RISK MANAGEMENT REPORT (RMR)PREPARED FOR...

RISK MANAGEMENT REPORT (RMR)PREPARED FOR DLIS

SIDNEY THOMPSON IS3110 FINAL RISK MANAGEMENT PROJECT

Table of Contents DLIS Technical Services, (of BattleCreek Michigan),LLC ............................................... 1

Scope Document and Project Charter ............................................................................. 2

1. Purpose .............................................................................................................. 2

2. Goals and Objectives ......................................................................................... 2

3. Success Criteria ................................................................................................. 2

4. Project Context ................................................................................................... 2

5. Project Deliverables ........................................................................................... 2

6. Scope Specifications .......................................................................................... 3

7. Out-of-Scope Specifications ............................................................................... 3

8. Assumptions....................................................................................................... 3

9. Constraints ......................................................................................................... 3

10. Risks .................................................................................................................. 4

11. Stakeholders ...................................................................................................... 6

12. Recommended Project Approach ...................................................................... 6

13. Cost Matrix ......................................................................................................... 6

a. Fixed Price (FP) .............................................................................................. 7

b. Maintenance and Support ............................................................................... 7

c. Escalation Prices ............................................................................................ 7

d. Travel Expenses ............................................................................................. 7

e. Invoice Requirements ..................................................................................... 7

Solution Design ............................................................................................................... 8

1. Solution Requirements ....................................................................................... 8

a. Existing Assessment .......................................................................................... 8

b. Solution Proposal ............................................................................................... 8

2. Network Standard and Protocols ........................................................................ 8

a. Network Standards ............................................................................................. 8

b. Cabling Standard ............................................................................................... 8

c. Wireless Standards ............................................................................................... 8

d. Network Security Standards ............................................................................... 8

3. Network Architecture and Topology ................................................................. 10

a. IP Schema........................................................................................................ 10

b. Logical Topology .............................................................................................. 11



c. Physical Topology ............................................................................................... 12

DLIS Central .......................................................................................................... 12

DLIS East ............................................................................................................... 13

DLIS West .............................................................................................................. 14

DLIS North ............................................................................................................. 15

DLIS South ............................................................................................................. 16

4. Site Replication ................................................................................................ 17

5. Structured Cabling ........................................................................................... 18

a. Office Cabling Plan .......................................................................................... 18

6. Hardware ......................................................................................................... 20

a. Network Hardware ........................................................................................... 20

b. Workstations .................................................................................................... 20

c. Laptops ................................................................................................................ 20

d. Tablets ............................................................................................................. 20

e. Office Equipment .............................................................................................. 20

7. Software ........................................................................................................... 20

a. Operational Applications .................................................................................. 20

b. Network System Applications ........................................................................... 21

8. Services ........................................................................................................... 21

a. Internet and Email Service Provider: ................................................................ 21

b. Medical Software .............................................................................................. 22

Security/Maintenance Plan ............................................................................................ 23

1. Introduction and Background ........................................................................... 23

2. Budget .............................................................................................................. 23

3. Roles and Responsibilities ............................................................................... 23

4. Performance Measures and Reporting ............................................................ 23

5. Security ............................................................................................................ 23

a. Network Security ........................................................................................... 23

b. User Security ................................................................................................ 23

c. Location Security .......................................................................................... 24

d. Theft prevention ............................................................................................ 24

Quality Assurance Plan ................................................................................................. 25

Test Plan & RA .............................................................................................................. 30

DLIS ............................................................................. Error! Bookmark not defined.



December, 2011 ........................................................................................................ 30

A. Introduction ........................................................................................................... 30

A.1. Purpose .......................................................................................................... 30

B. Test Analysis ......................................................................................................... 30

B.1. Security Considerations .................................................................................. 30

B.2. Test # 1 Email Confirmation ............................................................................ 30

B.3. Test # 1 Requirements to be Tested ............................................................... 31

B.4. Test # 1 Expected Outcome ........................................................................... 31

B.8. Test # 1 Constraints ........................................................................................ 31

C. Summary ............................................................................................................... 31

C.1. Demonstrated Capability ................................................................................ 31

C.2. System Deficiencies ....................................................................................... 31

C.3. Recommended Improvements ........................................................................ 31

C.4. System Acceptance ........................................................................................ 31

Training Plan ................................................................................................................. 31

DLIS ............................................................................. Error! Bookmark not defined.

December, 2011 ........................................................................................................ 31

1. Introduction ...................................................................................................... 31

1.1. Purpose ..................................................................................................... 31

1.2. Scope ........................................................................................................ 32

1.3. System Overview ....................................................................................... 32

1.4. General Training Prerequisites .................................................................. 32

2. Training Approach ............................................................................................ 32

2.1. Training Requirements .............................................................................. 32

2.2. Roles and Responsibilities ......................................................................... 32

2.3. Techniques and Tools ............................................................................... 32

2.4. Training Prerequisites ................................................................................ 32

2.5. Schedule .................................................................................................... 33

3. Evaluation ........................................................................................................ 33

4. Tracking and Reporting .................................................................................... 33

5. Outcome Measurement .................................................................................... 33

6. Sustainability .................................................................................................... 33

7. Assumptions..................................................................................................... 33

8. Risks ................................................................................................................ 33



Implementation Plan...................................................................................................... 33

A. Introduction ........................................................................................................... 33

A.1. Purpose .......................................................................................................... 33

B. Implementation Plan .............................................................................................. 34

B.1. Implementation Activities ................................................................................ 34

B.2. Implementation Timetable .............................................................................. 34

B.3. Standards Implementation .............................................................................. 34

C. Technological Infrastructure .................................................................................. 34

1. Required infrastructure: ................................................................................ 35

2. How will it be implemented? ......................................................................... 35

3. What architecture is being used? .................................................................. 35

4. What is the time schedule for implementation? ............................................ 35

5. Who will it affect? .......................................................................................... 35

Post-Implementation Plan ............................................................................................. 35

A. Executive Summary ......................................................................................... 35

B. Results .................................................................................................................. 35

B.1. Schedule ......................................................................................................... 35

B.2. Costs .............................................................................................................. 36

B.3. Goals and Objectives ...................................................................................... 36

B.4. Requirements and Functionality ..................................................................... 36

B. 5. Benefits .......................................................................................................... 37

C. Lessons Learned .............................................................................................. 37

Vendor Solicitation and Selection........................................................................... 37

Contract Negotiation and Management .................................................................. 37

Technology ............................................................................................................ 37

Project Management .............................................................................................. 37

Technical Design Specifications............................................................................. 38

Data Conversion .................................................................................................... 38

Testing ................................................................................................................... 38

Training .................................................................................................................. 38

Implementation....................................................................................................... 38

Production and Operations .................................................................................... 38

D. Recommendations ........................................................................................... 38

Disaster Recovery Plan (DRP) ...................................................................................... 38



Purpose ..................................................................................................................... 38

IRON MOUNTAIN ...................................................................................................... 39

Appendix A: DLIS Project Timeline ............................................................................ 42

Appendix B: DLIS Project Cost Analysis .................................................................... 45

Additional Time and Material Rates ....................................................................... 45

Travel and Expenses ............................................................................................. 45

Cost Analysis ......................................................................................................... 46

Appendix C: DLIS Network Diagram .......................................................................... 47

Appendix D: DLIS Network and Office Equipment Listing ......................................... 48

Appendix E: DLIS Network Definition ........................................................................ 51

DLIS Central Office ................................................................................................ 51

DLIS East Office ..................................................................................................... 54

DLIS West Office .................................................................................................... 56

DLIS North Office ................................................................................................... 58

DLIS South Office .................................................................................................. 60

Appendix F: Disaster Recovery Time Estimator ............................................................ 62


SIDNEY THOMPSON - IS3110 TECHNICAL SERVICES | Confidential 1

IS3110 Technical Services, LLC IS3110 Technical Services (IS3110) specializes in providing network and data management; technical consultation; and networking solutions for small to medium size businesses. IS3110 strives for total network and data access 24 hours a day, 7 days a week, and 365 days a year. We excel in assisting single person start-ups to mid-range companies looking to increase their market presence. We tailor our technical support to meet each DLIS’s specific requirements and work to achieve complete system reliability. Technical Support: IS3110 24/7 technical support and is always available for emergency troubleshooting to achieve the highest level of network availability and usability. Customer Representatives/Support Team: IS3110 representatives work hand in hand with all potential customers to ensure their computing and networking requirements are clearly identified and properly relayed to our top-rated design team. Design Team: Our design team is responsible for developing a state of art network project plan, diagrams, as well as overseeing the implementation of the plan, making sure our networking technicians create the perfect environment for our customers. Network Technicians: Our networking technicians are renowned for their speed and efficiency in installing, configuring and maintaining the network as designed and agreed upon. Our professional staff will have intimate knowledge of every aspect of the DLIS network and we work to ensure complete customer satisfaction. IS3110 Technical Services Team Members:

Tom Jones IS3110 – Team leader. System Administration, Network Configuration; Testing and Implementation

Darrel Davison - Training

John Horn – Quality Assurance

Mike Jonson – Customer outreach; System administration; Network configuration; Technical documentation; Network Implementation

Sidney Thompson (Lead) – System Security; Web Design and administration; Disaster and Recovery

Chris Smith – Security and Maintenance; Database Administration and Management; Software Applications



Scope Document and Project Charter

1. Purpose Provide the Management and staff of DLIS with a state-of-art network environment to improve productivity, efficiency and allow flexible patient care, while fully compliant with the current Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all other Government rules, regulations, laws, and guidelines.

2. Goals and Objectives Our proposed unified information sharing solution provides a secure environment with which both the Management and patients can be assured of privacy. The current stand-alone environment spread out over five (5) separate locations will be redesigned and transformed into a single network, with a central location for all patient information and software applications accessible from any of the satellite locations. Centralizing the DLIS infrastructure will have no impact on current patient care as all new system will be brought online concurrently and migrated in a systematic manner designed to accommodate each satellite locations operating schedule.

3. Success Criteria Our success is dependent on delivering a fully realized network, providing patient and healthcare related data, which in turn enables the Management and staff of DLIS the ability to provide efficient and streamlined medical treatment and improved communication between caregiver and patient.

4. Project Context The current DLIS computing environment is using an antiquated personal computers unable to facilitate modern medical insurance and information applications. The network being proposed by IS3110 will provide for the transfer of digital medical imagery and graphics, video teleconferencing, and access to stored patient data from any of the five (5) office locations. The network design also allows for future growth and upgradeability/scalability, and the data will be retained for the required period according to Government regulations.

5. Project Deliverables IS3110 will provide DLIS with a fully functioning network based on a unified infrastructure, which will allow each of the five (5) locations (North, East, Central, South, and West) to operate independently from each other while maintaining a tightly knit corporate model. IS3110 will manage the project and DLIS will provide an on-site project manager for the duration of the project. Both IS3110 and DLIS will monitor and sign-off on major project milestones as identified in the schedule provided by IS3110. The following shall develop and deliver the following to DLIS:

Deliverable #1 – Project Timeline (See Appendix A)

A MS Office Projects document detailing the overall project schedule



Deliverable #2 – Cost Analysis (See Appendix B)

An MS Office Excel spreadsheet outlining the project cost

Deliverable #3 – Network Diagram (See Appendix C)

A VISIO diagram depicting the proposed layout of the network

Deliverable #4 – Network Equipment Listing and Equipment (See Appendix D)

A detailed listing of equipment and materials required for the project

Deliverable #5 – Network Layout (See Appendix E)

A listing of the Network IP addresses and how they are connected to each other

Deliverable #6 - Sample Website

A Website template which can be modified and customized for the DLIS upon approval.

6. Scope Specifications DLIS’s network will consist of DLIS/server architecture, and sharing global resources. The main site will reside in the DLIS Central office and be linked with the remaining four (4) satellite offices (North, East, South, and West). The Central office will sustain application integrity; provide patient information storage, and a communication infrastructure to support operations and security. The Central will have two (2) T1 circuits connected to an Internet Service Provider (ISP) providing internet access to all of DLIS. Each of the satellite locations will be directly connected to the Central location for data replication, patient information access and data retrieval.

7. Out-of-Scope Specifications All non-project related tasks, such as building/facility security are the responsibility of DLIS staff and access to restricted areas will be granted to IS3110 employees with the understanding that DLIS will provide any and all required escorts.

8. Assumptions All existing infrastructure will be removed and upgraded to current Institute of Electrical and Electronics Engineers (IEEE) standards. Based on DLIS information all satellite locations are presumed to be similar in size, shape and office layout to facilitate a standard wiring harness setup.

9. Constraints Upon final agreement and ratification of the network design and installation plan, IS3110 Technical Services will provide to DLIS scheduled invoices and expects DLIS to remit payments in the amounts identified in Appendix B. The Final Payment shall not be paid until DLIS indicates final acceptance in writing of the entire project. At completion DLIS is to be responsible for acquiring the services of an Information Technology technician capable of providing network maintenance, system administration, and any necessary system and security updating. DLIS is also to be responsible to ensure the network closets which will contain the two post racks with



equipment, at each office location (North, East, Central, South, and West) are identified as “Restricted Access” areas and are properly secured.

10. Risks There are always risks to any project of this magnitude, some are completely unavoidable (natural disaster, backordered hardware, etc) while others with proper planning can be mitigated to reduce their overall effect on the project. To avoid potential delays both DLIS and IS3110 Technical Services will review, and agree on all modifications to the network design and installation plan resulting from unforeseen or unplanned events. IS3110 is confident the overall benefits of the proposed design and installation plan will outweigh any possible modifications. Table below table, outlines a few potential risks and our recommended solution.



RISK IMPACT PROBABILITY RESPONSE

Circuit Install Delay Low Moderate to High Concurrent network installation will not harm

production

Network Performance Moderate to High Moderate Network monitoring tools and ISP throughput will be

utilized and analyzed

Damaged/Incorrect Equipment Minimum Minimum Purchasing warranty with all equipment

ISP Problems Minimum Minimum May push "turn-up" day behind schedule, Carrier

may have an occupied port that will need clearing.

Natural Disaster High Minimum to None See disaster recovery plan

Vendor quote mismatch Minimum Low Consult with DLIS on all equipment purchases, also will get competitive pricing from one other vendor

Adequate training Minimum Low Schedule mandatory training for personnel

Complications with migrating existing data

Moderate Minimum We have scheduled adequate time for any problems

with data migration



11. Stakeholders IS3110 recognizes internal employees and business associates as critical and essential personnel. This proposal takes into consideration a fast-paced medical environment will need to maintain a 99.999% “up-time” operation tempo. IS3110 also recognizes that any network malfunction will need to be addressed as quickly as possible, not to exceed 24-hours in duration. IS3110 recommends a 24/7/365 monitoring environment to facilitate immediate troubleshooting response. The attached disaster recovery plan (DRP) includes backup transition and seamless re-integration should any catastrophic mishap occur.

12. Recommended Project Approach Technology is continuously being advance and improved upon. Maintaining current skill sets is a full-time activity, to assist DLIS personnel in adapting and becoming familiar with the new network, IS3110 will provide integrated plans and training as well as post-installation technical support. IS3110 Technical Services recommend the following project integration plan

Transfer existing DLIS data to a media format easily ingested by the new network hardware and software.

Procure, configure, and test all network related equipment

Install and test all necessary operating and application software

Install equipment racks and network hardware in their respective network closets.

Install all risers and horizontal cable to areas designated by the office layout and terminated to wall plates. Connect all required patch cords to network switches and routers.

Install all workstations, monitors, printers, facsimiles, and phones in designated areas

Procure ISP services and ensure all satellite locations are properly configured

Implement training and familiarization plans

** It is important to note, the current DLIS computing environment will remain ON-LINE during the network upgrade, and will remain so until the new network has been fully tested and all transferred data has been verified as being accurate. **

13. Cost Matrix The proposed DLIS network design and implementation plan is divided into hardware and systems/software segments. Invoice and payments in the amounts identified in Appendix B shall be payable when DLIS accepts in writing the respective Deliverable or the completed milestone. The Final Payment shall not be paid until DLIS indicates final acceptance in writing of the entire project and IS3110 has returned all DLIS Loaned Items in the same condition as originally loaned to IS3110



a. Fixed Price (FP)

IS3110 may invoice, based on the receipt of DLIS's written acceptance of Deliverables and/or completion of milestones, and the Price(s) provided in Appendix B.

It is estimated that the total cost to DLIS for the performance of the tasks contained in this SOW shall not exceed the Not-to-Exceed (NTE) amount specified in Appendix B.

b. Maintenance and Support

IS3110 may issue invoices according to the schedule and amounts identified in Appendix A and B for Ongoing Reports and Maintenance that IS3110 provides. DLIS may extend the Ongoing Reports and Maintenance for additional twelve (12) months upon written notice ninety (90) days prior to the expiration of this SOW.

c. Escalation Prices All equipment and service costs and prices associated with this SOW are estimated and will be subject to actual market prices, if and when purchased. As necessary, an updated cost estimate and analysis will be provided to the DLIS by the IS3110.

d. Travel Expenses All travel expenses will be handled in accordance with the current U.S. Government Per Diem and Travel regulations.

e. Invoice Requirements

Each invoice must include the following information:

IS3110 name and remit to address;

DLIS implementation plan number or title and Agreement type;

Purchase Order number (if applicable); and

Brief description of the performance for which payment is due.

All required receipts



Solution Design

1. Solution Requirements

a. Existing Assessment As shown by our testing at each location, all networks are not up to standards set forth by HIPAA. We have reason to believe that the current networks are not secure, nor capable of handling everyday internet services.

b. Solution Proposal IS3110 has a solution that is both cost effective and meets the standards set forth by HIPAA. These solutions include new hardware, software and cabling. This is accomplished by buying new network equipment to replace existing network equipment in all five locations. This allows the company to be in the forefront of technology, as well as protect patient data through robust systems.

2. Network Standard and Protocols

a. Network Standards IS3110 Technical Services follows the Open Systems Interconnection (OSI) Model for all of our network installations. The OSI Model is designed as a layered, abstracted description for communications and computer network protocol designs.

The OSI Model provides various computer platforms the ability to communicated with each other and is concerned with interconnectivity between systems, and the way they exchange information between them.

b. Cabling Standard The cabling standard we are using is based on the ANSI/TIA/EIA-568-A which states that data transmission and will be using the T568B wiring standard set forth in this document. This cable allows for fast transmission, as well as keeps the cost down. This cable type is able to be used for a maximum of 10 years before being replaced by future cabling needs.

c. Wireless Standards It has been brought to our attention that the users at each facility would like to have wireless configured for use with tablets and PDA’s. This is very much capable, and will be using the newest features in the wireless realm. We will be using 802.11n as well as WPA2-PSK for security. This ensures maximum transmission rate as well as keeping the network secure, as per HIPAA standards.

d. Network Security Standards IS3110 Technical Services conforms to the ISO/IEC 27033 Information Technology - Security Techniques - Network Security Standards, which



provide detailed guidance on the security aspect of the management and operation of information networks.



3. Network Architecture and Topology

a. IP Schema IP Schema is as follows for each location:

Location IP Address Subnet Mask Subnet Size

Host Range Broadcast Default Gateway

Central 10.10.220.0 255.255.255.128 126 10.10.220.1 -10.10.220.126

10.10.220.127 10.10.220.1

East 10.10.220.128 255.255.255.128 126 10.10.220.129 - 10.10.220.254

10.10.220.255 10.10.220.129

West 10.10.221.0 255.255.255.128 126 10.10.221.1 - 10.10.221.126

10.10.221.127 10.10.221.1

North 10.10.221.128 255.255.255.128 126 10.10.221.129 - 10.10.221.254

10.10.221.255 10.10.221.129

South 10.10.222.0 255.255.255.128 126 10.10.222.1 - 10.10.221.126

10.10.222.127 10.10.222.1

This schema is to ensure that there are at least 126 different IP addresses for each location, to ensure growth.



b. Logical Topology

Figure 1: DLIS Logical Network



c. Physical Topology

DLIS Central



DLIS East



DLIS West



DLIS North



DLIS South



4. Site Replication The DLIS network design implements “Multi-Master Replication” allowing data to be stored by a group of computers, and updated by any member of the group. The multi-master replication system is responsible for propagating the data modifications made by each member to the rest of the group, and resolving any conflicts that might arise between concurrent changes made by different members. An example of the DLIS multi-master replication is shown below.

Advantages of multi-master replication include:

If one master fails, other masters continue to update the database

Master servers are located in several physical sites, i.e. distributed across the network

Multi-master replication does have some disadvantages, though they are outweighed by the advantages:

Multi-master replications systems have the potential of violating the atomicity, consistency, isolation, and durability (ACID) properties

Complex and may have an increased communications latency

Conflict resolution can become untraceable as the number of nodes involved, and latency increase



5. Structured Cabling

a. Office Cabling Plan As all of DLIS office locations are of similar construction and layout, the below cabling diagram will be replicated as closely as possible at all location. Minor variances may occur due to physical limitations; these variations will be documented as they occur and added as a supplement to this document as appropriate.



Figure 3: Office Cabling Layout



6. Hardware

a. Network Hardware

Hewlett-Packard ProLiant BL620c G7 Servers

Quantum TC-L42AN-EZ-B 1.6TB Tape Back-up Unit

APC Symmetra RM Uninterruptable Power Supply

Cisco SG200-50 Switch

Cisco RVS4000 Gigabit Security Routers

Cisco ASA 5510 SEC BUN K9 Firewall Server

Hewlett-Packard BLc3000 Enclosure with 4 AC Power Ports

Linksys WAP610N Wireless Access Points

b. Workstations

Hewlett-Packard Z210 Small Form Factor Workstations

Eizo Large Format LX470W Medical Monitors

Eizo RadiForce RX430 Medical Monitors

Matrox Xenia Pro 1GB Video Cards

Hewlett-Packard Compaq LA 2206X monitors

c. Laptops

Hewlett-Packard Elite Book 8460W Laptops

d. Tablets

Toshiba Thrive Tablet

e. Office Equipment

Cisco SPA 504G VoIP Phone

Cisco CP-7935 Polycom Conference Phone

Ricoh Aficio C6501SP Copier/Scanner/Facsimile

Ricoh Aficio C232SF Copier/Scanner/Facsimile

7. Software

a. Operational Applications

Windows 7 Ultimate

Vietra Medical Manager EMR

Ubuntu 11.10 Desktop

MS Office 365 (Online MS Office services)



b. Network System Applications

Windows Server 2008 R2

Microsoft Exchange 2010

Red Hat Enterprise Linux

Ubuntu 11.10 Linux

8. Services

a. Internet and Email Service Provider: Verizon Private IP Service

Layer 3: With Private IP Enhanced Traffic Management, our Private IP Layer 3 MPLS-based VPN puts all your traffic on a reliable, private network with Quality of Service (QoS) routing. And with Private IP Layer 3, you can build a hybrid solution between your public and private networks while enabling automated business processes, including e-commerce, VoIP, converged solutions, shared intranets, and extranets.

Advanced Technology

Whether you outsource service to us or manage it yourself, our Cisco-powered, private, MPLS network meets your enterprise's rigorous demands, including:

Global availability - over 121 countries/territories QoS routing Enhanced Visibility & Network Management Solutions Multicasting for improved bandwidth conservation Seamless Frame Relay/ATM integration Stringent SLAs Remote access (via Secure Gateway) Multiple access options including DSL, satellite, and Ethernet

Any-to-any connectivity

Streamlines network management, planning, and expansion.

Six IP Classes of Service (CoS)

Our six Classes of Service (CoS) let you prioritize traffic (voice, video, data) while consolidating your traffic on a single network. This offers you additional flexibility that lets you dictate how traffic is handled across the network, giving priority to mission critical traffic.

mailto:[email protected]



b. Medical Software

Sage Medical Manager Version 11 features a new front desk application that enhances the user experience in a number of exciting ways. First, options like a new Windows® desktop environment give you the choice of using whichever Sage Medical Manager interface you prefer - Classic or “Renaissance” in your front office. This type of flexibility enables your practice to save both time and money by offering a familiar interface that’s easy for new hires to use and learn.

Sage Medical Manager Version 11 also features simplified front office operations like: drag-and-drop appointment scheduling, point-and-click electronic insurance eligibility verification, streamlined check-in / check-out workflows, and more...

Easy to navigate menus and screens

Dynamic search capability - allows you to search by ANY patient demographic value

One click key-field sorting in the appointment module

Quick access to referral/managed care information

Interface to the clinical chart

Vitera Medical Software on-line Demo http://www.sagehealthcustomerlearning.com/files/vs_demos/main/content_mm/SALES_MM.htm

http://www.sagehealthcustomerlearning.com/files/vs_demos/main/content_mm/SALES_MM.htm

http://www.sagehealthcustomerlearning.com/files/vs_demos/main/content_mm/SALES_MM.htm



Security/Maintenance Plan

1. Introduction and Background Security is always a concern for every organization, more so for a medical provider. Medical providers face uncertain situations on a constant basis, no one know when an individual may have an adverse reaction to treatment or may decide to break the law and try to illegally obtain prescription medicines being stored in an office location. To provide a secure working environment, every organization should either conduct a self-assessment on their current security practices or have an outside specialty organization conduct an assessment and provide recommendations. While physical security is important, we here at IS3110, focus on security of the network and strive to provide our customers the best in network security during an installation.

2. Budget Our network security features are built-in to each of the networks we install and are customized for those individual customers, so all costs normally associated for additional security are built-in to the overall costs provided by IS3110.

3. Roles and Responsibilities Recommend DLIS identify either an internal employee or an external organization to act as their network manager. The network manager will be responsible for ensuring the DLIS network is operational and is as secure as it can be under current industry standards and applications.

4. Performance Measures and Reporting The network manager will conduct schedule performance checks as well as routine reviews of system access logs to ensure all portions of the network are continuing to operate as designed and expected. The network manager will also be responsible for identifying any potential network or system modifications to DLIS in order to keep the system up to date and efficient.

5. Security

a. Network Security Network security is a major focus for our company. The Wi-Fi network will be secured with the WPA2 protocol and will be password protected. All networks at each location will have the correct firewalls in place to prevent any threats to DLIS. There will be 90 day expiration on all passwords to help prevent theft of user passwords. The wireless access point will be set in specific locations to prevent it from reaching outside the building.

b. User Security Each user will have minimal amount of roles, and each manager at each location will have the option to allow roles to be given to certain users. Should there be any inclination of bad judgment by each manager, their roles will be



revoked and further assistance for the user roles will have to be formally asked for.

c. Location Security The primary objective of any organization is to provide a safe and secure working environment for its employees and customers. During the network upgrade, we recommend DLIS take the opportunity to upgrade the current levels of intruder deterrence at all of their respective locations.

One possible upgrade, would to install key entry devices on the main entrance and other important areas, which can only be accessed by authorized and identified personnel. Additionally, the installation of an alarm system with remote panic capabilities in each of the offices will provide added security and allow for the immediate response of trained law enforcement and fire prevention personnel.

Recommended guidance on key-entry and alarm system operation:

All employees to be given individual access codes (allows for tracking who was where and when they were there)

All employees will be granted opening and closing permissions - The alarm codes provided will be unique identifiers for each holder. It is the responsibility of the closing team to secure and lock all file cabinets, doors, windows and computers as well as checking for any unauthorized person within the building prior to exiting. Opening and closing procedures should be followed with caution consistently.

d. Theft prevention To decrease the potential for theft DLIS should establish a well organized opening and closing procedures, as well as conduct random equipment and document inventories. Recommend a two-person integrity rule be a part of the opening and closing procedures, as well as maintaining at least two people in the office at all times, whenever the location is unalarmed.



Quality Assurance Plan

Requirement Performed by Comments Comply Y | N

Reviewer Comments

Documents by Phase:

Smith Smith will be documenting all stages of the schedules to keep the project on track.

Initiate Phase Chris Chris will be starting off initiating the project, making sure all of the wiring, equipment, and servers are set up and working.

Define Phase: Sidney John will define all the phases. Verifying that everyone knows what the goals are and how best to achieve them.

Design Phase: Tom Tom will be designing the infrastructure and verifying all of the construction and equipment placement is acceptable per the project specifications.

Build Phase: Liedke Liedke will be in charge of the wiring and how the servers will be set up and verified.

Evaluate Phase: Sidney Sidney will evaluate each task as it is completed, and verify it meets the standards listed in the agreement.

Operate Phase: John John will act as the operator in this phase to ensure all software functions are working properly and interact with the servers and other clients.

Discipline for Documentation Standard Practices:

Mike Mike will be the discipline director for the standard practices. He will ensure everyone is in compliance with HIPPA regulations along with the other regulations included in the agreement.



Test Plan

DLIS

December, 2011

A. Introduction

A.1. Purpose Testing is necessary to verify and validate a completely functional network. Testing will be done from the OSI model physical layer (cabling) to the application layer (OS and application software). Testing will be completed prior to releasing the final product to DLIS.

B. Test Analysis

B.1. Security Considerations Upon conducting the testing plan, the entire network will not be connected to the Internet as the network will still be vulnerable to malicious influences during the testing period. As such, no computer will be connected to the Internet upon testing. User credentials will be set in place to avoid non-IT personal interfering with testing procedures.

B.2. Test # 1 Email Confirmation Testing email connectivity will verify and validate the application layer of the OSI model, and confirmed receipt of an email will also verify and validate the other six (6) OSI model layers. To test email connectivity a single email will be sent from one end-user account on a Central office workstation to another end-user on a workstation in the East office location.

Test Name: Email Confirmation

Input Data: Email from user to user

Hardware/Software: PC, Email Server, Microsoft Exchange, MS Outlook, Network backbone

Time/Date: TBD

Participants: IT Manager, End-user

Success Criteria: Successful transmission and receipt of an email from the Central office location to a end-user in the East office location and successful reply from the East office location back to the Central office location.



B.3. Test # 1 Requirements to be Tested Successful transmission, receipt and reply of an email from the Central Office location to the East office location will require a fully functional network with properly configured routers and switches; a MS Exchange server with Active Directory, DNS, and DHCP, a properly configured Windows based workstation, and Microsoft Office suite to include the MS Outlook application.

B.4. Test # 1 Expected Outcome The expected outcome is the email will be properly transmitted and received by the intended recipient.

B.8. Test # 1 Constraints In order for the testing to work, each layer of the OSI model must be working. DLIS will provide adequate bandwidth across the network to perform this test. The cabling must be terminated properly at the physical layer. The data link layer must be intact for packets to be switched across the LAN. The routed network and subnets must be set up correctly to traverse across different networks. The applications must be set up appropriately in order to send and receive data.

C. Summary

C.1. Demonstrated Capability A successful transmission and receipt of an inter-office email from the Central office to the East office.

C.2. System Deficiencies N/A

C.3. Recommended Improvements TBD

C.4. System Acceptance Successful completion of this test will signify the functioning of the network as it relates to the OSI model.

Training Plan

DLIS

December, 2011

1. Introduction

1.1. Purpose IS3110 Technical Services’ training objective is to ensure the Management, administrators, and staff, are comfortable using the new implemented systems. This infrastructure overhaul is meant to provide on ease of use and functionality as a whole, not as a burden. System manipulation will change drastically and we want to



leave all personnel with a sense of understanding and comfort in the use of the new systems.

1.2. Scope Each staff member will receive a high-level overview of the entire network (local application, and basic file sharing functionality). More specialized training will be tailored to individual staff members as it pertains to their assigned duties and tasks.

Identified IT staff will be trained on parent/child domain schema and network architecture. It will be assumed that the local IT Manager is knowledgeable on the up to date systems.

1.3. System Overview All training will be accomplished in on-site hands-on tutorials based on individual skill levels. Refresher training will be made available via on-line web sites and recorded seminars. Training schedules will be coordinated with each office locations Supervisor/Office manager to preclude interruptions of daily business.

1.4. General Training Prerequisites Basic understanding of computer operations is presumed. If an individual needs more in-depth basic knowledge separate arrangements will be made available at an additional cost to the customer Customer IT personnel will be provided a two-day system overview and a seven (7) tag along course to ensure familiarity with the network and it’s capabilities.

2. Training Approach

2.1. Training Requirements All DLIS staff (Management, administrators, staff) will provide IS3110 with a computer skill and aptitude survey, to include any specific assigned tasks and/or duties, so that the training can be tailored to their respective abilities and requirements.

2.2. Roles and Responsibilities IS3110 will provide the necessary level of training as identified in the above mentioned surveys. DLIS IT personnel will be responsible for follow-on training and assistance.

2.3. Techniques and Tools All training will be conducted on-site, on the actual equipment to be used by the staff member.

2.4. Training Prerequisites No prerequisites, other than the above mentioned basic understanding of computer operations.



2.5. Schedule All training will be done on-site (at each location) as the portion of the network is brought on-line. To avoid office operation interruptions, IS3110 recommends training be accomplished after normal business hours.

3. Evaluation Each staff member will be tasked to demonstrate/perform an overall understanding of the complete network as well as their specific functions at the end of the training period.

4. Tracking and Reporting As a staff member completes their training, IS3110 will provide certification of training to the respective office manager/supervisor at each installation location.

5. Outcome Measurement Successful completion of training will be acknowledged by DLIS upon certification of each staff member and their demonstrated ability to utilize the network applications as it relates to their specific tasks/duties.

6. Sustainability As mentioned above, follow-on training will be the responsibility of DLIS’s IT personnel as well as continued access to IS3110 on-line tutorial venues.

7. Assumptions It is assumed DLIS will be a willing participant in the training of its staff members and every effort will be made by DLIS to ensure all staff members are identified and available for training.

8. Risks As the DLIS network represents the latest technology available to a small to medium sized organization, it also comes with inherent risks, such as individual overstating their computer capabilities, individual scheduled for training on capabilities they will not use enough to ensure retention and will have to be retrained, individuals may not receive all of the necessary training due to improper self-assessment results. IS3110 will do its utmost to ensure these and other risks are minimized during the training periods.

Implementation Plan

A. Introduction

A.1. Purpose The rapid advancement of technology within the healthcare industry requires medical providers to stay in touch with not only partners but patients as well. IS3110 Technical Services is proposing a unified information sharing solution within a secure environment while keeping focus on HIPAA guidelines and patient confidentiality.



B. Implementation Plan

B.1. Implementation Activities We understand DLIS’s requests and concerns and will take a systematic approach in reaching these objectives. The Management currently have 5 standalone sites which we will bring online as a single unified service. Utilizing the central office as a main hub to service each satellite office, a secure centralized network will make for a more stable and scalable solution.

B.2. Implementation Timetable The project will commence upon approval of this proposal with an installation timeframe from November 17th, 2011 lasting 7 months ending June 1st, 2012.

Technological System Implementation Plan

Recommend Actions

Specific Actions

Lead Support Key Outputs Milestones Actions Achieved by

Routing and

Switching

installation

Install

Routers

and

switches

in racks

Network

Engineering

Network

Engineering

LAN

routing and

switching

Infrastructure

phase II

Tom, John, Mike

ISP circuit

'Turn-up'

Install and

provision

ISP T1's

Internet

Service

Provider

Internet

Service

Provider

WAN

routing and

switching

Infrastructure

phase II

Sidney, Chris

Internal

cabling

install

Install

patch

panels and

CAT-6

cabling

Electrician

or

Structured

Cable

Installation

Expert

Local IT

Manager

Local Area

Network

Infrastructure

phase II

Darrell, John, Mike

Server

install

System

Engineering

Local IT

Manager

Local

System

Services

Infrastructure

phase II

Tom, Chris

PC/Phone

install

Hardware

deployment

Local IT

Manager

Application

use

Infrastructure

phase III

Sidney, Mike

B.3. Standards Implementation IS3110 Technical Services adheres to all industry protocol and industry standard committees and practices. All of our testing will be derived using the open systems interconnection (OSI) model and will utilize all IEEE practices.

C. Technological Infrastructure The current DLIS infrastructure will go through major changes. This proposal requires the new network be brought up concurrently with the existing infrastructure to minimize any system downtime. The network will be composed of a central servicing site and 4 satellite offices.



1. Required infrastructure:

A complete network backbone comprised of (2) T1 circuits from an local internet service provider. Each satellite office will be connected to the main site via a point to point T1 allowing adequate bandwidth for replication and seamless data transfer.

2. How will it be implemented?

The network infrastructure will be put in place first. Once that is complete, systems to include domain controllers, email servers, file servers, web servers, and database servers will be racked and brought online. Hardware to include PC's and phones will be rolled out once all server systems are online. Once schema, users, and computers have been populated within active directory, data migration will commence and take place after hours. Once all data is backed up, migrated over, and all active directory replication has taken place over the new circuits, failover to the new system will take place. Testing will commence.

3. What architecture is being used?

A star topology between central site and satellite offices using a parent/child domain infrastructure.

4. What is the time schedule for implementation?

Implementation time schedule will be 3 months from equipment funding and purchase.

5. Who will it affect?

This transition will be seamless to the users. Prior to system cutover, training will be started.

Post-Implementation Plan

A. Executive Summary Post- implementation will consist of results, costs, goals, requirements, and benefits of the entire 'DLIS' proposal. The views will consist of what was projected, actual, and variance of each phase or entity within the overall plan.

B. Results

B.1. Schedule Projected The schedule will be driven by acceptance of this proposal, funding for equipment, and completion of task. Our timeframe for implementation is 90 days from funding and equipment purchase. Actual



Once proposal has been accepted and funding awarded, we will commence to purchase equipment, install, and train within 90 days. Reason for Variance Customer funding and acceptance of proposal.

B.2. Costs Projected The projected cost of this plan is: $2,603,933.00 with $23,200.00 in annual reoccurring costs (see Appendix B for Cost Analysis) Actual The actual cost of this plan is: TBD Reason for Variance Difference between projected and actual cost are directly related to any modifications made to the proposed plan as well as any cost or expenses incurred by IS3110 Technical Services during the final execution of the plan/installation.

B.3. Goals and Objectives Projected Once approved the DLIS network will be properly installed and functional within the scope of the plan. Actual DLIS’s network will be installed and fully functions in relation to the agreed upon design and implementation plan. Reason for Variance Not applicable

B.4. Requirements and Functionality Projected All DLIS requirements will be met. Current industry standards and practices will be met. Actual All aspects of the RFP have been covered and/or satisfactorily addressed. All testing results have been reviewed and explained. All network systems are installed and functional. Reason for Variance Any variance here would come from a contract change or amendment in what was requested as the understanding of options become inherent.



B. 5. Benefits Projected The benefits of this technical upgrade: Faster, easier file sharing, quicker database queries and patient record collection, integrated office capability, state of the art network and system infrastructure, and a comprehensive backup and disaster recovery plan (DRP). Actual The benefits of this technical upgrade: Faster, easier file sharing, quicker database queries and patient record collection, integrated office capability, state of the art network and system infrastructure, and a comprehensive backup and disaster recovery plan (DRP). Reasons for Variance N/A

C. Lessons Learned No two projects are ever the same and at the same time, a single project could be accomplished many different ways. Areas which should be addressed when taking on a complete IT infrastructure overhaul.

Vendor Solicitation and Selection

o Obtain/research at least three (3) separate vendors for price and equipment

comparison

Contract Negotiation and Management

o Understand what is required for various requirements, don’t under estimate the

time, manpower, effort it will take to design, build and test a task

o Don’t sell yourself short, your expertise and the expertise of your team is a

valuable asset/commodity and should be compensated accordingly.

Technology

o Technologies are always evolving and even though something new might have

more capability, you should stay with the plan to avoid overload.

o Ensure the equipment and technology you are choosing will continue to be

supported throughout the duration of your sustainment plan

Project Management

o Be proactive when managing project.

o Constant interaction with the client is necessary to maintain satisfaction, address

new requests and solicit reviews



Technical Design Specifications

o Keep compliant with industry standards and practices

Data Conversion

o Backup everything before migrating or converting data

Testing

o Complete rigorous verification testing of systems and security

Training

o Ensure client and personnel are understanding and comfortable with all the

capabilities of the new system

Implementation

o Stay on target and follow the plan.

Production and Operations

o Strive to maintain a 99.999% operational posture

D. Recommendations Not applicable

Disaster Recovery Plan (DPR)

Purpose Disaster Recovery is unfortunately a necessary evil in today’s electronic environment. At some point during the life cycle of a network, something will go wrong, whether it is caused by a natural occurrence or it is caused by human efforts (both intentional or unintentional), the network will have to be recovered. A good DRP tries to predict for all possible situations, however, that is impossible, so the best defense is always a good offense. The best way to be prepared is to plan ahead, and create a regularly scheduled backup schedule, pre-determine the correct media for your backup (size, type, portability), determine how many copies of each backup are going to be generated, and identify where your backup are going to be stored (on-site, off-site). Since DLIS is dealing with valuable patient information, it is recommended that a full backup is completed as soon as the network is operational, at least three copies of this backup should be created, one stored on-site at the Central office location for immediate use by DLIS IT personnel, one stored at an alternate office location, and the third stored off-site by a reputable information storage company, such as Iron Mountain.



After the initial full backup, a regular schedule of incremental backups interspersed with differential backups should be implemented and stored similarly to the full backup. An effective way of accomplishing is to use an off-site storage company such as Iron Mountain

IRON MOUNTAIN

defines themselves as an information management solutions company that will best serve DLIS in the secure storage their physical and electronic data. Iron Mountain has many options that DLIS can use to find the risks in their current program, suggest best practices, contain DLISs discovery costs, and create a unified records program for all SharePoint files. Iron Mountain directed us to the following expose printed in the New England Journal of medicine and authored by Rishi Bhalerao a product Manager of Iron Mountain, his particular area of expertise is Healthcare Systems and HIPAA compliance. Meaningful Use Drives Agenda in Healthcare IT by Rishi Bhalerao The American Recovery and Reinvestment Act (ARRA) is pushing healthcare facilities throughout the country to update their electronic medical records (EMR) systems. Stipulations from the ARRA, and recent rulings from the Health Insurance Portability and Accountability Act (HIPAA), require that healthcare organizations show meaningful use of the technology they have implemented in order to receive the promised incentive payments. Learn how more efficient systems, processes, and decisions can help health care providers get the most out of their EMR systems to meet or exceed the criteria for meaningful use. “Meaningful Use” criteria were recently announced by the U.S. Department of Health and Human Services under the HITECH Act, which was created to improve healthcare quality, safety, and efficiency through the use of information technology.1 These criteria were put in place so that as healthcare providers implement new technologies – such as Electronic Medical Records systems – there is a standard for their efficiency and capability. As a result, a concentrated five-year national initiative to adopt and use electronic records in healthcare has begun. Two regulations have been released, one of which defines the meaningful use objectives that providers must meet to qualify for significant financial incentives through Medicare and Medicaid, and the other identifies the technology standards and certification required, so that healthcare providers may be assured that their systems are capable of performing the required functions. With EMR technology, healthcare providers and their patients will have more complete and accurate information, along with better access to that information.



Studies on implementing EMR have shown benefits for patients in terms of increased safety, reduced medical errors and coordination of healthcare services from different providers. In addition, EMR will also save money for the healthcare industry in the long term since the electronic entry, transfer, and storage of electronic records is much more efficient and cost-effective than handling paper. On July 13, 2010, Kathleen Sebelius, secretary of the Department of Health and Human Services, announced the cost-saving and efficiency benefits the regulation will produce throughout the industry. “For years, health policy leaders on both sides of the aisle have urged adoption of electronic health records throughout our healthcare system to improve quality of care and ultimately lower costs. Today, with the leadership of the president and Congress, we are making that goal a reality,” she stated. Dr. David Blumenthal, the Director of the Institute for Health Policy, Massachusetts General Hospital for the ONCHIT added “Meaningful use of EHRs in 2011 will earn hospitals a one-time bonus payment of $2 million plus an add-on to the Medicare fee based on the diagnosis-related group (DRG).”2 Information management industry specialists know that the decision to implement an EMR system is only the first step in the process of meeting the meaningful use criteria. In order to make your system operate in a manner that improves patient outcomes, you need to figure out the workflows and processes to enable that system meet its potential, and maximize its adoption. Most EMR systems provide the hardware and software to automate clinical functions, with the goal of a single, secure online patient record. But, additional processes such as scanning physical records and cleaning out databases are important to the successful implementation of electronic medical records systems. “In hospitals today, managing patient records consists of an inefficient patchwork of systems, processes and decisions that have been made over many years,” said Ken Rubin, Iron Mountain’s vice president and general manager of healthcare. “If a hospital has poor processes for storing and managing hardcopy medical records, simply digitizing them will only add to the mess, not help solve it.” Part of the modernization of electronic medical records includes processing the vast amounts of paperwork that comprise current health information systems. A smooth transition to EMR will require managing both paper and digital records in a hybrid environment while navigating the changeover to a fully digital workflow. “Health systems that first streamline their paper storage and workflows for handling records not only establish the right framework for EMR, they can also find as much as one million dollars in savings to help fund their transition to electronic records,” Rubin added. Recent studies on the current state of health information technology have exposed a growing need for improvement. PricewaterhouseCoopers conducted a survey of 120



CIOs and healthcare IT executives before the final rule was set in place. This survey found eight in 10 respondents reported being “concerned” or “very concerned” they will not be able to demonstrate meaningful use by the 2015 deadline. Furthermore, only half of the survey’s respondents claimed they will be prepared to meet the first set of meaningful use requirements in 2011. Although the final meaningful use ruling incorporated greater flexibility which may enable more of these CIOs to meet the criteria, the results of the survey highlight the common conflict CIOs are facing between working to create the most efficient information management systems and working to meet the government’s regulations. Experts familiar with the survey explained the need for practical solutions for modernizing information management in the industry. Tom Garrett, leader of the health information technology practice at PricewaterhouseCoopers, said “we found many healthcare providers are mired in the complexity of incentive-rule criteria and may not be working toward longer-term goals…” “The bottom line is improved quality of care and patient safety, delivered more efficiently,” he added. “Government leaders and health organizations need to give consideration to the ultimate goal as they work to finalize and meet guidelines for meaningful use." As healthcare CIOs work to update their records management to meet meaningful use criteria, they should consider the benefits of working with a trusted partner, such as Iron Mountain, in conjunction with their EMR system provider. By addressing the issues of existing paper-based systems, such as redundancy and inconsistency, the switch to electronic medical records can be accomplished faster, easier and less expensively. Although not necessarily mandated by the new meaningful use regulations, implementing more efficient information management processes is a best practice that can facilitate the conversion to EMR, and as a result will help healthcare providers achieve their goals of better patient outcomes.



Appendix A: DLIS Project Timeline



Appendix B: DLIS Project Cost Analysis

Consultant may invoice Client per the schedule below, providing written acceptance of each deliverable contained in a Payment Milestone, is received from Client:

Deliverable Date Due Payment

Deliverable #1 Project Timeline

Payment Milestone #1 Target Invoice Date: 11/28/2011 $433,988.83

Deliverable #2 Cost Analysis


Deliverable #3 Network Diagram


Deliverable #4 Network and Office Equipment Listing


Deliverable # 5 Network Definition


Deliverable #6 Web Site


TOTAL FIXED PRICE DLIS Consolidated Network $2,603,933.00

Liquidated Damages for Delayed Delivery

Provided however, in the event that Consultant fails to deliver in accordance with the above schedule, payment shall be reduced per the table below.

Example:

Payment Schedule Delivery Date

Payment of agreed original fixed price of deliverable On Time Delivery

Payment of agreed original fixed price less 2% reduction One Day Delay

Payment of agreed original fixed price less additional 5% reduction One Week Delay

Additional Time and Material Rates

Any additional time and/or material required will be negotiated on a case-by-case basis between the Client and the Consultant.

Travel and Expenses

Travel and per diem will be based on the current U.S. Federal Government standards.



Cost Analysis Based upon the assumption that the retail company is moving to a new location, there are several cost benefits to the proposed network project. First, the selection of a low cost, easily configured router and switch in the Juniper network devices. The Junipers have a lower yearly maintenance cost in comparison to competitive vendors. Second, the server environment chosen is the Microsoft Windows 2008 platform. Microsoft provides a rich environment and a familiar platform that is common within the professional field. Finally, a single turnkey vendor with CDW was chosen to allow bulk discounts, an expansive selection, and a single source for all of the IT and office needs. With these benefits the client firm should be able to lower yearly maintenance, upkeep costs, and potentially decrease costly failures.

Category Cost

Hardware $786,859.00

Services $1,680.000.00

Software $137,074.00

Total $2,603,933.00

Reoccurring Expenses

Category Vender Cost per month Cost per year

Services Verizon $190.00 $11,400.00

Software BEI $12.00 $10,800.00

Total $202.00 $23,200.00



Appendix C: DLIS Network Diagram

Figure 2: DLIS NETWORK



Appendix D: DLIS Network and Office Equipment Listing



Category Equipment Manufacture Model Qty Cost / Unit Total Costs

Hardware AD DS Server Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Hardware AD/DNS/DC Server Hewlett-Packard ProLiant BL620c G7 5 $10,919.00 $54,595.00

Hardware Back-up Device Quantum TC-L42AN-EZ-B 1.6TB 3 $1,670.00 $5,010.00

Hardware Back-up Media Quantum LTO Ultrium 36 $83.00 $2,988.00

Hardware Back-up Power Supply APC Symmetra RM 2kVA-Scalable-to-6kVA-N+1-208/240V

5 $2,750.00 $13,750.00

Hardware Business Mgmt. Server Hewlett-Packard ProLiant BL620c G7 6 $10,919.00 $65,514.00

Hardware Copier/Scanner/Facsimile Ricoh C6501SP 5 $18,114.00 $90,570.00

Hardware Copier/Scanner/Facsimile Ricoh C232SF 5 $780.00 $3,900.00

Hardware DHCP Server Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Hardware DNS Server Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Hardware Email Server Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Hardware Equipment Rack Hewlett-Packard BLc3000 Encl w 4 AC Pwr 6 $7,791.00 $46,746.00

Hardware File/Print Server Hewlett-Packard ProLiant BL620c G7 6 $10,919.00 $65,514.00

Hardware Firewall Platform Cisco ASA 5510-SEC-BUN-K9 5 $2,775.00 $13,875.00

Hardware Laptops Hewlett-Packard Elite Book 8460W 10 $1,299.00 $12,990.00

Hardware Large Format Medical Grade Monitor

Eizo LX470W 5 $9,356.00 $46.780.00

Hardware Medical Grade Monitors Eizo RadiForce RX430 15 $13,422.00 $201,330.00

Hardware Medical Grade Video Card Matrox Xenia Pro 15 $1,340.00 $20,100.00

Hardware Monitors Hewlett-Packard Compaq LA2206X 75 $195.00 $14,625.00

Hardware Network Cable Mgmt Mayline eLan 6ft Rack 250 $66.00 $16,500.00

Hardware Network Cabling Dynatran CAT5E STP 1000’ Spool 6 $162.00 $972.00

Hardware Network Hardware Carlon RJ45 Shielded Connector 1000 $2.00 $2,000.00

Hardware Network Hardware Carlon Cat5e Wall Plate 120 $15.00 $1,800.00

Hardware Network Hardware Carlon Electrical 2-Gang Boxes 120 $2.00 $240.00

Hardware Routers Cisco RVS4000 Gigabit Security Router 5 $133.00 $565.00

Category Equipment Manufacture Model Qty Cost / Unit Total Costs



Hardware Switches Cisco SG200-50 Switch 48 10/100/1000 Ports 10 $645.00 $6,450.00

Hardware Tablets Toshiba Thrive 15 $480.00 $7,200.00

Hardware VoIP Phones Cisco SPA504G 120 $179.00 $21,480.00

Hardware VoIP Phones Cisco CP-7935 5 $320.00 $1,600.00

Hardware Web Server Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Hardware Wireless Acc. Point Linksys WAP610N 15 $130.00 $1,950.00

Hardware Workstations Hewlett-Packard Z210 Small Form Factor Workstation 75 $800.00 $60,000.00

Services IS3110 Consulting 7 Consultants x 40 hours x 28 weeks 6720 $250.00 $1,680,000.00

Software Application Manager Hewlett-Packard ProLiant BL620c G7 1 $10,919.00 $10,919.00

Software Business Mgmt. Software Vietra Vietra Medical Manager 1 $59,000.00 $59,000.00

Software Operating Software Microsoft MS Server 2008 14 $710.00 $9,940.00

Software Database Software Microsoft MS SQL Server 2008 5 $160.00 $800.00

Software Email Software Microsoft MS Exchange Server 2010 1 $690.00 $690.00

Software Operating Software Red Hat Red Hat Enterprise Linux 6 $6,500.00 $39,000.00

Software Operating Software Microsoft Windows 7 Ultimate 75 $223.00 $16,725.00

Software Operating Software Ubuntu Version 11.10 Server and Desktop Freeware $0.00

$2,603,933.00

Services Internet Access Verizon FIOS 5 $190.00/mo $11,400.00/yr

Software http://www.beinetworks.com Microsoft MS Office Professional Plus 75 $12.00/mo $10,800.00/yr

$202.00/mo $23,200.00/yr



Appendix E: DLIS Network Definition

Location IP Address Subnet Mask Subnet Size

Host Range Broadcast Default Gateway

Central 10.10.220.0 255.255.255.128 126 10.10.220.1 -10.10.220.126 10.10.220.127 10.10.220.1

East 10.10.220.128 255.255.255.128 126 10.10.220.129 - 10.10.220.254 10.10.220.255 10.10.220.129

West 10.10.221.0 255.255.255.128 126 10.10.221.1 - 10.10.221.126 10.10.221.127 10.10.221.1

North 10.10.221.128 255.255.255.128 126 10.10.221.129 - 10.10.221.254 10.10.221.255 10.10.221.129

South 10.10.222.0 255.255.255.128 126 10.10.222.1 - 10.10.221.126 10.10.222.127 10.10.222.1

DLIS Central Office



Host Name IP Address Mask Gateway Description Position Assigned VoIP No. Pager No.

Router 10.10.220.1 255.255.255.128 10.10.220.1 Cisco RSV4000

ADDS 10.10.220.2 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

DNS Server 10.10.220.3 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

DHCP Server 10.10.220.4 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

Exchange Server 10.10.220.5 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

File/Print Server 10.10.220.6 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

Application Server 10.10.220.7 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

Web Server 10.10.220.8 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

Business Mgmt Svr 10.10.220.9 255.255.255.128 10.10.220.1 HP ProLiant BL-620c-G7

Wireless Acc. Point 10.10.220.10 255.255.255.128 10.10.220.1 Linksys WAP610N



Firewall 10.10.220.13 255.255.255.128 10.10.220.1 CISCO ASS 5510

Network System Expansion IP Address

10.10.220.14 ~ 10.10.220.25

255.255.255.128 10.10.220.1

Workstation 1 10.10.220.26 255.255.255.128 10.10.220.1 HP Z210 Doctor




Workstation 4 10.10.220.29 255.255.255.128 10.10.220.1 HP Z210 Nurse



Workstation 7 10.10.220.32 255.255.255.128 10.10.220.1 HP Z210 Supervisor

Workstation 8 10.10.220.33 255.255.255.128 10.10.220.1 HP Z210 Financial Manger

Workstation 9 10.10.220.34 255.255.255.128 10.10.220.1 HP Z210 Manager

Workstation 10 10.10.220.35 255.255.255.128 10.10.220.1 HP Z210 Billing/Collection






Workstation 14 10.10.220.39 255.255.255.128 10.10.220.1 HP Z210 Receptionist



Workstation 17 10.10.220.42 255.255.255.128 10.10.220.1 HP Z210 Conf. Room

VoIP Phone 10.10.220.43 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Doctor 703-455-2330 1-800-455-2660



VoIP Phone 10.10.220.46 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Nurse 703-455-2333 1-800-455-2663



VoIP Phone 10.10.220.49 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Supervisor 703-455-2336 1-800-455-2666

VoIP Phone 10.10.220.50 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Financial Manger 703-455-2337 1-800-455-2667

VoIP Phone 10.10.220.51 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Manager 703-455-2338 1-800-455-2668

VoIP Phone 10.10.220.52 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Billing/Collection 703-455-2339 1-800-455-2669




VoIP Phone 10.10.220.56 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Receptionist 703-455-2343 1-800-455-2673




VoIP Phone 10.10.220.59 255.255.255.128 10.10.220.1 CISCO CP-7935 Conf. Room 703-455-2346

VoIP Phone 10.10.220.60 255.255.255.128 10.10.220.1 CISCO CP-7961G-GE Record Storage 703-455-2347

Copier/Scanner/Fax 10.10.220.61 255.255.255.128 10.10.220.1 Ricoh Aficio MP C6501SP Facsimile 703-455-2348


Expansion IP Addresses

10.10.220.63 ~ 10.10.220.126

255.255.255.128 10.10.220.1



DLIS East Office


Router 10.10.220.129 255.255.255.128 10.10.220.129 Cisco RSV4000

AD/DNS/DC Server 10.10.220.130 255.255.255.128 10.10.220.129 HP ProLiant BL-620c-G7







Network Systems Expansion IP Addresses

10.10.220.137 ~ 10.10.220.151

255.255.255.128 10.10.220.129










































10.10.220.188 ~ 10.10.220.254

255.255.255.128 10.10.220.129



DLIS West Office

Host Name IP Address Mask Gateway Description Position Assigned

VoIP No. Pager No.

Router 10.10.221.1 255.255.255.128 10.10.221.1 Cisco RSV4000









10.10.221.9 ~ 10.10.221.25

255.255.255.128 10.10.221.1



















VoIP No. Pager No.
























10.10.221.63 ~ 10.10.221.126

255.255.255.128 10.10.221.1



DLIS North Office


VoIP No. Pager No.

Router 10.10.221.129 255.255.255.128 10.10.221.129 Cisco RSV4000









10.10.221.137 ~ 10.10.221.151

255.255.255.128 10.10.221.129



















VoIP No. Pager No.
























10.10.221.188 ~ 10.10.221.254

255.255.255.128 10.10.221.129



DLIS South Office


VoIP No. Pager No.

Router 10.10.222.1 255.255.255.128 10.10.222.1 Cisco RSV4000









10.10.222.9 ~ 10.10.222.25

255.255.255.128 10.10.222.1



















VoIP No. Pager No.
























10.10.222.63 ~ 10.10.222.126

255.255.255.128 10.10.222.1



Appendix F: Disaster Recovery Time Estimator

AMOUNT OF DATA TO BE RECOVERED MEDIA TYPES

ESTIMATED TIME TO RECOVERY - HOURS

TIME TO CREATE BACKUP - HOURS

13-30TB DELTAK TAPES 16MM 0.97 0.972

1-5TB DELTAK TAPES 16MM 0.53 0.525

0.00 0

0.00 0

0.00 0

0.00 0

0.00 0

0.00 0

0.00 0

RISK MANAGEMENT REPORT (RMR)PREPARED FOR...

Documents

Transcript of RISK MANAGEMENT REPORT (RMR)PREPARED FOR...