|
|
Activation
The implementation of recovery procedures, activities and plans in response to an emergency or disaster declaration.
|
|
|
|
Activity
Process or set of processes undertaken by an organization (or on its behalf) that produces or supports one or more products or services, for example, accounts, call centre, IT, manufacture, distribution. This is similar to function
|
|
|
|
Alert
A formal notification that an incident has occurred which may develop into a disaster.
|
|
|
|
Alternative site
An alternative operating location for the usual business functions (i.e. support departments, information systems and manufacturing operations) when the primary facilities are inaccessible. (Associated term: back up site)
|
|
|
|
Benchmarking (to be advised)
The effect on the business of a backlog of work that develops when a system or process is unavailable for a long period, and which may take a considerable length of time to reduce.
|
|
|
|
BS 7799 & BS25999
A UK BSI Standard for information security management. Section 9 deals with Business continuity management.
|
|
|
|
Building denial
Any damage, failure or other condition which causes denial of access to the building or the working area within the building, e.g. fire, flood, contamination, loss of services, air conditioning failure, forensics.
|
|
|
|
Business continuity
A proactive process which identifies the key functions of an organisation and the likely threats to those functions, from this information plans and procedures which ensure key functions can continue whatever the circumstances can be developed.
Strategic and tactical capability, pre-approved by management, of an organization to plan for and respond to incidents and business interruptions in order to continue business operations at an acceptable pre-defined level.
|
|
|
|
Business continuity co-ordinator
A member of the recovery management team who is assigned the overall responsibility for co-ordinator of the recovery planning programme ensuing team member training, testing and maintenance of recovery plans. (Associated terms: business recovery planner, disaster recovery planner, business recovery co-ordinator, disaster recovery administrator)
|
|
|
|
Business continuity management
Those management disciplines, processes and techniques which seek to provide the means for continuous operation of the essential business functions under all circumstances.
|
|
|
|
Business continuity management (BCM)
Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities
Note. Business continuity management also involves the management of recovery or continuity in the event of an incident and management of the overall program through training, rehearsals, and reviews, to ensure the business continuity plan stays current and up-to-date.
|
|
|
|
Business continuity management lifecycle
Series of business continuity activities which collectively cover all aspects and phases of the business continuity management program.
|
|
|
|
Business continuity management program
Ongoing management and governance process supported by senior management and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services through , training, exercising, maintenance and assurance.
|
|
|
|
Business continuity plan
A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. (Associated terms: business recovery plan, disaster recovery plan, recovery plan)
|
|
|
|
Business continuity plan (BCP)
Documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical products and services.
|
|
|
|
Business continuity planning
The advance planning and preparations which are necessary to identify the impact of potential losses; to formulate and implement viable recovery strategies; to develop recovery plan(s) which ensure continuity of organisational services in the event of an emergency or disaster; and to administer a comprehensive training, testing and maintenance programme. (Associated terms: contingency planning, disaster recovery planning, business recovery planning)
|
|
|
|
Business continuity programme
An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity services through personnel training, plan testing and maintenance. (Associated terms: disaster recovery programme, business recovery programme, contingency planning programme).
|
|
|
|
Business continuity strategy
Approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major incident or business interruption.
|
|
|
|
Business critical point
The latest moment at which the business can afford to be without a critical function or process.
|
|
|
|
Business impact analysis (BIA)
A management level analysis which identifies the impacts of losing company resources. The BIA measures the effect of resource loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning. (Associated terms: business impact assessment, business impact analysis assessment)Process of analyzing business functions and the effect that a business interruption might have upon them.
|
|
|
|
Business interruption
An event, whether anticipated (e.g., a public service strike or hurricane) or unanticipated (e.g. a blackout or earthquake), which disrupts the normal course of business operations.
|
|
|
|
CCA Civil Contingencies Act
An act of parliament which recognises the duties of suppliers to plan for continuance of service post disaster. This act also places a responsibility on companies to assess their supply chain too.
|
|
|
|
Cold site
One or more data centres or office space facilities equipped with sufficient pre-qualified environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by critical staff required to resume business operations.
|
|
|
|
Contingency fund
An operating expense that exists as a result of an interruption or disaster which seriously affects the financial position of the organisation. (Associated term: extraordinary expense).
|
|
|
|
Contingency plan
A plan of action to be followed in the event of a disaster or emergency occurring which threatens to disrupt or destroy the continuity of normal business activities and which seeks to restore operational capabilities.
|
|
|
|
Cost-benefit analysis
Financial technique that measures the cost of implementing a particular solution and compares this with the benefit delivered by that solution.
Note. The benefit may be defined in financial, reputation, service delivery, regulatory or other terms appropriate to the organization.
|
|
|
|
Crisis
An abnormal situation, or perception, which threatens the operations, staff, customers or reputation of an enterprise.
|
|
|
|
Crisis management team (CMT)
A group of executives who direct the recovery operations whilst taking responsibility for the survival and the image of the enterprise.
|
|
|
|
Crisis plan or Crisis management plan
A plan of action designed to support the crisis management team when dealing with a specific emergency situation which might threaten the operations, staff, customers or reputation of an enterprise.
|
|
|
|
Critical data point
The point to which data must be restored in order to achieve recovery objectives.
|
|
|
|
Critical service
Any service which is essential to support the survival of the enterprise.
|
|
|
|
Decision point
The latest moment at which the decision to invoke emergency procedures has to be taken in order to ensure the continued viability of the enterprise.
|
|
|
|
Declaration (of disaster)
A formal statement that a state of disaster exists.
|
|
|
|
Disaster
Any accidental, natural or malicious event which threatens or disrupts normal operations, or services, for sufficient time to affect significantly, or to cause failure of, the enterprise.
|
|
|
|
Disaster recovery (DR)
The process of returning a business function to a state of normal operations either at an interim minimal survival level and/or re-establishing full scale operations.
|
|
|
|
Disaster recovery plan (DRF) or Recovery plan
A plan to resume, or recover, a specific essential operation, function or process of an enterprise.
|
|
|
|
Emergency
An actual or impending situation that may cause injury, loss of life, destruction of property or interfere with normal business operations to such an extent to pose a threat of disaster.
|
|
|
|
Emergency control centre
The location from which disaster recovery is directed and tracked; it may also serve as a reporting point for deliveries, services, press and all external contacts.
|
|
|
|
Emergency data services
Remote capture and storage of electronic data, such as journalling, electronic vaulting and database shadowing.
|
|
|
|
Emergency management plan
A plan which supports the emergency management team by providing them with information and guidelines.
|
|
|
|
Emergency management team
The group of staff who command the resources needed to recover the enterprise's operations.
|
|
|
|
Enterprise
An organisation, a corporate entity; a firm, an establishment, a public or government body, department or agency; a business or a charity.
|
|
|
|
Enterprise (large scale or super)
An enterprise that is large and complex, in the sense that it could absorb the impact of losing a complete location or business unit. The normal terminology, and perspective, needs to be scaled down by regarding individual locations or business units as self-sustaining entities.
|
|
|
|
Exercising
Activity in which the business continuity plan(s) is rehearsed in part or in whole to ensure that the plan(s) contains the appropriate information and produces the desired result when put into effect.
Note. An exercise can involve invoking business continuity procedures, but is more likely to involve the simulation of a business continuity incident, announced or unannounced, in which participants role-play in order to assess what issues might arise, prior to a real invocation.
|
|
|
|
Financial impact
An operating expense that continues following an interruption or disaster, which as a result of the event cannot be offset by income and directly affects the financial position of the organisation.
|
|
|
|
Hot site
A data centre facility or office facility with sufficient hardware, communications interfaces and environmentally controlled space capable of providing relatively immediate backup data processing support. (Associated terms: warm site, cold site).
|
|
|
|
Human Resource Disaster Recovery (HRDR)
A specific strategy for dealing with risk assessment, prevention, control and business recovery for critical (key) personnel.
|
|
|
|
Immediate recovery team
The team with responsibility for implementing the business continuity plan and formulating the organisation's initial recovery strategy.
|
|
|
|
Impact
Impact is the cost to the enterprise, which may or may not be measured in purely financial terms. Evaluated consequence of a particular outcome.
|
|
|
|
Incident
Any event which may be, or may lead to, a disaster. Situation that might be, or could lead to, a business interruption, disruption, loss, emergency, incident or crisis.
|
|
|
|
Incident management plan
Clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services and actions needed to implement the incident management process.
|
|
|
|
Information security
The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organisation.
|
|
|
|
Invocation
A formal notification to a service provider that its services will be required. Act of declaring that an organization’s business continuity plan needs to be put into effect in order to continue delivery of critical products or services.
|
|
|
|
Logistics/Transportation team
A team comprised of various members of departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilisation of hardware, supplies and support materials.
|
|
|
|
Material
Material of a scale or significance that would threaten an organization’s key objectives should it not occur.
|
|
|
|
Maximum tolerable period of disruption
duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed
|
|
|
|
Mobile standby
A transportable operating environment, usually complete with accommodation and equipment, which can be transported set up at a suitable site at short notice.
|
|
|
|
Off-site location
A storage facility at a safe distance from the primary facility which is used for housing recovery supplies, equipment, vital records etc.
|
|
|
|
Operational impact
An impact which is not quantifiable in financial terms but its effects may be among the most severe in determining the survival of an organisation following a disaster.
|
|
|
|
Organization
Business or administration concern united and constructed for a particular end.
Note. An organization can be a company, corporation, firm, enterprise, institution, charity, sole trader or association, or parts or combinations thereof.
|
|
|
|
Outage
The interruption of automated processing systems, support services or essential business operations which may result in the organisation's inability to provide service for some period of time.
|
|
|
|
Period of tolerance
The period of time in which an incident can escalate to a potential disaster.
|
|
|
|
Pre-positional resource
Material (i.e. equipment, forms and supplies) stored at an off-site location to be used in business resumption and recovery operations. (Associated terms. pre-positioned inventory).
|
|
|
|
Products and services
Beneficial outcomes provided to customers or recipients, for example manufactured items, car insurance, regulatory compliance and community nursing.
|
|
|
|
Protected Space
An area made suitable to protect persons from danger. Another name for "Safe Haven"
|
|
|
|
Reciprocal agreement
An agreement in which two parties agree to allow the other to use their site, resources or facilities during a disaster
|
|
|
|
Recovery
See system recovery.
|
|
|
|
Recovery exercise
An announced or unannounced execution of business continuity plans intended to implement existing plans and/or highlight the need for additional plan development. (Associated terms: disaster recovery test, disaster recovery exercise, recovery test, recovery exercise)
|
|
|
|
Recovery management team
A team of people, assembled in an emergency, who are charged with recovering an aspect of the enterprise, or obtaining the resources required for the recovery.
|
|
|
|
Recovery plan
A plan to resume a specific essential operation, function or process of an enterprise. Traditionally referred to as a disaster recovery plan (DRP).
|
|
|
|
Recovery site
A designated site for the recovery of computer or other operations, which are critical to the enterprise.
|
|
|
|
Recovery strategy
A pre-defined, pre-tested, management approved course of action to be employed in response to a business disruption, interruption or disaster.
|
|
|
|
Recovery team
A group of individuals given responsibility for the co-ordination and response to an emergency or recovering a process or function in the event of a disaster.
|
|
|
|
Recovery Window
The time scale within which time sensitive function or business units must be restored, usually determined by means of a business impact analysis.
|
|
|
|
Resilience
The ability of a system or process to absorb the impact of component failure and continue to provide an acceptable level of service.
|
|
|
|
Response
The reaction to an incident or emergency in order to assess the level of containment and control activity required.
|
|
|
|
Restart
The procedure or procedures that return applications and data to a known start point. Application restart is dependent upon having an operable system.
|
|
|
|
Restoration
The process of planning for and implementing full scale business operations which allow the organisation to return to a normal service level.
|
|
|
|
Resumption
The process of planning for and/or implementing the recovery of critical business operations immediately following an interruption or disaster.
|
|
|
|
Risk appetite
total amount of risk that an organization is prepared to accept, tolerate, or be exposed to at any point in time
|
|
|
|
Risk assessment & management
The identification and evaluation of operational risks that particularly affect the enterprise's ability to function and addressing the consequences. overall process of risk identification, analysis and evaluation.
|
|
|
|
Risk management
structured application of management culture, policy, procedures, and practices to the tasks of analyzing, evaluating, and controlling risk.
|
|
|
|
Risk reduction or mitigation
The implementation of the preventative measures which risk assessment has identified.
|
|
|
|
RTO Recovery time objective.
target time set for resumption of product, service or activity delivery after an incident
Note. The recovery time objective has to be less than the maximum tolerable period of disruption.
|
|
|
|
Scenario
A pre-defined set of events and conditions which describe an interruption, disruption or disaster related to some aspect(s) of an organisation's business for purposes of exercising a recovery plan(s).
|
|
|
|
Security review
A periodic review of the security of tangible and intangible assets which should cover security policy, effectiveness of policy implementation, restriction of access to the assets, accountability for access and basic safety.
|
|
|
|
Senior management
person or group of people who directs and controls an organization at the highest level
Note. Senior management, especially in a large multinational organization, might not be directly involved; however senior management accountability through the chain of command is manifest. In a small organization, senior management might be the owner or sole proprietor.
|
|
|
|
Service level agreement (SLA)
An agreement between a service provider and service user as to the nature, quality, availability and scope of the service to be provided.
|
|
|
|
Site access denial
Any disturbance or activity within the area surrounding the site which renders the site unavailable, e.g. fire, flood, riot, strike, loss of services, forensics. The site itself may be undamaged.
|
|
|
|
Social impact
Any incident or happening that affects the well-being of a population and which is often not financially quantifiable.
|
|
|
|
Stakeholders
those with an interest in an organization’s achievements, e.g. customers, partners, employees, suppliers, shareholders, owners, government and regulators.
|
|
|
|
Stand down
Formal notification that the alert may be called off or that the state of disaster is over.
|
|
|
|
Standby service
The provision of the relevant recovery facilities, such as cold site, warm site, hot site and mobile standby.
|
|
|
|
Structured walk-through
An exercise in which team members verbally review each step of a plan to assess its effectiveness, identify enhancements, constraints and deficiencies. (Associated term: bench test).
|
|
|
|
System denial
A failure of the computer system for a protracted period, which may impact an enterprise's ability to sustain its normal business activities.
|
|
|
|
System recovery
The procedures for rebuilding a computer system to the condition where it is ready to accept data and applications. System recovery depends on having access to suitable hardware.
|
|
|
|
System restore
The procedures that are necessary to get a system into an operable condition where it is possible to run the application software against the available data. System restore depends upon having a live system available.
|
|
|
|
Table top exercise
The exercising and testing of a BCP, using a range of scenarios whist not effecting the enterprise's normal operation.
|
|
|
|
Table top exercise
The exercising and testing of a BCP, using a range of scenarios whist not effecting the enterprise's normal operation.
|
|
|
|
Tolerance threshold
The maximum period of time which the business can afford to be without a critical function or process.
|
|
|
|
Tolerance threshold
The maximum period of time which the business can afford to be without a critical function or process.
|
|
|
|
Vendor
An individual or company providing a service to a department or the organisation as a whole. (Associated terms: supplier, third party vendor).
|
|
|
|
Vendor
An individual or company providing a service to a department or the organisation as a whole. (Associated terms: supplier, third party vendor).
|
|
|
|
Vital record
A record that it is essential for preserving, continuing or reconstructing the operations of the organisation and protecting the rights of the organisation, its employees, its customers and its stockholders.
|
|
|
|
Warm site
A data centre or office facility which is partially equipped with hardware, communications interfaces, electricity and environmental conditioning capable of providing backup operating support. (Associated terms: hot site, cold site)
|
|
|
|
Work area standby
A permanent or transportable office environment, complete with appropriate office infrastructure.
|
|