Documente Academic
Documente Profesional
Documente Cultură
28
Capacity Management
Information Security Branch, Office of the Chief Information Officer
Ministry of Citizens’ Services, Province of British Columbia
http://www.cio.gov.bc.ca/cio/informationsecurity/index.page?
The policies associated with capacity management are intended • Information Technology Infrastructure Library (ITIL)
to: http://www.itil-officialsite.com/home/home.asp
• Ensure the availability and integrity of the information • General Incident or Loss Report (GILR)
technology infrastructure. http://gww.eforms.gov.bc.ca/
• Ensure that the capacity of information technology resources • Information Incident Reporting - Shared Services BC Service
meet current and future business needs. Desk at 250 387-7000 or 1-866 660-0811, Select Option 3
• Ensure that the availability and performance of information
resources is maintained at agreed service levels.
• Ensure processes for managing capacity utilization and References
performance are implemented.
Document Description
Responsibilities of all Personnel
Core Policy and Procedures Manual
http://www.fin.gov.bc.ca/ocg/fmb/manuals/CPM/CPMtoc.htm
Things to do:
• Use established processes for estimating and monitoring 12 Information Management and Information Technology
capacity requirements. Management
• Include capacity requirements in specifications for new or 13 Financial Systems and Controls
enhanced information systems.
• Initiate revisions to Disaster Recovery Plans when capacity Information Security Policy
requirements change. http://www.cio.gov.bc.ca/local/cio/informationsecurity/policy/isp.pdf
• Ensure that capacity management testing is done for normal 5.2.2 Supporting Utilities
and peak utilization periods.
6.2.1 Service Delivery
Things to avoid:
• Implementing new or significant changes to information 6.3.1 Capacity Management
systems prior to completion of capacity tests. 6.3.2 System Acceptance
Things to report: 6.10.3 Protection of Log Information
• Unexplained degradation or outage of service.
• Actual and suspected security incidents and events as 8.4.1 Control of Operational Software
required by the Information Incident Management Process. Standards and Guidelines
• File a General Incident or Loss Report (GILR) within 24 Chapt. 3 IM/IT Standards Manual
hours of a security incident. http://www.cio.gov.bc.ca/local/cio/standards/
documents/standards/standards_manual.pdf
Responsibilities of Management Business Application Security Standards (BASS-DRAFT)
Contact Information Security Branch
Things to do:
Information Incident Management Process
• Ensure that the Service Level Agreements define capacity
http://www.cio.gov.bc.ca/local/cio/information_
requirements. incident/information_incident_management_process.
• Ensure capacity requirements are planned, defined, tested pdf
and managed throughout the life cycle of information
technology resources.
• Ensure that capacity is tested during system acceptance. Key Contacts
• Ensure Disaster Recovery Plans are updated and tested.
• When a security or privacy breach has occurred, review and
revise related policies and processes as needed. Contact Link
Things to pay attention to: Office of the Chief Information http://www.cio.gov.bc.ca/
• Unanticipated changes to capacity requirements. Officer
Things to establish procedures for: Information Security Branch, http://www.cio.gov.bc.ca/cio/
• Reviewing and projecting capacity requirements prior to the Office of the Chief Information informationsecurity/index.page?
annual budget cycle. Officer
Things to report:
• Unexplained degradation or outage of service.
Things to reinforce with personnel:
• The importance of managing capacity.
• The importance of understanding and following policies,
standards and processes.
• Ensure the use of the Information Incident Management
Process when required.