The first element in formulating a records disaster prevention and recovery plan is a clear understanding of disasters themselves — their types, causes and effects. Your plan must be tailored to meet the needs of your department, facility and types of information. 

Your plan must include a clear definition of your department's records to be protected in the disaster plan. Elements to avoid in your plan should include the reconstructing or salvaging of reference material, convenience copies and non-essential files.  

University records vary greatly in value. Whether stored electronically or on paper, the plan must identify historical and vital records — records that document your department's origin, growth, development, operations and civic contributions — as well as records that are essential to the continuation of business after a disaster. A current list of vital records is necessary to determine the extent of any information disaster. 

Implementing a Disaster Plan    Vital Records Protection Program Guide

What is a Disaster? 

A disaster is defined as a "sudden or great misfortune." More precisely, a disaster is "an event whose timing is unexpected and whose consequences are seriously destructive." These definitions identify an event that includes three elements: 

  • Suddenness

  • Unexpectedness

  • Significant destruction and/or adverse consequences

However, a fourth element, lack of foresight or planning, is sometimes added. Disasters occur with unnerving frequency. Their adverse consequences increase for those who do not prepare for predictable contingencies. A disaster prevention and recovery plan can help protect all of the University's assets including people, jobs, records, vital records and facilities. 

Disasters are not restricted to records and information resources. The death of an essential employee, a poisoning, an explosion, a fire or a chemical spill are disasters that adversely affect the University.  

Steps for Handling Disasters 

A good disaster plan ensures you have taken necessary steps ahead of time to prevent what you can, and have a method for recovery after a disaster strikes. 

Before a disaster 

  • Obtain authority for the development of a disaster prevention and recovery plan, and appointed team members.

  • Provide necessary training and safety education for team members.

  • All members, management and the fire department should have a copy of the manual with the floor plans containing exits, equipment locations and shut offs. 

  • Highlight the recovery section of your plan. 

  • Be knowledgeable of emergency supplies and their locations.

  • Arrange, in advance, for drying and freezing space, as well as a clean, dry location for undamaged materials.

  • Make arrangements with disaster recovery or restoration companies for large disasters.

In the event of a disaster 

  • Activate proper evacuation and safety procedures.

  • Activate the emergency alarm and notify emergency services.

  • Notify upper management of the type of disaster.

  • Reference Recovery Section in Disaster Recovery Manual.

  • Start calling list of team members assigned to disaster recovery.

  • Assess damage and photograph damaged materials and facility.

  • Implement procedures for protecting vital records in their predetermined locations.

  • Label and remove damaged materials or materials that are not damaged, depending on the volume of damaged documents and/or the extent of damage to the facility housing the documents.

General Objectives of a Disaster or Contingency Plan 

The following is a list of general objectives departments should consider when creating an Information Disaster Prevention and Recovery Plan: 

  • Ensure the safety of all employees and visitors at the site/facility.

  • Protect vital information and records.

  • Secure business sites and facilities.

  • Safeguard and make available vital materials, supplies and equipment to ensure the safety and recovery of records from predictable disasters.

  • Reduce the risk of disasters caused by human error, deliberate destruction and building or equipment failures. 

  • Be better prepared to recover from a major natural catastrophe. 

  • Ensure the organization's ability to continue operating after a disaster.

  • Recover lost or damaged records of information after a disaster.

Plan Information 

A sound understanding of the nature, scope and limitations of a disaster plan ensures that management's expectations are realistic and the plan plays its proper role in achieving the department's overall goals and objectives. 

An information disaster plan is a written, approved, implemented and periodically tested program to identify, protect, reconstruct or salvage an organization's vital and historical records, and establishes procedures for the immediate resumption of business operations in the event of a disaster.  

While each department must determine its own specific objectives, several main objectives are present in all plans. The plan should include: 

  • Vital Records Program: Identify and adequately protect the department's vital records. 

  • Disaster Prevention: Reduce the risk of disasters caused by human error, deliberate destructiveness and building or equipment failure, as well as the adverse consequences of all disasters by mandating specific security, maintenance and training programs. 

  • Crisis Management: Ensure the department's ability to effectively resume operations after a disaster by spelling out management policies, procedures and resources to be activated in disaster situations. 

  • Disaster Recovery: Ensure the department's ability to rapidly reconstruct essential information and salvage damaged records containing information essential to establishing detailed recovery procedures, and a management directive for implementation.

Plan Prerequisites 

Information disaster planning is only effective when it is part of a comprehensive information and records management program.

Prerequisite 1: Information is Viewed as a Resource 

Departments that are committed to managing information throughout the total life cycle, from creation or inception, through its use, storage, retrieval, to its final disposition, are more likely to properly place disaster planning in their total management program. 

Prerequisite 2: Adequate General Insurance 

An information disaster plan is a form of insurance. Disaster prevention planning is a form of risk assessment. The planning process presupposes that business insurance programs are in place to protect the University's assets and to provide adequate liability protection. Such programs should already be identified and provide protection against certain risks and dangers. 

Risk assessment is a management tool for determining the likelihood of a disaster and its financial impact on the University. A specific dollar amount is placed on each potential disaster by calculating an Annual Loss Expectancy (A.L.E.). The A.L.E. is determined by multiplying the frequency of occurrence by the expected dollar loss per occurrence. 

An information disaster plan complements existing insurance by scrutinizing the University from an information vantage point. The plan identifies specific risks such as building and equipment hazards that can result in flooding to records storage areas, dangerous storage practices that increase the risk of fire near irreplaceable research and development records and periodic electric storms or tornados that endanger electronically generated vital records.  

Prerequisite 3: A Current Records Retention Schedule 

A vital records program is built upon a detailed records retention schedule, which is a comprehensive list of records indicating the length of time each record is maintained in the office area, in the records center, or on electronic media devices and when and if it can be destroyed. 

The retention schedule must precede the vital records protection and disaster recovery plan. This schedule provides necessary information about the location of records, media upon which records are stored, methods of protection, and the value of individual records. 

Prerequisite 4: A Vital Records Program 

In the event of a disaster, recovery can be very costly. It is important that protected, reconstructed, salvaged and restored records contain information that is essential to the department's continued operation. The identification and protection of essential records represents the gray area where a vital records program and a disaster plan overlap. 

Prerequisite 5: A Sound Records Classification and Retrieval System 

Jumbled, poorly labeled records, whether stored in a bulging file folder, in a disorganized microfilm system or on a poorly indexed electronic system, significantly increase the cost of disaster planning. Workable records series — a group of identical or related records that are normally used and filed as a unit — that can be evaluated as a unit for retention scheduling purposes. 

Prerequisite 6: An Adequate Security Program 

A general security program for both facilities and information provides the necessary framework to develop an information disaster plan. The following are just a few security elements found in an adequate program: 

  • Computer passwords/password protection

  • Employee identification cards

  • Security personnel

  • Restricted access areas

  • Fire vaults and safes

  • Smoke detectors

Disaster Prevention: A Planned Approach 

Disaster prevention is the process of surveying the workplace, identifying areas or situations that might cause or contribute to a disaster, and taking action to eliminate or minimize the areas or situations. 

What is a Disaster Prevention Plan? 

A disaster prevention plan is a written, approved, implemented and periodically tested program specifically outlining all actions to be taken to reduce the risk of avoidable disaster and minimize the loss should a disaster occur. The plan is based on a critical and thorough review of potential disasters to the facility, its geographic location or industry. 

Any department wanting to protect its recorded information must protect the facility where the records are housed. Human error or carelessness is frequently the cause of fire, water damage, theft, misinformation and information loss. The following represents only a few causes of potential department disasters: 

  • Smoldering cigarette

  • Unlocked window or door

  • Negligent storage of flammable material 

  • Careless computer keystrokes

  • Broken water lines/floods

  • Power outages

  • Weather

  • Terrorist activities

  • Cyber threats

The plan is a statement of appropriate responses for quick and cost-effective disaster recovery. It should identify which, where, and how stored records are to be protected and retrieved. Such reviews include the following questions: 

  • Are microfilm, magnetic media and optical disks stored in appropriate environments?

  • Are smoking laws in full compliance in areas where paper or chemicals are stored?

  • Are boxes or other containers of records 12" to 14" off the floors even during initial processing activities?

  • Are chemicals, including those used by custodians and in office machines, stored in a manner to avoid or minimize disaster?

  • Are electrical appliances (i.e. coffee pots and other high heat producing items) necessary in an area used to house records? Are they turned off at the end of the day?

  • Are proper security measures taken for the safety of the entire facilities contents?

Key Elements of a Disaster Prevention Plan 

In order for a disaster prevention plan to be effective, it should contain certain basic elements including, but not limited to, the following: 

  • Top-down directive for participation or buy-in

  • Clear policy statement

  • Establish activation authority

  • Task organization

  • Disaster recovery team

  • Facility floor plan or layout

  • Identification, location and protection of vital records and equipment

  • Information distribution procedures

  • Monitoring of destructive forces

  • Provisions for training of employees

  • Provisions for ongoing review and revisions

  • Prearrangement for relocation and transportation provisions

  • Communications

  • Media relations

  • Up-to-date backups and hot or cold site locations

Disaster Recovery Planning: A Planned Approach 

Disaster recovery parallels disaster prevention and is the process of resuming normal business operations after a disaster. An information disaster recovery plan is a written, approved, implemented and periodically tested plan to reconstruct or salvage a department's vital and historical records. 

A comprehensive program that identifies and protects all vital records, particularly records stored electronically or on microforms, optical disk and CD generated records, swings the pendulum of post-disaster recovery from the salvage process to the reconstruction process. With such a program, the initial efforts center around immediate relocation at a pre-established recovery site; the rapid reconstruction of essential records from computer tapes and disks, microfilm and paper records; the prioritization of this reconstruction; and the actual resumption of normal business operations. The middle of a disaster is not the time to identify and sort records or determine their business resumption value. 

Key Elements of Disaster/Emergency Planning 

The recovery phase includes the implementation of short-term activities that restore vital records and information while restoring normal business operating procedures and practices. This phase includes assessing damage, stabilization and salvage techniques, restoration of records, information and equipment, and resumption of operations. 

The four primary phases are: 

  1. Preparedness: Prepare to protect yourself, others and items of great importance in the event an emergency/disaster occurs.
  2. Response: Administer first aid or get medical attention for victims if necessary. Attend to other emergency procedures that must take place to lessen the impact. 
  3. Recovery: After things are under control, begin the clean up or repair any damage, and, if necessary, call in professional restoration services.
  4. Mitigation: Ask how this disaster, accident or emergency happened and how any problems that occurred in handling the incident can be lessened. 

The common key elements of a disaster recovery plan are similar to those of a disaster prevention plan. 

  • Clear policy statement, including recovery goals and objectives.

  • Who can activate the team's recovery plan. 

  • Task organization.

  • Specific methods for contacting recovery team members and alternates, vendors, support agencies, suppliers and all those with whom special disaster contracts and agreements are in effect.

  • Which disaster types will or will not be addressed in the plan. 

  • Training of employees in recovery procedures.

  • Ongoing review and revision of the plan. 

Crisis Management 

Crisis management has a much broader scope than the management of an information disaster reconstruction or salvage effort. Business crises run the risk of: 

  • Escalating in intensity. 

  • Falling under close media or government scrutiny.

  • Interfering with the normal operations of business.

  • Jeopardizing the positive public image presently enjoyed by an organization or its officers. 

  • Damaging an organization's bottom line in any way. 

Management of a major crisis should be delegated to a management appointed team who has received the necessary training for dealing with disasters. There are three key elements that must be considered in the crisis management section of general disaster planning process: 

  • Continuity of authority.

  • Appointment of a select disaster management team to identify, isolate and manage the crisis. 

  • Appointment of a designated spokesperson.

Disaster Reconstruction or Salvage Operations 

Disaster reconstruction and salvage require not only a familiarity with University goals, structure, personnel, operations and records; but also a knowledge of specialized recovery techniques and procedures, possible alternative work locations and computer facilities, sources of temporary and volunteer help, local suppliers of freezer space and recovery supplies, local disaster agencies and a list of reliable consultants. 

Key elements that must be considered in developing the reconstruction or salvage phase of the disaster recovery plan are: 

  • Management-appointed, trained Disaster Recovery Team

  • Current inventory of all department records, including vital records

  • Designation of alternative operating locations

  • Priority list for restoration of essential functions

  • Contracts and agreements with disaster support agencies and businesses 

  • List of other potential recovery resources

  • List of University or department salvage equipment and supplies

  • Blueprints or floor plans of buildings housing information, showing items such as:

    • Electronic power on-off switches

    • Water and sprinkler system shut off valves

Conclusion 

A disaster prevention and recovery plan is not a substitute for the good sense, sound management and creativity that are required when responding to a disaster or crisis. The format and elements of a disaster plan vary widely from the comprehensive disaster plan of a multi-national corporation with complex legal, insurance, information and security needs to the brief disaster prevention and recovery guide for small organizations or departments. 

Start your plan by following a disaster prevention and recovery guide and obtain needed training. While no disaster plan assures successful resumption of business operations, such a plan greatly tips the odds in favor of survival or recovery.