Snips from Larry and Bill
> From: "Roach, Bill" <[log in to unmask]>
> Subject: Re: RAINdrip: The sad truth about tape management by
> storage providers
>
>>> More to the point, who has to pay the fines (if there are any),
>>> suffer the consequences of bad press, and penalties for
>>> providing credit checks for a year, when it happens?
>
> Herein lies my point. It is the organization who is held accountable,
> not the service provider. And it's not just IM. I recall numerous
> RAINdrops where the responsible party was a contractor (other than IM)
> who had the data on a laptop or other device. It is reality that
> matters and the reality is that the organization compromised is the
> one
> held responsible, not the organization that does the compromising.
I just had lunch with an attorney that had records management under
his control for a Fortune 100 Company and he had some interesting
comments.
He encouraged his company to bring records back in-house because he
could not get his vendor to accept any liability at all for their
actions with his records and media. He pointed out to management the
cost increases that occurred to their insurance when their offsite
storage contract so clearly defined that their offsite storage
company waived ALL liability for even the most heinous behavior.
He made the case that they could save money by using smaller vendors
that would accept some defined measure of liability. His insurance
company saw that the vendor now had a stake in protecting their media.
Think about it ........... If your vendor has absolutely no risk when
they lose your tapes, or drop them off at another company in error,
or their employees sell your records out the back door and they claim
you should have encrypted, your insurance company sees this as a huge
increase in your exposure.
The vendor doesn't even need to worry about losing the account as it
has been demonstrated time and again that no matter what befalls your
records, you renew the contract. Right? Did any of these companies
claim "I am not taking it any more! I am moving to a better vendor or
at least a different vendor to punish the first vendor for negligence?"
In addition, this attorney pulled records management out from under
Facilities and distributed the costs; and it made all the
difference. He then billed each department for their own portion of
the costs. Right away Managers were saying "Why are my costs
increasing so dramatically?" He would reply "Your staff never gets
rid of anything." And then changes started happening.
They demanded their vendor provide some measure of accountability and
they declined. They pulled it all back from that vendor that recused
themselves from all liability and chose vendors that carried some
insurance. Their new vendors helped them manage the records. With the
decrease in storage costs they benefitted and now someone was taking
care of the records that cared about keeping their business and had
accountability. Their costs dropped dramatically.
I can cite one example of a large financial company that moved from
the large storage company to a more strategic media vaulting company
and their costs dropped by 1/3 and they were in a Class 125 Vault not
a sheet rock (gypsum board) room, the environmental was per ANSI
Guidelines and the building security, vehicle security and access was
all of financial services ratings. Plus the employees were all bonded.
In our current legal environment, management is starting to pay
attention along with the auditors to positions of extreme risk. But
it is not all sad! There are options out there. But as I have heard
so many times at the annual convention: "Oh I could never store with
anyone else. I would have to review three invoices instead of one!"
But consider this, if you were to use three companies with Owner
Managers, not warehouse managers, controlling your information
assets; you distribute your risk. You have more insurance coverage
as each company has their own policies. Plus you deal with a company
that cares about their image and your loss as they don't have a
million dollar PR department to plaster the industry with "Happy
Days" Press Releases to make you forget about their most recent loss.
As the lawyer said yesterday "So many people store with a large
company as they think this gives them more protection. But a simple
review of the storage contracts show that this is not true."
In fact, the large company comes out with its own PR Department to
claim to the world how negligent you were in not encrypting. No
matter how big the loss, they have contracts that deny all liability
and due to their size, your legal department says fighting them will
be too difficult.
You will see dramatic changes this coming year.
The large companies have bought people in peripheral markets and then
closed their doors. The records are now moved two to three hours
away. Too far for rapid disaster recovery. And you better hope you
never need a rush delivery.
Too far for efficient truck runs so FedEX and other less expensive
couriers are used. When they lose records the courier is blamed. In
the beginning they use the better courier but then the goal of ever
greater profits says "Use the cheaper guy."
If your contract does not have a clause the abrogates the contract
upon sale to a different vendor you are making a huge mistake. This
eliminates your hostage fees as well.
We are only at the beginning of the degradation of service.
Consolidating all of an Iowa or Nebraska or Indiana into one city
means huge warehouses and increased fire risk.
Every decision about your records will be made on increasing profits.
With no risk in the contract why should they do anything to protect
your records? You don't have to be futurist to picture the new world
that is being made.
A new model is being developed where service will matter, where
protection will matter and a whole new breed of service providers
will deliver these services So I predict Sad will turn to something
else. Corporate America will not continue to store all their eggs in
one poorly designed basket. Especially if that model has no benefit
to them. Yesterday's meeting was all about the realization that the
most savvy corporations have bought into a bad business model.
Evaulting, Server Vaulting, Co-location are all examples of the
turning of the Queen Mary. Poloroid was riding the crest of instant
pictures until Digital blew the model up.
Records managers should seize control of media storage and e-records
or at least become a joint player as this is where the changes will
occur and you want to be part of it.
Hugh
[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|