Search for:

Jump straight to:

An unexpected error has occurred

Please enter a search term

Please select

What sectors are you interested in?

We can use your selection to show you more of the content that you’re interested in.

Want to speak to an advisor from your closest office?

Find other offices

Search for:

An unexpected error has occurred

Please enter a search term

Out-Law / Your Daily Need-To-Know

Out-Law News 3 min. read

Protecting and recovering vital records from disaster

23 Mar 2007, 2:16 pm

Hurricanes Katrina and Rita have put the spotlight on the need to protect and recover vital records. Gary Rossell of information protection firm Iron Mountain suggests a plan for protecting a company's vital records against disaster, natural or man-made.

The following is by Gary Rossell

Vital records are the records that contain information critical to the continuation or survival of your company during or immediately following a crisis. They can be paper records, database records, email with attachments, voicemail, instant messages, or any other official record documenting company business. Proper protection of these records starts with proper planning.

One: Designate a Vital Records Programme “Owner”

For your vital records programme to succeed there must be one individual accountable for planning and maintaining the programme. The business continuity or records manager are likely candidates due to their involvement with records programmes or business continuity planning. You also need a clear definition of responsibilities between records management, business continuity, risk management, and emergency preparedness.

Two: Assess Your Current Vital Record Programme

The next step is to determine what (if any) vital records or risk assessment programmes already exist within the organisation. If these programs do exist, examine how much of this work can be leveraged for a comprehensive vital records programme. Typical departments to consider are:

  • Records management – they may have vital record classes identified.
  • Business continuity – they may have criticality assigned to business functions from a Business Impact Analysis.
  • Risk management – they may have rated company business function loss.
  • Emergency preparedness – they may have specified an order to re-establish company business functions.

If you currently do not have any relevant programmes, you will need to complete a Business Impact Analysis (BIA) of the company business functions. Your BIA will give you a recovery priority rating that is a key component for aligning business function recovery priorities with vital records priorities.

Three: Identify and Assess Vital Records

Conduct surveys of business functions to document business function records, and collect information to identify and assess vital records. The following three risk categories should be included in the assessment survey:

  • Probability of loss or damage.
  • Recovery priority analysis (from the business impact analysis).
  • Financial or time impact of loss or damage.

Next, the responses for each risk category should be rolled up into an overall risk rating for each vital record. Your plan will include all records, but of course scarce resources should be allocated to the highest risk records first.

Four: Create an initial plan to protect and recover your vital records

Build your initial vital records recovery plan with the following in mind:

  • Include high-ranked vital records in the business continuity plan and provide for their quick and easy access.
  • Develop a protection plan with record owners for records that are not on the short-term risk reduction list.
  • Include a corporate compliance/governance summary for corporate compliance use.
  • Coordinate the vital record programme with the business continuity plan.
  • Develop training and rollout plans including a policy and procedure document.
  • Obtain approval for the plan to reduce vital record risk.
  • Include external processes like e-commerce, voice mail, or web hosting in your plan.
  • Include vital records protection within existing security, records management, and recovery processes when possible.

Five: Maintain and Update Your Vital Records Plan

Vital records are dynamic and change with the business, so your vital records plan needs to be updated on a regular basis. Keep your plan up to date by remembering to:

  • Include vital record recovery and reconstruction in your business continuity plan exercises.
  • Plan and fund continuous risk reduction for vital records.
  • Include vital records in new application development processes.
  • Update vital records risk at a minimum of every two years.
  • Train new employees and managers responsible for vital records.
  • Produce an annual compliance report for vital records.
  • Encourage internal audits to ensure compliance with the vital record programme.

Summary

Vital records are essential for the recovery of any business. If you follow this pragmatic approach, a disaster doesn't have to mean you can't quickly recover the most vital records you need to keep your business running.

This article was adopted from Business Continuity Relies on Records, by Gary Rossell, a senior consultant with Iron Mountain. Iron Mountain will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands.

Latest News

Trial period can be a reasonable adjustment under UK law, rules EAT

European Commission proposes UK/EU youth mobility scheme

HMRC’s 6 July deadline approaches for filing annual share plan returns

Australia’s High Court and competition regulator shed light on unfair contract terms reforms and new designated complaints regime

HMRC ‘dual role’ agents guidance of limited help to football clubs

You might also like

Out-Law Guide

Extensions of time and liquidated damages

Most contracts for construction works will include an extension of time mechanism, whereby the contractor will be entitled to an extension of time to the agreed completion date – the date by which the works must be completed – in circumstances where there are delays to a project which are not the contractor’s fault or for which the employer has taken the risk.

Construction Contracts

Out-Law Guide

Notice provisions in construction contracts

All construction contracts require parties to notify each other in certain circumstances in order to trigger particular entitlements.

Construction Contracts

Out-Law Guide

Industrial action in the UK

UK employers faced with industrial action need to understand the steps that a trade union must take before they can lawfully make a call for industrial action and the timing of those steps.

Employment & Reward

Out-Law News

5G potential for business highlighted in UK funding programme

Show me more

Out-Law News

Abu Dhabi Global Market opens consultation to update English law regulations

Show me more

Out-Law News

Action on alcohol to form part of UK's 'modern crime prevention strategy'

Show me more
Adam Cain

Legal Director

Adam Cain View Profile

Out-Law News

Advocate general: German credit agency scoring breaches GDPR

Show me more
Alasdair Weir

Partner

Alasdair Weir View Profile
Aleesha Way

Senior Associate

Aleesha Way View Profile
Dr. Alexander Karst, LL.M.

Rechtsanwalt

Dr. Alexander Karst, LL.M. View Profile
We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.