hurricane season Archives - World Risk Management

Managing, Protecting and Recovering Critical Documents

Oct 24, 2018 | Loss Control

An often overlooked part of the massive losses suffered by businesses, academic institutions, and other organizations as a result of fires, floods, and other severe weather is the damage to critical records and documents. By not protecting and ensuring these documents, organizations can face significant business continuity losses and compromised client services. There are several important steps that prudent risk managers can take to ensure that their critical documents are managed properly and protected as much as possible from a potentially damaging event.

1. Understand Document Retention Requirements and Dispose of Unnecessary Documents
Document retention requirements are determined by city, state and federal regulations, and can vary by document type. A general rule of thumb is that financial records should be kept for seven years. Health records for children must be retained for 25 years. Deeds and loan documents must be kept permanently. Establishing a consistent base volume of stored records and documents can help determine the necessary level of insurance coverage. The longer the retention period, the greater the risk so purging those documents that are not necessary to retain can reduce the risk that damage will occur.

2. Assess Document Exposure
Determining the level of document exposure depends on the answers to several questions. First and foremost, what is the volume of critical documents? The more documents stored, the greater the cost to insure them. The more densely they are stored, the greater the localized risk.

What type of recovery service is necessary? This answer will vary from business to business. If original documents are required, they will likely be returned after drying and cleaning with visible signs of damage, such as stains and bleeding of ink. This may be fine for archived files but may cause problems for businesses such as medical facilities, law and accounting firms, and their clients. In another instance, a mortgage title company may likely want a drying, sterilization and cleaning option even when their documents are affected by Category III water (highly contaminated water such as sewage or floodwaters, also known as blackwater). Faced with the same dilemma, a medical facility is likely to prefer reproduction or imaging.

Is immediate access to documents important in the wake of a calamitous event? This will determine which of the two basic techniques for document drying is most appropriate. Vacuum freeze drying provides the best results for books and clay-coated paper. However, capacity is limited by the size of the drying chambers and backlogs can quickly develop if a document recovery specialist relies solely on this method. Desiccant drying effectively processes large quantities of documents, but causes wrinkling and requires trained technicians to avoid secondary damage to documents during the recovery process.

The information gleaned from the answers to these questions can be extremely useful in determining the potential cost of document and record restoration. However, there is no standard formula or computer model to generate cost estimates. Instead, the number of documents required for retention and the qualitative requirements of that retention is used to develop a hypothetical, industry-average cost estimate for a worst-case scenario loss.

It is important to remember, however, that any assessment of this kind cannot determine the cost of a total loss. Establishing the cost of drying 100 boxes of documents submerged in water for two days is doable. Understanding the cost of recovering those 100 boxes after they have been burned to ash is not.

3. Ensure Adequate Insurance Coverage
The cost of insurance is typically determined by the cubic feet of stored documents and records to be covered. A range of $100 to $1,000 per cubic foot can provide a general low-to-high estimate of coverage needed. Depending on the potential needs within that range, the type of coverage is another critical consideration.

Many insurance policies will specifically exclude coverage for documents under the contents verbiage of the policy. Instead, insurers want customers to address specific coverage of documents under the valuable papers portion of the policy. Valuable papers coverage is often described in the policy as the time to research, verify, and recreate files or information that have been damaged in a loss. Valuable paper coverage is broad and often will address the issue of document reproduction or imaging.

Valuable papers coverage is a reasonable “extension of coverage” on insurance policies, with coverage amounts ranging from $25,000 for standard coverage to several million dollars for specialty classes of businesses. Standard limitations may be adequate for small losses, but most likely will not be adequate to cover a major loss that would require the treatment of large numbers of documents. Ironically, the rule of thumb in the document restoration business is that the average client is under-insured.

Often, the key variable is how the adjuster will interpret the policy. Some adjusters will allow drying and cleaning documents to fall under business personal property coverage because the documents are tools used for conducting business. This enables the original documents to be dried and/or cleaned and returned to use. The argument is documents such as medical charts are not just valuable papers or papers per se. The information on them is organized, regulated in how it can be amended or altered, and the charts must be bound in a specific manner.

An important element of adequate insurance coverage is the quality of the claims handling process, which can be defined as the immediate response to the loss. Specific wording to this effect in the insurance policy will help, as will periodic meetings among the insured customer, insurance professional, and document restoration firm over the course of the policy period.

4. Preselect the Right Document Recovery Firm
There are only a handful of qualified document recovery firms in the United States. Preselecting one of them is not a process that should be taken lightly. Risk managers, who are serious about defining their exposure, should conduct in-person interviews with key document specialists — as opposed to area representatives or salespeople — from the firms they are considering.

There is no standard pricing in the document recovery industry. Basic services are typically measured by the cubic foot. However, one firm may charge $40 per cubic foot for drying and $35 per cubic foot for labor, handling, and packaging, while another will charge an all-inclusive $72 per cubic foot for these services.

There are a number of differentiators among these firms in addition to price. Do they have the capability to handle a document restoration project on-site if necessary? What security measures do they employ — both on-site and in their plant? How quickly can they respond to a loss and provide a complete quote for the work? What is their backlog? Can they provide access to documents during the recovery process? Do they do the work in-house, which is preferable to ensure a timely response and open lines of communications between client and document recovery firm, or do they subcontract to another vendor? Do they itemize invoices, including all services and supplies? Are they appropriately insured, including sufficient pollution coverage?

Lastly, there are a number of external signals about a document recovery firm’s qualifications. Firms that are preferred vendors with well-known national insurance carriers have qualified on the basis of security, financial stability, quality control and accountability. Letters of recommendation from previous clients is also a good indicator of past performance.

Source: Risk Management Monitor

Author: Rob Schmidt

Expect the Unexpected: Mitigating the Risks of Natural Disasters

Sep 26, 2018 | Events

As we’ve seen with the recent Kilauea volcanic eruption and last year’s catastrophic hurricane season, natural disasters are becoming more frequent and dramatically more powerful. In fact, NOAA recently reported that weather and climate disasters reached an all-time high in damage costs within the United States, exceeding $300 billion in 2017.

In the face of these increases, companies have a social responsibility to maintain a strong disaster recovery strategy. How can your company prepare to combat the risks from these seemingly unpredictable events? Implementing a proactive risk management approach can help companies better prepare themselves, their employees and their communities to minimize damage and loss in the face of these destructive events. But these strategies cannot simply be created when a natural disaster strikes. As with anything, careful planning before a catastrophe happens is vital to the continued health and success of a business.

When developing these strategies, it is imperative that both pre- and post-disaster planning is included in the mix, as each plays a critical role in ensuring your ongoing operations.

Maintain a pre-event strategy
It’s important to remember that when a natural disaster strikes, there are both direct and indirect costs to a company. How you plan and address these costs can either save or destroy your business.

With today’s technology, we have the ability to monitor most natural disasters and maintain a better idea of when and how hard they will hit. This isn’t always the case, however. While hurricanes can take time to form before making landfall, oftentimes tornadoes and wildfires happen overnight, making it critical to have disaster plans in place before a disaster strikes.

There are three main areas companies should consider when creating a preemptive disaster strategy: 1) supply chain, 2) employees and 3) business infrastructure.

Maintaining a timely and accurate risk strategy for your company and your employees is incredibly important to protect all of these assets. First, it can help protect your supply chain by providing time to divert your supply chain operations from problem areas.

Additionally, it is imperative to be mindful of conditions affecting your various suppliers and how their potential risks can affect your operations. Armed with this knowledge, you can proactively develop supply chain diversion strategies to maintain efficiency and production. While you may not have the threat of a natural disaster, one of your largest suppliers might. So think ahead, make a backup plan and monitor both your own operations and those of your supply chain.

As we all know, employees are central to each and every business. An established risk mitigation strategy will include notifying employees so they have time to protect themselves and their family. It can also help management decide if and when to send employees home to help keep them safe.

Finally, a preemptive strategy needs to consider the effects of a disaster on business infrastructure. How will you prepare your building and operations for the threat of a flood or tornado? Do you have access to the proper reinforcements and equipment to accomplish these preparations? A well-established pre-event risk management strategy can help with these issues and also minimize damage so that you are not left picking up the pieces of what could have been a protected building or warehouse.

Implement a proactive post-event strategy
When developing a post-event disaster plan, the best strategy is to think long-term, as short fixes are just that—short fixes.

Consider the upstream impact of the disaster. Damage to raw materials and supplier areas can amount to huge indirect costs. So how can you avoid this? One way is by ensuring your pre-event plan is efficiently put into effect and is able to redirect any necessary supplies. It is also imperative to have a successful remediation strategy in place to recover from the effects of a disaster for both your operations and those of your supply chain. Be prepared to re-establish your supply chain and be sure it is completely intact post-disaster.

Many disasters also have long-lasting impacts that cause companies to have a lengthy rebuilding process. Have a plan for secondary supply chain options to ensure ongoing operations in case a supplier is out of service for a longer period of time. The problems don’t end when the disaster ends, so be sure to build out contingency plans for your operations through the potential recovery months.

Your post-event remediation strategies must also consider your physical office environment. Ensure there is a plan to check that equipment is operational and know how to repair or find replacement equipment to get operations up and running as soon as possible. Focus on rebuilding the business ecosystem from the supply chain, to operations, to your employees.

Finally, consider how you will get your employees back to work, and not just for the immediate future. Invest in your employees, and they will invest in you. After natural disasters, your employees could be facing damaged or destroyed homes, the loss of loved ones and even personal injuries. Look at what the company can do to help ensure their well-being so that they are willing and able to return to work.

Inevitability doesn’t have to mean susceptibility
Regardless of location, natural disasters are going to occur that affect you and your business to some extent. That is a fact of life. But it doesn’t necessarily mean that your company is susceptible to the significant damages and costs associated with these disasters.

Maintaining open lines of communication with your leadership and employees will help you develop and implement a strategic plan before and after nature takes its course. As we face the upcoming hurricane season and other inevitable disasters, it is better to mitigate the risks and susceptibility so that your “in case” plan doesn’t become “we should have.”

Source: Risk Management Monitor

Author: Quin Rodriguez

The critical role of processes in your disaster recovery strategy

Sep 5, 2018 | Informative

Yet with the ever-increasing threats from both natural and man-made disasters – from the devastating fires and flooding in California last year through to the recent impact of Intel’s chip flaw that opened the door to potential hacking – is there anything more that IT departments can do to perfect how their organization both prevents and reacts to business disruptions?

Surprisingly, more than 1 in 3 businesses admit they don’t have a disaster recovery policy in place, a figure that is even higher amongst smaller businesses where an estimated 3 out of 4 are reported to have no contingency measures at all.

With our increasing reliance on technology and the reluctant acceptance that most technology is vulnerable to potential downtime, the CIO or IT manager is the obvious choice of leader to take responsibility for the whole disaster recovery plan, whether it’s due to a technical problem or other factors.

The ripple effect of abnormal events not only affects the IT department but can have serious repercussions on all daily operations including financial management, customer experience, HR, and workflow, etc.

Whilst CIOs regularly consult with other members of the C-suite on devising a risk management strategy, there are significant advantages to garnering the support of key employees across the whole organization, on a continual basis.

To ensure your disaster recovery plan anticipates every eventuality it’s essential to get ‘buy-in’ and input from all departments, so you can be confident that your plan is as informed, up to date and effective as possible.

Here are some recommendations on how to maximize the knowledge, creativity, and strength you can draw from key players across the organization.

Produce a clear mandate

During ‘business as usual’, a robust process management discipline and a strong process culture provides a firm foundation for teams to document and develop new and innovative ways of working and can help a company drive competitive advantage and innovation.

However, do employees know what processes to follow when the extraordinary occurs? Whether the Internet or phones go down, sensitive customer data is stolen, or severe weather stops them from getting into the office, clarity, and communication of disaster recovery processes is just as important as the plan itself. Every member of staff needs to know when and how to trigger a disaster recovery response, as well as be aware of who else is part of the team.

Part of the CIO’s remit should be to oversee the design and build of processes that are easy and clear for all personnel to find and follow, every day. In a disaster situation, it becomes imperative for staff to act with minimum delay, limiting the damage that could result from a disaster.

Build easy to follow checklists

One way of communicating unequivocally is to introduce simple checklists as advocated by US doctor, writer and speaker Atul Gawande in his book “The Checklist Manifesto”.

By getting the basics right, well-designed checklists have been proven to cut through unnecessary complexity and encourage transparency, leading to a 35% reduction in complications in hospital operations. These same fundamental principles can be applied to the corporate world where teams are responding to an emergency or extraordinary incident.

You also need to consider how and where to store this critical process information and make it easily accessible to all key staff.

Stage regular ‘fire drills’

Like most insurance policies you hope you’ll never need to claim on them, but you need to know that you’re fully covered. Regularly testing and modifying your disaster recovery processes will keep them up to date and make sure they work. Set up simulation exercises to rehearse what everyone’s roles are during a catastrophe.

With today’s accelerated pace of business change, a month-old plan may soon become obsolete. Organizations need to monitor changes in general circumstances like impending legislation. They also need to be sensitive to company or market-specific conditions such as when a key person leaves and joins a competitor, a laptop goes missing or perhaps a product needs to be recalled.

As soon as a new threat appears on the horizon it needs to be factored into the overall disaster recovery strategy immediately.

Crowd-source ideas and share responsibilities

With a collaborative and collective approach that encourages everyone to work as a group, it’s simpler to both create and follow agreed checklists so you can minimize the impact of unforeseen circumstances.

Employees on the front-line are often best equipped to advise on what level of impact disruptions may have on themselves and other departments. For example, the service manager can give the most insight on the scale of a spike in customer enquiries after your IP network goes down.

By leading the charge for a proactive, constantly-evolving approach to disaster recovery, CIOs can be confident that the entire operation is fully prepared and protected for when the unexpected occurs. Rather than panic-stricken employees bombarding you with support calls, instead there is state of relative calm as everyone already knows what they should do and can focus on executing an agreed plan.

Putting in the advance groundwork during quieter times not only leads to cooler heads during more turbulent times, but will also make a tremendous difference to your customers, employees and future business performance.

Source: CIO

Author: Ivan Seselj