There are a number of potentially crippling natural and man-made disasters that can threaten your ISD’s vital records: fire, flooding, tornados, etc. On Memorial Day of this year, Shoal Creek in Austin flooded; it shattered the federal 500-year flood plain mark. The flood happened quickly and without warning leaving the impacted area in disarray and businesses ruined.
All it takes is one disaster to destroy paper-based student records – one spark in a dry warehouse where records are housed, high humidity to deteriorate paper files, or a flash flood to wash it all away.
Are your districts records safe? Is there a plan in place to protect student, financial, and HR records?
The Risk Management Plan is a standard document for most project implementations. However, these Plans are also extremely useful as standalone tools. Generally speaking there are three primary steps in Risk Management:
Asses and Evaluate
Control and Monitor
The first step in the creation of the Risk Management Plan is to identify potential risks. Are there vital records stored on paper or other physical media (CDs, DVDs, flash drives)? What security protocols are in place to restrict file access? What state-mandated file retention schedule is your ISD required to follow? Is your district in a floodplain? Variables like these may increase your districts risk rating.
Secondly, once the risks have been identified they then can be assed. This is done by the creation of a “Risk Matrix”. The Matrix allows for the easy identification and classification of risks by identifying how likely an event is to happen, compared to the impact sustained if that event were to happen. An example of this likelihood/impact measurement is if your district is in a 500 year floodplain but you store physical records. In this example it’s not likely your area will flood, but the impact of a severe flood is huge.
The third step is understanding how a specific risk can be controlled. In the project world there are four ways to approach this – risks can be accepted, controlled, avoided, or transferred. The following paths should be taken for each scenario:
Mitigation: A risk should be mitigated if there is a high probability of the event happening, but low impact. A lost or misplaced invoice is one example. High volumes of physically held paper have a high probability of being lost; however, losing one does not result in massive impact, and is easily controllable through an Electronic Content Management system.
Acceptance: Should only happen if there is a low probability of an event happening with a low impact if the event happens.
Avoidance: Any event that can happen to your records that has a low probability and high impact should be avoided. A lost or misplaced student record is one such case.
Transferred: High probability and high impact. Is your district in a 100 year floodplain? Are vital paper records stored in an unsecure and unregulated area? If so there is high probability with a high impact if something happens to those documents.
When it comes to the controlling of risks to your school districts records, an Electronic Content Management system addresses most, if not all, of the associated risks to your districts financial, student, and HR records. Automated digital repositories offer a safe and cost effective option in addition to massively improving current inefficient processes.