Business Continuity Management / Disaster Recovery

Lost Data Restored, But No Way to Read It

FEMA Disaster Response Program Has Own Disaster
Lost Data Restored, But No Way to Read It
It's not enough to recover data after an incident; also essential is restoring the software needed to read the data, as Federal Emergency Management Agency has learned.

FEMA lost access to program data, including lessons learned and best practices, when a database server failed last May, according to an audit issued Tuesday by inspector general of the Department of Homeland Security, where the agency is based. Ironically, the lost data relate to FEMA's Remedial Action Management Program that identifies operational and programmatic issues, lessons learned and best practices encountered during federal disaster response and recovery operations and exercises.

In November, program officials informed the IG that they recovered all of the data but not the software needed to read the data. That made historical data on lessons learned and best practices contained in the program's database irretrievable to FEMA personnel. Only about 70 users directly access the data, but they also serve as FEMA's points of contact and distribute practices to a wider audience.

The IG conducted the audit to determine to what extent FEMA had implemented the Remedial Action Management Program to identify and distribute lessons learned and best practices to improve its incident management operations. Auditors took FEMA - the federal agency charged with helping citizens recover from physical disasters - to task for missing opportunities to learn from the experiences of its personnel and improve its incident management operations.

Among the IG's six recommendation was one to develop and implement a process for archiving Remedial Action Management Program data so that data loss does not recur. David Kaufman, FEMA's director of policy and a program analyst, concurred with the recommendations, and said the database problem had been resolved. "We have confirmed with IT support that the CAP (corrective action program) and LLIS (lessons learned information sharing) databases are backed up every night and the servers are backed up weekly," Kaufman said in a written response the part of the audit relating to FEMA's approach to business continuity and disaster recovery. "We also have the ability to implement a complete restoration of all systems within 72 hours in the case of catastrophic disaster; backups are routinely stored offsite."

The IG agreed the matter had been resolved.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.