news Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.
As first reported by Computerworld, the state’s Auditor-General today released a report (PDF) in which it revealed it had examined four Queensland Departments to determine whether they had disaster recovery plans which would allow essential services to continue to function in the event of unexpected circumstances. The departments examined were Transport and Main Roads (DTMR), Natural Resources and Mines (DNRM), Science, Information Technology and Innovation (DSITI), and lastly the Department of Justice and the Attorney-General (DJAG).
The first two departments both had disaster recovery plans, although the auditor quibbled with some aspects of they were maintained. However, the latter two departments did not.
“DSITI does not have a central IT disaster recovery plan,” the auditor’s report states. “While individual business areas maintain their own plans, there is no oversight of disaster recovery planning across all business areas of the department. As a result, there are different levels of maturity across business units.”
“Two out of seven business areas do not have an updated IT disaster recovery plan. Those business areas that have a plan have not tested it. Therefore, the department cannot be assured that its response to a disaster will be planned and co-ordinated. DSITI has several agreements with IT service providers. Disaster recovery targets are not specified in these service agreements. Therefore, the department does not have assurance that those services will be restored within acceptable time frames.”
Things were worse at DJAG. “DJAG does not have up to date and ready for use disaster recovery plans,” the auditor wrote. “In addition, it does not have a facility to test recovery plans for business information systems. The department has an improvement initiative for disaster recovery planning and this activity has reached the final delivery phase.”
The news may be unexpected to some stakeholders with respect to the Queensland Government, given the history of inclement weather in the state.
The floods in the state in January 2011 took down substantial portions of the state’s telecommunications networks. Telstra was locked out of hundreds of telephone exchanges, while an AAPT datacentre went down and numerous other problems were experienced.
The auditor noted that it would expected these events to have changed the way the state handled its technology infrastructure.
“After the 2010–11 Queensland floods and the 2014 world leaders’ summit in Brisbane (G20), we expected to find departments improving or have a mature capability to prepare for or recover from disasters,” the report stated. “Our review of four departments questions the validity of this premise.”
“While two of the four departments we audited have approved and tested Information
Technology (IT) disaster recovery plans in place, the remaining two departments cannot be confident that they will restore their critical functions within acceptable timeframes for government service delivery in the case of a disruptive event.”
Queensland has one of the worst track records amongst Australian governments when it comes to its technology infrastructure.
In June 2013, for example, the state’s first comprehensive ICT Audit found that ninety percent of the Queensland Government’s ICT systems were outdated and would require replacement within five years at a total cost of $7.4 billion, as Queensland continued to grapple with the catastrophic outcome of years of “chronic underfunding” into its dilapidated ICT infrastructure.
opinion/analysis
Honestly, I am only surprised that things aren’t worse. Queensland has been chronically underinvesting in its IT infrastructure for many years now. The state has a long way to go until we can regard its IT operations as being stable and capable of dealing with extreme events.
Image credit: Rae Allen, Creative Commons
And 1 more. Shared Services went down during the flooding as most of the infrastructure responsible for paying public servants like the Police and QCS was in the Neville Bonner building. Not sure if the whole department went down but I know of 1 remote office that definitely did and was unable to process pays.
Shared Services (SSA) no longer exists. But yes, the whole department went down, there was flooding amongst the IT assets, which considering the location, was not surprising. Their staff were moved around, some have ended up at DSITI, others elsewhere.
Ultimately, these issues are not caused by the IT staff (full disclosure, I work for Qld State Government, but not for any of the above mentioned agencies), it is caused by the reason Renai states above … a lack of funding, and the unrealistic expectations from year to year for the IT staff to do more, with less (of everything, including staff).
There was an article several years ago in CIO magazine that addressed private sector and government entities alike with regards to IT spending, and a particular quote springs to mind … “CIO’s need to put away the scalpel and get out the compass”. This is just as (if not more) relevant today than it was back then.
What I question, is whether the CIO’s are having these budgetary issues forced on them by their Director Generals in the mindless expectation that IT much do more with less from year to year, or if it’s a communication problem between the CIO’s and their peers/superiors, or the outdated perspective that IT is a cost sink, rather than a business enabler (or all of the above).
… that IT *must do more ….
Missed the edit timer. Apologies there.
Most of Queensland Health’s LHHNs have a DR plan that is basically; “revert to the paper copies”
The problem is the addiction to the CBD
Hosting your data elsewhere like eight mile plains isnt in a central location
iSeek datacentre are basically in a flood areas around the gabba
Comments are closed.