Records Management in Schools: Risk and disaster recovery

Neil Maude

Neil joined the Arena Group in 2006 and has almost 20 years of experience in the electronic document management industry, working with both private and public sector customers. Neil sits on Arena’s board of directors and manages the delivery operations of Arena’s EDM business. His team spend their time developing software, implementing solutions for customers and providing after-sales software support services, both in the UK and internationally.

Follow @ArenaGroup

Website: www.arenagroup.net Email This email address is being protected from spambots. You need JavaScript enabled to view it.

The IRMS curates a regularly updated toolkit to assist UK public sector schools in their compliance with the Freedom of Information Act (2000). Arena Group's Neil Maude has written for us a series of articles looking at the practical application of its key principles. In Part 6, Neil looks at disaster recovery planning and risk mitigation.

The 7th principle of the Data Protection Act (1998) is quite clear on the obligations with regard to data security and risk: "Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

The IRMS Toolkit makes the very valid point that: "In the event of a major incident, your school should be able to stay open and will at least have access to its key administrative and teaching records."

Clearly, compliance with this legislation requires on-going management of the risks to your information stores and how these risks will be mitigated.

These obligations can be covered by appropriate use of technology, but only once the underlying business needs have been appraised. A first step is an information audit, as described in a previous article in this series, upon which risk assessments and mitigation plans can be created.

Risk assessment

Step 1: Three important questions

A good place to start with risk analysis is to look at each type of information identified in the information audit with three questions in mind:

1. Event: What might happen to this information? Think about how the information is stored. Could it be lost or destroyed in its current form (is paper at risk of fire or flood; could electronic files be lost if the server crashes)? How might the information 'leak' out of the organisation (theft, USB stick loss, unauthorised disclosure, e-mail to the wrong person)? This question should identify a number of risks against each specific piece of information.

2. Probability: How likely is this to actually happen? For example, a fire is a fairly unlikely risk. However, if you store data on USB disks, it is fairly likely that someone will lose one.

3. Impact: What would be the impact? Some risks have bigger impacts than others. If you can’t locate a permission slip, then you can ask for another to be created – a low impact event. However, if someone has left an SEN file on the bus, that’s a serious problem.

Step 2: Plot your risk priorities

When you have this information, categorise each event by its probability and impact (low, medium or high) and plot each event onto a grid with probability on the x-axis and impact on the y-axis. Key issues will appear in the top-right, giving you a good appreciation of your risk priorities and where to start.

Take care not to neglect events which may be unlikely but would have a very serious impact; these “Black Swan” events will still need some thought, prevention and possibly even a coping strategy.

Step 3: Mitigation plans

The next step is to consider risk mitigation – what can you do about some of these risks to reduce their impact or remove them altogether?

The IRMS toolkit describes a number of mitigations to general IT risks including off-site and secure backups, password policies and having no fragile or sensitive data stored on local PCs or laptops. This is all essential.

The Toolkit also discusses the risks associated with loss of paper documents in a flood or fire and the benefits of metal cabinets over open shelves, as well as the need for auditing of paper file locations and clear desk policies. These are, again, all essential if using paper files – but these steps only mitigate the risks, rather than removing them.

The application of an appropriate Electronic Document Management System (EDMS) can remove the risks to physical paperwork, by removing it, and placing the information archive into the protection of IT mitigation procedures. If this is done, information stores such as pupil files are covered by the same processes and policies as any other IT backup – greatly reducing risks and saving time by covering a multitude of risks together. An EDMS can also provide access security and auditing, thereby removing many information leakage risks.

Continuity planning

Having undertaken a risk management exercise, determined impacts and mitigated as much as possible, the next step is to compile a list of actions which will be taken should the worst happen – and in what timeframes.

Again, this builds on the information audit and the key question is how quickly does each classification of information need to be made available again? Once this is understood, the order of restoring IT systems (typically) can be defined – and then this should be subject to some real-world thinking as to whether it is practical. For example, if a file server contains information which is required to be made available within 24 hours of a server failure, can the backup be restored to a spare server or does a new server need to be procured?

If a new server is required – maybe the spare server is also likely to be destroyed? – then there needs to be a plan for how this will be achieved to meet the overall elapsed time requirement.

Test, test and test again…

A continuity plan is something you hope never to need. But it must be tested – and that testing should be regularly repeated. Without testing, you have no assurance that the plan is complete, actionable and up-to-date. This can be a painful and time-consuming process but it’s just not possible to write a plan which is error-free, and you don’t want to meet the problems when you are already in the midst of a crisis.

When the worst happens

Sadly, we have seen cases where large amounts of paper documents have been lost. Examples include fires destroying buildings used for information storage, floods wiping out basement archives and even leaky roofs causing irreparable damage. We’ve also seen a surprising number of servers lost without an up-to-date backup being available. In most of these cases, a major impact has been suffered because a thorough risk assessment and/or regular process checking were not done. Having said this, some events were acknowledged as low-probability/high-impact risks against which the organisation had taken a conscious and calculated risk.

The IRMS toolkit states that an individual should be appointed as the "named member of staff to liaise with the Information Commissioner’s Office in the event that a major information breach needs to be reported". We hope that by following these guidelines, and by using appropriate technology, this named person will have no need to speak to the ICO!

This concludes the series on the IRMS toolkit for schools, we hope you’ve enjoyed these articles and if you have any questions please do get in touch.

 

Read More

Sign up to our newsletter

Get the best of Innovate My School, straight to your inbox.

What are you interested in?

By signing up you agree to our Terms & Conditions and Privacy Policy.

1,300+ guest writers.
2,500+
ideas & stories. 
Share yours.

In order to make our website better for you, we use cookies!

Some firefox users may experience missing content, to fix this, click the shield in the top left and "disable tracking protection"