Download Preparing for MHRA Inspection

MHRA Inspection
Information Management and Technology
3 Possible Issues for Inspection

Disaster recovery

Appropriate computer systems & system security

Data security & data backup
Disaster Recovery

There is a University-wide disaster recovery procedure in
place by Information Services (INSRV)!

Includes: network infrastructure, networked data storage (S:
and H: drives) and services under SLA with INSRV (Medic
database & web server for e.g.)

Does NOT include: your PC’s hard disk, laptops, data storage
device or server not under SLA with INSRV)

INSRV Service Desk and Operations Team available between
8:00-22:00 week days.
HELP!

Service Desk:

[email protected] (9:00-17:00)
029 20 874 487 (9:00-17:00)



Operations:
029 20 874 400 (8:00-9:00 & 17:00-22:00)
Local Disaster Recovery Policy?

For own servers / data storage devices not covered by
INSRV or Trust SLA

Written procedure should include:





Named contacts & communication to end users
Damage assessment and reporting
Recovery procedure (location of backups, steps needed to
recover data and service and by whom)
Confirm services and data are restored to acceptable level
Communication.
Appropriate computer systems

Are computer systems fit for purpose?

PC versus network server

MS Access DB versus enterprise DB

Be wary of using MS Access or Excel (limitations in restricting access
to data and in locking down the data for analysis)

Medical device that can be defined as a computer system (e.g.
has its own in-built software)

Appropriate documentation

Supported workstations, are they in warranty etc?
Computer system security

Do you have your own servers?





Restricted physical access
Appropriate location, air conditioning
Secure data backup & restore procedures
Anti-Virus & Firewall Policies
Network security



S: drive folders are locked down to ONLY the users who need
access
Appropriate password security
Document these procedures!
Data security & data backup

Can data be locked down to specific users?






Yes: network storage (S: drive), servers
No: either move to above and secure, or encrypt
Laptops: If they HAVE to be used for trial, please install
encrypted data volumes (speak to me!)
CDs / Memory sticks: Avoid if at all possible or use
encryption
Encryption is only as good as the password
Applies to live data and backed up data.
...Data security & data backup





S: drive and servers under SLA are securely backed up by
INSRV
If not, ensure other means but do not rely on a single
backup source (such as one external hard drive)
Ensure backup drives are encrypted or locked away in
fireproof safe
Create a backup policy so you can retrieve not just “last
night’s backup” but the week or month before if
necessary
Conduct regular test restores. Document it.
IT Survey

Please complete this short survey – it will give us a better
idea of what is “out there” in order to prepare for
MHRA.
Concerned?

Please speak to me or one of my colleagues:

Tel. 029 2074 6306
Email. [email protected]

Thank you