Search | Directories | Reference Tools
Emergency Management Banner 
Emergency Management Banner
UW Home > UWIN > Business Services > Records Management 




Inactive Records Storage
Using the Records Center
Records Retrieval
Interfiling
Disposition of Records
Shredding of Confidential Records


What's a Vital Record?
Why Are Vital Records so Important?
How Do You Identify a Vital Record?
How Do You Protect and Store a Vital Record?
Steps for Offices to Follow
Appendices


Why File Management?
File What?
Developing or Improving a Filing System
Purging
Maintaining a Filing System: Inactive Storage
Appendices

Balanced Scorecard

 

Vital Records: Appendix 5: Risk Assessment

Completing a Risk Assessment involves determining the probability of a particular disaster occurring in your office and the effects that disaster may have on the operations of your office or your records. A Risk Assessment also helps you determine which protection method is best for your records. Although this is largely an exercise in probability, since we never know what will happen, it will narrow the scope of protection methods and allow for some early disaster preparedness.

There are 3 basic steps to completing a risk assessment:

  • Identify the risks your office may encounter
  • Determine what level of impact the risk will have
  • Calculate the probability of that risk happening

First you will need to identify the 5-6 most important risks to your particular office. Not all offices are likely to face the same risks, although fire and water damage are the most common. For example, an office that deals in research may have the added risk of sabotage, whereas an office dealing strictly with technology and computers would have a far greater risk of losing information in a power outage.

After you have identified the top risk factors in your office, list the individuals who can help you with recovery from that risk. This could include maintenance staff, public affairs, security personnel, technical systems staff, etc. If no one in your office has the necessary skills, consider contracting the services of a vendor.

There are three categories of disasters:
Natural DisastersTechnical DisastersHuman Disasters
FloodingPower failureData entry error
FireHVAC failureImproper handling of sensitive data
EarthquakeMalfunction or failure of CPUUnauthorized access
Wind damageFailure of system softwareMalicious damage or destruction of data
Snow/ice stormFailure of application softwareRobbery/theft/burglery
Volcanic eruptionElectromagnetic interferenceBomb Threats
EpidemicExplosionStrikes/picketing
Vermin/insectsTelecommunications failureCivil disorder
HurricaneLoss of physical access to resourcesChemical spill
Gas leaksVandalism
Communications failureSabotage
Hazardous material
War

Second, you will need to determine the level of impact each disaster will have on your office and the ability of your office to continue operations. Use the below Impact Rating Scale to assist you with placing a numerical value to the level of impact. For example if you believe the risk will cause office operations to be interrupted for only 3 hours, then the Impact Rating would be given a 1.

  • 0 = no interruption in operations
  • 1 = interruption up to 8 hours
  • 2 = interruption for 8 - 48 hours
  • 3 = over 48 hours of interruption - relocation of operations necessary
Once you have determined the level of impact you will need to identify the probability of the disaster actually happening. In this area, flooding or earthquakes are very probable and would more than likely receive a rating of high (10 probability points), whereas hurricanes are very unlikely and would receive a probability of low (1 probability point). The below listed Probability Rating Scale should be used to determine the probability.

  • High = 10 points
  • Medium = 5 points
  • Low = 1 point
The last step is to determine the risk factor. This is done by taking the Impact Rating and multiplying it with the Probability Rating.

Impact RatingProbability RatingRisk Factor
(2)X(10)=(20)

The resulting sum will be your Risk Factor and can be used when you are determining methods of protection. If fire and water damage have high risk factors, look into the best protection methods from that sort of damage. If explosions are a high risk factor for your office, determine your protection methods (and we suggest off-site storage) based on that factor. If you have any questions regarding the risk factor or the risk assessment process overall, please contact Records Management Services at 543-6512.

If you are uncertain which types of disasters/risks may be prevalent in your area, the following questions may assist you in the identification of potential risks.

Climate
  • Is your area subject to extremes or to sudden changes in temperature and humidity? Which materials will be affected by changes?
  • How soon after failure of your heating or cooling system will the climate in your building exceed recommended environmental conditions?

Topography

  • Is your building situated by a lake, river or ocean? Is that body of water tidal?
  • Is your basement below water level or water table level?

Seismic Stability

  • Is your area subject to earthquakes? What sort of damage can occur in your office?
  • Is your area subject to volcanic action? What element of a volcanic explosion is most likely to effect you?

Building Structure

  • What are the structural materials?
  • Does the building have a flat roof, skylights, roof access doors, or internal roof drains?
  • Are there water/sewer pipes running through storage areas?

Hazardous Materials

  • Are hazardous materials such as gas cylinders, solvents, paints, etc. stored in the building?
  • Have potential hazards such as live ammunition, poisonous/flammable/reactive chemicals, etc. been removed from collections?