header
vol. 21 no. 4, December, 2016


Risk management and disaster recovery in public libraries in South Australia: a pilot study

Diane L. Velasquez, Nina Evans, and Joanne Kaeding


Abstract
Introduction. This paper reports the findings of a study of risk management in public libraries. The focus of the research was to determine whether the libraries had a risk management and disaster plan for major disasters.
Method. A qualitative study was done to investigate risk management and disaster recovery in public libraries in South Australia. Seven personal interviews were conducted with library managers and librarians at four public libraries.
Analysis. The qualitative results emerging from the interviews were analysed through hand coding using grounded theory.
Results. Participants confused risk management and disaster recovery with the practice of work (occupational) health and safety. None of the participating libraries have a risk management or disaster plan.
Conclusions. The library managers do not rate the risk of disaster as high, believing that their library is located in a low-risk disaster area. They also do not regard any part of their collections to be of great value. Loss of a collection is perceived as an opportunity to refresh that collection. The participants do not consider risk management and disaster recovery as an important part of their business.

Introduction

Natural disasters and man made threats can occur any time and any place without warning. Being prepared is the first step towards ensuring that an organization is ready to handle a potential disaster. The level of severity of a disaster or threat can determine whether the organization is able to deal adequately with the situation. Muir and Shenton (2002) explain that although 'risks can never be completely removed, much can be done to mitigate their effects'(p. 116). They also note that libraries and other information management organizations are not likely to have a comprehensive risk management or disaster plan, unless they have been through a disaster before, or if they are located in a high risk environment (e.g., sited on a flood plain or in an area prone to tornadoes, cyclones or hurricanes).

This paper investigates the use of risk management and disaster plans in public libraries. The risk management and disaster planning literature available is focused on academic libraries. This research aims to explore the public library gap. A pilot qualitative study was done to investigate risk management and disaster recovery in public libraries in South Australia. Seven personal interviews were conducted with library managers at four public libraries in South Australia. Although only four public libraries were involved in the pilot study, these libraries represent twelve branch libraries in three suburbs in the Adelaide area. The qualitative results emerging from the interviews were analysed using grounded theory method, and are presented in this paper.

The decision-making processes in public libraries are not the same throughout Australia. In metropolitan Adelaide, public libraries are part of the council structure and are situated within a department of the council; this influences decision-making. The chief executive officer oversees the entire council and each department has a director who is responsible to the chief executive officer. The library manager reports to a director and runs the day-to-day library functions along with some customer service aspects of the city, such as bill paying. A public library is seldom able to make independent decisions on all aspects of library management. The library manager would have the ability to approve all expenses that are within their budget. Anything that is outside of their approved budget must get department head approval.

South Australian public libraries are part of a state-wide public library network. All public libraries are members in this very active system which includes a centralised library management system. The system allows customers to borrow and reserve materials with their local library card across any public library in the state. The 'One Card' Network was rolled out during the period 2012-2014 in the state-wide public libraries (South Australian Public Library Services, n.d.). This means that there is a relatively high level of homogeneity amongst the management and practices of public libraries in South Australia. It is therefore reasonable to assume that the findings from these four libraries are indicative of library practices within many of the public libraries in the state.

Terminology

Before attempting to discuss the literature associated with disaster recovery and risk management plans, the terms used need to be defined. A disaster is defined as:

any incident which threatens human safety and/or damages, or threatens to damage a building, collection(s), item(s), equipment, and systems (Eden and Matthews, 1996).

Hazard is an insurance term that means:

[a] condition or situation that creates or increases chance of loss in an insured risk ... physical hazard: physical environment, which could increase or decrease the probability or severity of a loss. It can be managed through risk-improvement, insurance policy terms, and premium rates... (Business Dictionary, 2015).

The definitions of risk management and disaster recovery are the same throughout most industries and businesses. Some organizations may have a targeted disaster plan for the information technology function, but in a library or information organization the tendency is to have an overarching disaster plan that includes all aspects of the library. A disaster plan is defined as:

systematic procedures that clearly detail what needs to be done, how, when,and by whom before and after the time an anticipated disastrous event occurs. The part dealing with the first and immediate response to the event is called an emergency plan (Business Dictionary, 2015).

Risk management is defined as:

the identification, analysis, assessment, control, and avoidance, minimisation, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events (Business Dictionary, 2015).

The terms disaster planning, disaster control planning, disaster plan, and contingency planning are used interchangeably in the literature (Muir and Shenton, 2002).

Literature review

Risk management

Library and information science literature includes articles about disasters that have destroyed or damaged collections and buildings. Few articles exist about how to compile a risk management plan. Bulow (2010) outlines the method of risk assessment that was carried out at The National Archives in the United Kingdom. The method was developed by Waller (2003, as cited in Bulow, 2010) and is based on a mathematical formula. This is an excellent model of risk assessment because it improves the preservation of the archive collection (Bulow, 2010).

The assessment at The National Archives was comprehensive and aimed to identify all levels of risk within three categories: rare and catastrophic risk, including earthquakes and floods; sporadic and severe risk, including burst water mains; and ongoing and mild risk, including high relative humidity. The archive collection was divided according to material to make the assessment as specific as possible. From this assessment, a total of 190 risks to the archives were identified and rated according to severity and frequency. The ten types of deterioration included physical forces, water, fire, pests, contaminants, temperature, relative humidity, light and other forms of radiation, criminals, and custodial neglect. The value of the collection was also assessed with regards to importance; usefulness and quality in a survey carried out by patrons and staff (Bulow, 2010).

Insurance of collections, which is another form of risk management, is discussed in an article by McGinty (2008). McGinty focuses on initiatives that libraries can take to safeguard their collections from loss. He recommends that organizations should assume that a disaster of some level will occur, and should create a risk management plan to deal with the consequences (McGinty, 2008). He states that library insurance needs are often ignored because there is a lack of understanding about the risks associated with library operations, and, perhaps of more concern, public libraries make the assumption that they are covered under their governmental body's umbrella policies. Public library directors and managers need to make sure that any insurance covers not just the library building, but the collection as well. McGinty recommends self-insuring collections, if it is financially possible. Unlike Bulow (2010), who suggests that staff and even patrons should assess the value of the collection, McGinty recommends that professional assistance should be sought to assess the value and possible risks and to develop a plan for dealing with these risks. He adds that fires are the least anticipated risk and suggests methods of fire prevention (McGinty, 2008). Green and Teper (2006) also convey the importance of fire protection. The lack of disaster planning and smoke detectors is a theme across both articles.

Disaster plans

Disaster plans are more widely discussed in current library literature than risk assessments. Wong and Green (2007) explore the theoretical aspects of disaster planning in public libraries including planning, prevention, response, recovery, preparedness, and training. They emphasise the importance of selecting a library disaster response team and developing a disaster response plan. The plan involves surveying the building and staff practices, identifying potential disasters and their effects, developing library floor plans, and prioritising the collection in terms of value (Wong and Green, 2007). Fleischer and Heppner (2009, p. 128) also discuss disaster preparedness and recovery plans and agree that a responsibility of the disaster preparedness team is 'to draft and implement the plan and... to put the plan into action'. Fleischer and Heppner add that when forming the team, every area of the library should be represented including customer service, technical services, collection management, preservationists, the maintenance department or council, and the relevant first aid officers and fire wardens.

Fleischer and Heppner (2009) also offer other steps to disaster preparedness. They state that before creating the disaster preparedness team, a project proposal should be developed to gain the necessary support and approval from management, as planning can be a timely and costly process. While Wong and Green (2007) briefly mention factors such as cost and insurance, they do not discuss the pre-planning stages in detail. In contrast, Fleischer and Heppner (2009) make detailed suggestions for the pre-planning stages. These include gathering information on past disasters and plans, assessing the collection and creating a salvage order, creating internal and external hazard survey forms, and consulting externally with fire departments and surrounding organizations.

One area of common ground for both papers is the contents of a disaster preparedness plan. Both state the importance of emergency and staff contact information, floor plans, inventory of emergency supplies, collection salvage priorities and disaster response and recovery procedures (Fleischer and Heppner, 2009; Wong and Green, 2007). An important aspect not included in Wong and Green's (2007) recommendations is prevention and protection measures that mitigate controllable risks and disasters.

Green and Teper (2006, p. 51) offer a different perspective on disaster planning in a small public library. They emphasise the importance of local collections as they are 'built, managed, served, and most highly valued locally', and therefore their preservation is predominantly of local concern. Unlike Wong and Green (2007), they suggest that professionals could not offer the same input as the local community in regards to preservation of the collection, and that the local collection would be a priority for preservation before a disaster. As Fleischer and Heppner (2009, p. 131) state, the first priority should be 'materials that are difficult or impossible to replace or have prime research value or significant monetary value'. Local collections are not always valuable on a monetary level, yet they are valuable and often irreplaceable to the community. Green and Teper (2006, p. 53) therefore recommend prioritising the local collection in the disaster plan, because 'knowing where the local collections are and how to evacuate them is crucial to their salvage'.

Business continuity planning

Business continuity planning is part of a suite of documents that encompasses risk management and disaster planning. The documents include disaster plans and the information needed to rebuild or recover from any type of disaster. Disaster types include a breakdown in information technology or telecommunications breakdown, as well as natural or manmade disasters. In the business and government environment it is important to consider all types of disasters as interruption to the business can cause damage to its reputation. It is necessary to recover as quickly as possible from any type of business interruption to survive as a going concern (Cerullo and Cerullo, 2004).

The business continuity plan is 'designed to avoid or mitigate risks; to reduce the impact of the crisis; and to reduce the time to restore conditions to a state of "business as usual"' (Cerullo and Cerullo, 2004, p. 71). The basics of the business continuity plan are similar to the disaster plans regarding identification of potential major risks; development of a plan to either reduce or mitigate those risks; training of employees and testing the plan to ensure that it will be effective (Cerullo and Cerullo, 2004).

How to compile a risk management plan

A risk management plan or risk management and disaster plan is used after an incident occurs. The ability to plan is dependent upon having staff with expertise in disaster planning and risk management. The nature of the plan and how much it covers can be difficult to assess. The most important priority for the organization is to determine which natural disaster is most likely to occur in their area. There is a plethora of natural disasters and most cities can be threatened by fire and flood without being in a high risk part of the world. Some locations are prone to weather risks such as cyclones, drought, heat waves, electrical storms, hurricanes, tornados, bush fires, and tsunamis. Other natural disasters include unexpected geological disasters such as earthquakes, volcanoes, sink holes, landslides, avalanches, and mudslides. Finally, manmade disasters such as technological interruptions and destruction, shootings, and terrorism should also be considered.

According to the Business Continuity Management Policy (2014) of the New South Wales Library Council the priorities of the policy are:

Within the Business Continuity Management Plan, the State Library of New South Wales has designed clear responsibilities for each tier of management. Furthermore, the tests and simulations of the plan are run by the staff to ensure that the State Library will be able to manage their responses during a disaster.

Gibb and Buchanan (2006) provide a framework based on project management for a business continuity management plan is very detailed and focused on the technological aspect. In order to compile a business continuity plan, for libraries and archives, the information needed is financial plans, detailed risk analysis of the systems and processes, and risk mitigation strategies for those systems.

Cloud computing

In order to save space and maintain computer systems, many small and medium sized organizations are moving to cloud computing as a way to free up resources and manage files more easily (Brender and Markov, 2013). There are advantages and disadvantages to cloud computing when considering risk management. The biggest advantage is that it gives these enterprises the ability to access software, services, and infrastructure that could be beyond their reach if the organization had to purchase them (Hawser, 2009). Disadvantages of cloud computing include the potential of being under another country's laws if the cloud vendor resides there, loss of governance, and privacy issues (Brender and Markov, 2013).

Moving servers to a cloud site allows a library to manage risk, for flexibility and cost efficiency (Brender and Markov, 2013). However, whether information is stored in the cloud or on servers within the library, it is always vulnerable to hacking and security risks. Risk management involves determining who the responsible party is by determining what country the servers reside in. When a third party takes responsibility for an organization's data and information, there needs to be contractual assurances that everything is being done. Most regulations will hold the user (i.e. library) responsible for the security and integrity of their data (Heiser and Nicolett, 2008). Another unique aspect that all organizations under contract for cloud computing need to understand is that the supplier of cloud computing must follow the laws, policies, and regulations of that country where the cloud is located or hosted (Brender and Markov, 2013; Heiser and Nicolett, 2008). Depending on the location of an organization, regulatory compliance could have data protection laws. The European Union has enacted strict data and privacy protection laws.

Threats and disasters

A disaster is any incident that threatens human safety, damages, or threatens to damage, a building, collections, items, equipment, and systems (Eden and Matthews, 1996). This definition encompasses many events that have occurred in different parts of the world. The list of disasters includes earthquakes, cyclones, hurricanes, tornadoes, bushfires, tsunamis, and floods, along with shootings and terrorism and many other events that either nature or man can inflict upon buildings, technology or people. Library buildings that survive a disaster often play an important part as community disaster recovery centres. In the aftermath of Hurricane Katrina the public library in New Orleans (Louisiana, USA) became a gathering place where people who had lost their homes and businesses filled out insurance forms and Federal Emergency Management Agency (FEMA) documents to apply for financial support (Jaeger, Langa, McClure and Bertot, 2006). The New Orleans Public Library was open 24 hours a day after the disaster.

In the last ten years, a number of devastating natural disasters occurred. Examples include the hurricane season of 2004-2005 in the United States, particularly hurricanes Katrina and Rita, the flood in Hawaii at Manoa in 2006, as well as the Tohoku earthquake which caused a tsunami and nuclear reactor disaster in Fukushima, Japan in 2011. In 2010 and 2011 a series of earthquakes occurred in the Canterbury region of New Zealand, affecting the city of Christchurch. These disasters permanently changed community landscapes.

Hurricanes Katrina and Rita damaged and destroyed libraries in Louisiana, Mississippi, Alabama, and Texas in the United States in August and September of 2005 (Nevins and Nyberg, 2006). The New Orleans area was severely damaged due to levee failures that caused Lake Pontchartrain to flood the city (Corrigan, 2007; Skinner, 2006). The flooding caused catastrophic damage to library collections throughout the Louisiana and Mississippi areas (Corrigan, 2007; Hamilton, 2011; Nevins and Nyberg, 2006; Skinner, 2006; Wall, 2006; Washington, 2006). Two lessons can be learnt from the Hurricane Katrina experience, namely 'that people turn to libraries in times of crisis and that libraries matter to people and communities' (Smith, 2006, p. 156).

On 30 October 2006 torrential rains caused flash floods in the basement level of the library at the Manoa campus of the University of Hawaii. The basement level of the library housed the library and information science department, which included faculty offices, federal government documents e.g. maps, acquisitions, collections, and technical services for library materials (Davis, 2006). According to Davis the main disaster plan of the library can be summed up in four words: 'act before mould grows' (2006, p. 101). The library's first responders managed to save the map collection by freezing the maps in freezer containers before preservation efforts could get underway (Davis, 2006).The maps were the first things processed; other items of the collection were dealt with afterwards.

On 11 March 2011, Fukushima was caught in the Great East Japan Earthquake, centred on the Tohoku region. This resulted in the Fukushima Daiichi nuclear disaster. The earthquake, one of the largest in Japanese history, caused a series of tsunami waves as high as ten meters which reached a height of forty meters above sea level as they moved inland (Suzuki and Miura, 2014). Within the Fukushima prefecture, three public libraries were completely destroyed by the tsunami, while five libraries were closed due to the nuclear disaster and have not reopened due to the high risk of radiation exposure (Suzuki and Miura, 2014).

On 4 September 2010, a 7.1 magnitude earthquake, struck in the middle of the Canterbury region of New Zealand, 40 kilometres east of Christchurch. Substantial damage occurred, but no lives were lost (Cretney, 2016; Canterbury Earthquake Royal Commission, 2012). A subsequent magnitude 6.3 earthquake occurred on 22 February 2011, centred ten kilometres southeast of Christchurch, which caused considerably more damage to buildings and infrastructure and 185 lives were lost (Cretney, 2016; Canterbury Earthquake Royal Commission, 2012). Both of these earthquakes occurred on faults that were not considered active, in a region not known for earthquakes (despite most of New Zealand being earthquake-prone) and the community never considered that earthquakes of this magnitude and strength would ever happen in the Canterbury and Christchurch areas (Canterbury Earthquake Royal Commission, 2012).

Preparing for and recovering from disaster

The four examples discussed above have been catastrophic disasters and the worst experienced throughout each region's history. Preventing such disasters is impossible, yet planning for recovery is crucial (Canterbury Earthquake Royal Commission, 2012; Davis, 2006; Jaeger, et al., 2006; Suzuki and Miura, 2014). From a management perspective, people are our most important asset. However, literature clearly shows that there is often inadequate planning to protect the people of the organization. In a catastrophic event where communication services can be limited, locating library staff is difficult. In the month after Katrina many of the municipalities in the New Orleans and Baton Rouge areas only had access to mobile phone service (Banipal, 2006). The libraries' telephone lists contained only organizational e-mail and phone numbers, which wasinadequate (Hamilton, 2011). One of the recovery actions was to add alternative phone numbers (mobile, out of area family) and alternative e-mail addresses to their contact lists (Skinner, 2006).

According to Wall (2006), libraries should prepare for four types of disasters:

  1. Minor disaster: A minor disaster affects a non-critical part of the library, such as when a washroom overflows and a carpet gets wet outside the door.
  2. Localised disaster: A localised disaster involves damage to library materials and collections. Recovery requires some specialised training in the handling of library materials.
  3. Major disaster: More than 25% of the library materials or library facilities are affected or damaged in these cases. Library collection losses can occur and significant financial resources are needed for the recovery.
  4. Catastrophic disaster: A catastrophic event has a devastating effect on a region or country. Widespread damage is done to the operation of all basic services and infrastructure. Complete recovery from a catastrophic disaster could take years or decades. The funding needs will usually be beyond the ability of the local and even state governmental resources.

Wall also notes that because a catastrophic disaster renders all infrastructure services unavailable, access to the affected area will be limited.

While planning for a minor, localised, or major disaster is challenging, a disaster plan will be based upon a number of assumptions. Smith (2006) suggests that a true disaster plan should assume the worst case scenario of widespread damage and loss. This includes the loss of water, communications, infrastructure, as well as access to the library, staff and resources. Smith (2006, p. 153) suggests: 'Plan for the worst; hope for the best'. He and Wall both suggest that key members of staff have electronic and hard copies of the disaster plan along with names and phone numbers of insurance companies and other contacts that will be needed in the first instance. They should also prioritise what should be saved in the event of a disaster(Smith, 2006; Wall, 2006).

Research method

Because of the qualitative, exploratory nature of the research, personal interviews were used to collect the data. Purposive sampling was used to select participants who were library managers or team leaders in libraries in the Adelaide area of South Australia. Participants' perspectives were sought for this pilot project, rather than statistically significantdata.

The seven interviewees included three team leaders, two managers, and two librarians. The seven participants were female. The participants were recruited via telephone by the students who subsequently interviewed them face-to-face. Personal interviews of 60 to 90 minutes each were conducted.

An interview guide was used to focus the discussion and to promote a consistent approach (Flick, 2006; Miles and Huberman, 1994). Questions were open-ended and discovery-oriented. Planned prompts (predetermined) and floating prompts (impromptu decisions to explore a comment in more detail) enabled the researchers to delve into detail as required. Particular attention was paid to the confidentiality of sensitive information: consent was sought, confidentiality agreements were signed, security provisions were undertaken, and names of individuals and organizations remain unidentified. Participants have been identified in the findings with "L" and a number that represents their library. Consequently, the participants were willing to enter into open and trusting discussions. Each interview was audio-recorded and transcribed verbatim.

The following questions were asked during the interviews:

  1. What assets do you have in the library?
  2. What are the risks that the library and staff face?
  3. What measures do you have in place to mitigate risk?
    1. What kind of risk prevention plan does the library have?
    2. What kind of risk recovery plan does the library have?
  4. What insurance do you have?
  5. What do you think is necessary or could be done regarding risk management?
  6. What could be done for a risk management strategy?
  7. What kind of disasters have you or your library experienced before?
  8. If you have been in a disaster before, when and where was the disaster?

The interview transcripts were separately analysed by each of the researchers and then discussed to iteratively identify common patterns or themes using a constructivist grounded theory approach (Charmaz, 2014). The findings and discussion are based on an analysis of the interview transcripts, compared and contrasted with published literature. The goal was to let practice inform theory and vice versa (Miles and Huberman, 1994).

Findings

The findings are presented here according to the themes identified during the analytical phase. Direct quotations are included where appropriate to expand upon the theme.

Library assets

Libraries have various assets and a number of these were identified by the participants. Most participants mentioned books, DVDs, CD-ROMs, desks and furniture (chairs and lounges) and computers (L2, L3, L4, L5, L6). L1 also referred to an archive collection containing older books, while L3 added buildings, shelving, toys and hydraulic lifts. L4 mentioned that some branches have an eco-collection, an art collection, or a local history section, but was not sure whether the local history actually had a quantifiable value, because it is irreplaceable and if it was lost there is not much they could do about it. L3 stated that customers were the greatest asset that needed protection, and L4 listed library staff.

Risks and disasters experienced by libraries

The most common risks identified by the participants include water damage, fire, bug infestations, moisture and light. Other risks included theft, graffiti, the stairs as a fall hazard, the lift breaking down, power outages that bring servers down and power surges that damage the library equipment (L2). There are also safety concerns around the new modified mobile home library and the vehicle used to provide this service (L3). Another risk noted was the increase in manual handling due to increased volume of collections being transferred between libraries. L3 noted that this might result in injuries to library staff.

Participants mentioned a number of 'disasters' that have happened at their libraries, but most of these were actually regular work (occupational) health and safety risks. L1 mentioned that the worst thing that has happened to the collection was a water leak that came through the roof and down a light fitting, flooding the floors and damaging books directly underneath it. The interviewee commented that it was probably a good thing, because it helped her to reorganize the collection and plan it better, especially how it could be stored more safely. She added: 'It's not until you actually go through a disaster that you appreciate what it [collections] does have'.

L6 referred to their mobile library that caught fire and, like L1, referred to this incident as 'an opportunity to refresh the collection'. Another incident was when a car drove through the window of their library, destroying the whole front window. L5 had experienced power blackouts where they had to escort people to the door with a torch, a break-in and a burst pipe, 'but nothing hugely disastrous'.

One of the libraries experienced a mild disaster that left damage to the building. L4 noted that the front window, 'the big long one', was smashed through vandalism. Fortunately, the library did not have to be shut until it was fixed. The interviewee added that it is common sense what to do in such cases, because 'they are one off things that you can't really plan for - you might have instructions but you might never get to need it'. This library also had procedures for violence against staff, especially as they have a council service desk and have to deal with money, which makes them a target. 'People don't understand that we have no control over those money drawers, so we have duress alarms and procedures to follow [...] if someone was aggressive'. The interviewee also added that bushfires could happen as their library is located in a very bushy area.

Managing risk in libraries

None of the libraries has disaster plans or risk management plans. Most interviewees indicated that risk is managed as a security or a work health and safety issue. Every library has a copy of the work health and safety plan and the activities are regularly mentioned in management meetings and safety meetings. The work health and safety plans do not convey anything about collection management.

L1 indicated that they have blinds specifically installed so certain areas of the room are always kept dark to protect the collection. All their photos have been digitised and customers are given copies of the DVDs. They do risk assessments for various activities and they use a matrix to work out the consequence, the likelihood and priority of the risk. Even if they move a collection, they will look at the risks involved. They also repeat training regularly to refresh their skills. The library has duress alarms to alert security personnel; one that staff can carry with them and one at the desk. This library also locks the local history collection items in a secure room that is only open three days a week. Some items are allowed to be taken out of the library for special events, depending on an item's age, uniqueness, whether it is supervised, and so on.

L2 did not know whether the library had a disaster plan, although it did have a process to mitigate identified risks. These have also been documented through work health and safety but in terms of potential damage to the collection, no risk assessment is done.

A risk register covers aspects like staff safety. L3's library has hydraulic lifts to assist with some of the lifting, and standard operating procedures which spell out how full the book crates could be. They are also considering physically redesigning the work spaces as far as possible to prevent injuries and work place incidents. L3 also mentioned that all their staff have been trained to handle difficult situations, but added:

obviously not if there is a huge earthquake in which case they might be "a bit wobbly". However, hazard management and risk is discussed quite frequently. It's discussed quite frequently at staff meetings under an agenda item called 'Think Safe, Live Well' which is their "mandate for occupational health and safety".

They have a box containing contact details for times of emergency and a duplicate box is kept off-site. Emergency numbers, police, ambulance, e-mails and phone numbers are regularly updated. They have a new home library service van and they are updating procedures regarding physical injuries and risks of going into people's homes. The procedures are being assessed before the van is even on the road.

Fire evacuation practices are standard procedures (L4). These generally include checking for people in the whole of the library, evacuating to the car park and blocking the exits so no one can come back into the library. According to L4, another risk to staff was picking up syringes and this library had a procedure and the tools to deal with the problem. Staff also received training on dealing with special needs customers with mental health issues and protection from violent customers. L3 added:

The worst kind of disaster that I could think of happening in a library is like an earth tremor or a tree, one of those trees fell down on the building...

When asked whether the interviewee thought there was anything extra that could be done, she responded: 'Well I mean I never say never. But I think that we cover everything pretty well'.

One of the libraries has a risk prevention and risk recovery plan that was created in 2010 (L1). The plan was in the process of being updated, but still gave a good idea of their disaster management approach. The interviewee believed that 'disaster management is not just about knowing what disasters might happen, it's about knowing your collections and how you can protect them...'. The library had a disaster recovery bin containing contact details of the people who needed to be contacted straight away in case of a disaster. It is about being proactive, not reactive: 'So in terms of the plan too, if something happened there is a procedure that somebody can follow, but we are trying to prevent it from happening at all'.

L4 referred to how they handle the risk of bushfires. When they have a severe fire risk or catastrophic day (severe fire risk due to very dry conditions and hot days) they call the volunteers and advise them not to come to the library.

Insurance

One interviewee (L1) mentioned that their library was covered by the Local Government Mutuality Scheme but the interviewee was not aware whether they had any additional insurance. The interviewee's understanding was that all local government organizations are protected by that scheme which provides insurance for public liability, property and staff. L2 and L3 indicated that they have collection insurance that is managed through the Local Government Association.

L4 referred to the unique relationship with the adjacent school. Their insurance covered the library collection as it did the school books and the library furniture. The adjacent school owned the building, the furniture and school books. The equipment that was considered to be a bigger loss, such as the photocopiers, laminators, printers and computers, were leased: 'If we had damage to this equipment, we just ring [the supplier] to swap or fix it'. However, the RFID equipment, the self-checkout machines and data projectors were not leased. So if they were damaged it would be the responsibility of the library to get them replaced.

Disaster recovery management in libraries

In some cases the archival collection containing valuable items is not available for customers as they are kept behind locked doors. L6 acknowledged the risk to these locked areas, namely that 'a disaster could happen because, you know, a roof could collapse that sort of thing there, or a pipe could burst'. The interviewee added, laughing:

You've opened a can of worms for us now, thank you; you would hope that the likelihood [of a disaster] is low but you've got to... prepare for that low, low chance.

When asked whether she thought more could be done in terms of disaster planning or the risk registry, L4 responded that 'everything can be improved, but I can't actually think of anything at the moment'. The interviewee then again referred to their work health and safety committee:

if we see some improvements we'll instigate them after going through the steps and making sure they are safe and then go from there. It is always malleable I suppose, you can change it. In general I think we are pretty good, but there is always room for improvement.

L4 did not seem to regard the library collection as very important:

I can't imagine really that we couldn't live without our collection. The collection could be replaced with items from the rest of the branches temporarily and the insurance would give them the money to replace the toys, the fiction, the non-fiction, and etcetera.

The interviewee also regarded such a situation as a potential opportunity to refresh:

It would be sad, but it would be very exciting for the community because they get a refreshed library.

Discussion

The next section discusses the major issues that arose from the data.

Work health and safety

In Australia, work health and safety (formerly known as occupational health and safety) is a legal requirement for all businesses. In Australia, work health and safety laws have been put in place with suggestion that business organizations of all types follow these requirements. It is not; however, mandatory but most organizations do follow some sort of work health and safety for their employees. In 2010-11, the federal parliament followed a new, balanced approach and each state parliament was encouraged to pass the new model legislation. The South Australian Parliament passed the Work Health and Safety Act 2012. Compliance with the Act addresses the short term risk, but it is not equal to a long term risk management strategy, as Wall has noted (2006). The Act is clear that an organization has the responsibility for attempting to keep the work place safe from accidents, hazards, or risks. If negligent in any way, the organization could incur financial penalties depending upon the scope of the risk set out in the Act. The findings show that the librarians believed that work health and safety planning were adequate to manage risk on a day-to-day basis.

Collections

A library collection has a monetary value to the council or city. Depending on the age of the community, historical pieces, such as older books, newspapers and magazines, may have been added to the collections. Furthermore, a collection might include memorabilia about the city that is especially precious to the people who live in the community, as well as the history of the state or nation. All of these items have a value, but the exact value depends on whether the collection can be replaced if it is destroyed. For example, local history and genealogical library collections might include articles from small newspapers that may only have been available in one or two towns or cities in the 19th and early 20th centuries. A complete collection of such articles will be unique and have great historical value. If this newspaper collection and the associated local history or genealogy is destroyed in a disaster it would be irreplaceable and constitute a great loss to a local community.

The interview participants' opinion that their collections had little or no value is untrue, especially given that it was purchased with tax dollars. The library managers conveyed the feeling that losing part of their collections would pose an ideal opportunity to review the collection and weed the books that were no longer required. They also regard it as an opportunity to refresh the collection by adding new books and eBooks. The library managers also believed that the implementation of a digital strategy would be a suitable way to mitigate risk. Such a strategy should stipulate which collections are irreplaceable and have value, like a local history collection, and thus which of their collections would be digitised. The library should also have a strategy for saving or preserving items that have been damaged. The literature suggests that libraries should have a priority list of what to save in the event of major damage during a catastrophe (Fleischer and Heppner, 2009). The participants regarded this as unnecessary, because they believe a catastrophe would never happen to them. Preservation of the local history collection is important to ensure that it survives in the long term. Digitising it is one way to ensure the continuity of the contents in case of a fire. Digitisation is a strategy the participants should consider to preserve their local history collections; but many do not believe is necessary because they believe disaster could never happen to them. One of the libraries has a rare and valuable local history collection in its possession, but it has no strategy to preserve it.

It is recommended that library managers create a formal digitisation strategy. Although digitisation costs money and staff time, it is a worthwhile and effective way to ensure collections survive a possible catastrophic event or major disaster.

Risk management

Planning for catastrophic risk is next to impossible, yet being aware that major risks could occur is good management practice as discussed in the literature review (Corrigan, 2007; Davis, 2006; Eden and Matthews, 1996; Fleischer and Heppner, 2009; Green and Teper, 2006; Hamilton, 2011; Jaeger, et al., 2006; McGinty, 2008; Skinner, 2006; Suzuki and Miura, 2014; Wall, 2006). The participating library managers felt that the need for risk management planning depended on the location of their library. They deemed their libraries to be in low risk disaster areas. They did not acknowledge that disasters can happen unexpectedly, as was the case with the Christchurch earthquakes which occurred in a region of New Zealand that was not considered prone to earthquakes. The resulting catastrophic damage will take decades to recover from.

Another example of localised disaster is the cyclones that affect Cairns in North Queensland, Australia. Cyclones bring flooding and high winds and are potentially catastrophic to a public library. Many of the library managers based in South Australia do not believe this could happen in their area, despite previous occurrences of severe weather events that cause torrential rains, high winds and flooding. Furthermore, Adelaide is situated on earthquake fault lines and the risk of an earthquake is real. However, the greatest risk for South Australia is bushfires. Adelaide is the driest city in the driest state of Australia and bushfires are an annual occurrence. The bushfires of 2003 in the nation's capital city, Canberra, also highlight that urban areas are not immune to this risk.

Having a risk management and disaster plan is an essential management tool. If the library is part of a city council, an overarching risk management and disaster plan can cover all the city services. If the council does not have such a plan, the library should have its own plan. A risk management and disaster plan covers all types of disasters from small to catastrophic. A library disaster plan should consider who the contractors will be that would help with disaster recovery, what collections are priorities, who will be in charge if the library manager is unavailable and whether the library is insured and by whom. All library staff should know where the information is held. In the post-disaster phase, libraries that do not plan can be taken advantage of financially by contractors.

All libraries should be covered by insurance. If the council is self-insured the library should still investigate whether the insurance covers the collection as well as the buildings and their contents. Libraries need to be aware that building insurance does not necessarily cover collections. Many libraries have security equipment installed as part of their work health and safety requirements (e.g. mobile alarms), yet the participants interviewed indicated that not all staff were trained in the proper use of this equipment.

The most interesting result emerging from the findings was that the participants did not realise the consequences of a disaster. These consequences can be confronting as the library could be out of service for months or even years. For example, the libraries that experienced the Fukushima nuclear disaster are still out of commission more than five years later (Suzuki and Miura, 2014). Three of the libraries will probably never be reopened due to extremely high radiation levels (Suzuki and Miura, 2014). While the Fukushima disaster could not have been predicted, the long term consequences such as the loss of library service and the resulting impact on the community, could have been planned for as part of their risk management and disaster plans.

Risk management

The participants focused mainly on 'material and buildings', not on people. However, the literature is clear that in a disaster situation, staff are the most important asset. Without a disaster plan, managers often forget that they need to be able to locate staff during and after a disaster. Material and buildings can be replaced; people cannot (Corrigan, 2007; Green and Teper, 2006; Hamilton, 2011; Nevins and Nyberg, 2006; Wong and Green, 2007). Communication with staff regarding risk management and disaster recovery is important, covering situations such as what happens if the management team is unavailable, or unable to enter the disaster zone. If staff members are involved in the planning, they will be able to respond appropriately during a disaster.

Limitations of the study and biases

The study cannot be generalised to other public libraries because it is a pilot study. Inferences can be made regarding public libraries and the library industry in South Australia. However, industry as a whole does not follow these practices. The researchers who conducted the study could have inadvertently coloured the reading of the data with their biases. As postgraduate students did the interviewing, it is possible that the right questions were not asked.

Conclusions and recommendations

Four major observations emerged from analysis of the interviews:

  1. Public libraries have to adhere to many policies and procedures and are reluctant to create more. A perception exists that councils have a tendency to over-regulate and the resultant paperwork is seen as an unnecessary imposition that discounts the common sense of the library staff.
  2. The existence of a state-wide public library network (the One Card system), creates the illusion that the collections are replaceable and that individual collections at each library do not need to be protected. This mind-set does not take into account local or unique history collections that would be irreplaceable if lost.
  3. Risk management is often perceived to be covered by work health and safety regulations. However, the potential risk to a collection is not within the scope of these regulations. The participating libraries rarely, if at all, included their collections in their risk management activities.
  4. There is an attitude among participants that risk management practices will never be able to account for every eventuality. As a consequence they assumed that in the event of a disaster, common sense would prevail.

None of the participants had encountered any catastrophic losses at their libraries. Most of the managers hold the belief that 'it could never happen to us'. Being prepared for a disaster is good management. Although learning more about risk management takes time, it makes good strategic business sense and is something every organization should do.

This pilot research shows that there needs to be some education for practitioners about risk management and disaster planning in libraries. Public libraries in metropolitan Adelaide are associated with councils that do not necessarily have an overarching risk management and disaster plan for the council area. A public library needs more than a general plan that discusses the building and contents. Its collection, local history collection, information technology, and other aspects of libraries are unique in the community and need to be looked after.

Most communities believe that their library would be rebuilt after a disaster, but if the library and collections are not insured there are no guarantees that this would happen. Libraries may choose to back up information technology on the cloud as a risk management strategy. The Tohoku earthquake and consequential Fukushima Daiichi nuclear incident resulted in a situation where public libraries will never reopen due to hazardous levels of radiation. Other issues that could also prevent a library from opening again include lack of funds, global warming (i.e. land reclaimed by the sea or ocean), or other community issues (Suzuki and Miura, 2014).

All the interviewees were very sure it could never happen to them although they also added that stranger things have happened. Being prepared does not mean being fatalistic or sure that disaster will strike. It means being prepared for the worst and making sure that the library and its staff are ready for any kind of disaster.

In the future, the researchers are planning to extend this study on risk management and disaster recovery in public libraries throughout Australia and internationally. The research would comprise semi-structured interviews with library staff that have either been involved or not been involved in disasters. The other aspect of the research would be to do content analysis on any risk management and disaster plans the libraries have done to date.

Acknowledgements

The authors would like to thank Wendy Welton and Emma Gay who assisted with the research while undertaking library and information management studies at the University of South Australia.

About the authors

Diane L Velasquez is the Program Director of the information management programme at the School of Information Technology and Mathematical Sciences, University of South Australia, Mawson Lakes Campus, Mawson Lakes Boulevard, Mawson Lakes, South Australia. She received a Ph.D. from the University of Missouri, MLIS from the University of Arizona, an MBA in management from Golden Gate University and a bachelor's degree in political science. Her research interests are in risk management and disaster recovery, administration and management of information agencies, and evaluation and assessment of public library Websites. Dr. Velasquez can be reached at diane.velasquez@unisa.edu.au.
Nina Evans is Associate Head, School of Information Technology and Mathematical Science at the University of South Australia. She holds tertiary qualifications in chemical engineering, education and computer science, a Master's degree in information technology, an MBA and a PhD. Her research interests relate to business-IT fusion, information and knowledge management, enterprise social networks, innovation and ICT education. Dr Evans can be reached at nina.evans@unisa.edu.au.
Joanne Kaeding is a Ph.D. Candidate at the University of South Australia and a children's librarian at Coventry Library in Stirling, South Australia. She received a Graduate Diploma in library and information management from the University of South Australia. Her research interests are the programming for children with special needs in public libraries and their families. Joanne can be reached at joanne.kaeding@mymail.unisa.edu.au.

References
  • Banipal, K. (2006). Strategic approach to disaster management: lessons learned from Hurricane Katrina. Disaster Prevention and Management: An International Journal, 15(3), 484-494.
  • Brender, N. & Markov, L. (2013). Risk perception and risk management in cloud computing: results from a case study of Swiss companies. International Journal of Information Management, 33(5), 726-733.
  • Bulow, A. E. (2010). Collection management using preservation risk assessment. Journal of the Institute of Conservation, 33(1), 65-78.
  • Canterbury Earthquakes Royal Commission. (2012). Final report, volume 1, summary and recommendations in volumes 1-3, seismicity, soils, and seismic design of buildings. Wellington, New Zealand: Canterbury Earthquakes Royal Commission..
  • Cerullo, V. & Cerullo, M.J. (2004). Business continuity planning: a comprehensive approach. Information Systems Management, 21(3), 70-78.
  • Charmaz, K. (2014). Constructing grounded theory (2nd ed.). London: Sage Publications.
  • Corrigan, A. (2007). Disaster: response and recovery at a major research library in New Orleans. Library Management, 29(4/5), 293-306.
  • Cretney, R. M. (2016). Local responses to disaster. Disaster Prevention and Management, 25(1), 27-40.
  • Davis, L. A. (2006). Riding the surf: dealing with library disasters in island communities. Public Library Quarterly, 25(3/4), 99-112.
  • Disaster plan. (2015). Business dictionary. Fairfax, VA: Web Finance, Inc. Retrieved from http://www.businessdictionary.com/definition/disaster-plan.html (Archived by WebCite at http://www.webcitation.org/6jyINhKy3)
  • Eden, P. & Matthews, G. (1996). Disaster management in libraries. Library Management, 17(3), 5-12.
  • Fleischer, S. V. & Heppner, M. J. (2009). Disaster planning for libraries and archives: what you need to know and how to do it. Library & Archival Security, 22(2), 125-140.
  • Flick, U. (2006). An introduction to qualitative research(3rd ed.). Thousand Oaks, CA: Sage Publications.
  • Gibb, F., & Buchanan, S. (2006). A framework for business continuity management. International Journal of Information Management, 26(2), 128-141.
  • Green, S. L. & Teper, T. H. (2006). The importance of disaster planning for the small public library. Public Library Quarterly, 25(3/4), 47-59.
  • Hamilton, R. (2011). The State Library of Louisiana and public libraries' response to hurricanes: issues, strategies, and lessons. Public Library Quarterly, 30(1), 40-53.
  • Hawser, A. (2009). Cloud control. Global Finance, 23(11), 59-61.
  • Hazard. (2015). Business dictionary. Fairfax, VA: Web Finance, Inc. Retrieved from http://www.businessdictionary.com/definition/hazard.html (Archived by WebCite at http://www.webcitation.org/6jyIGfQw6)
  • Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing (Id. No. G00157782). New York, NY: Gartner, Inc. Retrieved from https://www.gartner.com/doc/685308/assessing-security-risks-cloud-computing (Archived by WebCite at http://www.webcitation.org/6jyHYR9t7)
  • Jaeger, P. T., Langa, L. M., McClure, C. M. & Bertot, J.C. (2006). The 2004 and 2005 Gulf Coast hurricanes: evolving roles and lessons learned for public libraries in disaster preparedness and community services. Public Library Quarterly, 25(3/4), 199-214.
  • Library Council of New South Wales. (2014). Business continuity management plan. Retrieved from http://www.sl.nsw.gov.au/sites/default/files/business_continuity_management_policy.pdf (Archived by WebCite at http://www.webcitation.org/6jyIXwEUv)
  • McGinty, J. (2008). Insuring libraries against risk. Library & Archival Security, 21(2), 177-186.
  • Miles, M.B. & Huberman, A.M. (1994). Qualitative data analysis: an expanded sourcebook(2nd ed.). Thousand Oaks, CA: Sage Publications.
  • Muir, A. & Shenton, A. (2002). If the worst happens: the use and effectiveness of disaster plans in libraries and archives. Library Management, 23(3), 115-123.
  • Nevins, K. & Nyberg, S. (2006). SOLINET's Gulf Coast libraries recovery projects for public and academic libraries. Public Library Quarterly, 25(3/4), 127-141.
  • Risk management. (2015). Business dictionary. Fairfax, VA: Web Finance, Inc. Retrieved from http://www.businessdictionary.com/definition/risk-management.html (Archived by WebCite at http://www.webcitation.org/6jyIRRDUY)
  • Skinner, R.E. (2006). 'Nor any drop to drink': New Orleans Libraries in the aftermath of Hurricane Katrina. Public Library Quarterly, 25(3/4), 179-187.
  • Smith, S. B. (2006). Observations from ground zero: from the outside. Public Library Quarterly, 25(3/4), 151-157.
  • South Australia. Parliament. (2015). Work Health and Safety Act 2012. Retrieved from https://www.legislation.sa.gov.au/LZ/C/A/WORK%20HEALTH%20AND%20SAFETY%20ACT%202012/CURRENT/2012.40.UN.PDF (Archived by WebCite at http://www.webcitation.org/6jyKsOuBr)
  • South Australian Public Library Services. (n.d.). One card network. Retrieved from http://www.libraries.sa.gov.au/page.aspx?u=499 (Archived by WebCite at http://www.webcitation.org/6jyKjByvf)
  • Suzuki, S. & Miura, T. (2014). The librarians of Fukushima. Journal of Library Administration, 54(5), 403-412.
  • Wall, K. L. (2006). Lessons learned after Katrina: what really matters in a disaster. Public Library Quarterly, 25(3/4), 189-198.
  • Washington, I. (2006). Rebuilding a high school library collection after Hurricane Katrina. Public Library Quarterly, 25(3/4), 159-178.
  • Wong, Y.L. & Green, R. (2007). Disaster planning in libraries. Journal of Access Services, 4(3-4), 71-82.
How to cite this paper

Velasquez, D.L., Evans, N. & Kaeding, J. (2016). Risk management and disaster recovery in public libraries in South Australia: a pilot study. Information Research, 21(4), paper 735. Retrieved from http://InformationR.net/ir/21-4/paper735.html (Archived by WebCite® at http://www.webcitation.org/6mejcdRU2)

Check for citations, using Google Scholar