Gary, I thought you discussion spurred three great replies.

> the methods of protection for records designated as such: duplication, dispersal, off-site storage, and on-site protection.
> the organization employs replication technology as part of its DR plan, and all electronic records are included in this system.
> And what additional measures would you take to segregate and further protect this subset of electronic records on your system from those that are already being done? (remember, 
> don't leave the scenario)

How do you define on-site protection?  

You are defining a perfect world and that does not happen with electronic records. The Bit Error Rate for online systems is a fact of life and assuming that errors won’t happen is flaw number one.

As we have discussed many times; migration of records from platform to platform is not done well over time.  On my computer, my drawing software stopped being supported by the manufacturer and on one of the upgrades I found I could not open any of my drawings.

Luckily I kept an older computer offline and it never knew the software was updated and I could migrate them but if I had all of my computers online I would have been crushed. 

Electronic records are full of these land mines. “Ransomware" is another flaw that affects all of the electronic versions both onsite and the back up. RAID 5 means you now have five versions of encrypted files none of which are readable.

An EMP attack has the ability to destroy all of the hardware and software unless the Server Room is in a shielded environment.  For some reason I keep having to address that with clients. I don’t know where that is coming from but EMP moving into the practical spectrum this is making management aware that pure electronic records platforms are dangerous due to the various threats that are developing as new on the horizon.

You describe a world of perfect performance but in the real world Perfect Storms exist. During Sandy, power went down, the internet went down, Verizon went down, delivery vehicles with the back up tapes could not make their rounds and gas was not available. Fuel Service providers to  keep the data centers back up generators running could not be called to make deliveries because the phone lines were down.  Data Centers ground to a halt and the Cloud was a huge failure during that time according to one medical organization.

So multiple fuel sources for your generators ( natural gas piped in and oil in tanks) and the home addresses of the drivers who make the deliveries.  A Disaster Recovery relationship with a helicopter service to deliver tapes if flooding or snow storms or government directive to stay off the roads. Or keep a second set of tapes in walking distance from your data center.

If solar flares and EMP is a concern then magnetically shield your server rooms and tape storage vaults. And archive original copies of software and hardware to run that software available during any migration so vital records are not left behind.

To me the biggest change from 1980 to now is that records managers kept their vital records in vaults and in a format that did not have enemies. Accidental catastrophe was the main threat but today joy riding mean spirited hackers, industrial espionage experts and foreign governments are targeting any and all data as they find value in all of it. Every file you has a value to someone and the number of threats is growing. And security is reactionary so the threat matrix is always ahead of the curve as it is proactive destruction and sabotage.

How do you define on-site protection?   I would define it as shielded and fire proof Class 125 server vaults and Class 125 shielded media vaults designed and located to deal with the environmental threats you could expect:  flooding, earthquakes, rioting, civil unrest, government shutdowns, tornados, hurricanes, snow storms, long term power outages. And staff with no family; that will show up for work even if their own home is being threatened by the upcoming catastrophe and their only concern is keeping your data center running.  (Because they found that the concept of running the data centers remotely quickly broke down.)  And Fathers and Mothers will not leave their family at risk in a catastrophe.

I have heard many Disaster Recovery experts and IT Managers speak at conferences (Most were unemployed at the time.) and; they consistently describe a cascade of events that became their perfect storm.

I think the perfect plan, in your perfect world scenario, calls for a level whereby the company simply shutting down for a period of time is part of the plan. If that level is in your plan then you have a perfect plan. 

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134

List archives at
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]