On Jun 16, 2007, at 12:01 AM, RECMGMT-L automatic digest system wrote:
> From: "Jones, Virginia" <[log in to unmask]>
> Subject: Re: Vital records
>
> Joy:
> Rule of thumb - if the record/information is needed during the
> emergency
> event to respond to the emergency (for example we have our GIS maps of
> our distribution system and the last one year of water quality data
> available during a hurricane) or immediately after to continue
> business
> (including compliance with monitoring and reporting) then it is vital.
> If the record can be obtained elsewhere (a courthouse, a federal or
> state agency where it was sent as a report, etc.) after the event,
> then
> it may be important, but it is not necessarily vital. If the
> record can
> be recreated after the event, and is not needed immediately or is not
> needed for litigation or for an incomplete or not yet conducted audit,
> then it definitely is not vital.
> If the record can be obtained elsewhere
My question is............. How can you say that?
Imagine all the businesses in London right now that thought that they
had certain records "somewhere else" but now they don't? The Iron
Mountain fire cast thousands of businesses into Disaster Recovery.
Thousands of businesses had their media and their paper stored in the
same facility and when it burned everything was destroyed.
If you don't have your vital records protected in your own vault,
then you are really not doing your job as a records manager.
FIRELOCK is called in time and again when people see the flaws in
their plan. (Typically, right after a near or real disaster.)
Redundant storage is really not an effective strategy for several
reasons:
1) No effective controls exist to make sure than all records are kept
separate in two locations. Over time, all records tend to migrate to
the offsite storage location. So you are as vulnerable as your
offsite partner.
2) Since many companies choose their offsite storage company based on
who offers the cheapest storage, you end up in massive facilities
that are very high risk.
3) The offsite storage company, if selected on price, has one basic
philosophy: The records you store with them are only worth $1.00 per
box. The legal assumption is these records are virtually worthless
to you or you would not have selected them and signed a contract that
defined value. Just ask those who had records burned up what the
answer was to their inquiries about just compensation. (We will see
what the British Court System has to say??)
4) Unless you ask the offsite vendor to vault your records, then they
consider it tacit approval of the concept that your records are
considered worthless.
5) A regional disaster takes out everybody in that region.
Hurricane, Earthquake, etc. can destroy an entire area.
As your Daddy (in honor of Father's Day) told you again and again "If
you want something done right, Do It Yourself.
Also Courthouses are not worth much for storage. They build the
absolute smallest vault they can, they have it in place 50 years past
the point of capacity and the majority of their records are stored in
basements stacked along corridors or next to the boiler room. (Visit
10 courthouses before you tell me I am wrong.) I could take you to
places that have original documents from Thomas Jefferson sitting in
facilities that have no fire protection.
So once you figure out what really is vital to your organization,
then what?
Ask management what steps the organization will take to protect the
records? If they don't plan on protecting them, then who cares which
ones are which? That is the reality of 90% of the organizations out
there.
The new laws call for Data Mapping but once you do it and describe
which are vital and which are not, then you create greater liability
for C-Level Managers and the Board if they fail to protect the vital
records.
This is a land mine that awaits many organizations. The Protection
of Records Standard (NFPA 232) clearly delineates the different types
of protection that equate to different records. It also makes the
records manager the "Responsible Party". It is clearly in the realm
of possibility that we could soon see a Records Manager go to prison
for failure to fulfill their fiduciary responsibility. You may be
rooming with the CEO and CFO, but the new laws and the American
jurisprudence standard of "Prudent Man" requirements open the door to
this actuality.
Exciting, huh??
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|