Activation - Business Continuity Plan
Business Continuity Management - BIA
Cold Site - Critical Data Point Decision
Point
Decision Point - Emergency Management Plan
Emergency Management Team - Incident
Invocation - Pre-Positional Resource
Reciprocal Agreement - Recovery Team
Recovery Window - Scenario
Security Review - System Recovery
System Restore - Work Area Standby
Activation
The implementation of recovery procedures, activities and
plans in response to an emergency or disaster declaration.
Alternative
site
An alternative operating location for the usual business
functions (i.e. support departments, information systems and
manufacturing operations) when the primary facilities are
inaccessible. (Associated term: back-up site)
Alert
A formal notification that an incident has occurred which may
develop into a disaster.
BS7799
A UK BSI Standard for information security management.
Backlog
trap
The effect on the business of a backlog of work that develops
when a system or process is unavailable for a long period, and
which may take a considerable length of time to reduce.
Building
denial
Any damage, failure or other condition which causes denial of
access to the building or the working area within the building,
e.g. fire, flood, contamination, loss of services, air
conditioning failure, forensics.
Business
continuity
A pro-active process which identifies the key functions of an
organisation and the likely threats to those functions.
From this information, plans and procedures can be developed
thus ensuring key functions continue whatever the circumstances.
Business
continuity co-ordinator
A member of the recovery management team who is assigned the
overall responsibility for co-ordinator of the recovery planning
programme including team member training, testing and
maintenance of recovery plans. (Associated terms: business
recovery planner, disaster recovery planner, business recovery
co-ordinator, disaster recovery administrator)
Business
continuity plan
A collection of procedures and information which is developed,
compiled and maintained in readiness for use in the event of an
emergency or disaster. (Associated terms: business recovery
plan, disaster recovery plan, recovery plan)
TOP
Business continuity management
Those management disciplines, processes and techniques which seek to
provide the means for continuous operation of the essential business
functions under all circumstances.
Business
continuity planning
The advance planning and preparations which are necessary to
identify the impact of potential losses; to formulate and
implement viable recovery strategies; to develop recovery
plan(s) which ensure continuity of organisational services in
the event of an emergency or disaster; and to administer a
comprehensive training, testing and maintenance programme.
(Associated terms: contingency planning, disaster recovery
planning, business recovery planning)
Business
continuity programme
The ongoing process supported by senior management and funded to
ensure that the necessary steps are taken to identify the impact
of potential losses, maintain viable recovery strategies and
recovery plans, and ensure continuity services through personnel
training, plan testing and maintenance. (Associated terms:
disaster recovery programme, business recovery programme,
contingency planning programme)
Business
critical point
The latest moment at which the business can afford to be without
a critical function or process.
Business impact analysis (BIA)
A management level analysis which identifies the impacts of
losing company resources. The BIA measures the effect of
resource loss and escalating losses over time in order to
provide senior management with reliable data upon which to base
decisions on risk mitigation and continuity planning.
(Associated terms: business impact assessment, business impact
analysis assessment)
TOP
Cold site
One or more data centres or office space facilities equipped
with sufficient pre-qualified environmental conditioning,
electrical connectivity, communications access, configurable
space and access to accommodate the installation and operation
of equipment by critical staff required to resume business
operations.
Contingency fund
An operating expense that exists as a result of an interruption
or disaster which seriously affects the financial position of
the organisation. (Associated term: extraordinary expense)
Contingency plan
Actions to be followed in the event of a disaster or emergency
occurring which threatens to disrupt or destroy the continuity
of normal business activities and which seeks to restore
operational capabilities. Now largely incorporated within
Business Continuity Plan.
Crisis
An abnormal situation, or perception, which threatens the
operations, staff, customers or reputation of an enterprise.
Crisis
management team (CMT)
A group of executives who direct the recovery operations whilst
taking responsibility for the survival and the image of the
enterprise.
Crisis
plan or Crisis management plan
A plan of action designed to support the crisis management team
when dealing with a specific emergency situation which might
threaten the operations, staff, customers or reputation of an
enterprise.
Critical
service
Any service which is essential to support the survival of the
enterprise.
Critical
data point
The point to which data must be restored in order to achieve
recovery objectives.
TOP
Decision point
The latest moment at which the decision to invoke emergency
procedures has to be taken in order to ensure the continued
viability of the enterprise.
Declaration (of disaster)
A formal statement that a state of disaster exists.
Disaster
Any accidental, natural or malicious event which threatens or
disrupts normal operations, or services, for sufficient time to
affect significantly, or to cause failure of, the enterprise.
Disaster
recovery plan (DRP) or Recovery plan
A plan to resume, or recover, a specific essential operation,
function or process of an enterprise.
Disaster
recovery (DR)
The process of returning a business function to a state of
normal operations either at an interim minimal survival level
and/or re-establishing full scale operations.
Emergency
data services
Remote capture and storage of electronic data, such as
journalling, electronic vaulting and database shadowing.
Emergency
An actual or impending situation that may cause injury, loss of
life, destruction of property or interfere with normal business
operations to such an extent to pose a threat of disaster.
Emergency
control centre
The location from which disaster recovery is directed and
tracked; it may also serve as a reporting point for deliveries,
services, press and all external contacts.
TOP
Emergency management team
The group of staff who command the resources needed to recover the
enterprise's operations.
Emergency
management plan
A plan which supports the emergency management team by providing
them with information and guidelines.
Enterprise
An organisation, a corporate entity; a firm, an establishment, a
public or government body, department or agency; a business or a
charity.
Enterprise
(large scale or super)
An enterprise that is large and complex, in the sense that it
could absorb the impact of losing a complete location or
business unit. The normal terminology, and perspective, needs to
be scaled down by regarding individual locations or business
units as self-sustaining entities.
Financial
impact
An operating expense that continues following an interruption or
disaster, which as a result of the event cannot be offset by
income and directly affects the financial position of the
organisation.
Hot site
A data centre facility or office facility with sufficient
hardware, communications interfaces and environmentally
controlled space capable of providing relatively immediate
back-up data processing support. (Associated terms: warm-site,
cold-site)
Human
resource disaster recovery
A specific strategy for dealing with risk assessment,
prevention, control and business recovery for critical (key)
personnel.
Immediate
recovery team
The team with responsibility for implementing the business
continuity plan and formulating the organisation's initial
recovery strategy.
Impact
Impact is the cost to the enterprise, which may or may not be
measured in purely financial terms.
Incident
Any event which may be, or may lead to, a disaster.
TOP
Invocation
A formal notification to a service provider that its services
will be required.
Information security
The securing or safeguarding of all sensitive information,
electronic or otherwise, which is owned by an organisation.
Logistics/Transportation team
A team comprised of various members of departments associated
with supply acquisition and material transportation, responsible
for ensuring the most effective acquisition and mobilisation of
hardware, supplies and support materials.
Mobile
standby
A transportable operating environment, usually complete with
accommodation and equipment, which can be transported and set up
at a suitable site at short notice.
Mobilisation
The activation of the recovery organisation in response to an
emergency or disaster declaration.
Off-site
location
A storage facility at a safe distance from the primary facility
which is used for housing recovery supplies, equipment, vital
records etc.
Operational impact
An impact which is not quantifiable in financial terms but its
effects may be among the most severe in determining the survival
of an organisation following a disaster.
Outage
The interruption of automated processing systems, support
services or essential business operations which may result in
the organisation's inability to provide a service for some
period of time.
Period of
tolerance
The period of time in which an incident can escalate to a
potential disaster.
Pre-positional resource
Material (i.e. equipment, forms and supplies) stored at an
off-site location to be used in business resumption and recovery
operations. (Associated terms. pre-positioned inventory)
TOP
Reciprocal agreement
An agreement in which two parties agree to allow the other to
use their site, resources or facilities during a disaster.
Recovery
See system recovery.
Recovery
exercise
An announced or unannounced execution of business continuity
plans intended to implement existing plans and / or highlight
the need for additional plan development. (Associated terms:
disaster recovery test, disaster recovery exercise, recovery
test, recovery exercise)
Recovery
management team
A team of people, assembled in an emergency, who are charged
with recovering an aspect of the enterprise, or obtaining the
resources required for the recovery.
Recovery
plan
A plan to resume a specific essential operation, function or
process of an enterprise. Traditionally referred to as a
disaster recovery plan (DRP).
Recovery
site
A designated site for the recovery of computer or other
operations, which are critical to the enterprise.
Recovery
strategy
A pre-defined, pre-tested, management approved course of action
to be employed in response to a business disruption,
interruption or disaster.
Recovery
team
A group of individuals given responsibility for the
co-ordination and response to an emergency or recovering a
process or function in the event of a disaster.
TOP
Recovery Window
The time scale within which time sensitive function or business
units must be restored, usually determined by means of a
business impact analysis.
Resilience
The ability of a system or process to absorb the impact of
component failure and continue to provide an acceptable level of
service.
Response
The reaction to an incident or emergency in order to assess the
level of containment and control activity required.
Restart
The procedure or procedures that return applications and data to
a known start point. Application restart is dependent upon
having an operable system.
Restoration
The process of planning for and implementing full scale business
operations which allow the organisation to return to a normal
service level.
Resumption
The process of planning for and / or implementing the recovery
of critical business operations immediately following an
interruption or disaster.
Risk
assessment & management
The identification and evaluation of operational risks that
particularly affect the enterprise's ability to function and
addressing the consequences.
Risk
reduction or mitigation
The implementation of the preventative measures which risk
assessment has identified.
Scenario
A pre-defined set of events and conditions which describe an
interruption, disruption or disaster related to some aspect(s)
of an organisation's business for purposes of exercising a
recovery plan(s).
TOP
Security review
A periodic review of the security of tangible and intangible
assets which should cover security policy, effectiveness of
policy implementation, restriction of access to the assets,
accountability for access and basic safety.
Service
level agreement (SLA)
An agreement between a service provider and service user as to
the nature, quality, availability and scope of the service to be
provided.
Site
access denial
Any disturbance or activity within the area surrounding the site
which renders the site unavailable, e.g. fire, flood, riot,
strike, loss of services, forensics. The site itself may be
undamaged.
Social
impact
Any incident or happening that affects the well-being of a
population and which is often not financially quantifiable.
Standby
service
The provision of the relevant recovery facilities, such as
cold-site, warm-site, hot-site and mobile standby.
Stand down
Formal notification that the alert may be called off or that the
state of disaster is over.
Structured
walk-through
An exercise in which team members verbally review each step of a
plan to assess its effectiveness, identify enhancements,
constraints and deficiencies. (Associated term: bench test)
System
denial
A failure of the computer system for a protracted period, which
may impact an enterprise's ability to sustain its normal
business activities.
System
recovery
The procedures for rebuilding a computer system to the condition
where it is ready to accept data and applications. System
recovery depends on having access to suitable hardware.
TOP
System restore
The procedures that are necessary to get a system into an
operable condition where it is possible to run the application
software against the available data. System restore depends upon
having a live system available.
Table top
exercise
The exercising and testing of a BCP, using a range of scenarios
whist not effecting the enterprise's normal operation.
Tolerance
threshold
The maximum period of time which the business can afford to be
without a critical function or process.
Vendor
An individual or company providing a service to a department or
the organisation as a whole. (Associated terms: supplier, third
party vendor)
Vital
record
A record that it is essential for preserving, continuing or
reconstructing the operations of the organisation and protecting
the rights of the organisation, its employees, its customers and
its stockholders.
Warm site
A data centre or office facility which is partially equipped
with hardware, communications interfaces, electricity and
environmental conditioning capable of providing backup operating
support. (Associated terms: hot site, cold site)
Work area
standby
A permanent or transportable office environment, complete with
appropriate office infrastructure.
With thanks to The Business Continuity
Institute |
