This chapter covers this essential component of the counter disaster plan, the identification and protection of vital records.
Vital records are records, in any format, which contain information essential to the survival of an organisation. If a vital record is lost, damaged, destroyed or otherwise unavailable, the loss is a disaster, affecting critical operations. Vital records should be the main priorities for recovery and salvage efforts when a disaster occurs.
The Australian Standard AS 4390-1996, Records Management notes that vital records include records that are needed to:
- operate the organisation during a disaster
- re-establish the organisation's functions after a disaster, or
- establish and protect the rights and interests of the organisation and its clients.
Vital records usually constitute a small percentage of records created by an organisation, normally 5%, however the range can vary from 3% to 10%. Depending on the business of the organisation, vital records might include:
- contracts/agreements that prove ownership of property, equipment, vehicles, products
- records about the operation of the agency, such as current or unaudited accounting and tax records, current personnel and payroll records
- current client files, and
- standard operating procedures.
Vital records in NSW public offices also include:
- control documentation (registers, indexes, metadata repositories) for the public office's records and recordkeeping systems
- data critical to the reconstitution of the public office's electronic records, and
- State archives in the public office's custody, along with classes of records that are required to be kept as State archives under a retention and disposal authority.
For State collecting institutions, vital records include registration and control documentation for their collections.
A vital records program should be established within each public office's counter disaster plan. The program includes the policies, plans and procedures developed and implemented and the resources needed to identify, use, and protect vital records. The aims of the program are to
'provide an agency with the information it needs to conduct its business under other than normal operating conditions and to resume normal business afterward….the program enables [an] agency … to identify and protect the most important records dealing with the legal and financial rights both of the agency and of persons directly affected by the agency's actions.'
The first phase in protecting vital records is to identify what is 'vital' to the organisation. Remember to assess all records, including electronic records.
There are a number of strategies which can be used to identify vital records:
- assessing business continuity and resumption planning strategies, as some records will have been identified as essential in restoring critical functions
- assessing risk assessments, as some records will have been identified as essential or critical
- assessing organisational charts and related documentation to identify functions that are vital to the organisation
- assessing functions and records as part of the process of preparing retention and disposal authorities or co-ordinating retention-oriented management actions for records in any format, and
- reviewing organisational documentation.
Step B of Strategies for Documenting Government Business: the DIRKS manual provides detailed information on identifying functions.
Once functions are identified, each must be analysed by the project teams to determine what records are:
- vital records: those records which are irreplaceable and mission-critical.
- important records: those records which are not irreplaceable but could be reproduced only at considerable expense, time and labour
- useful records: those records which, if lost, will cause some inconvenience but could be readily replaced, and
- non-essential records: those records which are listed in disposal authorities for routine destruction.
To validate the classifications, personnel responsible for the vital records program should interview program managers and personnel who create records. It is important to remember, however, that most program managers think that most of their records are vital. It is also important to apply good risk management principles when determining what records should be classified as vital by the public office.
Vital records may also be identified by reviewing
- existing emergency plans and priority lists
- documentation created for contingency planning and risk assessment
- agency statutory and regulatory responsibilities
- functional/organisation charts
- retention and disposal authorities, and
- current file plans.
Another approach to identifying vital records may be to take 'a layered approach', particularly for larger public offices. Such an approach allows project teams to consider the organisation as a corporate entity, and then to consider recordkeeping systems in other branches or divisions of the organisation. It is quite possible that such an approach will reveal the records vital to operate and re-establish the organisation after a disaster, and those records which are vital to a particular section of the organisation.
Once identified, vital records must be listed. Lists should include the following:
- an identification number for each type of record
- the name of the area responsible for record series or the electronic recordkeeping system containing vital records
- the title of the series or electronic recordkeeping system
- an indication as to why it is considered vital
- the record format (is it paper or electronic, or another format?)
- all physical locations of originals and duplicates, and
- the frequency of update.
Other information may include:
- the amount of reference activity and frequency
- existing records protection, such as the storage equipment used
- the cost of records protection (this may be initial, annual maintenance and total costs)
- the consequences of loss to the organisation
- how vital records are transported between the public office's locations, and
- when records are to be transferred to secondary storage or destroyed.
Taking a university as an example, there could be two basic categories of records regarded as vital:
- those which allow the protection of the rights of individuals, and
- those which allow the protection of the university's rights, assets, and the execution of its educational obligations.
The first group of records may include current payroll records necessary to pay employees, master academic records that show the completion of work, and employee service records for the protection of tenure and retirement.
The second group of records may include drawings and specifications required to maintain and repair university facilities, records necessary to establish the university's ownership of buildings, equipment, land, patent license agreements, research contracts, legal records that prove the university's stand on a particular issue in dispute, along with fiscal records that support the university's financial standings (accounts receivable or general ledgers).
The above examples are meant as a guide only as the identification of vital records can only be established by the judgement of the university using the appropriate identification criteria and seeking the contributions of the 'owners' and users of the records. Also depending on the university and its activities, more records categories could be designated as vital. This will involve reviewing the many types of records that are of great importance, aid the conduct of business, or have historic meaning to assess whether they are of vital importance.
Once identified, vital records then need to be protected through the inclusion of strategies within the counter disaster plan. This planning:
- ensures that emergency operating records vital to the continuity of essential business activities during a disaster will be available at relocation sites in the event that those sites are activated during emergency event
- safeguards rights and interests through the preservation of records essential to the legal rights and interests of individual citizens and the New South Wales government
- ensures that vital records are evaluated on the basis of their adequacy in facilitating emergency operations or in protecting the rights and interests of citizens and the Government
- employs control techniques to ensure that needed records are available at relocation sites
- ensures that records will be easily retrievable and maintained in usable condition
- ensures that the necessary finding aids are available at the sites, and
- ensures that a current inventory of records located at the sites is readily accessible.
Protecting vital records should cover both:
- measures to prevent or minimise the impact of a disaster event, and
- recovery and restoration measures if a disaster does occur.
5.2.1 Preventative measures
There are a number of possible preventative strategies. Each preventative measure should be evaluated to ensure that it is viable and cost effective for the public office. Public offices may choose to use a range of strategies depending upon the types of records formats that they need to protect. For example, it may be feasible to store vital paper records in a fireproof safe within a storage facility that has high levels of fire and security protection. Alternatively, a public office which has State archives in its custody and possession may choose to transfer these vital records to State Records' custody and protection when no longer required for business purposes.
Specific protection strategies for vital records may include:
- duplication and dispersal
- ensuring high levels of fire and security protection in storage containers and spaces, ie on-site and off-site storage
- establishing procedures for managing critical work in progress which may not be backed up or is located outside of storage facilities.
Duplication and dispersal means creating duplicate copies of records and storing these in secondary locations. If the public office is duplicating records, such as board papers, it may be economical to duplicate the original medium to the same medium (eg. paper to paper, microfilm to microfilm), but considerations like the stability of the media and the cost of reproduction need to be taken into account. To maximise the cost benefit, public offices may wish to reproduce to a medium, such as microfilm, which can be used for other purposes besides protection. The costs of duplication and whether duplicates have the same legal value as the original also need to be considered.
When storing duplicates at another location, such as a branch of the organisation or a commercial storage facility, the public office must ensure that the duplicates are secure and accessible only to authorised persons. Dispersal should be regular, the storage location and conditions should afford adequate protection, and housings should be appropriate for the media. Special equipment required to read vital records should also be stored at the dispersal location or alternative sources of this equipment listed in the counter disaster plan.
On-site storage involves housing vital records in fire resistant housings or file rooms (vaults) with appropriate suppression systems and security. However, records may still be vulnerable if the site suffers damage.
If storing vital records off-site, the facility should be in a safe location at sufficient distance from the main office to be unaffected by the same disasters but close enough for the convenient delivery of records. Records should be housed appropriately, and locatable when required. Storage facilities should meet the requirements of the Standard on Physical Storage of State Records. The Australian Standard AS 4390, Records Management, Part 6, Storage, contains guidance on choosing storage options for records and what service contracts with storage service providers should contain. The publication by Ted Ling (see Bibliography) gives advice regarding the essential elements of purpose built archival repositories. Protective measures for electronic records involve similar measures. Specifically designed filing cabinets and vaults can be used to provide on-site protection for magnetic tapes and disks. For example, vital electronic records can be protected against theft and fire by storing them in fire resistant safes or vaults with combination locks. Remember, fire resistant cabinets for paper and microforms do not provide sufficient protection for magnetic tapes, disks and diskettes, since the ignition point of paper and microfilm is higher than magnetic media.
The most effective approach for electronic media, is to duplicate and store duplicates in secure off-site storage. The production of backup copies of essential files should be a routine operating procedure. There should be full backup, not just backups of files that have been modified. If necessary PCs should be backed up as well as networks and the duration of backup storage should be sufficient for organisational needs. Backup schedules should be established and rigidly enforced and audited and responsibilities should be assigned to appropriate employees. Backup procedures should not only apply to information on fixed magnetic drives, but also for magnetic tapes, optical media and other media, and backup media should satisfy the security and recoverability requirements for their applications.
There are various backup methods and these should be discussed with information technology specialists. For vital records protection, backups are typically made on media that can be removed and stored offsite. Those offsite storage facilities used should have storage suitable for electronic records.
Although backup schedules are recommended, they are not a comprehensive disaster prevention strategy. See section 5.2.3. Preventative measures should also extend to critical work in progress that may not be backed up every day or is sitting on desks, or placed in open shelving. All data is not always backed up or stored off-site. Which business units in the organisation have exposure in these areas? It is important to identify and prioritise critical work in progress and then establish procedures, such as 'clean desk policy' or additional safety measures to reduce exposure.
5.2.2. Recovery and restoration
To facilitate systematic vital records recovery, the vital records recovery plan, ie the list of all vital records, their locations, and the procedures for the recovery of these records should be included in the counter disaster plan for records and recordkeeping systems. The listing of all vital records should include the location of buildings and room locations, and floor plans. The list should also include safe and vault combinations, and location of keys to all cabinets or desks or containers that house vital records, all services (power, water etc.) and where they can be shut off in an emergency; evacuation routes for staff (and for records if necessary), and the location of emergency equipment. The vital recovery procedures should be written in a clear and concise language, easily understandable by non-technical staff. Backup copies of the vital records recovery plan should be stored off-site.
Another way of dealing with vital records would be to clearly mark them with highly visible signage, labels or insignia. There is, however, a risk involved in this, as special marking of records may allow intruders (potential thieves or vandals) the opportunity to identify and take or damage the organisation's most important records. This recommendation is meant in no way to contradict the use of the Blue Shield, the symbol specified in the 1954 Hague Convention on the Protection of Cultural Property in the Event of Armed Conflict for marking cultural heritage sites, cultural heritage properties, including archives. The procedures for the removal of vital records in the event of a disaster would include a tracking method, relocation destination, transportation arrangements, conservation vendor's 24-hour contact information, necessary clearances and permits, and internal or external personal assigned to accompany the records. Recommended handling and preservation techniques based on the media involved must also be identified. The officer in charge of this operation, and their 24-hour contact, must be detailed as well.
The vital records recovery strategy is founded on a detailed knowledge of the organisation's records holdings including every storage area in use, and of its contents and their nature, the location of vital records, and the level of information contained in finding aids or indexes.
Vital records must be prioritised for recovery and restoration purposes. Remember, there should be copies of the vital records recovery plan in the organisation's counter disaster plan!
5.2.3 Critical data protection
The recovery of data critical to an organisation's service delivery supports all the other logistics and strategies of the counter disaster plan. If data restoration does not occur then business processes involving electronic recordkeeping, electronic commerce, supply chain management, enterprise resource planning, multimedia products, or telecommunication applications, cannot be recovered.
Planning for critical data recovery ensures that copies of electronic datasets and their most current updates (whether in electronic form or as paper based input documents) are:
- available to the recovery effort
- not destroyed by the same disaster event that renders the workplace and business operations untenable
- stored in a safe location, preferably off-site
- able to be restored within a specific timeframe to an accessible form for processing by systems, networks, and end users, and
- those electronic records, which are required for organisational survival, contract commitments, and the conduct of business, are available.
Critical data includes all information files that provide inputs to, and in some cases, outputs from critical business applications identified in the risk analysis. These may include source documents that are coded or otherwise rendered machine-readable by system users. Produced reports and summaries may also be critical if they are auditable documents, or are used in the analysis of business trends, or are used by staff to carry out vital work (such as client account histories and shipping delivery records). Licensed programs and systems software plus their source codes and custom developed applications software, should also be earmarked for off-site storage. Software licenses and registration keys required to make software function and gain vendor support should also be included.
Data recovery planning must encompass all the areas where data is stored in the organisation such as the locations and usage characteristics of electronic files stored on PCs, server storage configurations, network storage measures, plus electronic and machine readable data. There may also be critical business information stored on paper, source documents or staff knowledge that make all data usable. This may extend the search of information storage repositories to safes, filing cabinets, microfiche and microfilm storage racks along with desk drawers. If the organisation has adopted electronic document management then these systems can be used to identify key documents for removal to off-site storage.
Developing a policy about data asset identification, classification, and backup requires a coordination of effort between the organisation's designated Disaster Management officer, IT Manager, business units, the Corporate Records Manager, and auditors. The Disaster Management officer may find that these other officers have already initiated data storage measures affording varying levels of records protection. These local strategies will have to be assessed in terms of their formal arrangements and documentation and then integrated into a consolidated off-site storage plan.
A source for this data planning would be the public office's information security policy developed through the Office of Information Technology Information Security Guidelines for New South Wales Government Agencies. These guidelines provide a generic framework to all New South Wales government agency personnel who are responsible for establishing, implementing or maintaining information security in their respective agencies. These guidelines also require information assets and their values along with any threats and vulnerabilities to be defined.
This section is designed to provide guidance on identifying and protecting vital records and how the requirements of the standard can be applied to a small public office. The tips, however, are not exhaustive in scope and must only be regarded as a starting point.
The small public office should refer to work undertaken in risk assessment, business continuity and resumption planning strategies as this work will have identified records as essential or critical in restoring critical functions of the organisation. Preparation of retention and disposal authorities also allows for the assessment of functions of the organisation and the records which document functions. If a function is identified as significant or critical, then the records pertaining to that function need to be assessed as to whether they are vital. For example if the function of the organisation is to register practitioners within a profession and this function is the most critical and important function of the organisation, then the record or roll of practitioners registered to practice would be a vital record.
It is also possible to refer to organisations similar to yours and compare listings of vital records. Have you identified similar functions as vital or are there differences? How has this other organisation protected its vital records?
For an administrative office if your initial estimate of your vital records is well outside the 3 to 10% range of your holdings, re-evaluate what has been designated vital. However, a counselling, medical, law enforcement or welfare office may have a higher proportion of active case files regarded as vital records.
Remember that vital records may be in any medium or format. They may be active or inactive. They may even be awaiting transfer as State archives.
- authorised to retrieve records (including security rated material)
- able to access storage areas (with keys, key cards, entry codes, emergency overrides or knowledge of release switches) and,
- able to use any equipment which is required to retrieve records (computers, microfilm equipment, ladders, trolleys, forklifts).
This section is designed to provide guidance on how identifying and protecting vital records and how the requirements of the standard can be applied to public offices with multiple locations. The concept of multiple locations can include central offices, their regional offices and/or local offices, or establishments within a particular region. The tips, however, are not exhaustive in scope and must only be regarded as a starting point.
It is advisable to consider taking a 'layered approach' to identifying and protecting vital records in organisations which have multiple locations. Such an approach would identify those records which are vital to the entire organisation and those records which are specific to an individual location.
As vital records occur across the organisation, activities to identify and protect vital records should be coordinated from the central office, however local knowledge and participation should be encouraged. Regional and local offices should be encouraged to identify vital records and suggest appropriate protection measures. Remember large-scale disasters will require a wide reaching and cohesive approach to protect vital records at multiple locations.
While overall coordination is necessary, the idea that the whole effort be completely designed by some central authority may lead to a flawed vital records program. This process would involve a joint effort to
- identify vital records along with the dependencies for critical data
- identify minimum resources and equipment configurations required to access/read vital records in various formats, and
- implement appropriate protection and recovery options.
Remember, work undertaken in risk assessment, business continuity and resumption planning strategies, and the assessment of functions of the organisation for the preparation of retention and disposal authorities will have identified records as essential or critical in restoring critical functions of the organisation.
Once vital records have been identified, special attention must be paid to identifying any current local methods that are being used to safeguard records against loss. The central office may find that the fear of potential loss has motivated 'owners' to develop their own strategies for safe storage of vital records. These strategies already afford varying degrees of vital records protection. To facilitate the security and recoverability of vital records, fireproof cabinets may have been purchased, local agreements may have been struck between a records administrator and a vendor who provides microfilming services or off-site storage facilities. Staff may have also come up with 'home-grown' strategies to safeguard records.
Discovering the extent of existing local strategies can be a challenging proposition for a head office. When local strategies are discovered, they need to be incorporated into the consolidated vital records program (if appropriate) and the designer of strategies recruited into assisting in identifying vital records or verifying verifying vital records work elsewhere in the public office.
 Australian Standard AS 4390-1996, Records Management, Part 6, Storage, Clause 6.1.2.
 Parker, Elizabeth Managing your organization’s records, Library Association Publishing, London 1999, p. 61.
 National Archives and Records Administration, Vital Records and Records Disaster Mitigation and Recovery: An Instructional Guide. An instructional guide. http://www.archives.gov/records-mgmt/vital-records/index.html
 W. Maedke, M. Robek and G.Brown, Information and Records Management, 2nd ed., Glencoe Publishing, California, 1981, p.98.
 Emergency Programme for the Protection of Vital Records in the Event of Armed Conflict – Guidelines developed by the International Council on Archives for UNESCO.
 Office of Information Technology, Information Security Guidelines for New South Wales Government Agencies, Part 1 – Information Security Risk Management, January 2001 http://www.oit.nsw.gov.au/Guidelines/Security_Part1.pdf