Completing a Risk Assessment involves determining the probability of a particular disaster occurring in your office and the effects that the disaster may have on the operations of your office and on your Vital Records. A Risk Assessment also helps determine which protection method is best for your records. Although this is largely an exercise in probability, since we never know what will happen, it will narrow the scope of protection methods and allow for some early disaster preparedness.
There are three basic steps to completing a risk assessment:
- Identify the risks your office may encounter
- Determine what level of impact the risk will have
- Calculate the probability of that risk happening
Click to expand
First you will need to identify the 5-6 greatest risks to the records of your particular office. Not all offices are likely to face the same risks, although fire, water damage, power outage and hardware/software crashes are the most common.
After you have identified the top risk factors that may affect your office, list University resources that can help you with recovery. This could include UW-IT, Capital Planning & Portfolio Management, Campus Utilities & Operations, Environmental Health and Safety, and Records Management Services. If no one in your office has the necessary skills to recover damaged records, consider contracting the services of a vendor.
We are all at equal risk from natural disasters, fire, inclement weather, etc. However, because of the location of your office or where and how your Vital Records are stored, they may be at a greater risk from such hazards as:
- Loss of power/HVAC
- Hardware/equipment failure
- Exposure to hazardous materials
There are also human disasters that may have a negative effect on your Vital Records. Are they at risk from any of the following:
- Data entry error
- Improper handling of sensitive data
- Malicious damage or destruction
If you are uncertain which types of disasters/risks may be prevalent in your area, the following questions may assist you in the identification of potential risks.
- How soon after failure of your heating/cooling system will the climate in your building exceed recommended environmental conditions?
- What are the structural materials of your building?
- Does your building have a flat roof, skylights, roof access doors, or internal roof drains?
- Are there water/sewer pipes running through storage areas/office areas?
- Are hazardous materials such as gas cylinders, solvents, paints, etc. stored in the building?
- Have potential hazards such as live ammunition, poisonous/flammable/reactive chemicals, etc. been removed from areas where Vital Records have been stored?
Second, you will need to determine the level of impact each disaster will have on your office and the ability of your office to continue operations. Use the below Impact Rating Scale to assist you with placing a numerical value to the level of impact. For example if you believe the risk will cause office operations to be interrupted for only 3 hours, then the Impact Rating would be given a 1.
Once you have determined the level of impact you will need to identify the probability of the disaster actually happening. In this area, flooding or earthquakes are very probable and would more than likely receive a rating of high (10 probability points), whereas hurricanes are very unlikely and would receive a probability of low (1 probability point). The below listed Probability Rating Scale should be used to determine the probability.
Last, determine the risk factor. This is done by taking the Impact Rating and multiplying it with the Probability Rating. For example:
The resulting sum will be your Risk Factor and can be used when you are determining methods of protection. If fire and water damage have high risk factors, look into the best protection methods from that sort of damage. If chemical spills are a high risk factor for your office, determine your protection methods based on that factor.