news Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.
As first reported by Computerworld, the state’s Auditor-General today released a report (PDF) in which it revealed it had examined four Queensland Departments to determine whether they had disaster recovery plans which would allow essential services to continue to function in the event of unexpected circumstances. The departments examined were Transport and Main Roads (DTMR), Natural Resources and Mines (DNRM), Science, Information Technology and Innovation (DSITI), and lastly the Department of Justice and the Attorney-General (DJAG).
The first two departments both had disaster recovery plans, although the auditor quibbled with some aspects of they were maintained. However, the latter two departments did not.
“DSITI does not have a central IT disaster recovery plan,” the auditor’s report states. “While individual business areas maintain their own plans, there is no oversight of disaster recovery planning across all business areas of the department. As a result, there are different levels of maturity across business units.”
“Two out of seven business areas do not have an updated IT disaster recovery plan. Those business areas that have a plan have not tested it. Therefore, the department cannot be assured that its response to a disaster will be planned and co-ordinated. DSITI has several agreements with IT service providers. Disaster recovery targets are not specified in these service agreements. Therefore, the department does not have assurance that those services will be restored within acceptable time frames.”
Things were worse at DJAG. “DJAG does not have up to date and ready for use disaster recovery plans,” the auditor wrote. “In addition, it does not have a facility to test recovery plans for business information systems. The department has an improvement initiative for disaster recovery planning and this activity has reached the final delivery phase.”
The news may be unexpected to some stakeholders with respect to the Queensland Government, given the history of inclement weather in the state.
The floods in the state in January 2011 took down substantial portions of the state’s telecommunications networks. Telstra was locked out of hundreds of telephone exchanges, while an AAPT datacentre went down and numerous other problems were experienced.
The auditor noted that it would expected these events to have changed the way the state handled its technology infrastructure.
“After the 2010–11 Queensland floods and the 2014 world leaders’ summit in Brisbane (G20), we expected to find departments improving or have a mature capability to prepare for or recover from disasters,” the report stated. “Our review of four departments questions the validity of this premise.”
“While two of the four departments we audited have approved and tested Information
Technology (IT) disaster recovery plans in place, the remaining two departments cannot be confident that they will restore their critical functions within acceptable timeframes for government service delivery in the case of a disruptive event.”
Queensland has one of the worst track records amongst Australian governments when it comes to its technology infrastructure.
In June 2013, for example, the state’s first comprehensive ICT Audit found that ninety percent of the Queensland Government’s ICT systems were outdated and would require replacement within five years at a total cost of $7.4 billion, as Queensland continued to grapple with the catastrophic outcome of years of “chronic underfunding” into its dilapidated ICT infrastructure.
Honestly, I am only surprised that things aren’t worse. Queensland has been chronically underinvesting in its IT infrastructure for many years now. The state has a long way to go until we can regard its IT operations as being stable and capable of dealing with extreme events.