Los Angeles, by some measures the quintessential 21st century city, must unify its IT business continuity and disaster recovery (BC/DR) plans should a major disaster threaten its critical systems, City Controller Ron Galperin said in a new audit of its systems and networks (via Techwire).
Right now L.A.’s BC/DR blueprint is siloed by individual city departments, each of which has its own plan for how it will handle system recovery if a powerful earthquake, fire or terrorist attack takes down vital IT functions. There is no citywide responsibility for BC/DR, hence no formal plan.
An ad hoc approach will no longer suffice, the Audit of Information Technology, Disaster Preparedness, Recovery and Continuity said. What’s needed, the report suggests, is a steering committee to develop an all-encompassing plan that unifies the various departments’ strategies.
Key audit findings:
- Los Angeles does not have a formal citywide IT disaster recovery strategy or business continuity plan.
- Responsibility for IT business continuity and the corresponding disaster recovery is fragmented and no single city agency is responsible.
- Department-level staff do not participate in planning or testing and lack formal IT BC/DR training.
- City BC/DR planning and testing does not include an adequate number of disaster scenarios.
Key audit recommendations:
- Establish a Steering Committee to clarify the city’s Emergency Management Department as the lead agency for BC/DR planning.
- Develop and implement a citywide BC/DR plan.
- Require training and participation in disaster recovery testing plans and test cases for city BC/DR personnel.
- Ensure core infrastructure components are redundant, back up both data and systems, and facilitate remote access avoid or minimize IT interruption.
- Increase funding to expedite and upgrade key IT infrastructure.
One unstated takeaway from the study: It’s safe to assume that if L.A. believes its BC/DR planning needs some tightening, other large cities are probably in potential peril as well.
“The City needs to re-think its view of IT systems,” Galperin wrote in a letter introducing the report to Mayor Eric Garcetti, City Attorney Michael Feuer and members of the L.A. City Council. “Given the fundamental dependence we have on our critical IT systems, it is essential that we view IT as critical infrastructure, not merely software or computers.”
L.A.’s essential IT systems, owing to their impact on public safety and services, range from the police department’s dispatch and network communications systems, to the city’s emergency communications, crime monitoring, payroll and financial management, the report said.