Current through Bulletin 2024-23, December 1, 2024
Section R156-38b-401 - Reliability, Availability and Security StandardsThe designated agent shall provide a reliable hosting environment which shall contain the following elements:
(1) Operating Standard. The designated agent shall initially adhere to the J2EE standard and such standard in the future as the Division shall designate in cooperation with the designated agent.(2) System Upgrades. The designated agent shall notify the Division when the SCR requires an update that may cause significant service interruption. Functional or structural changes that impact the system requirements shall require prior approval from the Division.(3) Security. The designated agent shall take commercially reasonable steps to provide that the information contained in the SCR is secure and protected from unauthorized entry.(4) System Backup. The designated agent shall provide adequate backup of the system and its data, including the following: (a) Redundant Servers. There shall be multiple servers running the SCR and Internet environments, but no more than two sets of servers.(b) Data Backup Environment. There shall be facilities to continuously back up data contained in the SCR. This backed-up data must be easily retrieved and either viewed or placed back into the SCR if required.(c) Redundant Power Supply. There shall be a single reliable redundant power supply for the entire environment.(5) System Recovery. In the event of a system failure, the designated agent shall provide system recovery and re-deployment to meet a standard that will result in restoration into full production within a maximum of three business days which are defined as Mondays through Fridays with legal holidays excluded. In the event of destruction of the designated agent's primary hosting facility, the designated agent shall meet a standard whereby complete service restoration could be implemented within two weeks provided the telecommunications and data center vendor can meet this schedule.(6) Software Licensing. The designated agent shall maintain valid software licenses for all purchased software used for the SCR.(7) System Monitoring. The designated agent shall provide continuous monitoring of SCR environment.(8) System Support. The designated agent shall provide appropriate personnel to continuously maintain the SCR environment.(9) Continuity of Operations. In the event that, for whatever reason, operation and maintenance of the SCR is transferred to the state or another designated agent, continuity of the SCR shall be maintained in accordance with the governing contractual provisions with the designated agent.(10) In the event that the Division elects to provide some of the services listed in (1) through (8) above, the designated agent will be relieved of the responsibilities for the services so assumed. Such election by the Division shall be in writing.Utah Admin. Code R156-38b-401