13. Risk Management

Status: In-Compliance
The department is located in an in-town facility that offers a safe, secure and healthy work environment. Employees are provided with a manual of safety policies and procedures and ongoing training is held for employees with respect to general office safety and security and specific staff actions that are necessary in the event of an emergency.

Disaster Recovery Plan
The department has defined and documented the requirements to successfully run the department during a disaster, with a Disaster Recovery Plan in place. The agency standard will be to review, update and test the plan at least once each year, including requiring tests where functional units must discuss what to do in the event of a specified disaster. A standard for recovery of data for each system is a priority. The agency goal is to have data available 99.9% of the time and the vital business systems available at 99.9%.

The IRM team has researched an improved business continuity plan. Improvements are updated continuously. This includes improved communications (TV news reporting), improved power supply to critical systems (generator), and hardware redundancy (network virtualization). Data is backed up on all servers nightly. This includes documents, spreadsheets, e-mail, and other data types. The system data (Oracle Database) is backed up twice a day. Daily backup tapes are stored in a fire-proof safe onsite. Weekly backups are stored offsite in a fire-proof safe. If we need to recover and have building access, we can restore from the previous day. If we need to recover and do not have building access, we can recover data from the previous week. This is minimal coverage.

The IRM team was committed to improving our Disaster Recovery Plan. This included establishing a warm site at either BlueCross BlueShield of South Carolina or the State’s CIO office. Data will be updated to the warm sites daily. This will protect the operations of the systems should the current server room fail during a disaster. Minimal systems required to operate will only be provided at the site. Moreover, additional and more comprehensive onsite backups will also be performed. This will include snapshots of key data, system configurations and application code throughout the day. This will allow recovery of data, system configurations, and all applications due to an unnatural disaster (i.e., theft, viruses, and internal threats).

Natural Disaster Needs
In addition to ensuring the safety of our employees and providing emergency data backup, the department is committed to assisting with the insurance needs of our residents during a natural disaster. When warranted by the Director, specially trained volunteers are deployed to the disaster location and stationed, as a general rule, in the State / FEMA-designated Disaster Field Office, working directly with disaster victims in expediting insurance claims. A Disaster Response Coordination Plan, which provides procedures to ensure a well-coordinated response to any natural disaster that may affect the department and the citizens of our state, has recently been revised and is maintained at the department to be used as necessary.