SYSTEM PLANNING AND ACCEPTANCE POLICY
Document Identification |
HSNZ/POL/27 |
|
Document Name |
System Planning and AcceptancePolicy |
|
Master Copy |
CISO |
|
Version Number |
1.3 |
|
Date Of Release |
15 Aug 2023 |
|
Prepared By |
Eparama Tuibenau |
CISO |
Approved by |
Kevin McAfee |
Managing Director |
VERSION HISTORY
Sl No |
Version No. |
Prepared by |
Approved by |
Description of Version |
Date |
Reason for Version Change |
|
From |
To |
||||||
1 |
1.0 |
- |
CISO |
MD |
First Release |
14 Apr 2020 |
No changes made |
1 |
1.0 |
1.1 |
CISO |
MD |
Updated |
02 Aug 2021 |
Modifications due to changes in HealthSafe |
1 |
1.1 |
1.2 |
CISO |
MD |
Reviewed |
28 Jul 2022 |
Annual review |
1 |
1.2 |
1.3 |
CISO |
MD |
Reviewed |
15 Aug 2023 |
Annual review |
DOCUMENT STATUS
Date |
Document Status |
14 Apr 2020 |
Modified |
02 Aug 2021 |
Reviewed |
28 Jul 2022 |
Reviewed |
15 Aug 2023 |
Current |
Table of Contents
1 Purpose
2 Scope
3 Input
4 Output
5 Interacting Process
6 Abbreviations, Acronyms and Definitions
7 Procedure
8 Monitoring the Process
9 Records
- PURPOSE
The purpose of this document is to establish and maintain a policy for system planning and acceptance for HealthSafe NZ. - SCOPE
These procedures applies to all aspects of system planning and acceptance, etc - ABBREVIATIONS, ACRONYMS AND DEFINITIONS
Abbreviation |
Description |
FH |
Functional Head |
IT |
Information Technology Department |
TL |
Team Lead |
CFO |
Chief Financial Officer |
CISO |
Chief Information Security Officer |
4 INPUT
To ensure all hardware and software is available for continuous business operation without delay.
5 OUTPUT
No delay in work schedule
6 INTERACTING PROCESS
Administration & Finance
7 PROCEDURE
- The IT team monitors server performance and critical third-party systems, and informs management when there is a constraint.
- Frequency of capacity planning is as follows:
- Specific Planning (As and when required)
- Routine planning (bi-weekly)
- New server (if required)
- Existing server capacity - AWS resource monitoring
A specific request will be raised by the relevant staff to CISO and from the CISO to the CEO where necessary.
Depending on the acceptance or rejection of the request, the IT team maintains the relevant details for reference.
A HealthSafe Software/Hardware Requisition Form is raised and the required material is procured upon acceptance.
Procedure for Routine Planning
Requirements are communicated to the CISO who then seeks projections on the resource requirement to be communicated to the CEO.
Based on the projections given by the CISO and considering the buffers to be maintained, the IT team carry out a routine review of the existing software, server, and network components as follows:
Server
Server maintenance is carried out by the IT team during which if any unwanted components/old files, folders etc exists, the same will be backed up to an approved location and deleted from the server as applicable.
Logs generated and recorded in AWS about the existing servers to record the utilisation of various AWS resources.
Based on the utilisation history and any projections IT team plans on any new resource additions to the existing server.
HDD
For HDD, 25% buffer is fixed as a threshold.
Backups are saved into S3 while our SSD are utilised for files such as client images, pdf files, and uploaded documents within our Saas systems.
The Backup occurs every Saturday at midnight NZST while executing a daily instance backup cloning our AWS instance daily.
Memory
Memory utilisation threshold is set at 80%.
Cases where memory usage increases beyond its threshold, hanging processes are killed if found as an initial step.
In cases where such initial steps are not feasible, memory upgradation is carried out with proper approval and justification.
CPU
CPU utilisation threshold is maintained between the server load 60% to 70%.
Cases where the server load increases beyond the threshold level, IT will ‘kill’ the high usage process, increase server resource if required, and then reboot the server.
Software
The IT team reviews existing software and its licenses, makes an estimate of software or licenses as applicable and valid.
Also requirement projection by Functional Heads is also considered during the estimation.
Depending on the acceptance or rejection of the request, relevant details are maintained for future reference.
Case where a request is approved, an entry into the subscription list (Subscriptions - HealthSafe) is documented and the required material/resource is procured.
8 MONITORING PROCESS
IT & Administration monitors these processes
9 RECORDS
- Subscription Register
- AWS Usage Dashboard