Report captures lessons from Australian Taxation Office outages
- Published: Thursday, 08 June 2017 07:54
The Australian Taxation Office (ATO) has released a report into systems outages that it experienced in December 2016 and February 2017. The report incorporates findings from ATO’s own internal review, as well as technical advice and a separate report prepared by independent expert reviewers.
Key findings from the report include:
- The outage was caused by multiple component failures on the ATO’s primary storage area network (SAN), which was supplied and operated by Hewlett Packard Enterprise.
- The impact of the outage was compounded by the design and configuration the SAN: the review found that there was an over emphasis on performance features rather than stability or resilience.
- ATO business continuity mechanisms, communications and engagement worked well, but into the future need to be more inclusive of partners.
The report identifies areas for improvement, classified into five themes:
- Principles informing ATO IT design;
- correcting the identified faults;
- Enhancing ATO’S capability to support infrastructure design and IT governance;
- Incident responses for the ATO and the wider tax system;
- Managing communication and business resumption with stakeholders.
Business continuity aspects of the report
The report recommends that enhancements are made in ATO’s existing IT‑related business continuity management functions to provide an enterprise‑wide focus on preparing for, testing, and responding to disruptive events. This should include establishing a permanent and dedicated resilience ‘run’ function within the appropriate balance of performance, stability, resilience and cost factors.
The report also recommends that ATO consolidates, streamlines, updates, and simplifies existing business continuity management documentation to clearly articulate the relationship between and accountability for
business continuity, disaster recovery, and resilience planning.
The ATO should assist key stakeholders to understand its business continuity strategies to assist them in improving their own continuity strategies. This will help improve the resilience of the entire Australian tax and super system. These strategies should be designed with a whole of system approach to ensure they are streamlined and easily integrated.
Read the full report (PDF).