Disaster Preparedness

1
Disaster Preparedness Response Workshop
Prepared or Not That is the Vital Question!
Presented by ARMA International
The National Archives Records Administration
February, 2002
2
Introduction
3
Why Care?

• "Disasters come in many flavors.
• Unfortunately, we do not select our favorite
  flavor of disaster nor do we choose the time when
  we will sample a new variety."

4
Workshop Objectives

• Understand Impact of Various Disasters
• Understand basic Risk Assessment Criteria
• Understand how to identify and protect vital
  records
• Understand basic steps and processes of
  development of disaster plans
• Understand basic recovery resumption
• Understand how to market the programs

5
Critical Questions to Ask Before Disaster
Strikes
6
What Are Disasters Emergencies?
7
Potential Types of Exposure
Natural Events
Technical Mechanical Hazards
Human Activities
8
Potential Types of Exposure Natural Events

• Fire
• Flood
• Hurricane
• Wind
• Tidal Wave
• Epidemic
• Mold Mildew

• Earthquake
• Lightning Strike
• Tornado, Wind Storm
• Snow and Ice Storms
• Insects Rodents

9
Potential Types of Exposure Mechanical
Technical Events

• Power Outage/Failure
• Software Failure
• Sewage Failure/Backup
• Building Structural Failure
• Computer Malfunction
• Gas Leak
• Toxic Spill

• Train Derailment
• Radiation Contamination
• Loss of Physical Access To Resources
• Electrical Shortage
• Faulty Wiring
• Airplane Crash

10
Potential Types of Exposure Human Activities
Events

• Computer Error
• Lost or Misfiled Documents
• Vandalism
• Theft
• Bomb Threat
• Civil Disorder
• Kidnapping
• Terrorism

• War
• Vehicle Crash
• Loss of Key Personnel
• Strikes
• Toxic Waste
• Biological Contamination
• Sabotage

11
Disasters Are Categorized by Level of Impact
Local Building/Area
Community Wide
Individual to Your Agency
12
Summary Quiz
13
What Are Vital Records?
14
What are Vital Essential Records?

• Essential to the continuation, resumption or
  reconstruction of business
• Important to preserving the rights of the agency,
  its staff and the public
• Necessary to establishing legal fiscal
  responsibility, status and positions

15
What are Vital Essential Records ?
16
The 7 solution!
Considerations
Your vital records will be no more than 7 of
your total records (3 to 5 is likely)
17
More Considerations

• May be inactive or active
• May be originals or copies
• May be retained for long or short periods

18
Summary Determine Vital Records

• Any record needed to reconstruct organizational
  activities
• Any record that documents the legal or fiscal
  position of the organization
• Any record that documents rights and obligations
• Any record that documents significant or unique
  features of the organization
• Any record that documents emergency operating
  activities

19
Typical Vital Records

• Payroll
• Accounts Receivable
• Accounts payable
• Social security and retirement
• Titles, deeds, contracts
• Insurance
• Licenses

20
Vital Records Emergency Operating Records

• Emergency plan
• Delegations of authority
• Building plans
• Systems manuals
• File Plans/Records Locations

DANGER
Emergency!!
21
How Can Vital Essential Records Be Identified?
22
Methods to Identify Vital Essential Records

• Records staff conduct physical survey using
  inventory forms
• All staff trained to complete physical survey of
  records in their areas (use inventory
  forms/questionnaires)
• Records staff conduct interviews with key staff
  in conjunction with physical surveys

23
Determine Identification Information

• Purpose use
• Record category or series title
• Storage media
• Storage locations (including duplicates)
• Record owner office
• Current status/cycle
• Protection methods

24
How Can Vital Essential Records Be Protected?
25
General Prevention Protection Methods

• Handle store records properly daily!
• Use good housekeeping at your desk daily!
• Follow security protection methods
• On site storage--- install environmental controls
• Preservation methods public records deserve the
  best!
• Implement follow records management best
  practices
• Share all of the above with others

26
Protection Methods
Off-site storage
Storage at a facility other than your
normal place of business
27
Protection Methods
Protection of vital records via wide distribution
28

• Routine
• Also called automatic
• For widely copied and distributed records

• Planned
• Intentional
• For unique records

29
Protection Methods
Cycling
Periodic replacement of obsolete records with
current records
30
Protection Methods
On-site Storage for Paper Records

• Fire Resistant Equipment
• Internal vaults safes
• Duplication

31
Protection Methods for Electronic Records
32
Electronic Protection Methods

• Software controls passwords and user controls
• Virus protection and education
• Security measures for buildings
• Security measures for computers and storage
  devices
• Work-In-Progress protection
• Educated staff

33
Electronic Protection Methods

• Identification of person or group responsible for
  data
• Coordination with retention schedule
• Segregation of data
• Backup schedules
• Priority of recovery systems

34
Vital Records Recovery Tips
35
Vital Records Recovery Information

• Vital Records List ( backup copy off-site) with
  building, room and equipment locations (including
  floor plans)
• List of vault safe combinations locations of
  keys to cabinets/desks
• Procedures to remove records (bar coding, other
  software tracking systems, relocation
  destination, transportation, clearances, permits
  and assigned personnel, etc)

36
Vital Records Recovery Information Cont.

• Prioritization of records to be recovered
  restored
• Procedures for handling work in progress vital
  records
• Specific handling preservation processes

37
Summary Quiz
38
What Are Risk Assessment Contingency Processes?
39
RISK MANAGEMENT

• Risk Assessment, Risk Analysis, and Business
  Impact Analysis
• To Ensure that an organization does NOT Assume
  Unacceptable Risks Relating to Known,
  Likely-to-Occur Threats

40
RISK ANALYSIS

• Identify probabilities of risk of damage to or
  loss of information and records
• Probable threats
• Use Charts resources to help quantify and
  qualify the risks

41
RISK ASSESSMENT

• Existing risks to records
• Physical site survey
• Evaluating security and controls in place
• Determining vulnerable areas
• Recommending upgraded security and disaster
  mitigating controls

42
SITE SURVEY

• Form/walk-through
• Identify locations of records
• Physical conditions of storage and holding areas
• Security

• Fire Protection
• Proximity to hazards
• Proximity to other agencies or buildings that are
  vulnerable
• Computer rooms, network facilities, tape and disk
  storage
• Vulnerabilities

43
Business Impact Assessment (BIA)

• Process or methodology that determines critical
  functions
• Expressed in financial, service level or other
  impact
• Includes workflow analysis
• Essential to establish necessary recovery
  strategy priorities

44
BUSINESS IMPACT ANALYSIS

• An evaluation of
• Probability of threat occurrence
• Vulnerability of agency functions
• Investment of controls to mitigate
• Identification of critical functions of an agency
  that require quick resumption after an event
  occurs. These functions often cross departmental
  lines.

45
BUSINESS IMPACT ANALYSIS (Cont.)

• Also determines
• declines in service levels
• likely departments affected
• estimate of the effects
• allowable times to recover
• Use Workflow Analysis
• Interviews and Meetings with Key Staff

46
QUANTIFYING RISK

• ANNUAL LOSS EXPECTANCY (A.L.E.)
• POWER FAILURE
• Occurs 10 times a year
• Each time it costs
• 5,000 - PERSONNEL COSTS
• 1,000 - EQUIPMENT COSTS
• 10 x 6,000 60,000 PER YEAR

47
CONTINGENCY PLANNING

• Nature and likelihood of potential disasters
  (determined in Risk Management phase)
• Which basic operations must continue
• Responsibilities of staff during emergency
• Records required to support operations and staff

48
Process Planning Steps

• Step 1 - Obtain Management Approval
  Support
• Step 2 - Establish a Planning Team
• Step 3 - Conduct a Risk Assessment
• Step 4 - Analyze Operating Processes Priorities
• Step 5 - Collect Data
• Step 6 - Prepare Written Plan
• Step 7 - Train Staff Test Plan

49
SummaryFour Phases
Planning
Response
Recovery
Resumption
50
Summary Quiz
51
What are Recovery Salvage Processes?
52
Recovery Salvage Processes

• Step 1- Assess the damage
• Step 2- Stabilize the Environment
• Step 3- Activate the In-House Recovery Team
• Step 4- Restoration

53
Assess the Damage

• How much damage?
• Kind? (Document on paper photo)
• Confined?
• Records affected- vital or not?
• Media?
• Replaceable?
• Outside help needed?

54
Precautions!

• Water Fire Common denominators
• Weather and site conditions
• Safety
• Security for classified and proprietary
  information

55
Stabilize the Environment

• REDUCE HEAT HUMIDITY
• OPEN DOORS AND WINDOWS
• KEEP AIR MOVING WITH FANS
• GENERATORS

56
Activate the In-House Recovery Team

• Organize in pre-determined work groups according
  to the disaster plan
• Make assignments
• Confirm operating procedures recovery steps
• Plan for appropriate breaks
• Arrange for food beverages

57
Restoration Strategies

• Keep in the condition found
• Record information with waterproof markers
• Transfer old label information
• Full inventory
• Use established priorities for recovery

58
Recovery Strategies Pack Out Of Records

• Keep in the condition found
• Record information with waterproof markers
• Transfer old label information
• Full inventory
• Use established priorities for recovery

59
Recovery Strategies Salvaging Paper

• Air Drying Interleaving
• Move records to a dry area
• Air dry
• Open cabinets
• Remove wet records from containers
• Interleave
• Remove wet paper from folders
• Use plastic to lift fragile wet pages

60
Recovery Strategies Salvaging Computer Media

• Backups stored offsite will save most salvaging
  necessities
• Due to complexity of salvage processes,
  professional help is needed
• Never use computers or diskettes that have gotten
  wet -consult professionals FIRST!!

61
Recovery StrategiesSalvaging Microfilm
Photographs

• Hang on twine or clothesline - air dry
• Keep wet film in cool, clean water
• Priorities
• Color film
• Silver originals
• Diazos

62
Summary Quiz
63
Summary
64
Selling the Program
65
Marketing Points

• Vital records are a critical organizational asset
• Senior management is ultimately responsible for
  stewardship of the assets
• Federal Laws - There CFR that make officials
  personally liable for failure to safeguard vital
  records
• Federal law requires security plan for sensitive
  information

66
Marketing Points

• Privacy statutes prohibit unauthorized disclosure
  of computer records
• Federal law mandates disaster recovery plans for
  many organizations
• Vital records plans are insurance policies
• Makes business sense!

67
Summary Thoughts

• IT still dominates modern disaster contingency
  planning
• Non-technical records managers can Do
  contribute to planning Recovery
• YOU ARE NEEDED As Valuable Member of the Disaster
  Preparedness Response TEAM!