The Security Manager should audit and revise this Post-Disaster Security Plan annually. Audits should include a review of all new security technology, maintenance contracts for all security hardware, and the post-disaster working relationship between the Facilities Manager and the Security Manager. Division of tasks in extreme circumstances will remain an ongoing issue for everyone involved in the head office’s security.
Additional Information
A. Post-Disaster Security Risk Analysis
Taking into account LGPL’s risk assessment and analysis, the Security Manager should be aware of the following post-disaster risks at LGPL:
Water ingress, leaks and flooding from burst plumbing and water mains
Smouldering fires, smoke and fumes from fires
Downed wires and cables
Broken glass and debris
Power outages and brownouts
Malfunctioning technology
Intruders (mostly curious onlookers)
Thieves and looters, particularly around the perimeter.
B. Security Manager’s Immediate Post-Disaster Tasks
The Security Manager’s tasks immediately after a disaster will be:
• To cordon off damaged and hazardous areas.
• To advise staff of risks from structural and non-structural damage, and to warn them away from hazardous areas. (This duty could be shared with the Facilities Manager.)
• To advise the Library Management Group of any post-disaster security risks.
• To call for additional security as required, as per the appropriate strategic alliance.
• To monitor entrances and exits as required.
• To ensure that post-disaster visitors to the LGPL sites have appropriate identification.
• To give directions to first responders, repair crews, and the media as they arrive at the LGPL sites.
C. Information Security and Confidentiality
The Security Manager should play a role in LGPL’s information security and confidentiality. The main issues covered in the policy and procedures are as follows:
• Levels of confidentiality:
– Classified information: Library Management Group members only
– Confidential information: Library Management Group and employees only
– Private information: Relating to one individual only, usually personal data
– Public information: Can be released to the general public
• Security implications of different kinds of media:
– Paper
– Digital
– Microfilm
– Multimedia
– Miscellaneous
• Secure On-Site Storage of LGPL Information
– Cabinets, locked and unlocked
– Loose records (on desktops, etc.)
– Computer password controls
– Audits of data back-ups
– Storage area security
– Secure destruction of obsolete records held on-site
• Secure Off-Site Storage of LGPL Information
– LGPL standards for off-site storage vendors
– Archival security
– Indexing of information stored off-site
– Post-disaster retrieval of vital records held off-site
– Secure destruction of obsolete records held off-site
• LGPL Information in Transit
– Secure lock-up of LGPL information in staff-owned vehicles
– Secure transport of laptop computers and other portable IT devices
– E-mail security
• Information Technology Security
– Anti-theft: securing hardware to supporting surfaces
– The importance of up-to-date firewalls and encryption
– The importance of regular, fully-tested data backups
– Preserving vital documentation: manuals, contracts, reports, and ledgers
All of the above items are matters of concern during the resumption process. The Security Manager should be available to provide ongoing support for information security at LGPL sites after a disaster