SERVICE CONTINUITY MANAGEMENT POLICY STATEMENTS. 6.2.1 Backups of all essential electronically maintained County business data shall be routinely created and properly stored to ensure prompt restoration. 6.2.2 Each department shall implement and document a backup approach for ensuring the availability of critical application databases, system configuration files, and/or any other electronic information critical to maintaining normal business operations within the department. 6.2.3 The frequency and extent of backups shall be in accordance with the importance of the information and the acceptable risk as determined by each department. 6.2.4 Departments shall ensure that locations where backup media are stored are safe, secure, and protected from environmental hazards. Access to backup media shall be commensurate with the highest level of information stored and physical access controls shall meet or exceed the physical access controls of the data’s source systems. 6.2.5 Backup media shall be labeled and handled in accordance with the highest sensitivity level of the information stored on the media. 6.2.6 Departments shall define and periodically test a formal procedure designed to verify the success of the backup process. 6.2.7 Restoration from backups shall be tested initially once the process is in place and periodically afterwards. Confirmation of business functionality after restoration shall also be tested in conjunction with the backup procedure test. 6.2.8 Departments shall retain backup information only as long as needed to carry out the purpose for which the data was collected, or for the minimum period required by law. 6.2.9 Alternate storage facilities shall be used to ensure confidentiality, integrity and availability of all County systems. 6.2.10 Each department shall develop, periodically update, and regularly test business continuity and disaster recovery plans in accordance with the County’s Business Continuity Management Policy. 6.2.11 Departments shall review and update their Risk Assessments (RAs) and Business Impact Analyses (BIAs) as necessary, determined by department management (annually is recommended). As detailed in Section 14: Risk Assessment and Treatment, RAs include department identification of risks that can cause interruptions to business processes along with the probability and impact of such interruptions and the consequences to information security. A BIA establishes the list of processes and systems that the department has deemed critical after performing a risk analysis. 6.2.12 Continuity plans shall be developed and implemented to provide for continuity of business operations in the event that critical IT assets become unavailable. Plans shall provide for the availability of information at the required level and within the established Recovery Time Objective (RTO) and their location, as alternate facilities shall be used to maintain continuity. 6.2.13 Each department shall maintain a comprehensive plan document containing its business continuity plans. Plans shall be consistent, address information security requirements, and identify priorities for testing and maintenance. Plans shall be prepared in accordance with the standards established by the County’s Business Continuity Management Policy.
Appears in 3 contracts
Sources: Contract for the Provision of Bridge Program Child Care Navigator, Trauma Informed Training and Coaching, and Emergency Child Care Voucher Services, Agreement for the Provision of Refugee Social Services, Contract for the Provision of Basic Needs and Placement Preparation Services
SERVICE CONTINUITY MANAGEMENT POLICY STATEMENTS. 6.2.1 Backups of all essential electronically electronically-maintained County business data shall be routinely created and properly stored to ensure prompt restoration.
6.2.2 Each department shall implement and document a backup approach for ensuring the availability of critical application databases, system configuration files, and/or any other electronic information critical to maintaining normal business operations within the department.
6.2.3 The frequency and extent of backups shall be in accordance with the importance of the information and the acceptable risk as determined by each department.
6.2.4 Departments shall ensure that locations where backup media are stored are safe, secure, and protected from environmental hazards. Access to backup media shall be commensurate with the highest level of information stored and physical access controls shall meet or exceed the physical access controls of the data’s source systems.
6.2.5 Backup media shall be labeled and handled in accordance with the highest sensitivity level of the information stored on the media.
6.2.6 Departments shall define and periodically test a formal procedure designed to verify the success of the backup process.
6.2.7 Restoration from backups shall be tested initially once the process is in place and periodically afterwards. Confirmation of business functionality after restoration shall also be tested in conjunction with the backup procedure test.
6.2.8 Departments shall retain backup information only as long as needed to carry out the purpose for which the data was collected, or for the minimum period required by law.
6.2.9 Alternate storage facilities shall be used to ensure confidentiality, integrity and availability of all County systems.
6.2.10 Each department shall develop, periodically update, and regularly test business continuity and disaster recovery plans in accordance with the County’s Business Continuity Management Policy.
6.2.11 Departments shall review and update their Risk Assessments (RAs) and Business Impact Analyses (BIAs) as necessary, determined by department management (annually is recommended). As detailed in Section 14: Risk Assessment and Treatment, RAs include department identification of risks that can cause interruptions to business processes along with the probability and impact of such interruptions and the consequences to information security. A BIA establishes the list of processes and systems that the department has deemed critical after performing a risk analysis.
6.2.12 Continuity plans shall be developed and implemented to provide for continuity of business operations in the event that critical IT assets become unavailable. Plans shall provide for the availability of information at the required level and within the established Recovery Time Objective (RTO) and their location, as alternate facilities shall be used to maintain continuity.
6.2.13 Each department shall maintain a comprehensive plan document containing its business continuity plans. Plans shall be consistent, address information security requirements, and identify priorities for testing and maintenance. Plans shall be prepared in accordance with the standards established by the County’s Business Continuity Management Policy.
6.2.14 Each department shall define failure prevention protocols to maintain confidentiality, integrity and availability. Departments shall automate failover procedures where applicable and maintain adequate (predictable) levels of ancillary components to meet this provision.
Appears in 1 contract
Sources: Passenger Loading Bridge and Baggage Handling System Maintenance
SERVICE CONTINUITY MANAGEMENT POLICY STATEMENTS. 6.2.1 Backups of all essential electronically maintained County business data and system configurations shall be routinely created and properly stored to ensure prompt restoration.
6.2.2 Each department and/or contractor shall implement and document a backup approach for ensuring the availability of critical application databases, system configuration files, and/or any other electronic information critical to maintaining normal business operations within the department.
6.2.3 The frequency and extent of backups shall be in accordance with the importance of the information and the acceptable risk as determined by each department.
6.2.4 Departments and/or contractors shall ensure that locations where backup media are stored are safe, secure, and protected from environmental hazards. Access to backup media shall be commensurate with the highest level of information stored and physical access controls shall meet or exceed the physical access controls of the data’s source systems.
6.2.5 Backup media shall be labeled and handled in accordance with the highest sensitivity level of the information stored on the media.
6.2.6 Departments and/or contractors shall define and periodically test a formal procedure designed to verify the success of the backup process.
6.2.7 Restoration from backups shall be tested initially once the process is in place and periodically afterwards. Confirmation of business functionality after restoration shall also be tested in conjunction with the backup procedure test.
6.2.8 Departments and/or contractors shall retain backup information only as long as needed to carry out the purpose for which the data was collected, or for the minimum period required by law.
6.2.9 Alternate storage facilities shall be used to ensure confidentiality, integrity and availability of all County systems.
6.2.10 Each department and/or contractor shall develop, periodically update, and regularly test business continuity and disaster recovery plans in accordance with the County’s Business Continuity Management Policyplans.
6.2.11 Departments and/or contractors shall review and update their Risk Assessments (RAs) and Business Impact Analyses (BIAs) as necessary, determined by department management (annually is recommended). As detailed in Section 14: Risk Assessment and Treatment, RAs include department identification of risks that can cause interruptions to business processes along with the probability and impact of such interruptions and the consequences to information security. A BIA establishes the list of processes and systems that the department has deemed critical after performing a risk analysis.
6.2.12 Continuity plans shall be developed and implemented to provide for continuity of business operations in the event that critical IT assets become unavailable. Plans shall provide for the availability of information at the required level and within the established Recovery Time Objective (RTO) and their location, as alternate facilities shall be used to maintain continuity.
6.2.13 Each department and/or contractor shall maintain a comprehensive plan document containing its Docusign Envelope ID: F05240E6-2D08-4CA2-83E0-A38DCDBCDCC1 business continuity plans. Plans shall be consistent, address information security requirements, and identify priorities for testing and maintenance.
6.2.14 Each department and/or contractor shall define failure prevention protocols to maintain confidentiality, integrity and availability. Plans Departments and/or contractors shall be prepared in accordance with the standards established by the County’s Business Continuity Management Policyautomate failover procedures where applicable and maintain adequate (predictable) levels of ancillary components to meet this provision.
Appears in 1 contract
Sources: Contract Ma 063 22010967
SERVICE CONTINUITY MANAGEMENT POLICY STATEMENTS. 6.2.1 Backups of all essential electronically maintained County business data and system configurations shall be routinely created and properly stored to ensure prompt restoration.
6.2.2 Each department and/or contractor shall implement and document a backup approach for ensuring the availability of critical application databases, system configuration files, and/or any other electronic information critical to maintaining normal business operations within the department.
6.2.3 The frequency and extent of backups shall be in accordance with the importance of the information and the acceptable risk as determined by each department.
6.2.4 Departments and/or contractors shall ensure that locations where backup media are stored are safe, secure, and protected from environmental hazards. Access to backup media shall be commensurate with the highest level of information stored and physical access controls shall meet or exceed the physical access controls of the data’s source systems.
6.2.5 Backup media shall be labeled and handled in accordance with the highest sensitivity level of the information stored on the media.
6.2.6 Departments and/or contractors shall define and periodically test a formal procedure designed to verify the success of the backup process.
6.2.7 Restoration from backups shall be tested initially once the process is in place and periodically afterwards. Confirmation of business functionality after restoration shall also be tested in conjunction with the backup procedure test.
6.2.8 Departments and/or contractors shall retain backup information only as long as needed to carry out the purpose for which the data was collected, or for the minimum period required by law.
6.2.9 Alternate storage facilities shall be used to ensure confidentiality, integrity and availability of all County systems.
6.2.10 Each department and/or contractor shall develop, periodically update, and regularly test business continuity and disaster recovery plans in accordance with the County’s Business Continuity Management Policyplans.
6.2.11 Departments and/or contractors shall review and update their Risk Assessments (RAs) and Business Impact Analyses (BIAs) as necessary, determined by department management (annually is recommended). As detailed in Section 14: Risk Assessment and Treatment, RAs include department identification of risks that can cause interruptions to business processes along with the probability and impact of such interruptions and the consequences to information security. A BIA establishes the list of processes and systems that the department has deemed critical after performing a risk analysis.
6.2.12 Continuity plans shall be developed and implemented to provide for continuity of business operations in the event that critical IT assets become unavailable. Plans shall provide for the availability of information at the required level and within the established Recovery Time Objective (RTO) and their location, as alternate facilities shall be used to maintain continuity.
6.2.13 Each department and/or contractor shall maintain a comprehensive plan document containing its business continuity plans. Plans shall be consistent, address information security requirements, and identify priorities for testing and maintenance.
6.2.14 Each department and/or contractor shall define failure prevention protocols to maintain confidentiality, integrity and availability. Plans Departments and/or contractors shall automate failover procedures where applicable and maintain adequate (predictable) levels of ancillary components to meet this provision. The Commission to End Homelessness developed the Homeless Service System Pillars Report, which includes four pillars – Prevention, Outreach & Supportive Services, Shelter and Housing – that provide key interventions to assist individuals and families at risk of homelessness or experiencing homelessness. The Homeless Service System Pillars Report provides a definition and goal for each pillar thus establishing a collective understanding of the interventions, programming and outcomes expected for each pillar. Additionally, the Homeless Service System Pillars Report identifies the best practices, principles, and commitments to be prepared followed by each Pillar. On October 18, 2022, the Orange County Board of Supervisors received the Commission to End Homelessness’ Homeless Service System Pillars Report and also directed the Homeless Service System Pillars Report be utilized as a framework in accordance with the standards established by design and development of programs that address the County’s Business Continuity Management Policyneeds of individuals and families at risk of homelessness or experiencing homelessness across the County of Orange. The Homeless Service System Pillars Report can be found here: • Full Report - ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/sites/ceo/files/2022-11/CEO-DCEO22- 000856%20Attachment%20A.pdf • Summary Document - ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/sites/ceo/files/2023-02/Pillars.pdf Docusign Envelope ID: 91E37868-D6E4-407A-9351-BB84ED97D6BD Attachment A Commission to End Homelessness Homeless Service System Pillars Attestation OUTREACH & SUPPORTIVE SERVICES SHELTER
Appears in 1 contract
Sources: Contract for the Provision of Bringing Families Home Services