Emergency Preparedness
for Government Records
Texas State Library and Archives Commission
State and Local Records Management Division
P.O. Box 12927, Austin, TX 78711-2927
(512) 463-7610 | slrminfo@tsl.state.tx.us
www.tsl.state.tx.us/slrm/
Agenda





Records emergencies in Texas
Records management basics
Legal obligations
Essential records – how to identify, protect, and ensure
access
Records emergency planning and response – how to
prepare for and recover from a records emergency
Government Record



Created or received by a local government, officer, or
employee in transaction of public business; or by or on
behalf of a state agency or an elected state official
documenting activities in the conduct of state business or
use of public resources
Any medium – paper, letter, book, map, photograph, audio,
video, microform, magnetic tape, electronic
Open or confidential information
Does not include the following:





Convenience copies
Copies of documents furnished to the public (Public
Information Act)
Blank forms/stocks of publications
Library or museum materials
Alternative Dispute Resolution working files
Records Emergencies in Texas
Tornadoes
Photo: Associated Press
March 2000 (Fort Worth)
Tornadoes
Photo: Associated Press
May 27, 1997 (Cedar Park)
Wildfires
Photo: Associated Press
December 26, 2005 - April 1, 2006 (Northeastern Panhandle)
Wildfires
Photo: Victoria Yarbrough
September 4 – October 10, 2011 (Bastrop County)
Floods
Photo: Texas State Library and Archives
Commission / Steve Drake
Severe storms, flooding across 29 counties, 2002 (Bexar County)
Tropical Storms
Photo: Houston Chronicle / Dr. Neil Frank
Tropical Storm Allison, June 2001 (Houston)
Hurricanes
Photo: Mark Wilson/Getty Images North America
Hurricane Ike, 2008 (Galveston)
Courthouse Fires
Photo: Texas Association of Counties
Newton County (2000)
Power Outages
Photo: EPA/Bob Pearson
Hurricane Dolly, July 2008 (South Padre Island)
Security Breaches


Hackers:
 University of Texas at Arlington – prescription records & SSNs of
27,000 individuals potentially exposed to unauthorized source
 Houston teenager hacked into protected computers of federal
agencies (White House, U.S. Army), a community college, & large
telecommunications firms – estimated $1.5 million in damages
Computer Virus:
 Texas Tech Health Sciences Center website down 24 hours due to
virus that slipped past anti-virus software
The Basics





Information is an asset
Risks related to emergencies
Emergencies are not the same for everyone
Active records management is crucial
Routine disposition
Emergencies

Natural



Technological



Hurricanes
Floods
Building or equipment failures
Electrical malfunctions
Civil



Arson
Vandalism
Terrorism
Legal Obligations

Local governments’ duties:

Essential records program


State agencies’ duties:

Local Government Code,
Chapter 203.021(5)
Emergency management
program


Government Code, Chapter
418 (Texas Disaster Act of
1975)
Vital records program


Government Code, Chapter
441.183(4)
Emergency management
program

Government Code, Chapter
418 (Texas Disaster Act of
1975)
Continuity of Operations (COOP)
The 11 elements of viable COOP capability:











Essential functions
Vital (Essential) records
Orders of succession
Delegations of authority
Alternate facilities
Interoperable communications
Human capital
Tests, training, and exercises
Devolution
Reconstitution
Written COOP Plan
Essential Records
Essential Records




Definition
How to identify
How to protect
How to ensure access in the event of an emergency
What are Essential Records?

Records that are needed to:



Resume or continue operations
Re-create legal and financial status
Protect and fulfill obligations to the people of the state
Local Government Code, Section 201.003(5)
Resume or Continue Operations

Examples:





Delegations of authority
Rules, policies, and procedures
Prison, jail, and parole records
Maps and building plans (as-built plans)
Emergency or COOP plan
Re-create Legal and Financial Status

Examples:




Contracts and leases
Accounts receivable / payable
Insurance records
Payroll
Protect & Fulfill Obligations to the
People of the State

Examples:




Deeds, mortgages, land records
Birth and marriage records
Active court proceedings
Voting records
Birth records, Brownsville City Hall storage vault
How To Identify Essential Records


Need to differentiate
essential records from
other records
Less than 5% of all
government records are
essential
How To Identify Your Essential Records

Factors to consider:
1.Your essential functions
2.Your records
3.Your stakeholders
4. Relevant statutes, regulations, and standards
1. Essential Functions

During an emergency, essential functions:





Provide vital services
Exercise civil authority
Maintain safety and well-being of the general population
Sustain the jurisdiction’s industrial economic base
Must continue under all circumstances
Determining Essential Functions

Analyze your business functions:




What business functions must you continue to perform?
Which of those functions are performed only by you?
Is there any alternative method of carrying out those
functions?
All remaining functions are your essential functions
2. Your Records



Importance of a good records management program
Records inventories
Records retention schedules
3. Stakeholders

Know your stakeholders



Who depends on you?
Who provides mission-critical support?
Interview stakeholders


What if you didn’t have access to that information for
24 hours or longer?
How long could you operate without those records?
4. Relevant Statutes, Regulations and
Standards



Statutes and ordinances that apply to your organization
Regulations issued by state and local governments
Standards from federal agencies and national
organizations
Photo: Ross Tuckerman/AFP/Getty Images
How To Protect Essential Records


Identify and evaluate hazards and risks
Determine and evaluate preparedness and mitigation
measures
Identify and Evaluate Hazards and Risks


Hazard
Risk
Pipes over filing cabinets = HAZARD
Wet records = RISK
Risk Assessment Techniques



Expert interviews
Brainstorming – “What if?”
Site survey
Site Survey





Environmental
Physical
Personnel
Information security
Preparedness
Above: Boxcar storage: environmental and
physical risks
Left: Restricted access areas on the computer
network improve information security
Risk Analysis
1.
2.
3.
Establish rating system
Rate your risks
Evaluate your findings
1. Establish Rating System


Probability rating
Impact rating
RISK ANALYSIS RATING SYSTEM
High
Impact of Risk
Medium
Low
Catastrophic impact;
devastating loss
Catastrophic impact;
devastating loss
Catastrophic impact;
devastating loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Serious/critical impact;
significant loss
Serious/critical impact;
significant loss
Serious/critical impact;
significant loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Minor/marginal impact;
some loss
Minor/marginal impact;
some loss
Minor/marginal impact;
some loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Low
Medium
Probability of Risk
High
2. Rate Your Risks


Rate each risk identified
Examples:



Water damage
Theft
Mold and mildew
IDENTIFIED RISK
1. Water damage due to pipe leak in
PROBABILITY
IMPACT
High
High
Low
High
Medium
Medium
records storage area
2. Theft of records due to unsecure vault
door
3. Mold due to temperature and humidity—
unstable environment
3. Evaluate Your Findings
Determine your threshold for action
=Action
RISK ANALYSIS RATING SYSTEM
High
Impact of Risk

Medium
Low
Catastrophic impact;
devastating loss
Catastrophic impact;
devastating loss
Catastrophic impact;
devastating loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Serious/critical impact;
significant loss
Serious/critical impact;
significant loss
Serious/critical impact;
significant loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Minor/marginal impact;
some loss
Minor/marginal impact;
some loss
Minor/marginal impact;
some loss
The incident has little
chance of occurring.
Similar incidents have
occurred in the past.
The incident is expected
to occur.
Low
Medium
Probability of Risk
High
Preparedness and Mitigation Measures






On-site protection
Dispersal
Evacuation
Tape backup
Data replication
Mirroring
Image: “The History of Tape
Storage” http://flic.kr/p/4HYNgX
How To Ensure Access to Essential Records


Prioritize access
Develop procedures
Prioritize Access

Based on the type of essential record:
Priority 1:
First 0-12
hours
• Emergency and/or COOP plans
• Maps and building plans
• Delegations of authority
Priority 2:
First 12-72
hours
• Active court proceedings
• Bail bond forfeitures
• Contracts & leases
Priority 3:
After first 72
hours
• Inactive case papers
• Historical photographs
• Medical records
Access Priorities
LEVEL
DEFINITION
ACCESS
Priority 1
Records essential for
response and
emergency operations
and therefore needed
immediately
Priority 2
Records essential for
quick resumption and
continuation of
business following an
emergency
Physical protective storage is
close to disaster response
site for immediate access.
Electronic replication
methods are available for
immediate access
of information on 24-hour
availability.
Physical protective storage is
close to disaster recovery
site for quick business
resumption. Electronic
methods are quickly
accessible, and backups can
be quickly restored.
Priority 3
Records needed to
Physical protective storage is
continue essential
accessible and outside of the
functions if normal
disaster area.
agency information
were unavailable for a
prolonged period
EXAMPLES
Emergency action plan
Business continuity plan
Vital records manual
Current facility drawings
Personnel security
clearance files
Current client files
In-progress Accounts
Payable and Accounts
Receivable
Research documentation
Current contracts and
agreements
Accounts Payable and
Accounts Receivable files
Existing contracts and
agreements
Unaudited financial records
TIMEFRAME
FOR ACCESS
Within the first
0–12 hours
Within the first
12–72 hours
After the first
72 hours
Procedures to Ensure Access

Cycling



Periodically replacing or updating copies of essential records
Develop duplication schedule
Documenting



Policies
Delegations of authority
Responsibilities
Photo: AP/Roswell Daily Record, Mark Wilson
Records Emergency Planning
and Response
Records Emergency Action Plan (REAP)


Outlines the information and actions needed to respond
to and recover from a records emergency
Purpose is to prevent the following:



Loss of records and information
Costly salvage of records and information
Delay in restoring critical business functions
What is a REAP?


REAP is part of larger emergency plan (e.g., COOP)
Portion of an emergency plan that addresses records
Components of a REAP






Introduction
Policy statement
Responsibilities and
authorities
Communication plan
Locations of essential
records
Records salvage
priorities





Supplies
Vendors and suppliers
Facility information
Preparedness, response,
and recovery procedures
Training, testing, and
updating
Photo: AP/The Forum, Dave Samson
How to Respond to a Records Emergency



Assess the damage to records
Determine response priorities
Implement the response
Assess the Damage to Records



Determine nature and severity of the damage
Document volume and extent of damage
Identify which records are affected
vs.
Determine Response Priorities



Use the salvage priorities specified in your REAP
Recover essential records and valuable records first
Must also be concerned with all records at the damage
site
Implement the Response


First priority – personal health and safety
Second priority – security and privacy
Implement the Response

Initial action steps




Cover materials
Remove standing water
Stabilize temperature and humidity
Use fans to circulate air
Image: Contaminated records, soaked by a burst pipe
in a storage area, are wrapped in plastic while
awaiting transfer to a recovery area.
How to Recover from a Records Emergency




Water damage – most common
Set up recovery area
Common drying methods
Records beyond salvage
Set Up Recovery Area





Large enough to accommodate
several tables
Good air circulation
Securable
Access to clean water
Environmental controls
Common Drying Methods




Vacuum/Freeze-Drying
Dessicant Drying
Air Drying
Cryogenic Drying
Records Beyond Salvage

Identify destroyed records

Document damage
Library fire (Plymouth Public Library, UK): papers
destroyed by fire, August 20, 2008. Source:
http://flickr.com/photos/plymouthlibraries/2781744496/
Summary







Local governments and state agencies have legal obligation
to protect their records
Important to have active records management
Think of potential risks to your records posed by different
hazards and emergencies
Assess and analyze risks to your records
Consider your options well in advance
Be a prudent “prospector” when identifying your essential
functions
Determine access priority before an incident occurs
Back at the Office




Start communication between records management and
emergency management personnel
Identify essential functions and essential records
Ensure essential records are backed up and stored off-site
Start developing a Records Emergency Action Plan
(REAP)
TSLAC Resources

E-mail us


Call us


http://www.tsl.state.tx.us/slrm
Blog


(512) 463-7610
Website


slrminfo@tsl.state.tx.us
http://www.tsl.state.tx.us/slrm/blog
Discussion list


http://lists.tsl.state.tx.us/mailman/listinfo/tx-rml
http://lists.tsl.state.tx.us/mailman/listinfo/tx-rms
Questions?
Texas State Library and Archives Commission
State and Local Records Management Division
P.O. Box 12927, Austin, Texas 78711-2927
(512) 463-7610 | slrminfo@tsl.state.tx.us