Introduction: What is the emergency plan for software system failure? The following is the emergency plan for software system failure that I have carefully arranged for you. Welcome to read!
Emergency Plan for Software System Failure Chapter I General Provisions
Article 1 In order to improve the emergency response capability for all kinds of emergencies in the operation of information systems, effectively prevent and minimize the harm and impact of all kinds of emergencies in information systems, and ensure the safe and stable operation of information systems, according to the national Guidelines for Classification and Classification of Information Security Events, Guidelines for Information Technology, Security Technology and Information Security Event Management, National Overall Emergency Plan for Public Emergencies and relevant laws and regulations.
Article 2 The information system mentioned in this disposal plan includes computer equipment, network facilities, computer software, social insurance data, etc.
Article 3 Information system emergencies are divided into eight categories: network attack events, information destruction events, information content security events, network failure events, software system failure events, catastrophic events and other events.
(1) Cyber attack: an event that attacks an information system through network or other technical means, using configuration defects, protocol defects, program defects or violent attacks of the information system, resulting in abnormality of the information system or potentially harmful to its current operation.
(2) Information destruction events: events caused by tampering, forgery and disclosure of data in information systems through the Internet or other technical means.
(3) Information content security incidents: incidents that use information networks to publish and disseminate harmful information content that endangers national security, social stability and public interests.
(4) Network failure event: an event that most network lines are interrupted due to telecommunications, network equipment and other reasons, and users cannot log in to the information system.
(5) Server failure event: an event that the information system cannot run due to the failure of the system server.
(6) Software failure event: an event in which the information system cannot operate due to the failure of system software or application software.
(7) Catastrophic event: an event that causes physical damage to the information system due to force majeure.
(8) Other unexpected events: events that cannot be classified into the above seven basic categories, and may cause abnormality of the information system or cause potential harm to the current operation of the information system.
Article 4 According to the interruption time of the information system, the emergency level of the information system is divided into general (level IV), major (level III), major (level II) and particularly major (level I).
(1) General (Grade IV): The information system is out of order, and the operation may be interrupted within 2 hours;
(2) Major (Grade III): the information system has a fault that may interrupt operation for more than 2 hours and within 12 hours;
(3) Major (Grade II): the information system has a fault that may interrupt operation 12 hours but not more than 24 hours;
(4) Extremely serious (Grade I): The information system fails, which may interrupt the operation for more than 24 hours.
Chapter II Organizational Structure and Job Responsibilities
Article 5 Information System Emergency Prevention and Handling Coordination Group (hereinafter referred to as? Emergency team? ) Be responsible for emergency handling of information systems, decide on major issues of emergency handling of information systems, organize implementation, business coordination and issue emergency instructions of information systems, and issue emergency failure levels and decision-making plans of information systems. The leader of the emergency team is in charge of information technology, and all members are members of the Information Technology Section.
Chapter III Prevention and Early Warning Mechanism
Seventh emergency teams should establish and improve the prediction and early warning mechanism for all kinds of possible information system emergencies.
Article 8 Early warning information is divided into external early warning information and internal early warning information. External early warning information refers to the emergency alarm outside the information system, which may require communication guarantee and security precautions, or may have a significant impact on the information system. Internal early warning information refers to the event warning that the signs of accidents in the information system network or sudden accidents in local information systems may have a significant impact on other or the whole network.
Ninth emergency teams should strengthen the daily monitoring of information systems. The monitoring contents mainly include:
(1) LAN communication performance and traffic;
(2) Operation records and access records of network equipment and security equipment;
(3) Running status, such as server performance, database performance, application system performance, backup storage system status, etc. ;
(4) Audit records of server operating system, database security and business system security;
(5) computer vulnerability announcement and network vulnerability scanning report;
(6) virus announcement and anti-virus system report;
(seven) other early warning contents that may affect the information system.
Article 10 After obtaining major external early warning information or internal early warning information through monitoring, the emergency team should analyze the early warning information according to the principles of early detection, early reporting and early disposal, deploy corresponding countermeasures for situations that may turn into serious incidents, notify relevant departments to make preparations for preventing and ensuring emergency work, and report to leaders in time.
Chapter IV Emergency Procedures
Eleventh information system users or personnel found information system emergencies, should promptly report to the emergency team. The emergency team should quickly organize relevant personnel to find out the cause of the fault, make a preliminary judgment in a short time (usually within half an hour) according to the fault situation and repair time, and determine the fault classification level. Major (level 3) and above emergencies should be reported to the leaders.
Article 12 After an information system emergency happens, according to the severity of the emergency, the leaders decide and designate a specific group or personnel to release relevant information to the news media in a timely manner. The designated group or personnel shall release information to the outside world in strict accordance with the regulations and requirements of the leaders, and other departments or individuals shall not be interviewed by the news media or release their own views and opinions without authorization.
Thirteenth major (level III) and above information system emergencies, the emergency team in addition to reporting to the leadership, should immediately notify the business office. All business departments should post billboards in the business hall, and at the same time do a good job in explaining and guiding customers, and notify the handling personnel of the insured units by telephone, internet, SMS and other means as much as possible.
Fourteenth according to different events and event levels, take corresponding measures.
Emergency treatment. In the process of emergency treatment, the fault level can be adjusted as needed.
(1) network attack emergency plan:
1. When the network is illegally invaded, the content of the webpage is tampered with, the data of the application server is illegally copied, modified or deleted, or hacked, the user or manager should disconnect the network and report to the emergency team immediately.
2. The emergency team immediately shut down the relevant servers, block or delete the breached login account, block the access of suspicious users to the network, clean up the system in time, restore data and procedures, and restore the system and network to normal as soon as possible.
(2) Emergency plan for information destruction events:
1. When information is found to be tampered with, forged or leaked, the information system user unit or individual shall immediately notify the emergency team.
2. If the tampered or forged data is in the process of collection or distribution, the emergency team shall immediately notify the collection agency to suspend the collection or distribution.
3. The emergency team can find out the causes of information destruction and the relevant responsible persons by tracking the application and checking the database security audit records and business system security audit records.
4. The emergency team puts forward plans and measures to correct mistakes, and informs all business departments to handle them.
(3) Emergency plan for information content security incidents:
1. When bad information or network virus is found, the system user immediately disconnects the network cable, stops the spread of bad information or network virus, and reports to the emergency team.
2. The emergency team shall notify all computer users in the local area network according to the situation, isolate the network, guide all computer operators to carry out anti-virus treatment and remove bad information until the network is in a safe state.
The second emergency plan for software system failure is to strengthen the management of information system in our hospital, ensure the safe operation of information system, improve the ability to deal with emergencies, ensure the normal medical service and order in our hospital, and promote the application and development of information system in our hospital. The emergency plan for information system failure in Gulai Town Health Center of Shengzhou City is formulated as follows:
A, emergency plan responsibility system
(1) set up a leading group for the safe operation of information systems, with the dean as the leader, the vice president as the deputy leader, the information system administrator and the heads of relevant departments participating, and Zhao Honghai as the information system administrator;
(2) the hospital emergency leading group is responsible for? Contingency plan? Formulate, implement, organize, coordinate and make decisions on the daily safe operation management of hospital information system;
(3) The information system administrator is responsible for the technical support of emergency recovery information system operation and the work of contacting software maintenance personnel for complex faults;
(4) The Logistics Department is responsible for the technical support of power supply and network wiring of the emergency recovery information system;
(5) the administrative and business functional departments are responsible for maintaining the normal medical order, and according to? Contingency plan? Implement corresponding emergency measures.
This emergency plan is applicable to all business functional departments, clinical departments and medical technology departments that use and maintain hospital information systems, such as hospital offices, finance departments, emergency departments, nursing departments, pharmacy departments, laboratory departments, radiology departments, preventive medicine departments, obstetrics and gynecology departments, computer centers, logistics departments and branches. If the information system (large area or all LAN computers) fails, press No.
Start with the same situation? Contingency plan? The realization of.
Second, the emergency plan notification system
(1) When the information system application department finds a fault in the information system or power supply system, it shall immediately notify the information system administrator or the logistics department;
(2) The information system administrator or logistics department should preliminarily find out the cause of the failure and the required recovery time within 15 minutes, notify the relevant application departments, and report to the leading group in time if necessary.
(3) The information system administrator or logistics department shall notify the relevant application department to end after troubleshooting? Contingency plan? The realization of.
Three. General emergency measures for information system failure
In general, all business application departments should take the following measures immediately after learning that the information system fault cannot be eliminated, as well as the initial cause of the fault and the required recovery space:
(1) When the emergency plan is started, the relevant personnel of each business application department will go to the site to organize and coordinate the work in time while troubleshooting the operation failure of the information system; Do a good job in patient consultation, explanation and response.
(2) When the medical insurance settlement system fails and the hospital information system is normal, the medical insurance card and the corresponding cash can be withheld for the medical insurance patients, and the medical process can be carried out first, and then the settlement can be carried out after the failure is removed;
(3) If the hospital information system fails for more than 30 minutes, open the artificial charge window in the financial emergency department and issue an artificial receipt. Start manual operation in other business departments; After troubleshooting the information system, the financial settlement department should supplement the manual data generated during the information system failure.
(4) Each branch shall first check the information system failure. If it cannot be started, first check whether the power supply is plugged in and the switch is turned on; System failure can try to restart the computer or printer; Then see if the network is open. If the network is blocked, you need to restart the router and modem first. If the fault is still unresolved after all the work is completed, please inform the information system administrator.
Four, the general emergency measures for information system administrators to deal with faults
(1) The information system administrator should immediately go to the site to solve the problem after receiving the fault report of the general hospital. If it is found that the fault is complex and cannot be solved by itself, the information system administrator should contact the software maintenance personnel to solve it. However, if it is found that the software maintainer can't solve the network fault remotely, the information system administrator should judge the cause of the network fault, such as the hardware fault of the router and network cable in the hospital, and should solve it by himself or replace the hardware with spare parts for repair; If the network provider such as telecommunications fails, it shall promptly notify the network provider to solve it; In case of central server failures such as agricultural insurance and medical insurance, relevant personnel should also be informed in time to solve them.
(2) After receiving the branch's fault report, the information system administrator should first understand the fault situation on the phone and preliminarily judge the cause of the fault. If it can be solved by telephone guidance, it will be solved by telephone guidance; The network is unobstructed, and you can also access the computer of the branch through the remote control system to check and handle it, and you can also notify the software maintenance personnel to solve it remotely; If the information system fault of the branch is network congestion, and the branch staff can't solve it by themselves, the information system administrator should go to the site to check and deal with it as soon as possible.
Verb (abbreviation for verb) Daily management of computer.
(1) The information system administrator is responsible for the daily management of computers and other software and hardware.
Computers and parts should be stored in a unified way, fault maintenance should be recorded and summarized in time, and relevant personnel should be trained and instructed in time for common problems.
(2) Relevant personnel of all business application departments are not allowed to use U disk, mobile hard disk and CD to store and copy files on the computer at will, nor are they allowed to connect the computer to the Internet without permission to prevent viruses from invading the system; You are not allowed to enter the server to modify data without permission. In case of system failure caused by violation of the above provisions, the losses caused shall be borne by individuals, and those who violate the law shall be investigated for legal responsibility. Movies and songs are not allowed to play on the computer, and games are not allowed to play on the computer. If found, the 50 yuan Prize will be deducted. Remarks:
(1) Hospital Management System Hangzhou Daren Software Co., Ltd. Contact information Liao Chunping136058102683114015.
Zhang 13958092833
(2) The electronic health record system maintains the contact information of Hangzhou Wanda.
Lu Xiaoping 188583 15505
(3) Health information management QQ group in Shengzhou: 17 1436290.
(4) Network and hardware maintenance:
Yuanyin Information Technology Co., Ltd. 3 128889