Part 6: Vital Records DR

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
ButBackITDRP AIA.png
BCM Planning Methodology BIA.jpg

Part 7: Vital Records

Business Function and Function Code (Col 2 & 3)

Cross-reference to the Business Function/function code or number from original Function No assigned in Part 1

Description of Vital Records (Col 4)

Description of critical physical records and original document in hard and/or soft copy that are required to support each business function, e.g. company license, board meeting minutes, signed tender document, signed contract / MOU / SLA, signed employment letter, approved critical reports, approved BCP and IT DRP, company letterhead, cheque book, insurance policy, backup tape, system emergency ID/password, application license key, SOP, inventory/stock card, and etc.

Vital Records
  • Description of records, e.g.
    • Board meeting minutes
    • Any original or unique documents, plans, drawings, scanned images
    • Backup passwords (in envelopes)
    • Contracts, files
    • Insurance policies, etc.

Media Type (Col 5)

Identification of media type e.g. document, disk, tape, report, forms, microfiche, etc.


  • Identification of media type e.g.
    • Disks,
    • Tapes
    • DVD-ROM, reports
    • Forms
    • Microfiche
    • Email
    • Servers
    • Online replication to the alternate site

Location (Col 6)

Identification of the storage location of records onsite and at the offsite backup storage.


  • Identification of storage location of records e.g. cabinets, offsite locations, etc.
  • Is it in the office? if there are multiple sites, where is it located? Is it on the Cloud?

In Whose Care (Col 7)

The person who is responsible to maintain or keep the vital records.


The person was responsible for maintaining or keeping the document.

ButBackITDRP AIA.png

Notes

  • In Part 6 of the BIAQ, the guiding principle of this section is to identify the vital records which are unique or not replaceable in the event of a denial-of-access situation.
  • Another important element is to identify any electronic vital records that are not adequately backed-up
    • For example Data kept in a "C" drive or a set of tapes that are only backed up and taken offsite once a week

Instruction to BL-DR-3/5 M2 Participant

Refer to the text of each of the sections within this page which is highlighted in italics for further explanation when attempting the Module 2 assignment.

In most organisations with extensive computerisation, it is observed that there are still data in hard copies and also electronic data that is non-accessible outside of the organisation. When you are completing the "Vital Records", do remember to value add to your team members to build resilience to the availability of the data outside the organisation without infringing cybersecurity policies.

Learning and Observation when Completing of BIAQ: Part 7: Vital Records