Level 2 Supporting Policies
      Back to home
      1. HealthSafe Help Center
      2. HS ISO27001 Documents
      3. Level 2 Supporting Policies

      27. HealthSafe System Planning and Acceptance Policy



      SYSTEM PLANNING AND ACCEPTANCE POLICY



      Document Identification 

      HSNZ/POL/27

      Document Name

      System Planning and AcceptancePolicy

      Master Copy

      CISO

      Version Number

      1.3

      Date Of Release 

      15 Aug 2023

      Prepared By

      Eparama Tuibenau

      CISO

      Approved by

      Kevin McAfee

      Managing Director

       


      VERSION HISTORY


      Sl No

      Version No.

      Prepared by

      Approved by

      Description of Version

      Date

      Reason for Version Change

      From

      To

      1

      1.0

      -

      CISO

      MD

      First Release

      14 Apr 2020 

      No changes made

      1

      1.0

      1.1

      CISO

      MD

      Updated

      02 Aug 2021 

      Modifications due to changes in HealthSafe

      1

      1.1

      1.2

      CISO

      MD

      Reviewed

      28 Jul 2022 

      Annual review

      1

      1.2

      1.3

      CISO

      MD

      Reviewed

      15 Aug 2023

      Annual review

      DOCUMENT STATUS


      Date

      Document Status

      14 Apr 2020

      Modified

      02 Aug 2021

      Reviewed

      28 Jul 2022

      Reviewed

      15 Aug 2023

      Current

      Table of Contents

      1 Purpose


      2 Scope


      3 Input


      4 Output


      5 Interacting Process


      6 Abbreviations, Acronyms and Definitions


      7 Procedure


      8 Monitoring the Process


      9 Records




      1. PURPOSE
        The purpose of this document is to establish and maintain a policy for system planning and acceptance for HealthSafe NZ.

      2. SCOPE
        These procedures applies to all aspects of system planning and acceptance, etc

      3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

      Abbreviation

      Description

      FH

      Functional Head

      IT

      Information Technology Department

      TL

      Team Lead

      CFO

      Chief Financial Officer

      CISO

      Chief Information Security Officer

      4 INPUT

      To ensure all hardware and software is available for continuous business operation without delay.


      5 OUTPUT

      No delay in work schedule

      6 INTERACTING PROCESS

      Administration & Finance



      7 PROCEDURE

      • The IT team monitors server performance and critical third-party systems, and informs management when there is a constraint.
      • Frequency of capacity planning is as follows:
      • Specific Planning (As and when required) 
      • Routine planning (bi-weekly)
      • New server (if required)
      • Existing server capacity - AWS resource monitoring

      A specific request will be raised by the relevant staff to CISO and from the CISO to the CEO where necessary. 

      Depending on the acceptance or rejection of the request, the IT team maintains the relevant details for reference.

      A HealthSafe Software/Hardware Requisition Form is raised and the required material is procured upon acceptance.


      Procedure for Routine Planning

      Requirements are communicated to the CISO who then seeks projections on the resource requirement to be communicated to the CEO.

      Based on the projections given by the CISO and considering the buffers to be maintained, the IT team carry out a routine review of the existing software, server, and network components as follows:


      Server

      Server maintenance is carried out by the IT team during which if any unwanted components/old files, folders etc exists, the same will be backed up to an approved location and deleted from the server as applicable.

      Logs generated and recorded in AWS about the existing servers to record the utilisation of various AWS resources.

      Based on the utilisation history and any projections IT team plans on any new resource additions to the existing server.


      HDD 

      For HDD, 25% buffer is fixed as a threshold. 

      Backups are saved into S3 while our SSD are utilised for files such as client images, pdf files, and uploaded documents within our Saas systems. 

      The Backup occurs every Saturday at midnight NZST while executing a daily instance backup cloning our AWS instance daily.


      Memory

      Memory utilisation threshold is set at 80%. 

      Cases where memory usage increases beyond its threshold, hanging processes are killed if found as an initial step. 

      In cases where such initial steps are not feasible, memory upgradation is carried out with proper approval and justification.


      CPU

      CPU utilisation threshold is maintained between the server load 60% to 70%. 

      Cases where the server load increases beyond the threshold level, IT will ‘kill’ the high usage process, increase server resource if required, and then reboot the server.


      Software 

      The IT team reviews existing software and its licenses, makes an estimate of software or licenses as applicable and valid. 

      Also requirement projection by Functional Heads is also considered during the estimation.

      Depending on the acceptance or rejection of the request, relevant details are maintained for future reference.

      Case where a request is approved, an entry into the subscription list (Subscriptions - HealthSafe) is documented and the required material/resource is procured.


      8 MONITORING PROCESS

      IT & Administration monitors these processes


      9 RECORDS

      • Subscription Register
      • AWS Usage Dashboard