Presents Design Planning for the Records Center of the Future
Presented at ARMA International Long Beach California October 2004 By Hugh Smith Firelock Fireproof Modular Vaults Presentation available in Adobe.pdf format at www.firelock.com
Design Planning for the Records Center of the Future How the records center will meet the challenges of protecting vital information assets in current and future formats? What are the issues for achieving information longevity while protecting the records from identified threats? What Standards are relevant to your design planning? How the records manager will deliver a level of performance that relieves the organization of liability due to negligent records storage and protection? Prudent Man issues or just keeping pace with the peer industry? What are the regulatory pressures that impact on your design?
How does the records manager provide immediate accessibility to records at appropriate levels in the organization without loss of control or security? The proper management of records requires a collaborative effort between the records management. IT, legal, and audit functions to serve the overall needs of the organization. Security procedures must be consistent with a defined risk tolerance program to ensure a cost beneficial solution for executive management and the shareholders.
NFPA 232 The Standard for the Protection of Records defines the role of the records manager as the Responsible Party in records center and vault design and specifically states that you are responsible to manage the fire protection design aspects of the records center. From selecting the fire protection engineer to guiding the architectural requirements, the Records Manager needs to be prepared to control the design process of the records center of the future. The records manager must be aware of the standards, trends and emerging technologies that impact the protection of the information assets of the organization, in a manner consistent with the controlling legislation.
Challenges The majority of vital and mission critical records remain in digital format and present an entire array of problems for the Records Manager and Information Technology Manager. These problems range from exponential growth to the virtual elimination of the enforceable retention period, due to a lack of established controls being exercised on the digital format records. Another concern is the permeable layer that fails to prevent records from flowing away from control. This same permeable layer that grants instantaneous access to the user is often under attack by viruses that threaten the integrity of the original master digital format records.
Organizational Management often poses a threat to the records management program. 1. Executive management addresses records protection in times of risk or regulatory enforcement, but can lose their will during periods of profit downturn or during mergers and acquisitions. 2. Management has also turned out to be a threat to records during periods of wrong-doing and criminal activity. How does one protect records from the enemy from within? 3. Management can also pose a threat to a records management program by adopting new technology without regard to the ongoing preservation of records. 4. Technological obsolescence is the prime threat to legacy data.
Computer systems utilized for managing the information assets included in the records management system should be protected as part of the archival collection along with operating manuals and spare parts in the event of equipment failure.
To function as the operational storage center, the recovery site and near line or online data bank, much thought must go into the long-term capabilities of this records center of the future. The records center must not be viewed as a cost center, but as an ongoing benefit to the well-being and profitability of the organization. The marriage of information protection and accessibility, resulting in superior business continuity, will define the success of this new records center.
What should we expect to see in the records center of the future? E-vaulting will emerge as a reasonable solution Mirror sites can be located in the records center along with the call center function to insure fail-safe capability. A new wave of data center and information management enhancements. Terrorism Dramatic fines and criminal penalties for loss of information assets Creating vaults for the data production capability is popular in Europe, and the trend is spreading to the United States.
Data mining presents a strategic opportunity for the professional information manager. Data mining creates a value added to an organization with strong records management capabilities. Competitive intelligence and espionage promote storage of information assets off-line to all but those entitled to manipulate or access the data. Estimates are that up to 50% of critical business data does not exist inside the organizational data center. Yet this same data forms the basis for the information on which today s business leaders make strategic decisions.[1] [1] The Disconnected Data Dilemma, Craig McClellan, StorageTek, May 2, 2000
Initiating the Design Planning for the Records Center of the Future RM and IT must collaborate with Facilities to develop solutions to protect the survival of the organization in this new world of information management. Integrating immediate access for users while insuring long term protection of the record content is a challenge that must be addressed in the early stages of the design. Failure to address both needs will be catastrophic at some point in the life cycle of the records.
Records Management and the IT communities are tasked with the protection of the records produced in the data center. Increasingly, the records center is becoming the fail-safe location for the protection of all information assets. The new records center provides the basic elements for the disaster prevention program: 1. Distance from the data center 2. Proper management of the records 3. Physical security and access control 4. Redundant master copies to the working set or online records
Recent legislation has made the CEO, the CFO and the Auditors responsible for ensuring the long-term protection of all the elements of the information management lifecycle. Managing the lifecycle of records, while familiar to records managers, is now becoming a concern to IT management, as well, as they seek to respond to new legal requirements for data protection. Can you say joint and several liability? KPMG?
In the end, it is still records protection, only at the earliest stage of records production prior to the classification of the records. How the records evolve in classification and value will still depend on legal requirements or circumstances that affect the record at various stages in its lifecycle. e.g., litigation, new legal requirements or value to the end user. Or, the retention schedule.
ENVIRONMENTAL STANDARDS: Digital Format Records are generated and managed electronically, in a form that makes them more fragile than paper, and it is critical that we concern ourselves with preserving the accessibility of the information because of the unstable life of the media. The records manager cannot be concerned only with the loss of records due to catastrophic causes, but must also address issues such as environmental decay.
IT Security Room Care must be taken to concern ourselves with the operational use area (data center or server room) of the media, because cycling media in and out of a master storage or archival environment to serve as back-up requires that we consider the temperature of the computer room or use environment.
Special Care that you can provide Acrobat Document The minimization of dust in the environment through the use of special filtering devices Dust and vapor resistant light fixtures be utilized within the media vault chambers. Magnetic shielding should be considered within the archival or media vault. Storage areas should be analyzed for the presence of magnetic fields as continued exposure to fields of 10 milligauss can alter the information contained on magnetically recorded media.
Additionally, off-gassing from laser printers can negatively impact media and care should be exercised to avoid storing media adjacent to the processing equipment.
PLANNING FOR THE VAULT CHAMBER In the role you play as Gate-keeper you are tasked with protecting documents that are not always in paper format. Just as environmental stability took a jump up in specific control, you must now address different fire protection ratings and enhanced needs for security in your new center. Performing a step-by-step planning program to answer your design questions as they relate to your organization.
RECORDS CENTER DESIGN PLANNING CRITERIA: The records center of the future will satisfy these needs to be a viable repository for the active, long term and vital records of the organization Information protection must be designed to protect assets in a solid cascade from digital birth to online storage to tape storage the integrity must be absolute. Back up program with restorable capability The production platform must be integrated with the storage platform Information must be continually available for delivery Technical solution is prime with repeatable proof
Integrity requires a continual Gatekeeper function Proof that information is complete Proof that information is un-tampered Proof that the complete set is available Proof that is understandable to a jury of society's lowest common denominator Proof that will satisfy a critical auditor
Security of information assets Cannot be destroyed accidentally Cannot be stolen -Is impervious to environmental decay -Is able to migrate -software and hardware -Is protected from criminal activity -Is protected from catastrophic destruction Efficiency of storage The user must be able to find desired records -Absolute integrity in the tracking software -Reduced search costs -Reduce retention periods to control cost -Minimize threat of expired records being discovered after scheduled destruction date
RECORDS CENTER DESIGN PLANNING CRITERIA: The records center should deliver a substantially lower cost of ownership of the records while providing the dedicated user instant access within a secure environment. Cost of ownership must detail in case study analysis -Actual costs incurred by destruction -Savings achieved by avoiding major losses
The average box sits on shelf for 16 years. (PRISM) -This is a defect that records management must seek to eliminate -Cost savings from improved life-cycle management will fund modernization of information management Enhanced security of the electronic documents provides an incentive for lowered dependency on paper documents
The records center s mission in protecting records: Eliminate the loss of income that results from prematurely destructed records. (e.g. Accounts payable) Support the errors and omissions policy Provide documentation necessary to protect against claims of gross negligence or fraud Avoid loss of reputation -- loss of stock value Provide documents necessary to avoid legal liability - Criminal punishment for the CEO & CFO - Civil penalties that punish the organization
What is left to do? Threat risk assessment Incorporating security into the design plan Future information repository trends Developing your unique design plan
Records Center of the Future Protecting the Vital Records Controlled Access Total Surveillance
Establishing the Legal Authority that controls the Design of the Records Center International Standard 15489.1 Records Management Standard (Australian Standard) National Fire Protection Association Standard 232- Protection of Records Canadian Standard FC 311 (M), Standard for Records Storage Canadian Physical Security Standard British Standard BS 5454:2000 Recommendations for the Storage and Exhibition of Archival Documents
We thank all of our friends in ARMA and PRISM for their contribution to this body of work. Special thanks to Larry Medina, Peter Kurilecz, Sharon Kuhns, Joel Koch, Jerry Handfield of The Washington State Digital Archives and my friends of the FIRELOCK Affinity Network.