business continuity... the risk management expo

power knowledge gives.”In accordance with that philosophy,

public sector bodies are now obligedto comply with a number of differentmandates that require them to manageand store information and be able toproduce it on demand. Under theFreedom of Information, the public has

a right to know how theirrepresentatives in the public

sector carry out their duties,why they make the decisions

they do and how they spendpublic money. Access to that

information must be granted within20 working days of a request.

Under the Data Protection Act,meanwhile, the public has a right to

know what personal data both publicand private sector organisations holdon them. A demand to see thatinformation, known as a ‘subjectaccess request’, must be satisfiedwithin 40 calendar days of its receipt.

These days, much of that informationis stored in electronic format in the

computer systems of local authorities,hospitals, police stations and otherpublic sector bodies. The electronicapproach to information storage offerssome clear advantages – it saves spacethat would otherwise be taken up bybulky paper files and it allows rapidretrieval of information. But it is nosecret that those computer systems arevulnerable and, as a result, so is theinformation they contain.

That realisation is forcing ITcontinuity up the agenda at publicsector meetings, says Steve Stobo,sales and marketing director at highavailability software company NeverfailGroup. “The FOI and DPA Acts haveundoubtedly added to the pressurefaced by IT teams in the public sector.No public sector body can risk the badpublicity that would occur if it wasn’table to retrieve a piece of information

requested by a member of the public.”

Robust and highly availableFor that reason it is vital not only thatpublic sector organisations put inplace robust, high availability systems.Neverfail, for example, offers a rangeof high availability software tools forthe Microsoft technology platform,including the Exchange emailpackage, SQL database and FileServer. These tools keep the usercontinuously connected to business-critical applications, even if a failureoccurs in the operating system, ahardware component, a softwareapplication, or somewhere within thenetwork. It works by enabling a secondserver to connect with a primary serverso that switchover occurs automaticallyif the primary server fails.

That has been useful at MedwayCouncil, a large unitary authority inKent, where email has rapidly becomethe lifeblood of the organisation andwhere a loss of the email service –

used by around 7,000 councilemployees -- would seriously impact itsability to deliver service to localresidents. In recognition of that fact,the Council recently installedNeverfail for Microsoft Exchange.

“A large percentage of our contactcomes via email from members of thepublic reporting incidents such asbroken streetlights, abandoned carsand potential hazards in the area. Ifthe Exchange server goes down, whichit did recently, we cannot respond tosuch problems,” explains AndrewWright, the council’s IT manager.Because of the Neverfailimplementation, however, Wright wasnot even aware that the server had gonedown as the failover worked perfectly.

That kind of strategy is effective fordealing with the common problem of alocal drive failure. But what if the

business interruption stems from a moreserious event than a single sub-systemproblem, such as a flood or fire?

Only a remote back-up system candeal with this. In the event of abreakdown of the primary centre, thesecond centre can pick up the slackwith a complete or near-complete copyof the original data.

Remote back-up solutions do face aserious issue, though: once servers arefurther apart than roughly 16kilometres, there are noticeable lags incommunication between primary andsecondary sites that can affectperformance, as messages confirmingarrival and requests for more data arepassed back and forth.

Hitachi Data Systems has got roundthat problem, claims John Hickman,business continuity manager at thecompany. “We offer an asynchronoussolution that can overcome the lag,” heexplains. Rather than write to bothprimary and secondary serversimultaneously, asynchronous back-upallows for lags of a few seconds beforedata is successfully written to thesecondary server. “The secondaryserver won’t perform the writes until itknows it has received all the data,”says Hickman. This prevents diskcorruption in the secondary server,since it will hold off writing data that isbroken off by a breakdown in theprimary server.

However, that kind of solution iscost-effective only for the most criticalinformation. It is therefore vital that allorganisations are able to matchbusiness continuity technologies withdifferent categories of data, accordingto that data’s value. “When looking atbusiness continuity, an organisationneeds to decide how long it can

www.cirmagazine.com CIR March 2005 49

PUBLIC SECTOR CONTINUITY

JohnHickman

Keith Tilley Steve Stobo

business continuity... the risk management expo

www.cirmagazine.com48 CIR March 2005

PUBLIC SECTOR CONTINUITY

System edictThe pressure is on for

public sector organisations to maintain continuity. Jessica

Twentyman considers the value ofeffective communications channels and

how they are being maintained

o far, the Freedom of InformationAct, which came into effect on 1January 2005, seems to have

created nothing but trouble for the UKgovernment and a slew of damagingheadlines.

But current political squabbles aside,the importance of information - and theability to manage and share itappropriately – is a fundamental

democratic principle. In fact, JamesMadison, the Father of the USConstitution, outlined it as long ago as1776. “A popular government withoutpopular information or the means ofacquiring it, is but a prologue to a farce ora tragedy or perhaps both,” he wrote.“Knowledge will forever govern ignorance,and a people who mean to be their owngovernors, must arm themselves with the

S

business continuity... the risk management expo

PUBLIC SECTOR CONTINUITY

www.cirmagazine.com50 CIR March 2005

realistically afford to be without that data.Some would not be too badly affected ifthey were back up and running within 24hours or even a few days, whereas forothers, a few minutes of downtime is adisaster,” says Hickman.

As more public services are accessibleonline, however, that window of acceptabledowntime is likely to shrink in the publicservice sector even as the sheer volume ofinformation that needs to be rapidlyrecoverable expands.

That will place government IT teamsunder even more pressure. Continuityrequires highly specialised IT skills – skillsthat many public sector bodies do not havein-house.

It is hardly surprising then, that manychoose to put their IT continuity issues inthe hands of a third-party service provider.“Public sector organisations are in place tolook after the interests of the public, not torun computer systems. We can do that forthem and we can do it more cost-effectivelythan they could ever do in-house,” saysAndy Maurice, head of consultingat Iron Mountain UK, whichprovides information storage andrecovery services to a number ofpublic sector bodies including theUK Probate Service and theDepartment of Trade and Industry, as wellas 80 per cent of the FTSE 100 in theprivate sector.

These services apply to both paperdocuments and electronic files. In September2004, for example, Iron Mountain launchedits Electronic Vaulting service that enablesclients to back up data held on servers, PCsand laptops onto servers held in secure IronMountain facilities for recovery in the eventof a disaster.

Civil Contingencies ActThese strategies do much to assist publicsector organisations in recovering dataquickly. But the pressure is still mounting,especially in light of the passing of theCivil Contingencies Act in November2004. The legislation aims to provide asingle legal framework for the developmentof contingency plans to help deal withdisasters, from local flooding to a majorterrorist attack.

“What the government is saying is that in the event of a major civil issue, thepublic sector has to keep functioning andhas to keep serving the public. As I see it,the Civil Contingencies Act forces publicsector bodies to guarantee far greaterlevels of system availability than anythingrequired under the FOI and DPA Acts,”says Keith Tilley, managing director ofSungard Availability Services UK.

For the public sector, then, IT continuityis now a must- and it is increasinglyunlikely that the public it serves will letthem off the hook in the event ofdowntime, says Stobo of Neverfail. “Ascitizens become more and more confidentin interacting with the public sector online,the public sector will need to get used toliving in an ‘on demand’ world. If a citizenwants to file for planning permission overthe internet at 3am, then they’ll expect tobe able to do so. And they’ll kick up a realfuss if they can’t!”