On Mar 1, 2008, at 12:01 AM, RECMGMT-L automatic digest system wrote:
> From: Chris Browne <[log in to unmask]>
> Subject: Storage vendors and liability
>
> Dear Godfathers and Godmothers of RIM,
>
> I'm intensely curious to hear what other organizations have been
> able to
> negotiate into their storage contracts regarding vendor liability for
> lost containers or digital media.
There are several; and, I know one group headed up with Ownership
that comes from the Audit Community. They carry higher levels of
insurance and they will allow the client to define a level above
that. But if you go above the five million limit per occurrence they
typically offer, then you must define the level of loss by tape or by
box. (Many clients struggle to define value.)
Contrary to general beliefs there is a difference from one vendor to
the next. But this requires that a records manager sit down, develop
a measure of risk and exposure, and then define that risk to the vendor.
The storage vendor says, if you want insurance, get it yourself.
This is a clever ploy that allows them to be totally negligent in the
care of the records with minimal risk. You have the right to define
a level of care. If you do not, it removes the vendor from any
responsibility to protect the records in their care. Hostage fees
allows them the ability to offer the lowest level of service, poorly
designed warehouses and low end sprinkler systems and place all risk
on the clients.
You can choose to store certain high value records in vaults, this
provides the protection you want, reduces risk and makes placing
insurance far less expensive.
Records Centers are as much a warehousemen issue as IBM's Data
Centers are an empty office. The space is defined by what is stored
within it, value and volume. Your idea of reasonable care and theirs
may be too different things. Insurance coverage brings you both on
the same page because a third party (the insurance provider)
describes the "prudent man" care levels and security. The lower the
security they provide, the higher the insurance. After a while, the
records center decides to improve security as it will actually save
him money on recurring insurance costs.
If you demand that the vendor provide a certain level of coverage,
say $25.00 per box or $175.00 per box (It costs $100 to $150 per box
to freeze dry it back to useful life if is is soaked and soot covered
in a fire.) Your goal is to have the vendor to want it to survive,
not hope it will burn. Right now the industry has made the decision
that burnbing your records is more profitable for them than making
sure it survives.
Protecting IT Tapes is another issue. By defining a value of $5,000
per tape and cover it for that, this will offset the Disaster
Recovery cost of recreating the information in a rush.
By mandating certain levels of protection and insurance, the records
management program causes several things to happen:
1) The vendor's insurance carrier says "Oh no! You need better
access control and CCTV coverage." And "You need background checks
on your employees." And "Let us get our risk manager in here to look
at your sprinkler system."
2) The insurance carrier increases their insurance premium for each
deficient level of protection. So they fix problems.
3) Their insurance premiums rise based on degrees of degradation of
service, so they upgrade.
4) The result is the better vendor starts being the best price and
your level of insurance coverage goes up while your risk of loss goes
down.
This is exactly what the NFPA 232 Storm was about a few years back.
The vendors with the highest Hostage Fees wanted to prevent any
required improvements to their facility because you were locked in
anyway via Hostage Fees. Why give you a better product when your
options were contractually eliminated. In fact, let's increase the
compartment size and make it a worse product.
Records managers look all the worse because the IT community can take
advantage and move to better pricing, better security while the RM is
trapped. I know, you claim that you never selected your current
vendor, they just acquired your existing vendor and you are stuck.
But that is not true. You could have moved. You could have refused
to sign their contract with the Hostage Fees in it.
This is still America. We are free to move to better security.
Making the vendor deliver what you want is like shopping for a car.
You define what your expectations are and you limit who can really
bid on the work. Fred Grevin did this through strong specifications.
But don't expect those who dumb down the industry to be one of the
bidders.
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|