After picking yourself off the floor and cleaning up your spilled coffee, you might wonder aloud, â€œOK, in this digital age how do safety departments make sure their data is safe?â€
The answer is not to expect safety personnel to become technology experts and begin administering their own systems (though as an IT guy I do understand the allure â€” computers can be awfully exciting!).
Donâ€™t forget the doughnutsNo, what you want to do is meet with the group that maintains the systems your data is stored on. Get a good feel for the technological safeguards that have been put in place. If you run into resistance to your inquiries, offer doughnuts to your service support. IT guys will do anything for doughnuts.
Once youâ€™ve softened them up with sweets, here are important questions to ask about the technologies and processes that they should have in place to protect your data.
Where is the data being stored? Is it a server-class computer with a redundant architecture or simply a glorified PC?
PCs have come a long way over the years, but they are prone to problems and the occasional catastrophic failure.
Server-class machines are built specifically to act as file or application servers and have more robust architectures less likely to experience problems. If your data is being stored on a server-class machine, how reliable is the equipment? Does it have built-in redundancy so the failure of one device (like a power supply or network card) doesnâ€™t render the system inoperable? Is it located in a protected room with fire suppression and environmental controls?
Does the system use RAIDs (Redundant Array of Inexpensive Disks)? In a RAID, your data is written across several different drives so failure of one drive will not result in the loss of your records. Items like spare power supplies or network cards ensure that your systems maintain availability, but a RAID maintains both data availability and integrity. Data availability is important, but itâ€™s usually far more critical for data to be preserved. I think we would all rather risk a system outage â€” even for a day or two â€” than risk losing yearsâ€™ worth of critical data.
Is the data regularly backed up? This is your last line of defense against data loss â€” the one that you hope you never have to use. In the event of a catastrophic system error or a disaster (fire, tornado, etc.) at your site, having your data safely stored on some type of offline media (tape, CD, etc.) is obviously critical.
Most businesses Iâ€™ve worked with have, at a minimum, performed daily backups of all important data and moved their media offsite on a weekly basis.
What security mechanisms are in place to protect systems from hackers, viruses, etc? Here are a few basic safeguards that every company should consider:
Alert ASPs are a mustIf your company uses a third-party application service provider (ASP) to assist with EHS data management and to store related records, make sure the ASP follows best practices for protecting your data. All too many ASPs cut corners on data protection to save costs, putting your data at significant risk.
If youâ€™ve made it this far, your head is likely spinning from everything that it takes to adequately protect your electronic records. Of course, hopefully when you sit down with your IT group or ASP, youâ€™ll find that they already have their bases covered and you can sleep peacefully, knowing your records are safe and secure. If so, at worst youâ€™ll only be out a box of doughnuts.