KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY #3200 REVISION #0
1.0 TITLE: Business Contingency Planning
1.1 EFFECTIVE DATE: September 1, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: Communications, computing and information technology facilities and services of state agencies, boards and commissions are increasingly critical to the normal operations of the state.
This policy is for the development of agency business contingency plans to ensure that state agencies, boards and commissions can continue critical operations during any disruption and resume normal operations within a reasonable period of time.
As the mission and nature of each state agency differs considerably, the specific risks associated with information technology facilities and services will require tailoring of business contingency plans to these needs. However, the format and contents need to be compatible with and support the state’s model business contingency plan.
3.0 ORGANIZATIONS AFFECTED: All state agencies, boards and commissions.
4.0 REFERENCES:
4.1 K.S.A 75-4741 authorizes the Kansas Information Resources Council(KIRC) to approve policies for the management of the state’s information resources.
5.0 DEFINITIONS:
5.1 Definitions for the implementation of this policy are contained in CIA Procedure #3200 which is to be maintained by the Chief Information Architect (CIA).
6.0 POLICY: It is the intent of KIRC that all state agencies, boards and commissions
shall:
6.1 Raise the awareness within their organization of the need to protect the State's investment in information resources and related business processes.
6.2 Designate a person(s) to be responsible for business contingency planning, which includes coordinating the development and maintenance of the plan.
6.3 Perform a Business Impact Analysis to define the agency’s critical applications and potential financial and other risks associated with the disruption of these applications.
6.4 Develop, implement, maintain and test business contingency plans for mission-critical information and telecommunication systems. Agencies are responsible and accountable for their own business recovery plan.
6.5 Develop agency business contingency plans capable of being incorporated into an over-all state wide business contingency plan. All data resources are to be included within the scope of these planning efforts.
6.6 Train employees in the implementation and execution of the business contingency plan. Recovery teams should exercise the procedures documented in the plan.
6.7 Actively pursue means of mitigating business disruptions. Cost justified controls should be implemented to lessen service disruptions. Business contingency procedures should be developed for all new systems and major upgrades to existing systems.
7.0 PROCEDURES:
7.1 Procedures for the implementation of this policy are contained in CIA Procedure #3200 which are to be maintained by the Chief Information Architect.
8.0 RESPONSIBILITIES:
8.1 Heads of agencies, board and commissions are responsible for implementing this policy within their organizations.
8.2 The Division of Information Systems and Communications (DISC) is responsible for the coordination of a statewide information resource disaster recovery/business resumption plan.
8.3 The CIA is responsible for the maintenance of this policy and the related Procedure #3200.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011 concerning the policy and procedure. Division of Information Systems and Communications, Manager of the Disaster Recovery Function 913-296-3343 concerning the statewide information resource disaster recovery/business resumption plan.
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY #3210 REVISION #0
1.0 TITLE: Business Contingency Planning
1.1 EFFECTIVE DATE: January 1, 1997
1.2 TYPE OF ACTION: New
2.0 PURPOSE:
2.1 To implement the Kansas Information Resources Council
Information Technology Policy #3200 concerning Business
Contingency Planning for an agency's information technology and
communications resources.
3.0 ORGANIZATIONS AFFECTED: All state agencies, boards and
commissions.
4.0 DEFINITIONS:
4.1 DISASTER RECOVERY/BUSINESS CONTINGENCY these are commonly
used terms to refer to the recovery of service following either a
disaster or other actions which would disrupt business activity.
4.2 DISASTER any sudden or unplanned calamitous event that causes
a significant disruption in information systems and/or
telecommunications systems that affects the operation of an
organization.
4.3 RECOVERY PLAN is a document used to define actions to be
taken in the event of a disaster and reduce the number of
decisions required during a stressful situation.
4.4 BUSINESS RESUMPTION is the process of restoring business
activity to an acceptable level, and then to a normal level after
an emergency event has disrupted normal operations.
4.5 BUSINESS IMPACT ANALYSIS is the evaluation of the
quantitative effect on the organization if certain business
functions or application systems cannot be performed.
5.0 PROCEDURES:
5.1 Appendix A provides a model plan which outlines the contents
and the format of an agency business contingency plan.
5.2 Steps for developing an agency business contingency plan, as
well as questions, an agency business contingency plan need to
address are listed below. The magnitude of the planning effort
will relate to the size of the organization. However, each agency
needs follow the same general procedures.
5.2.1 The business contingency planning process includes the
following activities:
1. Develop a project plan for the development of the agency's
business contingency plan, including any assumptions and the
planning responsibilities.
2. Conduct the Business Impact Analysis/Vulnerability Assessment.
3. Determine Recovery Strategies which will be based upon the
length of time the agency can function without the business
process or the supporting information resources.
4. Identify and acquire cost justified resources t support the
Plan.
5. Define the Emergency Response Procedures (what immediate
action are required when a disaster occurs).
6. Define the Recovery Operations Procedures (how to get the
agency functioning again).
7. Develop and document the agency business contingency plan
based upon the information gathered in the steps above.
8. Train employees on their responsibilities in the event of a
disaster.
9. Test the agency's Business Contingency Plan.
10. Maintain the agency's Business Contingency Plan.
5.2.2 A Business Contingency Plan generally addresses the
following:
1. Identification of critical applications and processes.
2. Actions to be taken during the four phases of a business
resumption:
a) Response (initial action following a disastrous event),
b) Resumption (establishing the alternate processing site and
begin processing time-sensitive business functions),
c) Recovery (resume processing for less time-sensitive business
functions),
d) Restoration (returning to the original processing site).
3. Identification of critical personnel and event notification
information.
4. Identification of minimum recovery hardware configuration.
5. Identification of required software.
6. Scripts describing how to acquire necessary resources:
a) Vendor information
b) Supplies information
5.3 The agency business contingency plans are to be reviewed and
updated annually by the agency. Portions of the plan, which are
name oriented, may need to be reviewed at least quarterly. An
executive summary of the plan is to be sent to the Chief
Information Architect, with the complete plan subject to a
detailed review by the Chief Information Architect. One copy of
the principle sections of the plan are to be sent to the Division
of Information Systems and Communications for coordination of a
statewide plan and for archive storage.
5.4 This policy will be phased into operation according to the
following schedule:
5.4.1 Beginning May 1, 1997, all new systems will have business
contingency plans and recovery procedures included within the
scope of the project where reasonable and cost justified.
5.4.2 By September 15, 1997, state agencies, boards and
commissions will have completed a work plan for conducting a
Business Impact Analysis and developing a Business Contingency
Plan for their critical application.
5.4.3 By December 31, 1998, state agencies, boards and
commissions will have completed a Business Impact Analysis for
their critical applications.
5.4.4 By June 30, 1999, state agencies, boards and commissions
will send an executive summary of the Plan to the Chief
Information Architect, with the complete plan subject to detailed
review by the Chief Information Architect. One copy of the
principle sections of the plan are also to be sent to the
Division of Information Systems and Communications.
6.0 CANCELLATION: None
7.0 CONTACT PERSON: Chief Information Architect 913.296-3011
concerning the policy and standard. Division of Information
Systems and Communication, Manager of the Disaster Recovery
Function 913.296-3343 concerning the statewide information
resources disaster recovery/business resumption plan.
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY #5100 REVISION #0
1.0 TITLE: Kansas Geographic Information Systems Metadata Standard
1.1 EFFECTIVE DATE: October 1, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish a policy concerning the documentation standard for geographic information systems (GIS) databases.
3.0 ORGANIZATIONS AFFECTED: All state agencies, boards, commissions, and Regents’ institutions.
4.0 REFERENCES:
4.1 K.S.A. 75-4741 authorizes the Kansas Information Resource Council to approve policies for the management of the state’s information resources.
4.2 EXECUTIVE ORDER #95-180 directs the Kansas GIS Policy Board to develop and maintain policies, standards, guidelines, and strategies which emphasize cooperation and coordination among agencies, organizations, and government entities developing and implementing GIS technology in order to maximize the cost effectiveness of GIS and their value to the state.
5.0 DEFINITIONS/BACKGROUND:
5.1 DEFINITIONS
5.1.1 Content Standards for Geospatial Metadata is the GIS database documentation standard developed by the Federal Geographic Data Committee.
5.1.2 Federal Geographic Data Committee was established by Office of Management and Budget Circular A-16. The Federal Geographic Data Committee promotes the coordinated development, use, sharing, and dissemination of geographic, or geospatial, data.
5.1.3 GIS Databases are defined as those databases that are designed and developed for use with GIS software. These include all databases with locational, or geospatial, components that may be used to link tabular data to location specific points, lines, and polygons.
5.1.4 Kansas Core GIS Database(s) are the collection of GIS databases developed, purchased, or otherwise acquired by the Kansas GIS Policy Board for official distribution through the Board’s Data Access and Support Center.
5.1.5 Kansas GIS Community is defined as the growing community of users of GIS technology in Kansas. This community includes users at all levels of government, academic institutions, and public and private organizations throughout Kansas.
5.1.6 Kansas GIS Data Access and Support Center is the GIS data repository and distribution center for the Kansas GIS Policy Board.
5.1.7 Kansas GIS Policy Board is established by Executive Order #95-180 to coordinate the development, implementation, and management of GIS technology in Kansas government. The Kansas GIS Policy Board is a standing committee of the Kansas Information Resources Council.
5.2 BACKGROUND
5.2.1 The mission of the GIS Standards Task Force is to develop GIS standards. Membership includes representatives from the Kansas GIS Policy Board, the Board’s Technical Advisory Committee, the Kansas Association of Mappers, the Kansas Association of Counties, the League of Municipalities, the County Clerks Association, the County Appraisers Association, the County Highway Association, the County Planning and Zoning Association, the Government Information Sciences Association, and other public and private sector organizations.
5.2.2 The Kansas Standards Task Force has sponsored multiple Forums where the Kansas GIS community has been invited to participate and assist in the development of GIS Standards. The Federal Geographic Data Committee’s Content Standards for Geospatial Metadata was recommended for adoption at one of these Forums.
5.2.3 The Kansas GIS Policy Board approved adoption of the Content Standards for Geospatial Metadata at their July, 1996 meeting. The Board not only recommends adoption of this standard for state agencies, boards, commissions and Regents’ institutions, but also strongly encourages the adoption and implementation of the standard to all users of GIS technology in Kansas.
6.0 POLICY:
6.1 All state agencies, boards, commissions and Regents’ institutions shall develop and maintain digital documentation of their GIS databases in compliance with the Kansas GIS Metadata Standard, or an official sub-set thereof, if defined and approved by the Kansas GIS Policy Board.
6.2 The Kansas Information Resource Council delegates authority for the implementation and maintenance of this Policy to the Kansas GIS Policy Board.
7.0 PROCEDURES:
7.1 This Policy is effective as of October 1, 1996. Agencies, boards, commissions, and Regent’s institutions shall comply with this Policy no later than July 1, 1997.
7.2 The Kansas Information Resources Council instructs the Kansas GIS Policy Board to insure that all GIS databases that are accepted as part of the Kansas Core GIS Database(s) and distributed through the Board’s Data Access and Support Center be documented in compliance with this Policy no later than July 1, 1997.
7.3 For the purposes of this Policy the Kansas GIS Metadata Standard is considered to be the same as, and compliant with, the Federal Geographic Data Center’s Content Standard for Geospatial Metadata.
7.4 The Kansas GIS Policy Board, in coordination with the Federal Geographic Data Committee, may define a sub-set of the Kansas GIS Metadata Standard, should the Board deem such a sub-set in the best interests of the Kansas GIS community.
8.0 RESPONSIBILITIES:
8.1 Heads of agencies, boards, commissions, departments and Regents’ Institutions will establish procedures for their organization’s compliance with the requirements of this policy.
8.2 The Kansas GIS Policy Board and its Technical Advisory Committee are responsible for the maintenance of this policy.
8.3 The Kansas GIS Policy Board’s Data Access and Support Center is responsible for the implementation and maintenance of Kansas GIS Metadata Standard compliant documentation for the Kansas Core GIS Database(s).
9.0 CANCELLATION: None
10.0 CONTACT PERSON: State GIS Coordinator, 913-296-0877