
Written procedure should include: Named contacts & communication to end users Damage assessment and reporting Recovery procedure (location of backups, steps
needed to recover data and service and by whom) Confirm services and data are restored to
acceptable level Communication.
Appropriate computer systems
Are computer systems fit for purpose? PC versus network server
MS Access DB versus enterprise DB Be wary of using MS Access or Excel (limitations in
restricting access to data and in locking down the data for analysis)
Medical device that can be defined as a computer system (e.g. has its own in-built software)
Appropriate documentation
Supported workstations, are they in warranty etc?
Computer system security Do you have your own servers?
Restricted physical access Appropriate location, air conditioning Secure data backup & restore procedures Anti-Virus & Firewall Policies
Network security S: drive folders are locked down to ONLY the users
who need access Appropriate password security Document these procedures!
Data security & data backup Can data be locked down to specific users?
Yes: network storage (S: drive), servers No: either move to above and secure, or encrypt
Laptops: If they HAVE to be used for trial, please install encrypted data volumes (speak to me!)
CDs / Memory sticks: Avoid if at all possible or use encryption
Encryption is only as good as the password Applies to live data and backed up data.
...Data security & data backup S: drive and servers under SLA are securely
backed up by INSRV If not, ensure other means but do not rely on
a single backup source (such as one external hard drive)
Ensure backup drives are encrypted or locked away in fireproof safe
Create a backup policy so you can retrieve not just “last night’s backup” but the week or month before if necessary
Conduct regular test restores. Document it.
IT Survey Please complete this short survey – it will give
us a better idea of what is “out there” in order to prepare for MHRA.
Concerned?
Please speak to me or one of my colleagues:
Tel. 029 2074 6306 Email. [email protected]
Thank you