Colocation for high availability, certified security
Sungard AS has hosted HANYS’ websites since 2005. In 2018, HANYS extended its contract with Sungard AS to include colocation services.
“The other facilities we looked at weren’t as impressive, and we had no previous relationships with the other providers we considered,” Halley says. Proximity was also a decision factor. “From our front door to our data center is only a two-hour ride. It is close enough if we need to get there, but far enough away to not be impacted by local weather or other events happening near
Shortly after the contract was signed, Halley and his team moved their systems into the Sungard AS data center. The facility provides the space, power and network access needed for a fully redundant, high-performance environment supported by 24/7 operations. Built for continuity, it delivers SLA-backed availability with the security and data protection required for SOC 2 and ISO/IEC 27001 certifications.
HANYS now has the ability to split IT operations between its own facility and the Sungard AS data center, depending upon specific needs or enhanced security requirements. “We use the Sungard AS facility to host our primary applications and data and for customers requiring us to process and store patient data in a SOC 2 data center,” Halley says. “This has worked really well for us ever since we started in 2018. We add or remove equipment on our own, as needed, or we can rely on Sungard AS’ on-site ’smart hands’ support to do other work for us.”
Defining business impacts and continuity plans
Now that it had a new hot site capability, HANYS engaged Sungard AS consultants in mid-2019 to conduct an enhanced business impact analysis. By determining the critical business activities that keep operations flowing and the IT assets, applications, resources and services that support them, resilient HANYS could have a more fulsome understanding of the consequences of a business disruption. Using its new hot site capability, the association would be better prepared to avoid such disruptions in the future.
To start with, consultants met with HANYS executives representing key business areas across the organization — from finance, regulatory affairs, information systems and marketing to research, legal and member services, as well as its DataGen and HANYS Benefit Services subsidiary business units.
Consultants were able to define the recovery time objectives and recovery point objectives for each business area, assess their current readiness to meet them, and identify gaps that could leave HANYS vulnerable to disruption or data security issues. Halley says it was a valuable learning experience for each team.
“Our departments were asked to answer some very difficult and pointed questions,” he shares. “They had to define the data most important to them, as well as their tolerance for data loss and downtime. The consultants worked well with each department team to help them reach agreement on their departmental business continuity plans.”
Armed with detailed information and insight from the business impact analysis, Sungard AS consultants prepared an enhanced business continuity plan, including recommendations for improving resiliency and enhancing compliance with regulatory and audit requirements.
Preparing for disaster recovery and crisis management
While a business continuity plan helps HANYS avoid disruptions, a disaster recovery plan helps them respond more quickly if they do encounter issues. In 2019, HANYS engaged Sungard AS to also update its disaster recovery plan to define how this new hot site ability enhances who does what, and when to get the infrastructure, applications and business processes back up and running with minimal impact on operations.
Sungard AS consultants created a series of tabletop exercises for HANYS’ staff, including “what if” scenarios to prepare them for handling the different challenges that may occur with IT disruptions and what the decision-making, escalation and recovery processes should be. The consultants also completed a testing charter for HANYS, including documented processes to follow.
“The exercises helped us define our disaster recovery plan and test it to make sure it works,” says Halley. “Testing will also help us prepare for our upcoming move to a new SOC 2 data center, which will replace our existing one near headquarters. We want to ensure we’re able to power down all the equipment and then power it back up successfully. The plan is to start failing over between the two SOC 2 data centers.”
At HANYS’ request, Sungard AS also included a plan for incident crisis management as part of this engagement. If an incident occurs, HANYS’ incident crisis management team can now ramp up quickly using a well-defined playbook. This incident crisis team plan is designed to quickly address or mitigate issues effectively, and report details and a course of action to senior management and all impacted customers and stakeholders.