Identify and Protect Your Vital Records

Similar documents
Vital Records Management

15 Organisation/ICT/02/01/15 Back- up

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

SAMPLE IT CONTINGENCY PLAN FORMAT

BUSINESS CONTINUITY PLANNING

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Section 28.1 Purpose. Section 28.2 Background. DOT Order Records Management. CIOP Chapter RECORDS MANAGEMENT

RECORDS MANAGEMENT VITAL RECORDS MANAGEMENT

UMHLABUYALINGANA MUNICIPALITY

Glossary of Records Management Terms

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Continuity Planning and Disaster Recovery

HOW TO DEVELOP A RECORDS PROCEDURES MANUAL. New York State Unified Court System Division of Court Operations Office of Records Management

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Comprehensive Emergency Management Plan (CEMP) Annex V CONTINUITY OF OPERATIONS PLAN (COOP)

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

CONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS

DEPARTMENT OF THE NAVY RECORDS MANAGEMENT PROGRAM

Operational Risk Publication Date: May Operational Risk... 3

Records & Information Management Policy

September Tsawwassen First Nation Policy for Records and Information Management

This policy is not designed to use systems backup for the following purposes:

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

BUSINESS CONTINUITY PLAN

Which Backup Option is Best?

OFFICIAL. NCC Records Management and Disposal Policy

FINAL May Guideline on Security Systems for Safeguarding Customer Information

How To Manage Records And Information Management In Alberta

RECORDKEEPING MATURITY MODEL

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

BACKUP SECURITY GUIDELINE

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

Guidelines for Off-Site Storage of Inactive Local Government Records

Records Management. Training 101

Creating a Business Continuity Plan for your Health Center

How to Prepare for an Emergency: A Disaster and Business Recovery Plan

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

BASIC STEPS IN A RECORDS MANAGEMENT PROGRAM. The basic steps in implementing a records management program are: Inventory Appraisal Scheduling

DISASTER RECOVERY PLANNING GUIDE

Department of Defense INSTRUCTION. Reference: (a) DoD Directive , Defense Continuity Programs (DCP), September 8, 2004January 9, 2009

March 2007 Report No FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT

Records Management Policy.doc

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Cloud Computing and Records Management

Workforce Solutions Business Continuity Plan May 2014

UNIVERSITY OF NAIROBI POLICY ON RECORDS MANAGEMENT

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Information Security Policy

CONTINUITY OF OPERATIONS PLAN TEMPLATE

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Overview of Business Continuity Planning Sally Meglathery Payoff

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

9/12/2014. Part 3: Records Systems, Storage and Retrieval. Basic Concepts

Department of Defense INSTRUCTION

DIA Records Management Program

1. The records have been created, sent or received in connection with the compilation.

RECORD RETENTION & DESTRUCTION POLICY

Offsite Disaster Recovery Plan

COMPLIANCE WITH THIS DOCUMENT IS MANDATORY

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Records Management. 1. Introduction. 2. Strategic Plan Desired Outcomes

RECORDS MANAGEMENT POLICY

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

RECORDS MANAGEMENT MANUAL

Continuity of Business

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Building and Maintaining a Business Continuity Program

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

Business Continuity Plan (BCP)

Developing a Records Retention Program

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY

IT Disaster Recovery and Business Resumption Planning Standards

Disaster Recovery Policy

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No

CISM Certified Information Security Manager

Transcription:

Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents, references, records, and information systems needed to support essential functions under the full spectrum of emergencies is another critical element of a successful COOP plan. Agency personnel must have access to and be able to use these records and systems in conducting their essential functions. Each Federal agency is responsible for establishing a Vital Records Program for the identification and protection of those records needed for Continuity of Operations Plans (COOP) before, during, and after emergencies and those records needed to protect the legal and financial rights of the Government and persons affected by Government activities. This means identifying, safeguarding, and having readily available documents, databases, and information systems that support an organization s performance of its essential functions or are critical to preserving rights and interests. Vital records are required to support an organization s roles and responsibilities during and following an event that significantly disrupts normal operations, such as a national security emergency or natural disaster. The identification and protection of copies of vital records and the implementation of records disaster mitigation and recovery programs are an insurance policy against disruption of critical agency operations. To effect that insurance policy, Federal agencies must act to achieve the aims of continuing operations, resuming normal business operations, protecting legal and financial rights, and recovering damaged records. A review of statutory and regulatory responsibilities and current file plans of offices that perform essential functions or preserve rights and interests is critical to the identification of vital records. Vital records should comprise a relatively small fraction of the organization s total volume of records and be an integral part of the organization s overall COOP. To comply with the statutory and regulatory requirements, the Department of Energy (DOE) issued DOE O 243.2, Vital Records, which sets forth requirements and responsibilities for implementing and maintaining a vital records program. WHAT ARE VITAL RECORDS? 36 CFR 1223, Managing Vital Records, defines two basic categories of records - emergency operating and rights and interest. Emergency Operating Records Emergency operating records are those vital records essential to the continued functioning or reconstitution of an organization during and after an emergency. Emergency operating records include those records an organization needs in order to perform functions in support of another office s essential functions. (For example, information regarding foreign travel may be routine to the travel office but essential to an organization with personnel overseas who need to return during a crisis.)

Emergency operating records are based on emergency missions, functions, and plans of operation. They include records that support both critical activities and resumption of normal operations once the emergency or disaster has passed. The possibility that normal operations might not resume at the organization s original operating facility (for example, in the case in which the original facility is destroyed) should be considered. Emergency operating records support the most critical activities the organization must perform if it operates under other than normal business conditions and in a facility other than its normal place of business. If emergency operating records are retained in electronic form, appropriate equipment (computers, software and supporting services such as air conditioning and power) must be available at the emergency operations center and the alternate operating location to readily permit their use. Records in paper form are often appropriate as emergency operating records because their use does not rely on mechanical or electronic equipment. If available, electronic records may be accessed from remote locations via remote access or compact disks and may be the most accessible option, if the use of paper records is prevented by the emergency. Examples of Emergency Operating Records include but are not limited to: Emergency plans and directive(s), or other authorizing issuances, including information needed to operate the emergency operations center and its equipment, and records recovery plans and procedures Orders of succession Delegations of authority Staffing assignments Relocation plans Lists of emergency staff assigned to the emergency operations center, or other emergency duties and authorized access to damaged facilities to assess the extent of damage (include names, addresses, and telephone numbers and comparable data for alternates) Next-of-kin information so that families of those injured can be notified Vital records inventory, locations, file plans, and protection methods Site maps and engineering drawings, especially those that would be required to recover the use of a facility Documentation for any electronic system designated an emergency operating system Records required to protect the health and safety of personnel Records required to support personnel on travel Resources necessary to acquire office space and equipment. Rights and Interests Records Rights and interest records are those needed to protect an organization s essential legal and financial functions and activities and the legal and financial rights of individuals directly affected by the organization. These records may not be needed during an emergency, so storage locations do not have to be at or in the vicinity of emergency operating facilities. Such records may be stored at a Federal Records Center (FRC) or similar repository. Examples of rights and interest records include: Payroll, Financial, Budget records, accounts receivable records Personnel, Leave, Health, and Insurance records Military, Social Security, and Retirement records

Contracts and Agreements Grants and Leases Entitlements Obligations, which if lost would impose a legal or financial risk Systems documentation for electronic systems that manage personnel and financial records. WHAT ARE YOUR RESPONSIBILITIES? Executive Order 12656, Assignment of Emergency Preparedness Responsibilities, sets forth the emergency functions, leads, and support responsibilities of each agency. Among the Department s responsibilities under EO 12656 are: Develop implementation plans, operational systems and priorities for the allocation of all energy resource requirements Identify energy facilities essential to the mobilization, deployment and sustainment of resources to support the national security and national welfare Develop energy supply and demand strategies to ensure continued provision of minimum essential services in national security emergencies Assure the security of nuclear materials, nuclear weapons, and devices in the custody of Departmental production facilities Ensure protection of unique research and development programs significant to the national welfare, defense and security. Each DOE element must implement a vital records program. Each DOE element s functional responsibilities and business needs are different and each must decide which records are vital records and assign responsibility for them to the appropriate staff. However, all vital records programs must include: Identifying, protecting controlling access to, and ensuring availability of records and certain information systems Accessing records required to support critical activities the organization performs when operating under abnormal business conditions and/or in a location other than the normal place of business Establishing and maintaining a vital records inventory An inventory system that identifies hard copy and electronic records Protection against and assessment of records damage or loss The timely and efficient assessment of records damage or loss and recovering records affected by an emergency disaster Storing and maintaining records Continual reappraisal of the vital records with at least an annual review Recovering records that are damaged in an emergency or disaster Ensuring that contracting officers transmit vital records requirements to the contractors. DOE O 243.2 contains detailed descriptions of the above requirements. Responsibilities of emergency operations staff, emergency management program administrators, and Program Records Officials (PRO) are also outlined in the Order.

VITAL RECORDS INVENTORY Each DOE element should develop a vital records plan. The first part of the plan is an inventory of vital records that are vital to continued agency operations or for the protection of legal and financial rights. The plan should include specific measures for storing copies of the records at a number of different locations to ensure immediate access in any situation and measures to cycle (update) the copies. Continuous reappraisal of vital records is imperative. A review should be performed at least annually to ensure changing conditions are addressed and records are complete and up to date. The inventory should contain the records series or system title, description, type of vital record, name of office and individual responsible, media, software /hardware requirements, physical location of copies, and date of last update. PROTECTION OF VITAL RECORDS Vital records must be protected against damage and loss. They must be kept current, complete, and available. The most important factor guiding the selection of a method of protection for vital records is the ratio of the effectiveness of the protection method to the cost of that protection. The best choice is the one for which the cost of security is most closely aligned with the degree of risk. Beyond the evaluation of actual risk of loss for vital records, other factors that have a measure of importance in the selection of protection methods and the location of the backup copies include: Need for accessibility Volume and length of retention Frequency of update required Security precautions Physical susceptibility to destruction. Some common methods of protection for vital records are: Preservation of existing duplicate copies at another location Creation of special duplicate copies for offsite preservation Preservation of source records which could be used to reconstruct vital records Storage in special equipment, such as fire resistant cabinets, safes, or vaults. In choosing duplicate storage, a location should be selected that reduces the probability that the same disaster, which affects the original records might also destroy the duplicate records. Some records require special environmental storage conditions, which should be considered when selecting a storage facility. A common protection method is maintenance of electronic copies on-site and off-site storage of duplicate paper copies at an FRC or other records storage facility. Whatever method is used, it is essential to develop a rotation schedule to keep the records up to date and to dispose of duplicates that are no longer needed. If electronic backups are maintained, the software and hardware must be routinely tested. As records are duplicated and/or sent to storage, they should be indexed to ensure easy accessibility when the information is required. Time is a crucial factor in emergencies; therefore, regular systematic indexing of all vital records is a necessity.

RECORDS RECOVERY However, when emergencies or disasters occur, even the best of protective measures may not prevent damage to records. Each DOE Element must develop and maintain a plan to recover records that are damaged in an emergency or disaster, regardless of their media. To assist in such emergencies, a resource list of disaster recovery firms should be maintained with the vital records inventory. Records recovery specialists often concentrate on different areas of expertise (water damage, fire, mold, tape deterioration etc.), so the list should be comprehensive and current. The recovery plan should identify priorities and options for recovery or replacement. Current copies of records such as employee contact lists, vital records inventory, and information recovery plans should be maintained at multiple off-site locations to facilitate their use. RESOURCES Title 36 CFR Part 1223, Maintaining Vital Records Executive Order 12656, Assignment of Emergency Preparedness Responsibilities, Part 7, Department of Energy NARA s Vital Records and Records Disaster Mitigation and Recovery: An Instructional Guide Federal Preparedness Circular 65, Federal Emergency Management Agency ASSISTANCE For assistance in identifying and protecting emergency operating records, contact the Office of Emergency Operations, NA-40. For assistance with rights and interest records, contact the PRO in your organization. The PRO list is available via http://energy.gov/cio/contact-us/contacts-recordsmanagement; or contact the Departmental Records Officer, Office of the Chief Information Officer, at 301-903-3455 or via e-mail at DOERM@hq.doe.gov. September 2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information