RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Storage vendors and liability
From:
Hugh Smith <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Mon, 3 Mar 2008 00:24:59 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (107 lines) 
On Mar 1, 2008, at 12:01 AM, RECMGMT-L automatic digest system wrote:

> From:    Chris Browne <[log in to unmask]>
> Subject: Storage vendors and liability
>
> Dear Godfathers and Godmothers of RIM,
>
> I'm intensely curious to hear what other organizations have been  
> able to
> negotiate into their storage contracts regarding vendor liability for
> lost containers or digital media.

There are several; and, I know one group headed up with Ownership  
that comes from the Audit Community.  They carry higher levels of  
insurance and they will allow the client to define a level above  
that.  But if you go above the five million limit per occurrence they  
typically offer, then you must define the level of loss by tape or by  
box. (Many clients struggle to define value.)

Contrary to general beliefs there is a difference from one vendor to  
the next.  But this requires that a records manager sit down, develop  
a measure of risk and exposure, and then define that risk to the vendor.

The storage vendor says, if you want insurance, get it yourself.   
This is a clever ploy that allows them to be totally negligent in the  
care of the records with minimal risk.  You have the right to define  
a level of care.  If you do not, it removes the vendor from any  
responsibility to protect the records in their care.  Hostage fees  
allows them the ability to offer the lowest level of service, poorly  
designed warehouses and low end sprinkler systems and place all risk  
on the clients.

You can choose to store certain high value records in vaults, this  
provides the protection you want, reduces risk and makes placing  
insurance far less expensive.

Records Centers are as much a warehousemen issue as IBM's Data  
Centers are an empty office.  The space is defined by what is stored  
within it, value and volume.  Your idea of reasonable care and theirs  
may be too different things.  Insurance coverage brings you both on  
the same page because a third party (the insurance provider)  
describes the "prudent man" care levels and security.  The lower the  
security they provide, the higher the insurance.  After a while, the  
records center decides to improve security as it will actually save  
him money on recurring insurance costs.

If you demand that the vendor provide a certain level of coverage,  
say $25.00 per box or $175.00 per box (It costs $100 to $150 per box  
to freeze dry it back to useful life if is is soaked and soot covered  
in a fire.)  Your goal is to have the vendor to want it to survive,  
not hope it will burn.  Right now the industry has made the decision  
that burnbing your records is more profitable for them than making  
sure it survives.

Protecting IT Tapes is another issue. By defining a value of  $5,000  
per tape and cover it for that, this will offset the Disaster  
Recovery cost of recreating the information in a rush.

By mandating certain levels of protection and insurance, the records  
management program causes several things to happen:

1) The vendor's insurance carrier says "Oh no!  You need better  
access control and CCTV coverage."  And "You need background checks  
on your employees."  And "Let us get our risk manager in here to look  
at your sprinkler system."
2) The insurance carrier increases their insurance premium for each  
deficient level of protection. So they fix problems.
3) Their insurance premiums rise based on degrees of degradation of  
service, so they upgrade.
4) The result is the better vendor starts being the best price and  
your level of insurance coverage goes up while your risk of loss goes  
down.

This is exactly what the NFPA 232 Storm was about a few years back.   
The vendors with the highest Hostage Fees wanted to prevent any  
required improvements to their facility because you were locked in  
anyway via Hostage Fees.   Why give you a better product when your  
options were contractually eliminated.  In fact, let's increase the  
compartment size and make it a worse product.

Records managers look all the worse because the IT community can take  
advantage and move to better pricing, better security while the RM is  
trapped.  I know, you claim that you never selected your current  
vendor, they just acquired your existing vendor and you are stuck.   
But that is not true. You could have moved.  You could have refused  
to sign their contract with the Hostage Fees in it.

This is still America.  We are free to move to better security.   
Making the vendor deliver what you want is like shopping for a car.   
You define what your expectations are and you limit who can really  
bid on the work.  Fred Grevin did this through strong specifications.  
But don't expect those who dumb down the industry to be one of the  
bidders.

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM



List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2