• No results found

ROS Background IRELAND

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "ROS Background IRELAND"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

R

R

evenue On-Line Service

evenue On-Line Service

l

Introduction

l Colm Bermingham, ROS Project Manager l Jack Nagle, Baltimore Technologies

l

Today’s Presentation

l Background to ROS

l Business considerations for Disaster Recovery and Business

Continuity

l Irish Revenue’s Disaster Recovery solution l Technical considerations for Disaster Recovery l Other DR scenarios

l

Land area <0.75% size of U.S.

l

Population

4 million

l

Revenue Commissioners = IRS

l

Taxes

l

Sales, Payroll, Income, Corporation

l

Capital Gains, Excise, Capital Taxes

l

Yield in 2001 – $37,596m.

ROS – Background

IRELAND

ROS

ROS

Background

Background

IRELAND

IRELAND

(2)

l

DRIVERS

l

Revenue Board Statement of Strategy 1997 - 1999

l 50% of all business returns filed electronically by 2005 l Position ROS as the preferred method by which customers

interact with Revenue

l

eGovernment Initiative

l Information Society Commission

l National eBroker projects for Corporations & Citizens l European Union Benchmarking

ROS – Background

ROS

ROS

Background

Background

l

ROS So Far

l Board approval Jan 1999 l Contractors

Ø Accenture (Developers) appointed Jan 2000 Ø Baltimore (Security) appointed May 2000

l Aggressive schedule – LIVE on September 29th 2000 l Annual target reached in 8 weeks.

l 55% of Customer base – 15% of tax yield l $4,000,000,000 ($4Bn) payments received l Over $300,000,000 refunded

ROS – Background

ROS

(3)

l

Filing Tax Returns

l Payroll Tax, Sales Tax

l Income Tax & Corporation Tax

l

Making Payments

l

Access to Tax Information

l Own Revenue data

l

Access Control System

l Agents and Corporations

ROS – Services

ROS

ROS

Services

Services

ROS

ROS

DR Planning

DR Planning

l

Business considerations

l What is a “Disaster”?

l Customer perspective l Revenue perspective

l What can be predicted?

l What elements can we control?

l Cost l Systems l Testing

l Business Continuity plan l PR plan for various scenarios

(4)

ROS

ROS

Components

Components

Internet ISPs

Web Server Firewall Firewall

Hardware

Application Server and Database

Cryptographic Keys / Digital Cert l Taxpayer l Agent Customer Certification Authority Firewalls

ROS

ROS

DR

DR

Summary

Summary

l

Disaster Preparedness and Recovery

l Quantify “Disaster”

l Identify critical components/issues

l Ensure effective DR plans for all in your chain

(5)

Disaster Recovery

Disaster Recovery

A Vendor

A Vendor

s Perspective

s Perspective

l

Disaster Recovery and Business Continuity Planning

l

Disaster Recovery Planning

l

ROS Disaster Recovery

l

General Comments on the ROS DR solution

l

Nature of Disasters (systemic and otherwise)

l

Key Messages

Disaster Recovery

Disaster Recovery

Business Continuity Planning

Business Continuity Planning

l Goes beyond security issues in terms of policy breach or unauthorised access

l About contingency planning for business threatening emergency

l About continuing business in the event of a disaster

l BCP – about making plans to allow business continue

l DRP – about recovering from an emergency with minimum of impact

(6)

Disaster Recovery Planning

Disaster Recovery Planning

“A disaster recovery plan is a comprehensive statement of

consistent actions to be taken before, during and after a

disruptive event that causes a significant loss of information

systems resources. Disaster Recovery Plans are the

procedures for responding to an emergency, providing extended

backup operations during the interruption, and managing

recovery and salvage processes afterwards, should an

organisation experience a substantial loss of processing

capability.”

CISSP Prep Guide 2001

Disaster Recovery Planning

Disaster Recovery Planning

l

Main goals;

l Reduce confusion

l Provide an organised way in which to make decisions

l

Done properly can;

l Protect an organisation from major computer services failure l Minimise risk as a result of delays

l Guarantee the reliability of standby systems through testing and

simulation

l Minimise decision-making required by personnel during a disaster

(7)

ROS Disaster Recovery

ROS Disaster Recovery

l

Core PKI system is housed in an accredited secure hosting

environment

l

Classes of failure

l Database machine (Treated as a separate item because of its

criticality)

l Machine Failure

l Loss of facility (Destruction of Hosting Site)

ROS Disaster Recovery

ROS Disaster Recovery

l

Database machine

l Copy of Database on Backup1 machine l ROS Trusted elements

l ROS Configuration Baseline (Private) document l Hardening and Recovery (Private) document l ROS PKI Configuration (Private) document

What are we supposed to do now !!! Help is at hand – we have a plan

(8)

ROS Disaster Recovery

ROS Disaster Recovery

l

Loss of Facility

l

Backup Facility

l

Full set of backup material

l Machines on site

l Some core elements already in place i.e. LDAP

l All other material available from secure off-site archive

General Comments on the ROS DR Solution

General Comments on the ROS DR Solution

l The approach taken was based on;

l Fitness of business purpose l Available resources

l Relevant level of criticality i.e. not mission or life l Contingency planning for late filings

l Backup procedures have been shown to work to an acceptable level

l Organisational issues – consortium based project

(9)

Nature of Disasters

Nature of Disasters

(systemic and otherwise)

(systemic and otherwise)

l By their nature unpredictable

l Possible to anticipate certain types of event may happen l Disaster Prevention

l Can be a big mistake to assume all is well

l Example of 'systemic’ failure in terms of backup configuration l Value of audit from the outset (my view)

l Value of checking with auditors (offsite backup example) l Overall importance of good design in terms of product choice and

configuration

l Poor anticipation of usage will overcome even a good product for

example

Importance of Accreditation

Importance of Accreditation

l

Why bother with standards and accreditation ?

l

Fundamental to ‘preparedness’ and prevention

l

Gives an objective reference point for best practice

l Customer reassurance

l

What’s accredited?

l

People

l

Processes

l

Product

(10)

Accreditation

Accreditation

l

Many Standards bodies

l ANSI, NIST, ISO, IETF etc.

l

Specifics for security products

l Necessary from a continuity perspective

l

Include FIPS (Hardware), BS/IS7799, SAS70 (People and

Processes),ITSEC E3 (Software systems) etc.

l

Conformance with legislation

l Electronic Commerce Act 2000 which includes the status of

systems and personnel

l

Use hardened systems

Key Messages

Key Messages

l DRP and BCP go hand-in-hand

l Numerous ways of ‘mixing and matching’

l Suitability of DR scheme for system requirements and available resources

l This is a joint presentation from a client and vendor

l We have implemented a business critical system l We have implemented a DRP

l It has worked in test mode

l More importantly it has worked in real-world mode l From a user’s perspective it provides an additional level of

reassurance

(11)

l Colm Bermingham, ROS Project Manager

u [email protected]

l Jack Nagle, Baltimore – Public Sector Manager

u [email protected]

l Margaret Whelan, ROS Strategy Manager

l [email protected]

l Revenue - ROS

www.revenue.ie - www.ros.ie

ROS

References

Download now ( PDF - 11 Page - 256.64 KB )

Related documents

Customer relationship management practices as recipe for customer loyalty: A literature review 1, 2, 3, and 4

The reason for increased popularity of Customer Relationship Management (CRM) is mostly due to the promising benefits it offers in the form of improved

Stonesoft Case Study. Brown McCarroll. An Upgrade to StoneGate Simplifies Operations for Law Firm Brown McCarroll

Additionally, Brown McCarroll has been able to eliminate costly subscriptions from Check Point as they received immediate access to the StoneGate NextGen Firewall’s built-in UTM

What to Consider Before Allowing a Third Party to Use Real Property. Introduction

¶ 2532.3 of The Book of Discipline states the local church trustees are permitted to lease to third parties “only when such use is consistent with the Social Principals (¶¶

Fugazzotto Juan José-Apuntes Para Curso de Ventas

ww w.li w.li br br ear.c ear.c om om  Juan José Fugaz  Juan José Fugazzotto – Apuntes para Curso de zotto – Apuntes para Curso de Venta Ventas s!.

5 Steps to Prepare a Disaster Recovery Plan

- 40 percent of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours… according to Gartner..

Dowsing

Along with the ongoing argument over the terrestrial dowsing force, dowsers were beginning to find other interesting `facts', (dowser findings, not recognized by the

Mainshocks are aftershocks of conditional foreshocks: how to foreshock statistical properties emerge from aftersock laws.

An increase of the number of foreshocks of type I as a function of the mainshock magnitude is observed in our numerical simulations (see Figure 5) because, as we explained before,

Agricultural Arbitrage, Adjustment Costs, and the Intensive Margin

The main contributions of this paper are: the development of a novel theoretical model that synthesizes approaches from the farmland pricing and adjustment cost literatures;