340 likes | 634 Views
Federal Records. A record is anything created or received by agencies or contractors in the course of government business. A Federal record can:Be on any media: e.g. electronic, digital, microfilm, microfiche, audio tape, video tape, film, paper - you get the idea;Be temporary (kept for a limi
E N D
1. Vital Records Management A Briefing for Federal Agencies
2. Federal Records A record is anything created or received by agencies or contractors in the course of government business. A Federal record can:
Be on any media: e.g. electronic, digital, microfilm, microfiche, audio tape, video tape, film, paper - you get the idea;
Be temporary (kept for a limited period of time then destroyed)
Or permanent (kept FOREVER)
3. Vital Records Program A vital records program identifies and protects those records that specify how an agency will operate in an emergency or disaster, those records necessary to the continued operations of the agency, and those records needed to protect the legal and financial rights of the government and citizens.
Paraphrased from 36 CFR 1236
4. Vital Records Emergency Operations Records: Needed During an Emergency
Must be immediately accessible
Should be on paper
For immediate retrieval in the event computer systems do down
Or immediately available electronically off-site.
5. Emergency Operations Records Examples:
Emergency/ Continuity of Operations (COOP) Plan.
Staff contact and assignment information. Regularly update changes in name, address, phone numbers, etc.
Orders of succession and delegations of authority.
Policy, procedural, and systems manuals.
List of credit card holders to purchase needed supplies.
6. Emergency Operations Records
7. Rights and Interests Records Are essential to protect the legal and financial rights of the Government and of the individuals affected by its activities
Payroll and accounts receivable
Social Security and retirement
Public safety records
Titles, deeds, and contracts
Licenses and long-term permits
8. Rights and Interests Records Not necessary to immediately re-establish operations
Not needed in the first 24 hours
May be available from other sources
Off-site centralized computer systems
Payroll
Accounting
May be kept farther away
Less time sensitive
9. Vital Records One of the most important considerations to keep in mind is to keep the volume of vital records at a manageable level. It would be cost prohibitive to try and protect all or even 1/2 of the records series each of you creates. Three to five percent of total records is a rule of thumb, and no more than 7%. This reduces protection costs, but it makes the selection process even more difficult for the records manager.One of the most important considerations to keep in mind is to keep the volume of vital records at a manageable level. It would be cost prohibitive to try and protect all or even 1/2 of the records series each of you creates. Three to five percent of total records is a rule of thumb, and no more than 7%. This reduces protection costs, but it makes the selection process even more difficult for the records manager.
10. Regulations and Guidance 36 CFR 1236 - Management of Vital Records
Federal Preparedness Circular 65
Federal Emergency Management Agency
Executive Order 12656
Assignment of Emergency Preparedness Responsibilities
Vital Records and Records Disaster Mitigationand Recovery (NARA Publication)
http://www.archives.gov/records_management/publications/vital_records.html
11. Federal Preparedness Circular 65 (FEMA) The protection and ready availability of electronic and hardcopy documents, references, records, and information systems needed to support essential functions under the full spectrum of emergencies is another critical element of a successful COOP plan. Agency personnel must have access to and be able to use these records and systems in conducting their essential functions. . . .
12. Vital Records Plan Vital Records Program must be incorporated into the overall Continuity of Operations Plan (COOP)
Needs clear authority
policies
authorities
procedures
designation of a Vital Records Manager
13. Agency/Business Impact Analysis Identify agency/business functions
Determine impact of incident
Estimate loss to agency/business
Determine recovery timeframes
Gather requirements for recovery During this phase of the Business Contingency Planning process, the BCP will need to identify the critical functions within their business. These can be identified by listing all functions performed, determining the impact an incident would have on that function and an estimate of the business loss for the duration of an outage.
Remember assets are composed of both physical assets and financial assets. Lost revenues, additional costs to recover, fines and penalties, lost good will and delayed collection of funds are all financial assets that could be impacted in a disaster.
During this phase of the Business Contingency Planning process, the BCP will need to identify the critical functions within their business. These can be identified by listing all functions performed, determining the impact an incident would have on that function and an estimate of the business loss for the duration of an outage.
Remember assets are composed of both physical assets and financial assets. Lost revenues, additional costs to recover, fines and penalties, lost good will and delayed collection of funds are all financial assets that could be impacted in a disaster.
14. Risk Assessment Lost document
Ability to provide secondary services affected
One or two primary services affected
Destruction of major building: non-work hours
Destruction of major building: work hours
Severe localized natural disaster
Most severe conceivable; national scope
15. Risk Assessment How do you rate these risks? Each possible risk should be rated on two criteria: what is the likelihood of such a risk event happening, and what is its actual impact on your operations?
CLICK to move animation
Visualize a matrix with one axis being likelihood, from 0 to 100%,
CLICK to move animation
and the other being adverse impact, also from 0 to 100%.
Obviously little attention would be paid to events falling near zero on both scales, and a great deal of attention to those falling near 100% on both. The hard part comes in dealing with those that are high on one axis and low on the other. For example,
CLICK to move animation
a large meteorite impact would be devastating, but its likelihood is low. On the other hand,
CLICK to move animation
if you are situated on a flood plain, you should expect to have to deal with the threat of high water.
There are a number of vendors who market sophisticated tools and techniques designed to assist in the analysis process, similar to the traditional cost benefit analysis model. Of course, the ultimate usefulness of the analysis is dependent to the quality of the data and the thought processes used to evaluate them.
CLICK to end slideEach possible risk should be rated on two criteria: what is the likelihood of such a risk event happening, and what is its actual impact on your operations?
CLICK to move animation
Visualize a matrix with one axis being likelihood, from 0 to 100%,
CLICK to move animation
and the other being adverse impact, also from 0 to 100%.
Obviously little attention would be paid to events falling near zero on both scales, and a great deal of attention to those falling near 100% on both. The hard part comes in dealing with those that are high on one axis and low on the other. For example,
CLICK to move animation
a large meteorite impact would be devastating, but its likelihood is low. On the other hand,
CLICK to move animation
if you are situated on a flood plain, you should expect to have to deal with the threat of high water.
There are a number of vendors who market sophisticated tools and techniques designed to assist in the analysis process, similar to the traditional cost benefit analysis model. Of course, the ultimate usefulness of the analysis is dependent to the quality of the data and the thought processes used to evaluate them.
CLICK to end slide
16. Vital Records Plan What type of information is needed during an emergency?
What are the critical functions of the agency that must continue during an emergency?
Which records are needed to support those functions?
17. Vital Records Plan Which records support critical program activities?
Emergency personnel lists;
Building blueprints; and
Software documentation
Which records protect legal and financial rights?
What procedures/resources are needed to protect and recover records?
19. Identify Vital Records Method
Survey or questionnaire
Physical inventory
Format
Paper records by record series
Electronic records by info system
Identify records absolutely necessary for your office to function in the event of a disaster 1. Selection must also be based on criteria established by senior management in consultation with policy analysts, program managers, emergency management planners, and records managers. Selection must also be based on comprehensive knowledge of all the agency's or office's records. Comprehensive information about the agency's records may be available through existing file plans and inventories. Where insufficient file plans or inventories exist, a comprehensive inventory of all the office's records must be conducted.
2. The inventory is a basic tool of records management. You can't manage something unless you know what it is. The same inventory is the foundation for any effective vital records program. But an inventory involves a significant investment in time and staff resources.
3. There are two basic methods. The survey or questionnaire method relies on records liaisons or other clerical staff in the various branches to conduct the inventory. Experience has shown that this is far less effective that the second type, the physical inventory conducted by records management staff.
4. See the records and data inventory forms provided in your packet. Remember that paper records are inventoried by record series. Electronic records are inventoried by information system. To be effective, paper and electronic records should be "inter-inventoried" as part of the same process to ensure that relationships between them can be fully identified. Selection and the final plan must be reviewed by senior management and others involved in establishing the vital records program.
1. Selection must also be based on criteria established by senior management in consultation with policy analysts, program managers, emergency management planners, and records managers. Selection must also be based on comprehensive knowledge of all the agency's or office's records. Comprehensive information about the agency's records may be available through existing file plans and inventories. Where insufficient file plans or inventories exist, a comprehensive inventory of all the office's records must be conducted.
2. The inventory is a basic tool of records management. You can't manage something unless you know what it is. The same inventory is the foundation for any effective vital records program. But an inventory involves a significant investment in time and staff resources.
3. There are two basic methods. The survey or questionnaire method relies on records liaisons or other clerical staff in the various branches to conduct the inventory. Experience has shown that this is far less effective that the second type, the physical inventory conducted by records management staff.
4. See the records and data inventory forms provided in your packet. Remember that paper records are inventoried by record series. Electronic records are inventoried by information system. To be effective, paper and electronic records should be "inter-inventoried" as part of the same process to ensure that relationships between them can be fully identified. Selection and the final plan must be reviewed by senior management and others involved in establishing the vital records program.
20. Prepare Copies Paper - Generally accessible under the worst circumstances
Electronic - Require special equipment to read
21. Vital Records Many vital records have limited time values. As mentioned before, they must be removed and replaced with copies of updated information as appropriate.
Our records center in Denver used to store vital Department of Defense logisitcal publications, which were often superceded after a short period of time. The records were stored on 9-track magnetic tape reels. On a monthly basis, DoD would send us ten boxes of replacement tapes to be stored in our vault, and we would return the previous set of tapes to DoD for degaussing and reuse. This is how cycling is supposed to work, and this needs to be stated in the transmittal forms used to transfer vital records to NARA or commercial facilities.
Many vital records have limited time values. As mentioned before, they must be removed and replaced with copies of updated information as appropriate.
Our records center in Denver used to store vital Department of Defense logisitcal publications, which were often superceded after a short period of time. The records were stored on 9-track magnetic tape reels. On a monthly basis, DoD would send us ten boxes of replacement tapes to be stored in our vault, and we would return the previous set of tapes to DoD for degaussing and reuse. This is how cycling is supposed to work, and this needs to be stated in the transmittal forms used to transfer vital records to NARA or commercial facilities.
22. Storage/Dispersal Offsite storage of vital records is a further protection method. If this method is used, be aware that emergency operating records must be immediately retrievable. They should be maintained reasonably near to the creating organization. Generally speaking, a distance of about 30 miles seems to cover both contingencies: far enough to avoid the disaster but close enough to be retrieved.
On a limited basis, NARA facilities are authorized to store emergency operating vital records, but remember that these will not be accessible 24 hours a day, and there are severe limitations on controlled storage for microfilm and electronic media. In Denver, the Animal & Plant Health Inspection Service maintains a copy of its disaster plan in our vault in case other copies are not retrievable.
Offsite storage of vital records is a further protection method. If this method is used, be aware that emergency operating records must be immediately retrievable. They should be maintained reasonably near to the creating organization. Generally speaking, a distance of about 30 miles seems to cover both contingencies: far enough to avoid the disaster but close enough to be retrieved.
On a limited basis, NARA facilities are authorized to store emergency operating vital records, but remember that these will not be accessible 24 hours a day, and there are severe limitations on controlled storage for microfilm and electronic media. In Denver, the Animal & Plant Health Inspection Service maintains a copy of its disaster plan in our vault in case other copies are not retrievable.
23. Off-Site Storage Options Regional Office
Agency Owned and Operation Facility:
NARA Records Center
Office of Different Agency
Commercial Storage
Hot Site: Office space somewhere else all wired and ready to work in.
Cold Site: Empty office space somewhere else, not wired.
24. Vital Records Document (make a list) your vital records. Indicate:
Types of records
Where they are kept
Updates to the records
Off-site location(s)
Media type (CD, tape, paper, etc.)
Records accessibility
25. Many agency functions rely on information systems (computers/networks/Internet, etc.)
Major disruptions to systems can bring some – if not all – agency operations to a halt and/or have an impact on other systems
Some electronic information are records that require careful management Vital Records and Information Technology Say what you will about paper records: that they are an old fashioned medium for storing information; that they take up too much space; that it costs a lot to maintain them for active reference; they are hard to keep track of; that they multiply like rabbits. All true. BUT, it is the very clumsiness of paper that also makes it resilient. Although many millions of paper service records were burned up in the 1973 fire at NPRC in St. Louis, many more paper files were recoverable, with only their edges burned. That fire lasted three days but still did not annihilate all records on the sixth floor.
On the other end we have computerized records. Compact, easily and quickly searchable with the right indexing; manipulable, alterable; lending itself to instantaneous transmission over cables and phone lines to far away destinations. The very commerce of the nation depends on the speed and efficiency of electronically created and managed information. Yet, with the click of a mouse, the clip of a fiber optic strand, the snap of a tape, the equivalent number of records burned in the St. Louis fire can be lost forever in a nanosecond. What makes electronic information so attractive also exposes its major weakness. The fragility of the media and of the systems that create and maintain the information makes planning for electronic information disasters even more of a priority than with other records. The stakes are higher, the risks greater.Say what you will about paper records: that they are an old fashioned medium for storing information; that they take up too much space; that it costs a lot to maintain them for active reference; they are hard to keep track of; that they multiply like rabbits. All true. BUT, it is the very clumsiness of paper that also makes it resilient. Although many millions of paper service records were burned up in the 1973 fire at NPRC in St. Louis, many more paper files were recoverable, with only their edges burned. That fire lasted three days but still did not annihilate all records on the sixth floor.
On the other end we have computerized records. Compact, easily and quickly searchable with the right indexing; manipulable, alterable; lending itself to instantaneous transmission over cables and phone lines to far away destinations. The very commerce of the nation depends on the speed and efficiency of electronically created and managed information. Yet, with the click of a mouse, the clip of a fiber optic strand, the snap of a tape, the equivalent number of records burned in the St. Louis fire can be lost forever in a nanosecond. What makes electronic information so attractive also exposes its major weakness. The fragility of the media and of the systems that create and maintain the information makes planning for electronic information disasters even more of a priority than with other records. The stakes are higher, the risks greater.
26. Helps an agency:
Keep systems functioning
Maintain data integrity, availability, and security
Ensure system accessibility
Recover from a disaster in a timely fashion If your plans are to be effective, they must address three major issues:
1. Maintaining system availability. This requires proper planning, design, and installation of the LAN, which can prevent many problems or make them easier to locate and troubleshoot.
2. Maintaining data integrity, availabilty and security. This also requires proper planning and execution. Building an effective logical structure with proper security and access control is a first step toward maintaining system integrity.
3. Recovering from disasters in a timely fashion. As much as possible, you want to avoid too much downtime: downtime is the unavailability of a computer system or portion of the computer system, including its software and peripherals, which results in a loss of productivity.
Downtime can be measured in any number of ways: loss of income; lost productivity; legal liability from clients for not meeting deadlines; lost clients; lost user confidence; inability to compete.If your plans are to be effective, they must address three major issues:
1. Maintaining system availability. This requires proper planning, design, and installation of the LAN, which can prevent many problems or make them easier to locate and troubleshoot.
2. Maintaining data integrity, availabilty and security. This also requires proper planning and execution. Building an effective logical structure with proper security and access control is a first step toward maintaining system integrity.
3. Recovering from disasters in a timely fashion. As much as possible, you want to avoid too much downtime: downtime is the unavailability of a computer system or portion of the computer system, including its software and peripherals, which results in a loss of productivity.
Downtime can be measured in any number of ways: loss of income; lost productivity; legal liability from clients for not meeting deadlines; lost clients; lost user confidence; inability to compete.
27. Data Migration Document:
Policies and procedures
Hardware/software configurations
Data backup & restoration procedures
Employee addresses & phone lists
Troubleshooting guides
Business recovery plan Documentation are records required to plan, develop, operate, maintain, and use electronic records.
These are the kinds of documentation you need for disaster prevention & recovery. Here are some tips to make documentation easier: Be clear, concise and to the point - such as 1-2 pages on how to restore backups (KISS). Write so it can be read by a nontechnical person - “cookbook” style; define all acronyms - starting with LAN; include a glossary; break your documentation into modules for easier maintenance; have the people directly involved with operating and using systems be the ones to help write the documentation; have your documentation tested and reviewed by a third party who does not have extensive knowledge of the system being documented; document as you - when you first install a system, or an application - it’s easier that going back and doing it later; if you are documenting after the fact, do it a piece at a time; make a list of things to be documented, then prioritize that list; include simple pictures and diagrams when you are showing cabling topology, and use “screen capture” software to incorporate various screen views that might be helpful to people who have to read your documentation; don’t document things already documented - in other words, don’t rewrite procedures for Windows 95’ when they are already described in many excellent publications found at your bookstore.
Documentation are records required to plan, develop, operate, maintain, and use electronic records.
These are the kinds of documentation you need for disaster prevention & recovery. Here are some tips to make documentation easier: Be clear, concise and to the point - such as 1-2 pages on how to restore backups (KISS). Write so it can be read by a nontechnical person - “cookbook” style; define all acronyms - starting with LAN; include a glossary; break your documentation into modules for easier maintenance; have the people directly involved with operating and using systems be the ones to help write the documentation; have your documentation tested and reviewed by a third party who does not have extensive knowledge of the system being documented; document as you - when you first install a system, or an application - it’s easier that going back and doing it later; if you are documenting after the fact, do it a piece at a time; make a list of things to be documented, then prioritize that list; include simple pictures and diagrams when you are showing cabling topology, and use “screen capture” software to incorporate various screen views that might be helpful to people who have to read your documentation; don’t document things already documented - in other words, don’t rewrite procedures for Windows 95’ when they are already described in many excellent publications found at your bookstore.
28. Data Mitigation Document:
Back-up methods and procedures
full
incremental
Offsite storage
Cold sites
Hot sites
Data recovery (Ensure backup tapes can be used on off-site computers.)
Power supply Most data loss can be prevented, or its effects minimized, with proper backup procedures.
Various technologies can be used for backups including quarter-inch tape, 8mm tapes, digital audio tape, and digital linear tape. Optical media normally is not used due to expense & lack of resuability.
What are some of the methods used to make backups? Full daily backups copy all files, program, and data every day. Incremental backups are once a week full backups, and daily backups of only those files that have changed since the last backup. Differential is the same except the daily backups involve files that have changed since the last fullback. Journaling is where database changes are automatically copied to another server every hour or minute, in case the database somehow becomes corrupted. Storing backup tapes off-site is an absolute necessity if you plan to recover after a disaster. The best approach is to contact a copy who will pick up your tapes on a regular basis and store them in a protected environment. (Arcus, etc.) There is a company in Denver to whom you can electronically transmit certain files which they will gladly store for $30 per 100MB. Any kind of event that causes a power outage can also cause havoc to your network. Files and software can be lost in an instant. Backup power supplies therefore, are a must. One type is an Uninterrupted Power Supply (UPS) device that will provide a few hours of power until regular power can be restored, or until you can safely shut down the system.Most data loss can be prevented, or its effects minimized, with proper backup procedures.
Various technologies can be used for backups including quarter-inch tape, 8mm tapes, digital audio tape, and digital linear tape. Optical media normally is not used due to expense & lack of resuability.
What are some of the methods used to make backups? Full daily backups copy all files, program, and data every day. Incremental backups are once a week full backups, and daily backups of only those files that have changed since the last backup. Differential is the same except the daily backups involve files that have changed since the last fullback. Journaling is where database changes are automatically copied to another server every hour or minute, in case the database somehow becomes corrupted. Storing backup tapes off-site is an absolute necessity if you plan to recover after a disaster. The best approach is to contact a copy who will pick up your tapes on a regular basis and store them in a protected environment. (Arcus, etc.) There is a company in Denver to whom you can electronically transmit certain files which they will gladly store for $30 per 100MB. Any kind of event that causes a power outage can also cause havoc to your network. Files and software can be lost in an instant. Backup power supplies therefore, are a must. One type is an Uninterrupted Power Supply (UPS) device that will provide a few hours of power until regular power can be restored, or until you can safely shut down the system.
29. Planning Issues Reduce confusion
Minimize decisions
Identify actions
Recovery teams
Offsite recovery
Relocation
Backups & documentation Planning for IT disasters is very similar to planning for other information-related disasters. Listed here are things your plan should address. Planning for IT disasters is very similar to planning for other information-related disasters. Listed here are things your plan should address.
30. Business Resumption Planning Off-Site Recovery:
Have pre-positioned web access, and e-mail
Plan accessibility to critical national databases
Set up on-the-fly transfer of main office phone line to offsite location
Pre-place COOP plan, delegations of authorities, building blueprints, etc. at emergency site
31. Vital Records Training/Testing Incorporate vital records into overall disaster plan
Provide vital records training to all management and employees
Conduct annual reviews
Tests of plan
Exercises
32. Vital Records Training/Testing Potential Problems:
Plan out of date
Bottlenecked data links
Lack of realistic tests
Test becomes a disaster Acceptable down-time changed
Needed personnel were not available
Equipment not available Experience is truly a hard teacher and you’ll never come up with the perfect plan on the first or second try:
All plans are out of date the moment they are written. Plans that are fllexible and don’t account for every detail can help, as can a mechanism for keeping them up-to-date.
Plan for voice and data services at your recovery site that mirror the ones you use at your office.
Have people participate in tests who don’t know a thing about the department that is the focus of the test. Sometimes outsiders can spot deficiencies that your department would miss because they overlooked “obvious” procedures.
On the other side of the argument, don’t be too realistic. Be careful when you test If you shut down the server, be sure you aren’t going to destroy the documents and files users are working on during the test.
The amount of downtime will diminsh as LANs become more critical to agency operations. Be sure to reassess how long critical operations can be down before they must be resumed.
During Hurrican Andrew, a number of businesses remained physically unscathed, but still ran into trouble because their staff members were unable or unwilling to come into work. Don’t automatically assume your IT people will be available during a disaster: plan for their absence.
Experience is truly a hard teacher and you’ll never come up with the perfect plan on the first or second try:
All plans are out of date the moment they are written. Plans that are fllexible and don’t account for every detail can help, as can a mechanism for keeping them up-to-date.
Plan for voice and data services at your recovery site that mirror the ones you use at your office.
Have people participate in tests who don’t know a thing about the department that is the focus of the test. Sometimes outsiders can spot deficiencies that your department would miss because they overlooked “obvious” procedures.
On the other side of the argument, don’t be too realistic. Be careful when you test If you shut down the server, be sure you aren’t going to destroy the documents and files users are working on during the test.
The amount of downtime will diminsh as LANs become more critical to agency operations. Be sure to reassess how long critical operations can be down before they must be resumed.
During Hurrican Andrew, a number of businesses remained physically unscathed, but still ran into trouble because their staff members were unable or unwilling to come into work. Don’t automatically assume your IT people will be available during a disaster: plan for their absence.
33. Vital Records Summary
Vital records get you back to work!
Vital records protect government and citizen interests!
Identify and protect your vital records!
34. Thank You For more information on vital records or how to develop a vital records program for your office, contact:
Stephanie Fawcett,
Director, Records Management Program
NARA-Northeast Region
781.663.0124
stephanie.fawcett@nara.gov