n.the systematic control of damages or losses to archival records and institutions, including the assessment of threats, mitigation and prevention, and response and recovery effortsBearman 1989d, 10To earn the respect of their fellow managers, and to begin to construct a viable practice of appraisal, archivists need to substitute the language and methods of risk management for cost-benefit analysis. Instead of asking what benefits would derive from retaining records, they should insist on an answer to the probability of incurring unacceptable risks as a consequence of disposing of records. This will very likely dramatically reduce the volume of records that are judged essential to retain.Bearman 1994a, 26This array of risks can be minimized through planning grounded in risk management. First it requires that senior management define the risks associated with records and make everyone in the organization aware of these risks, of the steps being taken to contain them, and of the penalties which the organization will impose on those who fail to support accountability. Second, management must adopt risk management criteria for program effectiveness and enforce data policy requirements including security, privacy, vital records recovery, freedom of information, and archival preservation.Lasewicz 1994, 133From a risk management perspective, proactive archivists can help lower the chances of a repeat of the Union Carbide Corporation (UC) experience in Bhopal, India, where a poisonous gas leak from a UC subsidiary’s factory killed more than 2000 people and injured more than 200,000. Not only was UC’s headquarters unfamiliar with the Indian plant’s operations—an information gap that contributed to the disaster—but that same lack of information hampered the corporation’s ability to respond to the event. A disaster recovery plan based on accessible documentation of the plant and its societal environment would have been invaluable in both cases.Gilliland-Swetland 1995, 39It cautions against utilizing a pure systems or risk management approach in identifying such materials for long-term retention, and concludes with a discussion of the need to revisit the role of appraisal to establish and capitalize on the nature and use of digital communications.Walters 1996, 335The principles behind risk management and the reinvention of archives may be relevant to collections and preservation archivists as well as appraisal archivists. In fact, the risk management concept has great potential in the preservation selection context. The “cost-benefit” perspective should be refined and better articulated for application in the context of preservation management.Beamsley 1999, 361Responsible stewardship of digital image assets calls for a more formal and thorough risk management assessment of potential threats and for the creation of an informed and thoughtful security plan for their management and protection. ¶ Risk management is the sum of all activities directed toward acceptably accommodating the possibility of failure in a program.Lawrence et al. 2000, 19In fact, our organizations routinely practice risk management. Traditional tasks, such as centrally housing materials, cataloging items to a position on a shelf, and binding loose items together, now have as their digital counterparts the creation of data centers, metadata, and data backups. Digital preservation is in its formative stage, and the use of risk-management procedures established today will seem exceptional until these procedures are integrated into standard practices.Kenney et al. 2002A risk-based preservation management program begins with two key questions: what assets may be at risk and should be included in the program, and what constitutes risks to those assets? Risk is a relative term—an event or threat may be risky in one environment but not in another. Therefore, risk management programs should be developed and implemented within an organizational context: each institution will need to define its own “worry radius”—the context that provides definitions of perceived risk and acceptable loss. Effective risk management also requires determining the scope and value of assets. The cost of implementing the program should be appropriate to the estimated value of the assets and the impact of their loss on operations and services.Loe 2004, 68–69Two kinds of institutional risk management apply to the licensing of archival materials for commercial use. The first is determining the “scope of rights” that your institution has to grant, and that your organization is not infringing on rights held by others when agreeing to reproduction. The second is defending your institution’s rights when its holdings are infringed upon, misrepresented, altered, or illegally transferred by others.Boles 2005, 31Risk management, however, brings forward principles that help decide this question. Risk management asks what would happen if records were not available.Hedstrom et al. 2006, 164–165Researchers at Cornell University applied risk management methods to identify properties that might be altered or lost during migration of several different types of files. They found that the original bitstream could be altered by bugs in conversion software, mishandling or failure of storage media, incompatibilities between the original and the migrated formats, and changes in compression, file sizes, media density, and file names.Smith 2012, 19The second strategy for risk management in digitization projects is to ask permission from the people or organization that would be most likely to object to the digital display. Again, we should recognize that it will usually be impossible or impractical to identify every rights holder and ask permission, and no project need depend on meeting such an impossible standard. The principle of reducing the number of people likely to sue suggests that asking permission even from only a few rights holders, especially those who seem likely to hold rights in a substantial portion of the included material, is an important step in risk management.McCann 2013, 33Although they [Mark Greene and Dennis Meissner] explicitly invoke risk management in discussions of privacy issues, MPLP itself is a methodology that necessitates risk management to ensure the collections continue to be preserved for users. Application of risk management techniques is crucial to ensure that collections that are minimally processed are accessible for future users.Evans and Durán 2018, 343We present this genre-based rights review process based on a risk management and fair use approach as a way to address legal limitations to access.Joffrion and Cloonan 2020, 133While risk management aims to reduce the probability of disaster, disasters do occur.Robertson 2020, 40Insurance is one of the more basic forms of risk management and preparedness planning.
