27. HealthSafe System Planning and Acceptance Policy



SYSTEM PLANNING AND ACCEPTANCE POLICY



Document Identification 

HSNZ/POL/27

Document Name

System Planning and AcceptancePolicy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director

 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

02 Aug 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

28 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15 Aug 2023

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

02 Aug 2021

Reviewed

28 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records




  1. PURPOSE
    The purpose of this document is to establish and maintain a policy for system planning and acceptance for HealthSafe NZ.

  2. SCOPE
    These procedures applies to all aspects of system planning and acceptance, etc

  3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

Abbreviation

Description

FH

Functional Head

IT

Information Technology Department

TL

Team Lead

CFO

Chief Financial Officer

CISO

Chief Information Security Officer


4 INPUT

To ensure all hardware and software is available for continuous business operation without delay.


5 OUTPUT

No delay in work schedule

6 INTERACTING PROCESS

Administration & Finance



7 PROCEDURE

  • The IT team monitors server performance and critical third-party systems, and informs management when there is a constraint.
  • Frequency of capacity planning is as follows:
  • Specific Planning (As and when required) 
  • Routine planning (bi-weekly)
  • New server (if required)
  • Existing server capacity - AWS resource monitoring

A specific request will be raised by the relevant staff to CISO and from the CISO to the CEO where necessary. 

Depending on the acceptance or rejection of the request, the IT team maintains the relevant details for reference.

A HealthSafe Software/Hardware Requisition Form is raised and the required material is procured upon acceptance.


Procedure for Routine Planning

Requirements are communicated to the CISO who then seeks projections on the resource requirement to be communicated to the CEO.

Based on the projections given by the CISO and considering the buffers to be maintained, the IT team carry out a routine review of the existing software, server, and network components as follows:


Server

Server maintenance is carried out by the IT team during which if any unwanted components/old files, folders etc exists, the same will be backed up to an approved location and deleted from the server as applicable.

Logs generated and recorded in AWS about the existing servers to record the utilisation of various AWS resources.

Based on the utilisation history and any projections IT team plans on any new resource additions to the existing server.


HDD 

For HDD, 25% buffer is fixed as a threshold. 

Backups are saved into S3 while our SSD are utilised for files such as client images, pdf files, and uploaded documents within our Saas systems. 

The Backup occurs every Saturday at midnight NZST while executing a daily instance backup cloning our AWS instance daily.


Memory

Memory utilisation threshold is set at 80%. 

Cases where memory usage increases beyond its threshold, hanging processes are killed if found as an initial step. 

In cases where such initial steps are not feasible, memory upgradation is carried out with proper approval and justification.


CPU

CPU utilisation threshold is maintained between the server load 60% to 70%. 

Cases where the server load increases beyond the threshold level, IT will ‘kill’ the high usage process, increase server resource if required, and then reboot the server.


Software 

The IT team reviews existing software and its licenses, makes an estimate of software or licenses as applicable and valid. 

Also requirement projection by Functional Heads is also considered during the estimation.

Depending on the acceptance or rejection of the request, relevant details are maintained for future reference.

Case where a request is approved, an entry into the subscription list (Subscriptions - HealthSafe) is documented and the required material/resource is procured.


8 MONITORING PROCESS

IT & Administration monitors these processes


9 RECORDS

  • Subscription Register
  • AWS Usage Dashboard