Protecting critical business functions
In support of our mission and institutional driver for ransomware readiness, Michigan Medicine’s Information Assurance is partnering with critical business units to create a transparent and comprehensive inventory of Digital Critical Assets (DCA).
IA will begin its work by reaching out to a business owner and subject matter experts (SME).
This effort will include both identification of initial inventory and an operational process to facilitate the ongoing identification, collection and management of digital critical assets to ensure accuracy and completeness.
Maintaining an accurate inventory of DCAs supporting these systems and functions supports the strategic direction of proactively managing risks to our mission-critical services. An accurate inventory also allows for the prioritization and remediation of risk that may impact continuity of operations.
- Helps identify single points of failure
- Creates an online inventory database of digital critical assets within the ServiceNow CMDB
- Supports Continuity of Operations (COOP) and Information System Contingency Plan (ISCP) planning
Who is impacted?
- Administrative directors/business managers
- Subject matter experts (SMEs), e.g., clinical directors, nursing directors, medical directors
- Others with specific critical business function expertise
- Trusted service providers (TSPs) make required configuration item (CI) updates and ensure ongoing maintenance of owned CIs
- Sample selection of pilot business units for initial interviews.
- Digital critical asset discovery within pilot business units
- IA Cybersecurity and Risk Management Continuity & Resiliency teams will meet/interview pilot participants
- Asset data will be gathered and reviewed by IA and validated with business owner
- Data is entered into ServiceNow CMDB inventory database and identified as digital critical assets.
- Guide a sample set of business units through the inventory operational process and adjust process as needed based on feedback.
- Final digital critical asset process is operationalized for rollout to remaining Michigan Medicine business units.
- Project ends when processes are operationalized.
Mark Tillman, IA project manager and Jim Neuvirth, IA continuity and resiliency project lead, at firstname.lastname@example.org.
For updates, refer to this KnowledgeBase article.