CurtinSearch |  Curtin Site Index

Records and Archives Office

• Home
• Advices and Guides
• Policies and Procedures
• Frequently Asked Questions
• Records Management
  • Overview
  • Legislation and Standards
  • Electronic Recordkeeping
  • Information Retrieval
  • Disposal Authorities
  • Committee Document System
  • Classification Schemes
  • Abbreviations & Acronyms
• Recordkeeping Manual
  • Introduction
  • Managing Mail
  • What are University Records
  • Staff Files
  • Student Files
  • Committee Recordkeeping
  • Electronic Recordkeeping
  • Other Media Recordkeeping
  • File Management
  • Classification and Indexing
  • University Archives
  • Retention and Disposal
  • Freedom of Information
  • Access and Security
  • Disaster Planning
  • Glossary
  • Contacts
• Recordkeeping Plan
• Archives Management
  • Overview
  • Inactive Record Storage
  • Archive Box Submissions
• Information Management Training
  • Overview
  • Awareness Training
  • Information Management Training Workshops
• Records Liaison Officers
  • RLO Members
  • RLOG Minutes
• Forms
• Contact RAO

Recordkeeping Manual - Disaster Planning

Part 14 - Contents

1. Introduction
2. Vital Records
3. Risk Assessment and Disaster Planning
4. Preventative Action
5. Restoration
6. The Disaster Plan
7. Contacts

1. Introduction

'Organizations and their employees are responsible for preserving government records for as long as required by law and business requirements. A major threat to the preservation of records is the risk of disaster, natural or otherwise.

Organizations are to establish and maintain a disaster management plan for the records of the organization.

A disaster management plan for records is a plan setting out the strategies and activities for preventing disasters, for preparing an appropriate response to and recovery from disasters, should they occur, and resuming normal business.' (State Records Commission Standard 2, Principle 4, Rationale).

The purpose of the disaster preparedness plan is to provide guidelines for the identification, storage and protection of university vital records. It also provides a guide for the development of a disaster recovery plan to manage these records before and after a disaster and to ensure that the resumption of business of the area can continue through a sound recovery system implemented by the area.

This disaster preparedness plan is not designed to provide an answer to each and every type of disaster that could happen, but rather is provided to identify the methods on how to recover from a disaster if one was to occur.

The guides and methods herein should be read and understood by all staff that manage university records, in particular supervisors and managers of areas that are responsible for any university records. All areas that are storing records for the University must develop a Disaster Recovery Plan and maintain it so that it is always current.

The Records and Archives Office, located in building 100, has a number of services and facilities available for vital records of the university, all areas are encouraged to utilise these services to minimise the impact on areas and the university as a whole in the event a disaster does occur.

Although predominantly paper based in regard to recordkeeping across the University, there are many records retained only in electronic format, these in most cases are the most vulnerable to disaster simply from system crashes, corrupt storage media and other technical disasters. This manual will identify correct procedures to eliminate or greatly reduce impacts caused by a disaster.

As with any process, procedure or plan, staff are requested to contact the document author, in this case the Records and Archives Office, if there is anything within this document they do not understand or simply want further advice.

It should also again be understood that this document may not cover all aspects of records disaster preparedness and therefore should only be used as a tool to develop a disaster plan specific for their area.

2. Vital Records

Before we develop our plan we need to identify what we need the plan for, and that, to put it simply is to protect our vital records of the university.

2.1 What are Vital Records?

The Australian Standard on Records Management, AS 4390, defines vital records as those records that if destroyed or damaged beyond use that the university could not operate or function without them;

• They enable the organisation to continue operating during or following an emergency or disaster without a break in business continuity.
• They document procedures and processes so that damaged systems (both technical and administrative) can be repaired or re-established.
• They establish and protect the rights and interests of the organisation and its clients.

In general vital records are those that;

• Prove ownership of property, equipment, vehicles (and) products, including contracts and agreements.
• Record how the organisation operates by financial and tax records, and personnel records, including leave data, salary records etc
• Document procedures and policies, goals and planning.

The following record types are an example list of vital records of the University;

• Legal agreements and contracts, including research agreements, grants etc
• Deeds and certificates of title
• Bequests and donor records
• Student data, i.e academic transcripts, enrolment data, results etc
• Register of graduates
• Minutes of High Level Committees, i.e. Council, Planning and Management, Academic Senate etc
• Course development records
• Building information relating to access and egress, electrical and network infrastructure and architecture, water pipes, sewer lines, air conditioning etc.

Obviously there will be others that are not listed above, generally vital records as stated are those that would severely impede the university from providing its functions and services if they were not available.

Another method of determining the value of records if staff are unsure, is to view the University Disposal Authority, in most cases those with a long retention beyond 10 to 15 years are vital records or at least of great importance to warrant lengthy retention periods.

2.2 Storing Vital Records

The storage of vital records will depend on what medium the records are already stored on, for example student information is held within the Universities student systems and to ensure data is recoverable a set of backup processes are in place to manage this and to enable the quick restoration of the data in the event a disaster did occur.

However there are many other records within the university that may or may not be backed up sufficiently and even if they are backed up they may be held in the same location as the original data, which if a major disaster occurred resulting in the loss of the building, i.e. from a fire, then both the original and backup data will be lost.

The issue here is to ensure that when backing up computer data of any type, especially if it is vital data to the university, the backup must not be located in the same location as the original data, it must be located in an alternative location. If the information is critical to the University, a copy should be held off campus as well, we all remember September 11 and the twin towers, many companies held their backup data in the opposite tower but the result was that they lost both the original and backed up data.

Many records however across the university are held in paper and as such commonly the original is the only copy available and is often used as the main source of reference when needed for retrieval.

Areas should implement a process that identifies the vital records of the area and put a process in place that either sends the original or a copy to an alternate location as a backup of those records.

As part of this process and within the Records Management Procedures all original records of legal contracts, agreements etc must be sent to the Records and Archives Office for safe storage. Areas may maintain a copy for their own reference but the original must be transferred to the Central Records and Archives Office. Records and Archives are putting into place a copy program where a second copy of all the agreements, contracts etc will be stored at an alternate location off campus.

3. Risk Assessment and Disaster Planning

Obviously one of the key elements to any recovery from a disaster is identifying the possible risks that could cause damage to records held by an area. These may include;

• Flood
• Fire
• Earthquake
• Mite or insect damage
• Vermin damage
• Hard disk failure
• Backup failure
• Storage Medium failure.

This list is not meant to be comprehensive, it is provided to identify possible risks that could cause damage to university records, in whatever format they exist in. We are not identifying things such as how the fire starts, or if the building collapses etc, it is purely to define how we can get back to work in the shortest possible and most efficient way after the disaster has occurred.

All areas should assess their information management facilities, whether they are electronic, paper, plastic or other types of media used and identify if they have the necessary recovery process in place in case all records in that location were destroyed by some natural or un-natural disaster. This does not mean every single record of the area needs to be backed up in duplicate or triplicate, it is assessing which records are vital to the area to continue its operations with minimal impact (obviously after resumption of business can be commenced).

Using the guide above in 'What is a Vital Record' areas need to establish a list of records they consider to be vital records.

Once all vital records have been identified areas should then identify if they are the only copies of those records in existence. If they are then this will deem these records as not only vital but critical in the fact that if destroyed they could not easily (or maybe not ever) be replaced and would result in significant impact on the area to conduct its business.

The area then needs to think about what possible disasters could occur, basically the risks the records could face, such as fire, flooding, earthquake, damage to media and so on. When thinking about possible risks look at events of the past, has any disasters previously occurred, such as hard disk crash, fire, etc as they can lead you to create a list of possible incidents that can be used to capture all possible risks your records could face.

Areas must then decide how they will reduce this critical risk; these may include making copies of all vital records and storing them in another location, or microfiche these records, or scanning them or whatever other means may be available so that those records, if destroyed, could be reproduced in some other way to continue on with business. Those copies obviously should not be stored locally; they should be stored off site and in a secure location, simply placed there in the event a disaster may occur. Hopefully they will never be needed, but if they are then the area has the ability to recall those records from the stored location and begin the resumption of business.

Accessibility to vital records also needs to be considered, original records should be less accessible, copies should be made of originals for general reference access so that if the reference copy gets tattered from over use, or even worse, lost, then the original still exists of which can be used to make a further copy. There are other security and access conditions that could be added, especially for digital data etc, such as alarm systems, secured locations, keypad entry only and other means. The level of access restrictions you place on your records depends on the level of criticality of the records being assessed.

The above may take some time to work out but it is by no means a waste of time, it is essential that all areas perform a risk analysis of its records and put into place a plan to restore the business functions of the area in the event a disaster did occur. There will be a cost associated in developing the plan in regard to the time for resources to develop it, but when measured against the time it would take for an area to recreate itself if all records were lost, the cost of developing the plan is very minimal in comparison.

From the above, areas should now have developed a risk assessment plan for their records by identify the records they consider to be vital and the various risks that could occur.

4. Preventative Action

The surest way of minimising a disaster is to tackle preventative action. As part of your risk assessment, a review of the location of the records and their storage areas should have also been completed and as part of that, potential risks should have been highlighted, for example, leaky pipes, checking power points and lighting, putting in place procedures for locking away important records and so on.

Once the risks have been identified, there may be ways to reduce those risks by doing some remedial action such as general repairs or installation of other means of backups etc for data held on computer systems. Whatever method is used it should result in minimising the risk and putting in place some preventative measures for possible disasters in the future.

Obviously not all risks can be rectified with the fixing or purchasing of something, some risks are out of your control and these are the ones we cannot really plan for except for ensuring we have backup copies of records stored elsewhere in the event such a catastrophic or major disaster did occur.

5. Restoration

Firstly if you have not done a backup or stored your records at a separate location this is not going to help you, as you will have nothing to restore, but for those that did note the warnings above, please read on.

For paper records the restoring of records that have been damaged is fairly simply, it is usually just a case of taking a copy of the backup records, or the originals if they have been stored elsewhere and then putting them back into the office file system for normal use. This sounds simple but it also depends on how the records were stored, i.e. are they stored in the same why that the ones in the office are used, if so then all will be fine. However if they are not, then there may be a need to recreate office files from the backed up copies/originals.

A common fault of most areas in disaster planning is a file list; all areas should maintain and save a copy elsewhere of their file list so that in the event of a disaster the files can be fairly quickly recreated as they were when in use. The file list should be updated at least monthly to the other location.

Data recovery can also be quite simply, simply hit the restore button and off you go, but what if the media that the backup is stored on is corrupt, or the backup data is corrupt on the media, or even the media the backup is on is so old that there are no machines that can read it. These are all things that need to be taken into consideration for restoration. Backups for example are required to be done, but after backups are conducted a periodical test restore should be done to ensure the data is restorable, if not then a further backup needs to be done.

Most IT support areas will be able to help areas on deciding where to backup your information to, be that a network drive, a CD, or other medium, please contact your local IT support for assistance. Also ask the IT area about incremental backups which means not one copy is made but several backups are made over a time period, for example you may choose to backup every day with a new set of media for each day, and then once per week and then once per month. The idea here is that if the previous days backup is corrupt you then go to the day before and so on until you have the most current available restorable backup. Again ask your IT support staff for assistance.

Recovery does not only mean the records, you need the relevant personnel to help you recover the area where the records are to be restored, such as the building, office computers, servers or whatever else you store your records on. Therefore within your plan you will need to assign responsibilities and request assistance and probably leave a copy of your plan with the relevant staff for reference in the event a disaster did occur. This may include staff from Properties for the building, IT staff for the computers, and Administrative staff for the files and so on. Whoever is involved to assist you in restoring your records, data etc, they must be involved in the process of developing your disaster management plan, otherwise they may be unaware of their responsibilities.

6. The Disaster Plan

This is the document that will define the roles and responsibilities of staff, what other resources you will require, the location of backups, how the plan is to be implemented and so on, as a guide the following steps are provided that should be documented to formulate your plan.

Step	Action
Identify what records you manage (electronic and paper)	Conduct a survey of records managed and maintain a complete file list. A copy of the file list should be retained or backed up at another location
Identify your vital records (electronic and paper)	Determine which records are vital to the area and if lost or unusable could result in the area not being able to function or provide its services, this also includes where the records would result in significant costs to restore due to their uniqueness.
Identify the risks	Refer to the risk assessment section above
Identify any remedial or prevention action	Refer to the preventative action section above
Identify alternative storage facilities	Review existing storage facilities and identify if they are secure and will inhibit loss or damage. Identify an alternative location for storage of vital records and computer backups.
Define roles and responsibilities	Establish a group of staff contacts to assist with the restoration (also assign the duties of maintaining the plan so that it is up to date at all times) Determine who will be responsible for the various aspects of the plan and who to contact for assistance in restoring an area after a disaster Determine who will be responsible for reviewing the disaster plan at least quarterly to ensure it is up to date with contact details, change of locations etc. Develop a contact list
Develop a list of emergency contacts, fire, police, hospitals, properties, security etc.	Develop the contacts list of emergency numbers, e.g. Police. Fire, SES etc
Prepare a disaster bin	Acquire tools and other supplies to be used in small disasters such as leaky pipes, small fires etc, this may include certain tools, gloves, masks, fire extinguisher, fire blanket etc. Ensure disaster bin is easily accessible and al staff are aware of its location.
Draw up an action plan	Develop a short one page plan that contains many of the details in the above such as contact numbers both internal and external, and develop a step by step list of actions for staff to follow in case of a disaster or emergency and circulate that plan to every staff member within the area.

7. Contacts

IT Support

Please contact your local IT Support Helpdesk for backup and restore assistance.

The Records and Archives Office can be contacted during business hours in the following ways:

Telephone: 9266 7050
Facsimile: 9266 2255
Email: records@curtin.edu.au

---

Look ever forward
To report errors on this website please contact: Records and Archives Office
Copyright and Disclaimer

CRICOS provider code 00301J (WA), 02637B (NSW)