2 minute read
Both IT unit and Asea
Increased focus on IT security
The responsibility for the e-mail crash lies with both the IT unit and the supplier, Atea, who was the email provider. This was the internal audit’s overall conclusion after examining the issue of liability. – We agree with the conclusion that we are responsible for different parts, says Area Manager Marie Smedbro.
LAST AUTUMN, a number of the University of Gothenburg’s servers crashed, which led to about half of the employees losing access to their email and calendars for several weeks. The cause was previously investigated by the internal audit in a technical report. On behalf of the Vice-Chancellor, the internal audit has now also looked more closely at who is responsible for the email crash. Five areas have been highlighted as particularly critical in terms of the issue of responsibility:
• Lack of traditional backup. The University of Gotheburg’s solution was based on Microsoft’s best practice, so no one can be blamed for that. • Lack of support agreements. No support agreement was entered into for the disks used to store email. The internal audit believes that the parties have a joint responsibility for the lack of a support agreement. • Inadequate remedial measures in connection with the crash. According to Atea, the disks were “not in danger”, despite the fact that there were major and serious problems in August. According to the internal audit, the IT unit should have questioned this information, but Atea is also considered to have a responsibility in regard to this. • No information was communicated upwards within the organisation. The internal audit has concluded that “the
IT unit should have communicated the information about the risks in the email system to the higher levels of the
organisation when the circumstances were known”. • The internal audit considers that Atea had a “significant and far-reaching responsibility” not least in view of the knowledge of the so-called 40k bug.
This information did not reach the IT unit, according to the internal audit.
MARIE SMEDBRO IS Area Manager for infrastructure support and, together with the IT unit’s management team, she has carefully reviewed the report. – We agree with the, quite detailed, description of the sequence of events and the conclusion that there is joint responsibility. It is a thorough report that sheds light on a series of convergent factors that unfortunately had major adverse consequences. We will now analyse what we can improve and adjust. The University of Gothenburg will have an increased focus on IT security going forward. – The Central Administration has been tasked with reviewing the IT environment as a whole, with a particular focus on security issues, in order to have as safe an environment as possible and avoid similar events in the future, says Marie Smedbro.
Criticism has also been directed at the University of Gothenburg’s provider Atea for their shortcomings. Are there any plans to initiate legal proceedings against the company?
– That is a question for the university’s management team.
Text: Allan Eriksson Photo: Johan Wingborg