Does Your Risk Management Strategy Include Data Loss?
Risk Management has traditionally been a process of identifying risks associated with physical objects, assets or people. In today’s world though, Intellectual Property and Electronic Records are potentially one of the most important sources of information that holds secrets, useful data, and records that are mandatory for operating physical assets such as facilities.
Do you have a system that ensures this information is backed up?
Data Loss can occur from any number of incidents or occurrences including:
- Data theft, internal or external persons;
- Equipment malfunction or failure; (Eg: Hard Drive Crashes)
- Site incidents such as fire, flood, earthquake, power surge
In order to protect yourself and this information, the Risk Management Plan, including the Risk Register need to identify and implement a management process to reduce and manage this risk.
Risk Management Action Plan for Data Protection
Step 1: Identify all sources of data collection and storage that hold information that should form part of the strategy:
For a building operation, they could include:
- General Administration PC’s including Emails, files, Photos, Plans
- Facility Website (Including backend databases)
- Intranet
- Shared Server
- Software Applications (And associated databases)
- Access Control
- CMMS
- CMFM
- CCTV
- Building Management Systems
Step 2: Determine where and how to back up
Is the information to be backed up on site, or offsite?
Is there a compliance requirement for information to be backed up, offsite? (Eg: The Finance Industry mandates offsite record keeping of client and transactional records)
To be safe, the combination of both an on-site back up process combined with on offsite backup system is recommended.
Both of these systems can be set up for routine seamless backups that take away the opportunity for human error.
On-site options can include backing up data on DVD or External Hard Drive options, while offsite is as simple as Cloud Computing servers.
Step 3: Frequency
This will depend largely on the facility and the commercial obligations on the management organisation.
EG: For Data Centres or Critical or Secure Environments the obligations will be significantly higher than a Residential operation.
Therefore dependent on the type of facility and the data capture devices to have data backed up will dictate the frequency of this process.
A monthly backup of all systems would be the absolute minimum frequency to be considered in this process, no matter what facility.
For dynamic operations, daily is appropriate however weekly or bi-weekly can ensure some sort of balance between Risk Management and Operational effectiveness.
Summary
Data Loss should be included in all Risk Management Strategies within the Facility Management function.
The effort and additional cost involved in performing these processes may seem like an option or even a luxury if you have never lost data in the past, however anyone that has experienced system failure and data loss of any scale, it is much easier to understand the true impact of such a loss which can be completely detrimental both operationally and emotionally.
Best practice is to ensure that it never happens to you and implement appropriate Risk Management controls.
Comments are closed.