Print

Print


On 7/12/07, R Weinholdt <[log in to unmask]> wrote:
>
> Has anyone ever done a risk assessment for their records management
> program
> other than for vital records. I was wondering which areas of a records
> management program risk was assessed against. An example that I can think
> of
> is Records Retention Schedules. If an organization doesn't have any then
> there is a certain risk associated with that. Are there others.


Rick-

One of the greatest risks I'm aware of is the improper level of protection
being provided to information assets while in storage and transport. This is
true for both paper based and electronic forms of information.

Many RIMs either fail to properly assess the risks inherent to improper
construction, insufficient fire protection, lack of environmental controls,
exposure to outside possible threats (adjacent businesses or other
elements), delivery vehicles not properly suited to prevent damage to, or
loss of, assets, etc.   Few RIMS are aware of NFPA232 requirements, or have
ever asked whether a storage facility has been inspected by a registered
fire engineer, if there is an emergency protection plan, and how often it's
exercised.

Another major risk is related to exposure of privacy or otherwise protected
information while in storage. This also applies to paper based and even more
to electronic forms of information.  Most firms should ensure a Business
Associates Agreement exists when information is stored commercially, and
should also have a practice in place if records are stored internally to
ensure privacy is protected.  When it comes to electronic information, its
critical to ensure YOUR information isn't stored with the information of
others in a commingled manner on common servers, or streamed on common tapes
or discs.

Finally, I'd suggest that the inability to effectively train employees or
apply consistent practices to the management of records across an
organization to avoid early destruction of information assets, apply legal
holds, or ensure long-term access to information stored in proprietary
formats or on media that can become obsolete.

Larry

-- 
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]