It is a good idea for any business or organization to go through a contingency planning exercise. This is where all the credible potential risks are identified and some sort of mitigation is put in place. This could be as simple as adding a procedure or something much more expensive, such as investing in a facility or technology. Contingency planning should also include your documents or data. Some good questions to ponder:
What would the impact be on your business or organization if your documents and or data was lost or destroyed? Would it be a minor inconvenience, or could it put you out of business?
What would be the cost to replace or repair your data?
What would the impact be on your customers, shareholders and stakeholders?
The answers to the above questions would help determine what resources should be spent on your contingency planning and mitigation.
In the case of documentation or data, the probability of an issue could be very low, but the reality is that the risks are very real; below are a few examples.
If you physically store your documents, then you are at risk for fire, flooding, and other extreme events. For example, there was this story about an explosion that ripped through 42 buildings in Springfield Mass. last year. The explosion was caused by a leak in a gas line. Several commercial buildings received major damage.
If you have digital copies of your documents, there still is potential for damage. Computers and storage drives are just as susceptible to fire and water damage as physical documents. Computers, servers and storage drives can become corrupted. Retrieval of data from corrupted or crashed digital storage devices can range from a few hundred dollars to several thousand dollars. That is assuming that the data can be retrieved at all.
Ways to mitigate: Physical documents can be stored in disaster resistant structures, whether you add one to your building or use a third party service depends on a variety of other factors. Having duplicates of your physical documents and stored in different locations may reduce risk, but the cost of duplications and on-going management of this type of document storage could be cost prohibitive. Creating digital records of the physical documents reduces risk. Digital documents can be stored in a number of places including the cloud, so the risk of losing records become miniscule if you have digital records stored in multiple locations. Having your in-house server automatically backed up to an offsite location is relatively inexpensive.
The likelihood of documents getting stolen or copied depends on what they are and the value they might have to a thief or hacker. There have been a number of incidents of “ransomware” where a hacker injects some sort of virus into the computer network that makes the system inaccessible, and then offers to remove the malware for a ransom. According to an article in www.idigitaltimes.com, two separate hospitals, Hollywood Presbyterian California and Methodist Hospital in Kentucky, each reported paying out $17,000 in bitcoin to have files decrypted. More Info. While healthcare systems seemed to have been under attack lately, there have also been reported incidents of school systems getting hacked and even local government systems.
Many times hackers are assisted by an “inside” person such as an employee. Some of the more visible “hacking issues” actually were enabled with the help an insider.
Ways to mitigate: IT experts agree that most of the hacking incidents that have made the news lately were made possible because of lax or obsolete security systems. Many companies or organizations with physical document storage have very poor security systems in place. Organizations that are opting to not spend money in this area may be setting themselves up for a catastrophic incident.
There is always a risk that your paper documents could be lost or destroyed by simple human error. Sometimes simply miss-filing a document can have the same consequence as destroying a document. .
The amount of money that you spend to mitigate documentation disasters depends on how an incident would impact your organization. There are companies that specialize in document and data storage that have disaster proof facilities and take extraordinary measures to store, preserve and secure documentation and digital data. For some businesses where any lost information could result in lost business or worse, these measures may be well worth it. For other businesses, it may not justify that kind of ongoing expenditure. Sometimes a relatively inexpensive solution to your physical storage risks is to scan your documents to digital files and back up and secure them using standard IT practices.
Not only does digitizing your documents improve your security, but it usually can substantially reduce your document management costs. Scanning costs are often insignificant when compared to the consequences of lost or destroyed documents.