RISK and Records Management
Transcript of RISK and Records Management
RISK and
Records Management
Alison North @alison8north
IRMS PUBLIC SECTOR GROUP Meeting – 17 July 2014 – London UK
Good Records Management ensures…
Access and Availability of information
Integrity of information
Legal, regulatory & business retention of information
Defensible Disposition
Protection and security of information
So where is the RISK (part 1)
Accountability Responsibility for actions but no understanding of what
those actions are!
Compliance Confusing legal requirements to maintain; retain; and
dispose of information; But also, in some situations, to:
Verify the information; make it available and complete
Disposition Vague and subjective requirements for disposal of
information – some legal; some business / financial.
Two Types of Disaster
Disasters
Records
Type 1: Where a disaster impacts your information and records
Type 2: Where the
nature of the information or
records can lead to a disaster
What happens when poor records themselves lead to a disaster?
Case History: San Bruno The Largest Gas Pipeline disaster in US History
Type 2 Disasters
San Bruno Pipeline Rupture and Fire
On September 9, 2010, about 6:11pm a
30-inch-diameter segment of an
intrastate natural gas transmission pipeline known as Line 132, owned and operated
by the Pacific Gas and Electric Company
(PG&E), ruptured in San Bruno, a
residential suburb of San Francisco.
The initial blast resulted in “a wall of fire more than 1,000 feet high” The loud roar and shaking led residents, first responders and news media to believe that a large jetliner had crashed. It took fire crews nearly an hour to determine it was a gas explosion.
It is estimated that 47.6 million standard cubic feet of natural gas was
released.
8 people were killed, 56 were injured and many more were evacuated
from the area.
The released natural gas ignited, resulting in a fire
that destroyed 38 homes and damaged 70.
As there was no
automatic shutoff valves it took 95 minutes to turn off all the 375psi gas
flow manually.
The Proximal Cause The National Transportation Safety Board’s (NTSB) investigation found that the rupture of Line 132 was caused by:
“…a fracture that originated in the partially welded longitudinal seam of one of six short pipe sections, known in the industry as “pups.”
Even in 1956 the five pups would not have met generally accepted industry quality control and welding standards.
The weld defect in the failed pup would have been visible when it was installed.”
Probable Cause The National Transportation Safety Board determined that the
probable cause of the accident was:
PG&E’s inadequate quality assurance and quality control in 1956 during its Line 132 relocation project.
An inadequate pipeline integrity management program, which failed to detect and repair or remove the defective pipe section.
Record-keeping Deficiencies The NTSB found numerous record-keeping deficiencies with
PG&E’s records and supporting GIS systems.
PG&E’s GIS contained completely wrong information about the pipe that had ruptured along its longitudinal weld. The GIS identified the pipe as seamless 30 inch diameter pipe, when it had a longitudinal seam.
PG&E’s GIS database did not reflect the presence of these pups, and PG&E had used assumed values for key pipeline parameters to populate their GIS.
Despite months of searching PG&E could not produce any design, material or construction specifications for the 1956 relocation project.
The Weakest Link
In conclusion, the NTSB stated that PG&E’s integrity management program:
“was based on a GIS that did not contain, and PG&E did not require it to contain, complete and accurate pipeline information …”
And as a result….
“PG&E gas transmission integrity management program was deficient and ineffective.”
NTSB Recommendations PG&E to aggressively and diligently search for
documents and records relating to pipeline system components, for gas transmission pipelines that have not had a maximum allowable operating pressure (MAOP) established through prior hydrostatic testing.
The records should be traceable, verifiable, and complete; should meet regulatory intent and requirements; and should have been considered in determining MAOPs for PG&E pipelines.
The alternative was for PG&E to hydrotest the pipelines manually.
So where is the RISK (part 2)
Financial Fines; reduced share price; increased cost of labour
Legal Penalties; criminal charges;
Reputational Redundancies; closure of business
The Size of the Records Issue 114,000+ boxes of records scattered across 50+ offices
87,000 unique engineering project files (“job files”) dating back to the 1920’s.
No central index or register
No document control of the “Job file” contents
Inconsistent File and Folder naming conventions
Poor metadata coverage
The Cow Palace Review After the January 3, 2011 NTSB report PG&E were asked to
locate all relevant records to validate the maximum allowable operating pressure of each pipeline (MAOP) in populated areas:
Under the threat of $1M/day fines, 1500 PG&E employees spent a total of 30 man years to gather, review, and locate strength test records from all of PG&E’s record stores and offices.
This work is know as the “Cow Palace Review” – a "triage effort" over 7 days (3 shifts/day of 500 staff/shift) involving sifting and sorting through more than 200,000 cubic feet of documents” (110,000 boxes) from PG&E stores, offices and homes.
Since Cow Palace In 2013 PG&E estimated that it has spent over 250,000
man days effort (1000 years) to identify the NTSB recommendations and locate traceable, verifiable, and complete MAOP Records.
Over 3 million documents scanned and indexed
Over 87,000 changes to PG&E’s GIS data since 2010.
Since the NTSB 2011 Report
Three parallel CPUC investigations: I.11-02-016 – Recordkeeping Investigation I.11-11-009 - Class Location Investigation I.12-01-007 - San Bruno Investigation
Both the Record Keeping and Class Location Investigations looked at the entire Gas Transmission Division as a whole, not just records relating to the San Bruno incident.
Alison and I participated in the records Investigation and acted as expert witnesses in court on behalf of the Sate of California .
Since the NTSB Report Formal Court Hearings were held in 2013 at the CPUC
Courthouse in San Francisco (Verdict pending)
Recently (2nd April 2014) PG&E was indicted on 12 federal criminal counts related to the 2010 gas pipeline explosion, including one count of failing to maintain proper records of it gas transmission system
Why are Dates so Important? Under California law, Section 2108 states that each day of a serious and on-going violation can constitute a separate and distinct offense (with fines up to $50,000 per offence, per day). I.11-02-016 (Recordkeeping OII): A total of 35 violations, for 400,000 days
I.11-11-009 (Class Location OII): A total of 6 violations for 15,000,000 days
I.12-01-007 (SB OII) : A total of 55 violations, for 300,000 days
Given the number and duration of violations, with some dating back to 1948 , PG&E’s theoretical exposure was estimated to be in the hundreds of billions of dollars.
Proposed CPUC Fines and Penalties
The Fines and penalties currently under consideration are in the order of:
$2.25 billion. The City of San Bruno has asked for additional penalties: $50 million for creation of an independent monitor, and $100 million for a Pipeline Safety Trust ($5M/year for 20 years)
Good Records Management ensures…
Access and Availability of information
Integrity of information
Legal, regulatory & business retention of information
Defensible Disposition
Protection and security of information
Governance
Corporate Governance The framework of rules and practices by which a board of directors (and equivalents in public and other sectors) ensures accountability, transparency and fairness with its stakeholders.
governance relates to consistent management, cohesive policies, guidance, processes and decision-rights for a given area of responsibility;
• Accountability framework
• Decision Rights
• Policies and processes
• Communication, Education and Training
• Records Management
• Information Technology
• Standards and metrics
• Laws and Regulations.
Information Governance
Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention and Disposition
Generally Accepted Recordkeeping Principles®
Accountability
Accountability is the expectation that everyone is responsible for their own decisions and actions; and, in many cases, for the actions of others under their command.
It is a fundamental part of a child’s upbringing;
It is part of everyone’s employment contract;
It has been central to discussions related to problems in all sectors, in all countries.
Accountability A senior ‘leader’ is accountable for information governance across the organisation;
S/he delegates program responsibility to group or individual;
The organization adopts policies and procedures to guide personnel and ensure that the program can be audited
CONSEQUENCES What are the consequences for not being
responsible for your actions?
How does this relate to information governance and records management?
Well you have just heard the San Bruno story…….
…………and it is no bedtime story
Actions and Decision rights
Confusion
Inconsistency
Lack of Guidance
Responsibility but no authority
Compliance
The organization develops an information governance program to comply with laws; regulations and other binding authorities; and, internal policies.
The Principle of Compliance delivers
Accurate references to laws, regulations, and other binding authorities; and, Guidance on how to comply with them.
Standards and a code of conduct against which the organization measures how compliant their personnel and the organization are;
Audits to record levels of compliance; acknowledge, and fix failures; and, recognise improvement.
Links to: • Retention; • Protection; • Transparency; • Integrity.
Disposition
An organization provides secure methods for disposal of information that is redundant or has reached the end of its retention period.
The Principle of Disposition delivers
Secure methods for disposal of information - all media, that is redundant or has reached the end of its retention period.
Links to: Retention Compliance; Integrity; Availability;
Availability
The organization develops an information governance program to ensure that its information is available in a timely and efficient manner.
The Principle of Availability delivers
The correct information to: The right person, At the right time; In the right format; With the correct protection.
38
Links to: Integrity; Protection; Retention; Disposition
Integrity
The organization’s information governance policy and program deliver authentic and reliable information.
The Principle of Integrity delivers
A suitable guarantee of the authenticity and reliability of the organization’s information;
Up-to-date and accurate information.
Links to: Availability Transparency Protection
Retention An organization shall retain its information for a specified
period of time;
In accordance with the organization’s operational and historical requirements;
and,
In compliance with laws, regulations and other binding authorities.
The Principle of Retention also assists in the delivery of
Accountability
Transparency
Integrity
Protection
Availability
Transparency
The policy, processes and activities of an organization are documented and available, on demand, to all personnel and interested parties.
The Principle of Transparency delivers
Documented policies, processes and activities that provide consistent guidance and methods for transparency of information;
Quick and efficient access to these documents by all personnel and interested parties.
Links to: Availability Integrity
The Principle of Protection delivers
specific levels of protection for the organization’s information.
Links to: Integrity; Availability; Retention; Disposition
Protection
The organization develops an information governance policy and program to provide protection to its information
The Benefits of the Principles Increase access and availability
Protect information assets
Encourage transparency
Improve integrity and accuracy
Provide security
Deliver compliance; and,
Reduce Risk.
In San Bruno
• 8 people died; • 56 people were injured; • 38 homes were destroyed
PEOPLES’ LIVES ARE TOO BIG A RISK
THE CPUC LEGAL TEAM ON THE SAN BRUNO CASE
Thanks to Dr Paul Duller for letting me mix up and change some of his slides for this presentation
Alison North [email protected] Do connect with me on LinkedIn