CRM - Test 4
Disaster Recovery Plan
a written & approved course of action to take after a disaster strikes that details how an or. will restore critical business functions & reclaim damaged records.
Essential Records
Not to be confused with permanent records, they help recreate the org's legal & financal status & preserve the rights & obligations of takeholders, employees & citizens. The classification of records is this type only if they are necessary to the continued existence of the organization. Records that are required in order to continue functioning during a disaster. Ask 2 questions: Would we be unable to work if this record were destroyed? How criticial is our inability to do this of what is the impact on the org? The loss of these can result in: disruption of customer services, exposure to unplanned expenses or loss of revenue, increased vulnerability to litigations, & loss of productivity due to lack on info.AS a rule, not more than 7% of an org's records are considered this.
Essential Records Categories
OPERATIONAL, LEGAL & FISCAL, & EMERGENCY OPERATIONS
Legal Value of Records
Records that document & protect the rights & interests of an ind. or org., provide for prosecution or defense of litigation, demonstrate compliance with laws & regs. and/or meet other legal needs. AKA regulatory value. Records Include: contracts, titles, claims, deeds, & birth certificates.
Administrative (operational) Value of Records
Records that meet admin. needs aid in conduct of day to day business, define policy & procedures or ensure admin. consistency & continuity, aka operational records, org. charts, minutes of meetings, & personnel records.
Fiscal Value of Records
Records that satisfy fiscal requirements to conduct current or future business or evidence of financial transactions at the movement & expenditure of funds. Records include: financial audit reports, accounting journals, ledgers, tax receipts, annual budget docs, & payroll records.
Records Center / Records Control Forms:
Records transfer/transmittal forms, records retrieval request form, records outcards, records retrieval auth. form, & records center box labels.
Risk Capacity
Reflects the amount of loss the org. can incur & still reach it's goals.
Planned (designed) dispersal
This method entails duplicating the record for protection purposes rather than as a normal part of the business operation. Involves storing duplicate records off-site with a few exceptions, such as microfilming & storing in a vault on site or creating an extra copy of essential data & moving to a secure location.
Decentralized information system
System of computing that occurs when work units have a high degree of local autonomy in developing their info tech resources and specific needs not relevant to other work units within org.
Centralized Information System
Systems installed and operated by IT dept. and include servers, content and doc records repositories and legacy systems. Multiple physical sites benefit because they provide instant access to updated, consistent info.
Records Inventory Form
Visit or contact all functional areas within the org, locate identify & inventory all records, complete form for each records series (note if records are original/duplicate/medium stored, If info is not avail from rep of dept area, check applicable data privacy classification laws & business practices for data, retention requirements are based on legal/fiscal/admin. requirements, identify stte/federal laws that prescribe a ret. period & check state/federal audit requirements as well.
How to Complete Records Inventory Form?
Visit or contact all functional areas within the org., locate identify & inventory their records, complete 1 form for each records series title and all records in a series must have same retention period, If info is not available from dept. rep, check the applicable data privacy classification laws for the records series, Retention requirements are based on legal, fiscal, & admin. requirements
Research & Archival Value of Records
Vital records preserved for the benefit of researchers and posterity.
Duplication & Dispersal
Vital records protection method in which records are copied & stored in one or more locations apart from the original records. Methods include: routine dispersal (low-cost and in more than one location), Planned dispersal (duplicating record for protective purposes rather than as a normal part of business operation, microfilming), derivative dispersal (term used to represent info & records intentionally spread through the use of Internet & smart devices, etc..
Protective Storage
Vital records protection method that ensures protection of the original or the copies. Some steps may include on-site storage (vault/fireproof cabinet, etc), off-site facility, and Electronically stored information (hot, warm, cold sites, cloud-based solutions).
Storage Media & length of record life
*MICROFILM - 500 YEARS *ACID-FREE PAPER - 300 YEARS *REGULAR OFFICE PAPER - 20-30 YEARS *ELECTRONIC STORAGE MEDIA - REVIEW EVERY 3 YEARS
The Pre-Inventory Steps
*Need support from top mgmt. *Clarify the records inventory objectives & strategies *Design inventory forms & directions *Staff & train the project team *Communicate to staff & mgmt about project *Conduct a prelim survey to identify location of records, estimate volume, flag hazards, & note problems with space & storage *Establish a work schedule that includes dates/locations/contacts for each unit to be inventoried that provides flexibility.
Advantages of a Records Retention Schedule
*Reduction in time to locate & retrieve records *Reduction in costs associated with equipment, space, staff, storage to manage those records. *identifying & disposing & managing electronic records can exceed storage costs. *Mitigating risk of retaining records that could be used against the org. in court. *Reducing cost of locating requested records in response to e-discovery or FOIA requests. *Reducing cost of inspecting records to redact PII.
3 Approaches for electronic records inventory
1. Require a rep, of reach work unit Complete an electronic records inventory for their area. 2. Assign the task of completing records inventory form to records manager, to be completed during interviews with work unit liaisons. 3. Implement a hybrid approach. Ask dept. rep to complete and submit form and use the form as basis for interviews to follow.
What can be engaged in order to pick up records for destruction?
A bonded service
Manuscript Collection
A collection of personal family papers, organizational records, & typically unpublished historical docs in a variety of mediums.
Disaster Recovery Hot Sites
A disaster site that is a duplicate to the original site, full with computer systems, & near-complete backups of user data and is the most expensive option.
Disaster Recovery Warm Sites
A disaster site that provides space but also the equipment needed to continue operations. However, one needs to load or restore your data to the system, relies on backup recoveries.
Certificate of destruction
A document that shows what data and records were destroyed, who destroyed those data and records, and the method used for that destruction.
Bucket Approach
A method used to simplify records retention schedules by consolidating record types related to the same business function or process with similar retention requirements into bigger retention buckets (records series).
Public Archives
A place where doc & records of national, historic significance were acquired, stored & made available for public use.
Vital Records Program
A plan to protect those records that specify how an or. will operate during an emergency or disaster, records necessary to the continued operations of the org, and records needed to protect legal/financial rights of org.
Monitoring
A process conducted by dept. staff & involves an internal audit to uncover fraud and abuse, measure progress towards goals, and identify needs for audit.
Off-site storage
A protective storage in which Large companies may invest in its own off-site storage facility for essential records on a variety of media, including paper, microfilm, tapes & discs. Some companies may use commercial off-site storage, & s/be accessible 24 hrs a day, have appropriate climate control, & relative humidity 30-40% & be far enough away if the same disaster occurs both sets of records won't be affected.
On-Site storage
A protective storage in which essential records in a vault, firepoof cabinet, or fireproof container on their premises. If this option is elected, the storage equipment must conform to rating requirements of the NFPA standards which require essential records be stored in a vault, or for small volumes in 2 hr records protection equipment in a fire-resistive building.
Destruction authorization
A requirement that a form be filled out before destruction takes place offers client an opportunity to extend the disposal date.
Functional Retention Schedule
A schedule that groups records series based on business functions, such as financial, legal, product management, or sales. Each function or grouping is also used for classification. Rather than detail every sequence of records, these larger functional groups are less numerous and are easier for users to understand.
Disaster Recovery Cold Sites
A site of available space without equipment and data needed to continue business operations, a way to save money and have 18 or more hrs to get site up & running during a disaster. Disadvantage is need to set up your own equipment, load software and data & make internet/phone connections.
Risk Culture
A term that describes the values, beliefs, knowledge, attitudes, & understanding about risk shared by a group of people with a common purpose.
Who is responsible for a Vital Records Program?
A vital records mgr must be designated, records manager, dept/division records officers, management, IT staff, & all other employees.
Provenance
AKA respect des fonds, requires that every doc be traced to its origin & maintained as part of a group having the same origin rather than by subject groups. Dictates that records of different origins be kept separate to preserve their context.
Can determine obsolete/ duplicate records Info easily located and allows for quick discovery requests It records most critical to business continuity in event of a disaster Determines current and future storage needs
An analysis of the physical/electronic inventories can identify:
Principle of Protection
An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.
Principle of Retention
An organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.
Principle of Retention
An organization shall maintain its information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, risk, and historical requirements.
What are the phases of the business continuity management lifecycle?
Analysis, Solution Design, Development & Implementation & Exercise/Maintenance/Review. The cycle should be repeated at predetermined intervals to ensure that it remains current.
How to Evaluate Records?
As either VITAL, IMPORTANT, USEFUL or NONESSENTIAL.
Disabling
Destruction method and prelim step before transferring electronic media to a secure destruction facility & makes the media inoperable to data cannot be retrieved or read.
Retention Period
Can be expressed in terms of time (3 yrs) or in terms of an event or action (6 months after audit).
Vital Records
Can be used to describe two types of records: those that record life events under a gov. authority (birth/death certs), and records that are essential for the continuation of an org. during & after an emergency as well as those that protect the legal& financial rights of the org. & individuals affected by it's activities.
UV light
Can shorten the life of paper & microforms. Light weakens paper fibers, contributes to brittleness, & fades print.
Useful Records
Category of records if lost might cause inconvenience but could easily be replaced and doesn't present any real obstacle to daily business.
Operational or ADMIN. Value of Records
Category of records necessary to the operation or continuation of your unit or org. as a whole. Ex: directives, policies, meeting minutes
Important Records
Category of records that is replaceable only at considerable expense of funds, time & labor.
Nonessential Records
Category of records that presents no obstacle whatsoever to restoring daily business.
Legal Value of Records
Category of records that provide proof of the org's legal status. Ex: titles, claims, deeds, birth certs, contracts
Evidential Value of Records
Category of records that provides info. about the origins, functions, & activities of their creator. They are useful to prove/disprove facts.
Fiscal Value of Records
Category of records which prove the unit's or org.'s financial status. Ex: audit reporrs, accounting journals, ledgers, receipts, budget docs & payroll records
Shredding
Destruction method performed in-house or by using a service to shred the docs or electronic media.
What are Pre-Records Inventory Steps?
Clarify records inv. objectives & strategies, design the inventory form & directions (blank forms avail from ARMA), Staff and train the project team providing with an org. chart describing main functions of each office along with necessary supplies, Communication to staff & mgmt. about the project, conduct a pre-lim survey to identify location of records estimate volume & note problems with storage, and establish a work schedule that includes dates, locations, & contacts for each unit to be inventoried.
Disaster Recovery Plan Elements
Communications strategy, roles & responsibilities, access to systems, remote access, document the process, test the plan, evaluate & update the plan.
Data Map ESI process
Compiling a list of all systems used, collaboration tools used, a list of business processes compared with system list to ensure all ESI is accounted for, A list of roles and users involved in business processes, off site and recovery systems should be included, mobile devices and equipment used when working remotely.
Maceration
Destruction method process that involves using chemicals to soften paper & destroy the writing before pulverizing the docs.
Pulping
Destruction method that involves placing paper in a liquid suspension called a slurry that is made of water & chemicals that break down the material, then docs are forced through cutters & screens to reduce the paper to pulp.
Records Retention Schedule
Created after records inventory, business process analysis, & legal/regulatory research have been completed. Most common elements include: records series, record title & description, records office, retention requirements & disposition method.
Dissolution
Destruction method that is similar to pulping for paper, a process to dissolve film-based media in a chemical bath.
Recycling
Destruction method used for non confidential records.
Data Atlas
Data map with charts, lists and tables.
Special Collections
Describes materials of individuals/families/organizations deemed to have significant historical value.
Protective Storage
Dispersal does not ensure protection of either the original or the copies. Steps must be taken to provide this to protect vital assets with on-site storage, off-site storage or ESI.
Vital Records Protection Methods
Duplication/Dispersal & protective storage
Technologically caused events
Events that affect central computers, mainframes, software, or internal & external applications, disrupt ancillary support equipment, telecommunications, sources of energy, power, utilities, hackers.
Common elements of Records Retention Schedule
Records series, record title & description. records office, retention requirement, & disposition method.
Helpful Tools for conducting records inventory
Floor plans of records storage areas & data maps of computer systems.
Stakeholders of Records Retention Schedules
Legal, Chief Operating Officer, CFO, Records Mgr
Risk Tolerance
How much an org. wants or is willing to assume; it's attitude towards risk.
How to Identify an Essential Record?
Identify records required to continue functioning during the disaster, each dept. within the org. must analyze it's own operations to determine the info necessary to its continued existence, On Dept. level a committee or senior staff should undertake the task, rec. that the committee meet every 2 wks. or on a reg. basis until the records have been identified and the vital records program are in place, comm. members should be very familiar with their areas & records, & one person should assume the role of records liason to communicate with the vital records mgr.
Bus. Cont. Development & Implementation Phase:
Includes developing & implementing emergency response procedures following an incident. Recovery objectives takes place during this phase.
Bus. Cont. Exercise, Maintenance & Review Phase:
Includes pre-planning & coordinating the plan through walk-throughs & exercises, evaluating/updating based upon results, establishes policies/procedures for continuity w/external agencies, & gives practical experience in dealing with external agencies.
Compliance Monitoring
Includes targeted assessments of recordkeeping based on the identification of a buesiness issue or problem. Progress can be meadured by conducting an initial evaluation& then using that as a baseline. Self-evals may be the best for large org's.
Electronic records inventory
It's more challenging than a physical records inventory and requires assistance from IT. Includes structured and unstructured data.
Vital Records Schedule
Listing of an organization's vital records along with an explanation of how each is to be protected from destruction in the event of a disaster. Info is gathered from the records inventory. Easiest way to complete is to create a database.
Nonessential Records
Loss of these records presents no obstacle whatsoever to restoring daily business.
Routine Dispersal
Low cost method results in keeping a copy of the record at more than 1 location. If this method is used procedures must be put in place so that records can be retrieved easily when necessary.
Performance Monitoring
Measures performance & provides ongoing feedback to employees & dept's on their progress toward reaching their goals. Involves deveoping criteria, conducting interviews, & examinging documentation to determine if processes are effective & efficient.
Archival Approach
Method by starting at the end of the workflow, & accepting fact that existing records must be managed.
Hazards to be Evaluated for Preparation of a Disaster
Natural (geological/meteorological/biological), human-caused events (accidental/intentional), technologically caused events (accidental/intentional).
The Elements of an Archival Program:
Nature of records, selection/appraisal/acquisition, arrangement & description, preservation, reference, outreach & instruction, mgmt. & administration, rec. & info mgmt, & digital materials mgmt.
Cons of Bucket Approach
One challenge to this approach is the need to manage exceptions such as event-driven retention requirements, some records are kept longer or not enough as a risk-mgmt. decision.
What can require an extension in disposition date?
Pending lawsuits, merger negotiations, audits, & changes in laws/regulations.
Physical Inventory
Physical media includes: paper, CDs, DVD, videos, microfilm, magnetic tape & xray film, etc. The work unit staff have the time & knowledge to complete the physical inventory but may be reluctant to point out any weaknesses in their system. *Draw a map of physical layout of area, numbering each piece of storage equipment & noting location of each records series (disregard all non-records) *Inventory the records as a series, group them in to units, complete a separate form for each location where records in the same series are filed or stored, info from all forms related to one series will be consolidated onto a master inventory & used to develop a retention schedule. *Store inventory data in a database deveoped in-house, a sytem to manage physical assets as well as electronic records provides additional adv.
Vital Records
Records that are essential to the continuity of services during a calamity or restoration of daily business if it has been interrupted. They are irreplaceable, and copies do not have the same value as original. Essential for legal or audit purposes.
Historical (research/archival) Value of Records
Records that are useful or significant for documenting & understanding the past, they have primary value for the org. at one time but are no longer needed for admin, legal, or fiscal purposes. They contain authentic evidence of lives & activities of people, describe social & eco. conditions & record the dev. of community & business. AKA documentation or research/archival records. These records include: correspondence authored by or recd by a significant person like a founder/president, US military records, marriage/death records, meteorological data, & legal opinions.
Secondary Value of Records
Records that are useful or significant for purposes other than that for which they were originally created.
Water Damage to Records
Preventative measures include keeping records off floor and away from water sources. If damage occurs: a damage assessment tour is required, records with this damage can be treated in house by stabilizing the env. to inhibit the growth of mold by reducing the temperature to 50-60 degrees. Options for these records include: air drying, freezing, & vacuum freeze-drying.
Records Appraisal
Process of evaluating records to determine their retention based on administrative, legal, and fiscal requirements and historical value. Evaluating business activities to determined which records need to be created & captured & how long to keep them.
Mission Critical Records
REcords that if missused or lost or modified would have a debilitating impact on the mission of the agency.
Disposition Forms
Records Destruction authorization & Certificate of destruction
Steps in Performance Monitoring Process:
Set performance objectives, develop performance measures, collect the data, analyze the results, implement perf. improvements, report/review.
Electronic records inventory
Should concentrate on logical collections or records grottoes grouped by business function rather than physical location. A data map can be created and used as a diagram of info owned vs. a physical layout map of an office area. Is more challenging than a physical records inv. & requires assistance from IT.
Derivative Dispersal
Shouldn't be relied solely upon, it's a term used to represent info & records intentionally with or without malice spread through the INternet, social media, & smart devices. Direct byproduct of the information age. Examples include: docs released through the nonprofit org Wikileaks & the tweets now preserved in perpetuity by the Library of Congress.
Dissolution
Similar to pulping for paper, a process to dissolve film-based media in a chemical bath.
In the event of a disaster affecting essential records stored on-site in physical formats you will follow these steps in vital rec. disaster rec. plan:
Stabilize the site & gain access n as bld is safe for reentry. Restore env. controls & allow the heating or a/c systems to run 24/7 with maintaining a temp below 70 degrees F & rel. humidity below 50%. Doc. the damage. The vital rec. disaster mgmt. team is responsible for documenting the damage by taking photos & videos and completing a rec. damage assessment form. Toss duplicate records & replaceable of disposable materials to reduce the vol. of materials the team must inspect. Keep an inv. of material disposed of for insurance, replacement, & tracking. Assess the damage by analyzing the records damage assessment site survey to determine the extent of the damage & the volume of records, prioritze treatment by handling essential records 1st. Stabilize the records. Salvage wet records within 48 hrs. to avoid costly restoration efforts, photos & magnetic media s/be given highest salvage priority b/c they deteriorate more quickly. Records may need to be moved off-site for suitable handli
Bus. Cont. Solution Design Phase:
The Business continuity plan is developed during this phase, alternative bus. recovery operating strategies & critical functions are determined. Communication procedures with internal stakeholders during incidents are also formulated.
Private Archive
The archives of non public org's including businesses, charities, religious bodies and other & other individuals.
Records Series
The common unit for organizing & controlling files in the US. Records are grouped together b/c they relate to a particular subject or function.
Conduct Risk
The intentional or negligent actions of emp. or agents that may lead to negative outcomes for customers, clients, etc. The risk that arises as a result of how businesses & emp. conduct themselves, in relation to their clients & competitors.
Degaussing
The process of removing or rearranging the magnetic field of a disk in order to render the data unrecoverable.
Primary Value of Records
The value of records derived from the original use that caused them to be created
Essential records
These are eitiher rights & interests records or emergency operations records.
Useful Records
These records, if lost might cause some inconvenience but could easily be replaced. Loss of these records does not present any real obstacle to restoring dialy business.
Essential Records
They are appraised in a similiar manner (identifying records in which the operational/legal/fiscal/historical value is considered) with one major difference: the value of the record during & immediately after an emergency is what makes it this.
Pros of Bucket Approach
They don't take as long as to create as a schedule based on classification rules, large buckets make it easier for auto-categorization tools to make accurate & consistent classification schemes,
Records Inventory
This is the 1st step in developing a retention schedule, provides input to vital records protection & identifies potential improvements to records & info mgmt. program for both active & inactive records.
What is primary purpose of a records retention schedule?
To ensure that records are retained only as long as necessary and then disposed of when they no longer have value.
What is goal of comprehensive records inventory?
To identify records categories, not every record that exists.
Disposition of records
Two options: destruction or transfer to an archive. Destruction must be irreversible
Classification of records
VITAL, IMPORTANT, USEFUL & NONESSENTIAL RECORDS
Adverse Inference
When the opposing party infers to a jury that the defendant didn't product copies for fear that it would hurt the case. THere is NO THIS if docs are destroyed according to retention schedules.
Records Inventory
a detailed listing that could include the types, locations, dates, volume, equipment, classification systems, and usage date of an organization's records
Business Continuity Plan
a documented plan that defines resources, actions, tasks, & data required to manage the disaster prevention, emergency preparedness, disaster response & recovery & business resumption process in the event of business interruption. Some use it synonymously as a disaster recovery plan, and others see it as an umbrella plan that consists of several component plans.
Records Series
a group of related records filed and used together as a unit and evaluated as a unit for retention purposes. The common unit for org. & controlling files in the US.
Electronically Stored Information (ESI)
a protective sotarage that identifies hot/cold sites to accommadate electronic records. Cloud based solutions are considered, systems, applications, & system documentation are stored along with the records.
Important records
category of records that is replaceable only at considerable expense of funds, time & labor.
Human caused hazards
equipment failure, arson, terrorism, vandalism, carelessness, leaking roofs, burst pipes, damp conditions, etc.
Essential Records
records for the continuation of an org. during & after an emergency as well as those that protect the legal& financial rights of the org. & individuals affected by it's activities.
Bus. Cont. Analysis Phase:
represents a business impact analysis designed to prioritize business functions by assessing potential impacts, and a risk analysis is conducted.
Risk Mitigation
the systematic reduction in the extent of exposure to a risk and/or the likelihood of its occurrence.
Natural hazards
types of disasters dependent upon where you life (hurricanes, earthquakes, high winds, flood, tornadoes, etc)