Audit of Information Technology Disaster Preparedness, Recovery, and Continuity

Key audit findings:

• Los Angeles does not have a formal Citywide IT disaster recovery strategy or a Citywide IT business continuity plan.
• Responsibility for IT business continuity and the corresponding disaster recovery is fragmented and no one City agency is responsible.
• Department-level staff do not participate in planning or testing and lack formal IT disaster recovery training.
• City IT disaster recovery planning and testing does not include an adequate number of disaster scenarios.

Key audit recommendations:

• Establish a Steering Committee to achieve greater clarity on the role of EMD as the lead agency for IT disaster recovery planning along with clarifying the responsibilities and needs of the ITA and each City department.
• Develop and implement a Citywide recovery strategy and IT business continuity plan.
• Require key City disaster recovery personnel to undergo training and participate in disaster recovery testing plans and test cases for a variety of disaster scenarios.
• Ensure core infrastructure components are redundant, back up both data and systems, and facilitate remote access so that IT interruption is avoided or minimized in the event of a disaster.
• Increase funding through the use of bond financing to expedite and upgrade key IT infrastructure.