What is a Vital Record?

Vital records, as the name suggests, refer to important events, specifically they are records of life events that are kept under governmental authority. This includes birth certificates, marriage licenses, and death certificates.

When it comes to records management the term ‘vital record’ means the records that are essential to the organisation in order to continue with its business both during and after a disaster, in other words, it would prevent the company from carrying on with day-to-day work if it wasn’t available.

Less than 5% of records are identified as vital and although losing most records will cause inconvenience, you can often work around it or recreate records. Vital records are the ones required in order to operate.

There are four areas that could count as a ‘disaster’: flood, fire, security, and environmental pollution. Vital records allow businesses to continue functioning even if the disaster destroys all other records.

Different Types of Vital Records

There are five categories of vital records:

  1. Emergency: This is needed immediately after a disaster to help recovery such as staff contact details
  2. Legal: They prove ownership or interests such as contracts and leases
  3. Financial: Demonstrates the income and spending of a business, this could be a monthly report or bank details
  4. Operational: They are required for critical services such as security procedures and IT configuration information
  5. Organisation/Stakeholder right: This protects the interests of all parties, for example, annual accounts and shareholder registers could be included

Identifying a Vital Record

It is necessary to identify vital records to ensure that the records remain secure, accessible and easily locatable during a disaster. The vital records form a vital part of disaster recovery and business continuity planning.

Companies need to protect the right records, rather than spending lots of resources on securely storing non-essential records whilst leaving vital records open to vulnerability.

To identify your vital records you should consider the following:

  • Identify the key functions, business processes and stakeholders of your department
  • Identify the potential impact of not providing these functions
  • Identify the records needed to support these functions and processes
  • Identify which of these records are vital – of the functions of these records can be re-established if they’re lost, then they’re not vital

How to Protect Vital Records: Electronic

  • Electronic vital records must be stored on central servers so that they are protected by back-up and disaster recovery
  • Don’t store vital records on portable hardware, such as USBs, DVDs/CDs
  • Don’t store vital records on a laptop’s hard drive or on your personal hard drive
  • Use a readable format such as PDF/PDFA or plain text or rich text format for records that need to be stored for a long period of time

How to Protect Vital Records: Hard Copies

Vital Records which are only available in paper format should be duplicated, in the same or original format depending on requirements, with the originals and copies stored in separate locations, if possible. There are two ways of doing this:

  • Scan and save them electronically
  • Use off-site storage
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.