RISK and

Records Management

Alison North @alison8north

IRMS PUBLIC SECTOR GROUP Meeting – 17 July 2014 – London UK

Good Records Management ensures…

Access and Availability of information

Integrity of information

Legal, regulatory & business retention of information

Defensible Disposition

Protection and security of information

….so where is the risk?

So where is the RISK (part 1)

Accountability Responsibility for actions but no understanding of what

those actions are!

Compliance Confusing legal requirements to maintain; retain; and

dispose of information; But also, in some situations, to:

Verify the information; make it available and complete

Disposition Vague and subjective requirements for disposal of

information – some legal; some business / financial.

Consequences A Pipeline Disaster ….

Could this happen to your company?

Two Types of Disaster

Disasters

Records

Type 1: Where a disaster impacts your information and records

Type 2: Where the

nature of the information or

records can lead to a disaster

What happens when poor records themselves lead to a disaster?

Case History: San Bruno The Largest Gas Pipeline disaster in US History

Type 2 Disasters

San Bruno Pipeline Rupture and Fire

On September 9, 2010, about 6:11pm a

30-inch-diameter segment of an

intrastate natural gas transmission pipeline known as Line 132, owned and operated

by the Pacific Gas and Electric Company

(PG&E), ruptured in San Bruno, a

residential suburb of San Francisco.

The initial blast resulted in “a wall of fire more than 1,000 feet high” The loud roar and shaking led residents, first responders and news media to believe that a large jetliner had crashed. It took fire crews nearly an hour to determine it was a gas explosion.

It is estimated that 47.6 million standard cubic feet of natural gas was

released.

8 people were killed, 56 were injured and many more were evacuated

from the area.

The released natural gas ignited, resulting in a fire

that destroyed 38 homes and damaged 70.

As there was no

automatic shutoff valves it took 95 minutes to turn off all the 375psi gas

flow manually.

The Proximal Cause The National Transportation Safety Board’s (NTSB) investigation found that the rupture of Line 132 was caused by:

“…a fracture that originated in the partially welded longitudinal seam of one of six short pipe sections, known in the industry as “pups.”

Even in 1956 the five pups would not have met generally accepted industry quality control and welding standards.

The weld defect in the failed pup would have been visible when it was installed.”

Probable Cause The National Transportation Safety Board determined that the

probable cause of the accident was:

PG&E’s inadequate quality assurance and quality control in 1956 during its Line 132 relocation project.

An inadequate pipeline integrity management program, which failed to detect and repair or remove the defective pipe section.

Record-keeping Deficiencies The NTSB found numerous record-keeping deficiencies with

PG&E’s records and supporting GIS systems.

PG&E’s GIS contained completely wrong information about the pipe that had ruptured along its longitudinal weld. The GIS identified the pipe as seamless 30 inch diameter pipe, when it had a longitudinal seam.

PG&E’s GIS database did not reflect the presence of these pups, and PG&E had used assumed values for key pipeline parameters to populate their GIS.

Despite months of searching PG&E could not produce any design, material or construction specifications for the 1956 relocation project.

The Weakest Link

In conclusion, the NTSB stated that PG&E’s integrity management program:

“was based on a GIS that did not contain, and PG&E did not require it to contain, complete and accurate pipeline information …”

And as a result….

“PG&E gas transmission integrity management program was deficient and ineffective.”

NTSB Recommendations PG&E to aggressively and diligently search for

documents and records relating to pipeline system components, for gas transmission pipelines that have not had a maximum allowable operating pressure (MAOP) established through prior hydrostatic testing.

The records should be traceable, verifiable, and complete; should meet regulatory intent and requirements; and should have been considered in determining MAOPs for PG&E pipelines.

The alternative was for PG&E to hydrotest the pipelines manually.

So where is the RISK (part 2)

Financial Fines; reduced share price; increased cost of labour

Legal Penalties; criminal charges;

Reputational Redundancies; closure of business

The Size of the Records Issue 114,000+ boxes of records scattered across 50+ offices

87,000 unique engineering project files (“job files”) dating back to the 1920’s.

No central index or register

No document control of the “Job file” contents

Inconsistent File and Folder naming conventions

Poor metadata coverage

The Cow Palace Review After the January 3, 2011 NTSB report PG&E were asked to

locate all relevant records to validate the maximum allowable operating pressure of each pipeline (MAOP) in populated areas:

Under the threat of $1M/day fines, 1500 PG&E employees spent a total of 30 man years to gather, review, and locate strength test records from all of PG&E’s record stores and offices.

This work is know as the “Cow Palace Review” – a "triage effort" over 7 days (3 shifts/day of 500 staff/shift) involving sifting and sorting through more than 200,000 cubic feet of documents” (110,000 boxes) from PG&E stores, offices and homes.

Since Cow Palace In 2013 PG&E estimated that it has spent over 250,000

man days effort (1000 years) to identify the NTSB recommendations and locate traceable, verifiable, and complete MAOP Records.

Over 3 million documents scanned and indexed

Over 87,000 changes to PG&E’s GIS data since 2010.

Since the NTSB 2011 Report

Three parallel CPUC investigations: I.11-02-016 – Recordkeeping Investigation I.11-11-009 - Class Location Investigation I.12-01-007 - San Bruno Investigation

Both the Record Keeping and Class Location Investigations looked at the entire Gas Transmission Division as a whole, not just records relating to the San Bruno incident.

Alison and I participated in the records Investigation and acted as expert witnesses in court on behalf of the Sate of California .

Since the NTSB Report Formal Court Hearings were held in 2013 at the CPUC

Courthouse in San Francisco (Verdict pending)

Recently (2nd April 2014) PG&E was indicted on 12 federal criminal counts related to the 2010 gas pipeline explosion, including one count of failing to maintain proper records of it gas transmission system

Why are Dates so Important? Under California law, Section 2108 states that each day of a serious and on-going violation can constitute a separate and distinct offense (with fines up to $50,000 per offence, per day). I.11-02-016 (Recordkeeping OII): A total of 35 violations, for 400,000 days

I.11-11-009 (Class Location OII): A total of 6 violations for 15,000,000 days

I.12-01-007 (SB OII) : A total of 55 violations, for 300,000 days

Given the number and duration of violations, with some dating back to 1948 , PG&E’s theoretical exposure was estimated to be in the hundreds of billions of dollars.

Proposed CPUC Fines and Penalties

The Fines and penalties currently under consideration are in the order of:

$2.25 billion. The City of San Bruno has asked for additional penalties: $50 million for creation of an independent monitor, and $100 million for a Pipeline Safety Trust ($5M/year for 20 years)

How does Records Management help to

mitigate RISK?

Good Records Management ensures…

Access and Availability of information

Integrity of information

Legal, regulatory & business retention of information

Defensible Disposition

Protection and security of information

Governance

Corporate Governance The framework of rules and practices by which a board of directors (and equivalents in public and other sectors) ensures accountability, transparency and fairness with its stakeholders.

governance relates to consistent management, cohesive policies, guidance, processes and decision-rights for a given area of responsibility;

• Accountability framework

• Decision Rights

• Policies and processes

• Communication, Education and Training

• Records Management

• Information Technology

• Standards and metrics

• Laws and Regulations.

Information Governance

Accountability

Transparency

Integrity

Protection

Compliance

Availability

Retention and Disposition

Generally Accepted Recordkeeping Principles®

Accountability

Accountability is the expectation that everyone is responsible for their own decisions and actions; and, in many cases, for the actions of others under their command.

It is a fundamental part of a child’s upbringing;

It is part of everyone’s employment contract;

It has been central to discussions related to problems in all sectors, in all countries.

Accountability A senior ‘leader’ is accountable for information governance across the organisation;

S/he delegates program responsibility to group or individual;

The organization adopts policies and procedures to guide personnel and ensure that the program can be audited

CONSEQUENCES What are the consequences for not being

responsible for your actions?

How does this relate to information governance and records management?

Well you have just heard the San Bruno story…….

…………and it is no bedtime story

Actions and Decision rights

Confusion

Inconsistency

Lack of Guidance

Responsibility but no authority

Compliance

The organization develops an information governance program to comply with laws; regulations and other binding authorities; and, internal policies.

The Principle of Compliance delivers

Accurate references to laws, regulations, and other binding authorities; and, Guidance on how to comply with them.

Standards and a code of conduct against which the organization measures how compliant their personnel and the organization are;

Audits to record levels of compliance; acknowledge, and fix failures; and, recognise improvement.

Links to: • Retention; • Protection; • Transparency; • Integrity.

Disposition

An organization provides secure methods for disposal of information that is redundant or has reached the end of its retention period.

The Principle of Disposition delivers

Secure methods for disposal of information - all media, that is redundant or has reached the end of its retention period.

Links to: Retention Compliance; Integrity; Availability;

Availability

The organization develops an information governance program to ensure that its information is available in a timely and efficient manner.

The Principle of Availability delivers

The correct information to: The right person, At the right time; In the right format; With the correct protection.

38

Links to: Integrity; Protection; Retention; Disposition

Integrity

The organization’s information governance policy and program deliver authentic and reliable information.

The Principle of Integrity delivers

A suitable guarantee of the authenticity and reliability of the organization’s information;

Up-to-date and accurate information.

Links to: Availability Transparency Protection

Retention An organization shall retain its information for a specified

period of time;

In accordance with the organization’s operational and historical requirements;

and,

In compliance with laws, regulations and other binding authorities.

The Principle of Retention delivers

Compliance Defensible Disposition

The Principle of Retention also assists in the delivery of

Accountability

Transparency

Integrity

Protection

Availability

Transparency

The policy, processes and activities of an organization are documented and available, on demand, to all personnel and interested parties.

The Principle of Transparency delivers

Documented policies, processes and activities that provide consistent guidance and methods for transparency of information;

Quick and efficient access to these documents by all personnel and interested parties.

Links to: Availability Integrity

The Principle of Protection delivers

specific levels of protection for the organization’s information.

Links to: Integrity; Availability; Retention; Disposition

Protection

The organization develops an information governance policy and program to provide protection to its information

The Benefits of the Principles Increase access and availability

Protect information assets

Encourage transparency

Improve integrity and accuracy

Provide security

Deliver compliance; and,

Reduce Risk.

THE BIGGEST RISK

In San Bruno

• 8 people died; • 56 people were injured; • 38 homes were destroyed

PEOPLES’ LIVES ARE TOO BIG A RISK

THE CPUC LEGAL TEAM ON THE SAN BRUNO CASE

Thanks to Dr Paul Duller for letting me mix up and change some of his slides for this presentation

Alison North anorth@aninformation.co.uk Do connect with me on LinkedIn