Resiliency1 Index by North River Solutions powered by ResiliencyPlus
  • Home
  • About
  • Information
  • Glossary
  • Resources

sponsored by..... OneBeacon Insurance.

Glossary 

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z   Main Menu Page

ALERT:  Notification that a potential disaster situation is imminent exists or has occurred; usually includes a directive for personnel. To stand by for possible activation

ALTERNATE SITE:  An alternate operating location to be used by business functions when the primary facilities are inaccessible. 1) Another location, computer center or work area designated for recovery. 2) Location, other than the main facility, that can be used to conduct business functions. 3) A location, other than the normal facility, used to process data and/or conduct critical business functions in the event of a disaster. 

ALTERNATE WORK AREA:  Recovery environment complete with necessary infrastructure (desk, telephone, workstation, and associated hardware and equipment, communications, etc)
 
APPLICATION RECOVERY:  The component of Disaster Recovery that deals specifically with the restoration of business system software and data after the processing platform has been restored or replaced. 

ASSEMBLY AREA: The designated area at which employees, visitors, and contractors assemble if evacuated from their building/site.

ASSET: An item of property and/or component of a business activity/process owned by an organization.  There are three types of assets: physical assets (e.g. buildings and equipment); financial assets (e.g. currency, bank deposits and shares) and non-tangible assets (e.g. goodwill, reputation)

ASSOCIATE BUSINESS CONTINUITY INSTITUTE (ABCI): A professional certification granted by the Business Continuity Institute for business continuity practitioners who are currently working in business continuity management but do not yet have sufficient experience to qualify for the MBCI or SBCI designation.

ASSOCIATIE BUSINESS CONTINUITY PROFESSIONAL (ABCP): The ABCP level is designed for individuals with less than two years of Continuity Mgmt experience, but who have minimum knowledge in  continuity management, and have passed the qualifying exam.

ANNUAL LOSS EXPOSURE/EXPECTANCY (ALE): A risk management method of calculating loss based on a value and level of frequency.

B             return to top

BACKLOG: a) The amount of work that accumulates when a system or process is unavailable for a long period of time.  This work needs to be processed once the system or process is available and may take a considerable amount of time to process.
b) A situation whereby a backlog of work requires more time to action than is available through normal working patterns.  In extreme circumstances, the backlog may become so marked that the backlog cannot be cleared.

BACKUP (Data): A process by which data, electronic or paper based, is copied in some form so as to be available and used if the original data from which it originated is lost, destroyed or corrupted.

BACKUP GENERATOR:  An independent source of power, usually fueled by diesel or natural gas.

BUSINESS CONTINUITY: The ability of an organization to provide service and support for its customers and to maintain its viability before, during, and after a business continuity event.

BUSINESS CONTINUITY COORDINATOR: A role within the BCM program that coordinates planning and implementation for overall recovery of an organization or unit(s).

BUSINESS CONTINUITY INSTITUTE (BCI): An international organization established to enable members to obtain guidance and support from fellow business continuity practitioners. The BCI promotes the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and services.

BUSINESS CONTINUITY MANAGEMENT (BCM): A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.   The management of recovery or continuity in the event of a disaster.  Also the management of the overall program through training, rehearsals, and reviews, to ensure the plan stays current and up to date.

BUSINESS CONTINUITY PLAN ADMINISTRATOR: The designated individual responsible for plan documentation, maintenance, and distribution

BUSINESS CONTINUITY MANAGEMENT PROCESS: The Business Continuity Institute’s BCM Process provides guidance on good practices that cover the whole BCM Lifecycle and combines 5 key elements: 1) Understanding Your Business 2) BCM Strategies 3) Developing a BCM Response 4) Establishing a BCM Culture 5) Exercising, Maintenance and Audit

BUSINESS CONTINUITY MANAGEMENT PROGRAM: An ongoing management and governance process supported by senior management and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services through exercising, rehearsal, testing, training, maintenance and assurance.

BUSINESS CONTINUITY MANAGEMENT TEAM: A group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster.  Similar terms:  disaster recovery management team, business recovery management team. 

BUSINESS CONTINUITY PLAN  (BCP):  Process of developing and documenting arrangements and procedures that enable an organization to respond to an event that lasts for an unacceptable period of time and return to performing its critical functions after an interruption.

BUSINESS CONTINUITY STEERING COMMITTEE: A committee of decision makers, process owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.

BUSINESS CONTINUITY STRATEGY: An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage.  Plans and methodologies are determined by the organizations strategy.  There may be more than one solution to fulfill an organization’s strategy.  Examples: Internal or external hot-site, or cold-site, Alternate Work Area reciprocal agreement, Mobile Recovery, Quick Ship / Drop Ship, Consortium-based solutions, etc.

BUSINESS CONTINUITY TEAM: Designated individuals responsible for developing, execution, rehearsals, and maintenance of the business continuity plan, including the processes and procedures.  Similar terms:  disaster recovery team, business recovery team, and recovery team. 

BUSINESS IMPACT ANALYSIS (BIA):  A process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that might result if an organization was to experience a business continuity event.

BUSINESS INTERRUPTION:  Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of business operations at an organization’s location.  Similar terms:  outage, service interruption. 

BUSINESS INTERRUPTION COSTS:  The impact to the business caused by different types of outages, normally measured by revenue lost. 

BUSINESS INTERRUPTION INSURANCE:  Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.  Business interruption insurance generally provides reimbursement for necessary ongoing expenses during this shutdown, plus loss of net profits that would have been earned during the period of interruption, within the limits of the policy. 

BUSINESS RECOVERY COORDINATOR:  An individual or group designated to coordinate or control designated recovery processes or testing. 

BUSINESS RECOVERY TEAM:  A team responsible for maintaining the business recovery procedures and complying with the organization’s BCM program.

BUSINESS RECOVERY TIMELINE:  The approved sequence of activities, required to achieve stable operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and methodology.

BUSINESS UNIT RECOVERY: A component of Business Continuity which deals specifically with the recovery of a key function or department in the event of a disaster.

C             return to top

CALL TREE: A document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation.

CASCADE SYSTEM: A system whereby one person or organization calls out/contacts others who in turn initiate further call-outs/contacts as necessary.

CERTIFIED FUNCTIONAL CONTINUITY PROFESSIONAL (CFCP): The CFCP is designed for individuals with a minimum of two years of Continuity Mgmt experience in 3 of the 10 Professional Practice areas,  have passed the qualifying exam and have had their DRII Certification Application approved.  This certification provides a certification opportunity for those individuals with Continuity Mgmt experience in specific functional or vertical areas vs. enterprise wide.

CERTIFIED BUSINESS CONTINUITY PROFESSIONAL (CBCP):  The CBCP certification is for individuals with a minimum of two years of Enterprise  Continuity Mgmt experience in 5 of the 10 Professional Practice areas,  have passed the qualifying exam and have had their DRII- Certification Application approved.

CHECKLIST: a) Tool to remind and /or validate that tasks have been completed and resources are available, to report on the status of recovery.  b) A list of items (names or tasks etc.) to be checked or consulted.

CHECKLIST EXERCISE:  A method used to exercise a completed disaster recovery plan. This type of exercise is used to determine if the information such as phone numbers, manuals, equipment, etc. in the plan is accurate and current.

COLD SITE:  An alternate facility that already has in place the environmental infrastructure required to recover critical business functions or information systems, but does not have any pre-installed computer hardware, telecommunications equipment, communication lines, etc. These must be provisioned at time of disaster.  

COMMAND, CONTROL, AND COORDINATION: A Crisis Management process:
Command means the authority for an organization or part of an organization to direct the actions of its own resources (both personnel and equipment).
Control means the authority to direct strategic, tactical and operational operations in order to complete an assigned function.  This includes the ability to direct the activities of others engaged in the completion of that function, i.e. the crisis as a whole or a function within the crisis management process. The control of an assigned function also carries with it the responsibility for the health and safety of those involved.
Coordination means the integration of the expertise of all the agencies/roles involved with the objective of effectively and efficiently bringing the crisis to a successful conclusion.

COMMAND CENTER:  A physical or virtual facility located outside of the affected area used to gather, assess, and disseminate information and to make decisions to affect recovery.

COMMUNICATIONS RECOVERY:  The component of Disaster Recovery which deals with the restoration or rerouting of an organization’s telecommunication network, or its components, in the event of loss. 

CONSORTIUM AGREEMENT:  An agreement made by a group of organizations to share processing facilities and/or office facilities, if one member of the group suffers a disaster.

CONTACT LIST:  A list of team members and/or key personnel to be contacted including their backups.  The list will include the necessary contact information (i.e. home phone, pager, cell, etc.) and in many cases it is considered confidential. 

CONTINGENCY PLAN:  A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations.

CONTINGENCY PLANNING:  Process of developing advanced arrangements and procedures that enable an organization to respond to an undesired event that negatively impacts the organization.

CONTINUITY OF OPERATIONS PLAN (COOP):  A COOP provides guidance on the system restoration for emergencies, disasters, mobilization, and for maintaining a state of readiness to provide the necessary level of information processing support commensurate with the mission requirements/priorities identified by the respective functional proponent.  The Federal Government and its supporting agencies traditionally use this term to describe activities otherwise known as Disaster Recovery, Business Continuity, Business Resumption, or Contingency Planning.

CONTINUOUS AVAILABILITY: A system or application that supports operations which continue with little to no noticeable impact to the user.  For instance, with continuous availability, the user will not have to re-log in, or to re-submit a partial or whole transaction.

CONTINUOUS OPERATIONS: The ability of an organization to perform its processes without interruption.

CORPORATE GOVERNANCE:  The system/process by which the directors and officers of an organization are required to carry out and discharge their legal, moral and regulatory accountabilities and responsibilities.

CORPORATE RISK: A category of risk management that looks at ensuring an organization meets its corporate governance responsibilities takes appropriate actions and identifies and manages emerging risks.

COST BENEFIT ANALYSIS:  A process (after a BIA and risk assessment) that facilitates the financial assessment of different strategic BCM options and balances the cost of each option against the perceived savings.

CRISIS:  A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization’s profitability, reputation, or ability to operate.  Or, an occurrence and/or perception that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of an organization. 

CRISIS MANAGEMENT:  The overall coordination of an organization’s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, and ability to operate.

CRISIS MANAGEMENT TEAM:  A team consisting of key executives, key role players (i.e., media representative, legal counsel, facilities manager, disaster recovery coordinator, etc.), and the appropriate business owners of critical functions who are responsible for recovery operations during a crisis.

CRITICAL BUSINESS FUNCTIONS:  The critical operational and/or business support functions that could not be interrupted or unavailable for more than a mandated or predetermined timeframe without significantly jeopardizing the organization.  An example of a business function is a logical grouping of processes/activities that produce a product and/or service such as Accounting, Staffing, Customer Service, etc.

CRITICAL DATA POINT: The point in time to which data must be restored in order to achieve recovery objectives.

CRITICAL INFRASTRUCTURE:  Physical assets whose incapacity or destruction would have a debilitating impact on the economic or physical security of an organization, community, nation, etc

CRITICAL SERVICE:  A service without which a building would be “disabled”.  Often applied to the utilities (water, gas, electric, etc.) it may also include standby power systems, environmental control systems or communication networks

D             return to top

DAMAGE ASSESSMENT:  The process of assessing damage to computer hardware, vital records, office facilities, etc. and determining what can be salvaged or restored and what must be replaced following a disaster.

DATA BACKUPS:  The copying of production files to media that can be stored both on and/or offsite and can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster. 

DATA BACKUP STRATEGIES:  Data backup strategies will determine the technologies, media and offsite storage of the backups necessary to meet an organization’s data recovery and restoration objectives.

DATA CENTER RECOVERY:  The component of Disaster Recovery which deals with the restoration of data center services and computer processing capabilities at an alternate location and the migration back to the production site.

DATA MIRRORING: A process whereby critical data is replicated to another device.

DATA PROTECTION: Process of ensuring confidentiality, integrity and availability of data

DATA RECOVERY:  The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.

DATABASE REPLICATION:  The partial or full duplication of data from a source database to one or more destination databases.

DECLARATION:  A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g., a move to an alternate site.) 

DECLARATION FEE:  A fee charged by a Commercial Hot Site Vendor for a customer invoked disaster declaration

DENIAL OF ACCESS: The inability of an organization to access and/or occupy its normal working environment.

DEPENDENCY: The reliance or interaction of one activity or process upon another.

DESK CHECK: One method of validating a specific component of a plan. Typically, the owner of the component reviews it for accuracy and completeness and signs off.

DESKTOP EXERCISE: See: Table Top Exercise.

DISASTER:  A sudden, unplanned catastrophic event causing unacceptable damage or loss.  1) An event that compromises an organization’s ability to provide critical functions, processes, or services for some unacceptable period of time  2) An event where an organization’s management invokes their recovery plans.

DISASTER RECOVERY:  The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions.

DISASTER RECOVERY PLAN:  The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery effort.  Usually refers to the technology recovery effort.  This is a component of the Business Continuity Management Program. 

DISASTER RECOVERY PLANNING:  The technical component of business continuity planning

DRI INTERNATIONAL: DRI International is a non profit organization that offers premier educational and certification programs globally, for those practitioners within the Continuity Management field.

DROP SHIP: A strategy for a) Delivering equipment, supplies, and materials at the time of a business continuity event or exercise.  b) Providing replacement hardware within a specified time period via prearranged contractual arrangements with an equipment supplier at the time of a business continuity event. 


E             return to top

ELECTRONIC VAULTING:  Electronic transmission of data to a server or storage facility.

EMERGENCY:  An unexpected  or impending situation that may cause injury, loss of life, destruction of property, or cause the interference, loss, or disruption of an organization’s normal business operations to such an extent that it poses a threat.

EMERGENCY CONTROL CENTRE (ECC): The Command Centre used by the Crisis Management Team during the first phase of an event. An organization should have both primary and secondary locations for an ECC in case one of them becomes unavailable/inaccessible. It may also serve as a reporting point for deliveries, services, press and all external contacts.

EMERGENCY COORDINATOR: The person designated to plan, exercise, and implement the activities of sheltering in place or the evacuation of occupants of a site with the first responders and emergency services agencies. 

EMERGENCY OPERATIONS CENTER (EOC):  A site from which response teams/officials (municipal, county, state and federal) provide direction and exercise control in an emergency or disaster.

EMERGENCY PREPAREDNESS:  The capability that enables an organization or community to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage.

EMERGENCY PROCEDURES:  A documented list of activities to commence immediately to prevent the loss of life and minimize injury and property damage.

EMERGENCY RESPONSE: The immediate reaction and response to an emergency situation commonly focusing on ensuring life safety and reducing the severity of the incident.

EMERGENCY RESPONSE PLAN: A documented plan usually addressing the immediate reaction and response to an emergency situation

EMERGENCY RESPONSE PROCEDURES:  The initial response to any event and is focused upon protecting human life and the organization’s assets.

EMERGENCY RESPONSE TEAM (ERT): Qualified and authorized personnel who have been trained to provide immediate assistance.

 ENTERPRISE WIDE PLANNING: The overarching master plan covering all aspects of business continuity within the entire organization.

ESCALATION: The process by which event related information is communicated upwards through an organization’s established Chain of Command.

EVACUATION: The movement of employees, visitors and contractors from a site and/or building to a safe place (assembly area) in a controlled and monitored manner at time of an event.

EVENT: Any occurrence that may lead to a business continuity incident. 

EXECUTIVE / MANAGEMENT SUCCESSION PLAN:  A predetermined plan for ensuring the continuity of authority, decision-making, and communication in the event that key members of executive management unexpectedly become incapacitated.

EXERCISE:  A people focused activity designed to execute business continuity plans and evaluate the individual and/or organization performance against approved standards or objectives.  Exercises can be announced or unannounced, and are performed for the purpose of training and conditioning team members, and validating the business continuity plan.  Exercise results identify plan gaps and limitations and are used to improve and revise the Business Continuity Plans. Types of exercises include: Table Top Exercise, Simulation Exercise, Operational Exercise, Mock Disaster, Desktop Exercise, Full Rehearsal.

EXERCISE AUDITOR: An appointed role that is assigned to assess whether the exercise aims / objectives are being met and to measure whether activities are occurring at the right time and involve the correct people to facilitate their achievement.  The exercise auditor is not responsible for the mechanics of the exercise.  This independent role is crucial in the subsequent debriefing.

EXERCISE CONTROLLER: See Exercise Owner

EXERCISE COORDINATOR: They are responsible for the mechanics of running the exercise.  The Coordinator must lead the exercise and keep it focused within the predefined scope and objectives of the exercise as well as on the disaster scenario.  The Coordinator must be objective and not influence the outcome. They perform the coordination to make sure appropriate exercise participants have been identified and that exercise scripts have been prepared before, utilized during, and updated after the exercise. 

EXERCISE OBSERVER: An exercise observer has no active role within the exercise but is present for awareness and training purposes.  An exercise observer might make recommendations for procedural improvements.

EXERCISE SCRIPT: A set of detailed instructions identifying information necessary to implement a predefined business continuity event scenario for evaluation purposes.

EXERCISE OWNER: An appointed role that has total management oversight and control of the exercise and has the authority to alter the exercise plan.  This includes early termination of the exercise for reasons of safety or the aims / objectives of the exercise cannot be met due to an unforeseen or other internal or external influence.

EXERCISE PLAN:  A plan designed to periodically evaluate tasks, teams, and procedures that are documented in business continuity plans to ensure the plan’s viability.  This can include all or part of the BC plan, but should include mission critical components.

EXPOSURE: The potential susceptibility to loss; the vulnerability to a particular risk.

EXTRA EXPENSE: The extra cost necessary to implement a recovery strategy and/or mitigate a loss. An example is the cost to transfer inventory to an alternate location to protect it from further damage, cost of reconfiguring lines, overtime costs, etc.  Typically reviewed during BIA and is a consideration during insurance evaluation.


F             return to top

FELLOW BUSINESS CONTINUITY INSTITUTE (FBCI):  A professional certification granted by the Business Continuity Institute for senior business continuity practitioners with at least five years full-time experience and who demonstrate a thorough knowledge of all BCI Certification Standards.

FLOOR WARDEN:  Person responsible for ensuring that all employees, visitors and contractors evacuate a floor within a specific site.

FULL REHEARSAL: An exercise that simulates a Business Continuity event where the organization or some of its component parts are suspended until the exercise is completed.


G

GAP ANALYSIS: A detailed examination to identify risks associated with the differences between Business/Operations requirements and the current available recovery capabilities.

H             return to top

HARDENING: The process of making something more secure, resistant to attack, or less vulnerable.

HEALTH AND SAFETY: The process by which the well being of all employees, contractors, visitors and the public is safeguarded. All business continuity plans and planning must be cognizant of H&S statutory and regulatory requirements and legislation.  Health and Safety considerations should be reviewed during the Risk assessment.

HIGH AVAILABILITY: Systems or applications requiring a very high level of reliability and availability.  High availability systems typically operate 24x7 and usually require built-in redundancy to minimize the risk of downtime due to hardware and/or telecommunication failures.

HIGH-RISK AREAS:  Areas identified during the risk assessment that are highly susceptible to a disaster situation or might be the cause of a significant disaster. 

HOTSITE:  An alternate facility that already has in place the computer, telecommunications, and environmental infrastructure required to recover critical business functions or information systems. 

HUMAN CONTINUITY:  The ability of an organization to provide support for its associates and their families before, during, and after a business continuity event to ensure a viable workforce.  This involves pre planning for potential psychological responses, occupational health and employee assistance programs, and employee communications.

HUMAN THREATS:  Possible disruptions in operations resulting from human actions as identified during the risk assessment. (i.e., disgruntled employee, terrorism, blackmail, job actions, riots, etc.)


I             return to top

IMPACT: The effect, acceptable or unacceptable, of an event on an organization.  The types of business impact are usually described as financial and non-financial and are further divided into specific types of impact.

INCIDENT: An event which is not part of a standard operating business which may impact or interrupt services and, in some cases, may lead to disaster.

INCIDENT COMMAND SYSTEM (ICS):  Combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure with responsibility for the command, control, and coordination of assigned resources to effectively direct and control the response and recovery to an incident.  The flexible design of the ICS allows its span of control to expand or contract as the scope of the situation changes

INCIDENT MANAGEMENT: The process by which an organization responds to and controls an incident using emergency response procedures or plans.

INCIDENT MANAGER:  Commands the local emergency operations center (EOC) reporting up to senior management on the recovery progress.  Has the authority to invoke the recovery plan

INCIDENT RESPONSE: The response of an organization to a disaster or other significant event that may significantly impact the organization, its people, or its ability to function productively.  An incident response may include evacuation of a facility, initiating a disaster recovery plan, performing damage assessment, and any other measures necessary to bring an organization to a more stable status.

INFORMATION SECURITY: The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization.

INFRASTRUCTURE: The underlying foundation, basic framework, or interconnecting structural elements that support an organization.

INTEGRATED EXERCISE: An exercise conducted on multiple interrelated components of a Business Continuity Plan, typically under simulated operating conditions.  Examples of interrelated components may include interdependent departments or interfaced systems.

INTEGRATED TEST: See integrated exercise

INTERIM SITE:  A temporary location used to continue performing business functions after vacating a recovery site and before the original or new home site can be occupied.  Move to an interim site may be necessary if ongoing stay at the recovery site is not feasible for the period of time needed or if the recovery site is located far from the normal business site that was impacted by the disaster.  An interim site move is planned and scheduled in advance to minimize disruption of business processes; equal care must be given to transferring critical functions from the interim site back to the normal business site. 

INTERNAL HOTSITE:  A fully equipped alternate processing site owned and operated by the organization.


J             return to top

JOURNALING:  The process of logging changes or updates to a database since the last full backup.  Journals can be used to recover previous versions of a file before updates were made, or to facilitate disaster recovery, if performed remotely, by applying changes to the last safe backup. 


K

KEY TASKS: Priority procedures and actions in a Business Continuity Plan that must be executed within the first few minutes/hours of the plan invocation.


L             return to top

LEAD TIME: The time it takes for a supplier to make equipment, services, or supplies available after receiving an order.  Business continuity plans should try to minimize lead time by creating service level agreements (SLA) with suppliers or alternate suppliers in advance of a Business Continuity event rather than relying on the suppliers’ best efforts.

LOGISTICS/TRANSPORTATION TEAM: A team comprised of various members representing departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilization of hardware, supplies, and support materials.  This team is also responsible for transporting and supporting staff.

LOSS: Unrecoverable resources that are redirected or removed as a result of a Business Continuity event.  Such losses may be loss of life, revenue, market share, competitive stature, public image, facilities, or operational capability.

LOSS ADJUSTER: Designated position activated at the time of a Business Continuity event to assist in managing the financial implications of the event and should be involved as part of the management team where possible

LOSS REDUCTION:  The technique of instituting mechanisms to lessen the exposure to a particular risk.  Loss reduction involves planning for, and reacting to, an event to limit its impact.  Examples of loss reduction include sprinkler systems, insurance policies, and evacuation procedures.

LOST TRANSACTION RECOVERY:  Recovery of data (paper within the work area and/or system entries) destroyed or lost at the time of the disaster or interruption.  Paper documents may need to be requested or re-acquired from original sources.  Data for system entries may need to be recreated or reentered

M             return to top

MANUAL PROCEDURES: An alternative method of working following a loss of IT systems.   As working practices rely more and more on computerized activities, the ability of an organization to fallback to manual alternatives lessens.  However, temporary measures and methods of working can help mitigate the impact of a business continuity event and give staff a feeling of doing something.

MASTER BUSINESS CONTINUITY PROFESSIONAL (MBCP): The Master level certification is for individuals with a minimum of five years of Enterprise Continuity Mgmt experience in 7 of the 10 Professional Practices,  have passed both the qualifying exam and the Masters case study,  and have had their DRII Certification Application approved.

MEMBER OF THE BUSINESS CONTINUITY INSTITUTE (MBCI): A professional certification granted by the Business Continuity Institute for business continuity practitioners who understand all of the BCI Certification Standards and who have at least two years experience across the majority of the ten standards.

MISSION-CRITICAL ACTIVITIES: The critical operational and/or business support activities (either provided internally or outsourced) required by the organization to achieve its objective(s) i.e. services and/or products.

MISSION-CRITICAL APPLICATION:  Applications that support business activities or processes that could not be interrupted or unavailable for 24 hours or less without significantly jeopardizing the organization.

MOBILE RECOVERY:  A mobilized resource purchased or contracted for the purpose of business recovery. The mobile recovery center might include: computers, workstations, telephone, electrical power, etc. 

MOBILE STANDBY TRAILER: A transportable operating environment, often a large trailer, that can be configured to specific recovery needs such as office facilities, call centers, data centers, etc.  This can be contracted to be delivered and set up at a suitable site at short notice.

MOBILIZATION: The activation of the recovery organization in response to a disaster declaration..

MOCK DISASTER: One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all, or most, of the applicable teams. Under the guidance of exercise coordinators, the teams walk through the actions they would take per their plans, or simulate performance of these actions. Teams may be at a single exercise location, or at multiple locations, with communication between teams simulating actual ‘disaster mode’ communications. A mock disaster will typically operate on a compressed timeframe representing many hours, or even days.

N             return to top

N + 1: A fault tolerant strategy that includes multiple systems or components protected by one backup system or component.  (Many-to-one relationship)

NETWORK OUTAGE:  An interruption of voice, data, or IP network communications.

O

OFF-SITE STORAGE:  Any place physically located a significant distance away from the primary site, where duplicated and vital records (hard copy or electronic and/or equipment) may be stored for use during recovery. 

OPERATIONAL EXERCISE:  See: Exercise

OPERATIONAL RISK: The risk of loss resulting from inadequate or failed procedures and controls.  This includes loss from events related to technology and infrastructure, failure, business interruptions, staff related problems, and from external events such as regulatory changes

ORDERLY SHUTDOWN: The actions required to rapidly and gracefully suspend a business function and/or system during a disruption.

OUTAGE: The interruption of automated processing systems, infrastructure, support services, or essential business operations, which may result, in the organizations inability to provide services for some period of time. 


P             return to top

PEER REVIEW:  A review of a specific component of a plan by personnel (other than the owner or author) with appropriate technical or business knowledge for accuracy and completeness.

PLAN MAINTENANCE: The management process of keeping an organization’s Business continuity management plans up to date and effective.  Maintenance procedures are a part of this process for the review and update of the BC plans on a defined schedule.  Maintenance procedures are a part of this process. 

PREVENTATIVE MEASURES:  Controls aimed at deterring or Mitigating undesirable events form taking place.

PRIORITIZATION: The ordering of critical activities and their dependencies are established during the BIA and Strategic-planning phase.  The business continuity plans will be implemented in the order necessary at the time of the event.


Q             return to top

QUALITATIVE ASSESSMENT: The process for evaluating a business function based on observations and does not involve measures or numbers.  Instead, it uses descriptive categories such as customer service, regulatory requirements, etc to allow for refinement of the quantitative assessment.  This is normally done during the BIA phase of planning.

QUANTITATIVE ASSESSMENT: The process for placing value on a business function for risk purposes.  It is a systematic method that evaluates possible financial impact for losing the ability to perform a business function.  It uses numeric values to allow for prioritizations. This is normally done during the BIA phase of planning. 

QUICK SHIP: See Drop Ship.

R             return to top

RECIPROCAL AGREEMENT:  Agreement between two organizations (or two internal business groups) with similar equipment/environment that allows each one to recover at the other’s location.

RECOVERABLE LOSS: Financial losses due to an event that may be reclaimed in the future, e.g. through insurance or litigation.  This is normally identified in the Risk Assessment or BIA.

RECOVERY:  Implementing the prioritized actions required to return the processes and support functions to operational stability following an interruption or disaster.

RECOVERY MANAGEMENT TEAM: See: Business Continuity Management (BCM) Team.

RECOVERY PERIOD:  The time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed.

RECOVERY POINT OBJECTIVE (RPO):  The maximum amount of data loss an organization can sustain during an event.

RECOVERY SERVICES AGREEMENT \ CONTRACT:  A contract with an external organization guaranteeing the provision of specified equipment, facilities, or services, usually within a specified time period, in the event of a business interruption.  A typical contract will specify a monthly subscription fee, a declaration fee, usage costs, method of performance, amount of test time, termination options, penalties and liabilities, etc.

RECOVERY SITE: A designated site for the recovery of business unit, technology, or other operations, which are critical to the enterprise.

RECOVERY STRATEGY:  See business continuity strategy

RECOVERY TEAMS:  A structured group of teams ready to take control of the recovery operations if a disaster should occur.

RECOVERY TIME OBJECTIVE (RTO):  The period of time within which systems, applications, or functions must be recovered after an outage (e.g. one business day).  RTO’s are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation.

RECOVERY TIMELINE: The sequence of recovery activities, or critical path, which must be followed to resume an acceptable level of operation following a business interruption. The timeline may range from minutes to weeks, depending upon the recovery requirements and methodology.

RESILIENCE: The ability of an organization to absorb the impact of a business interruption, and continue to provide a minimum acceptable level of service.

RESILIENT: The process and procedures required to maintain or recover critical services such as “remote access” or “end-user support” during a business interruption.

RESPONSE:  The reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required. In addition to addressing matters of life safety and evacuation, Response also addresses the policies, procedures and actions to be followed in the event of an emergency. 

RESTORATION:  Process of planning for and/or implementing procedures for the repair of hardware, relocation of the primary site and its contents, and returning to normal operations at the permanent operational location. 

RESUMPTION:  The process of planning for and/or implementing the restarting of defined business processes and operations following a disaster.  This process commonly addresses the most critical business functions within BIA specified timeframes. 

RISK:  Potential for exposure to loss which can be determined by using either qualitative or quantitative measures.

RISK ASSESSMENT / ANALYSIS:  Process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event.

RISK CATEGORIES:  Risks of similar types are grouped together under key headings, otherwise known as ‘risk categories’. These categories include reputation, strategy, financial, investments, operational infrastructure, business, regulatory compliance, Outsourcing, people, technology and knowledge.

RISK CONTROLS: All methods of reducing the frequency and/or severity of losses including exposure avoidance, loss prevention, loss reduction, segregation of exposure units and non-insurance transfer of risk.

RISK MANAGEMENT: The culture, processes and structures that are put in place to effectively manage potential negative events. As it is not possible or desirable to eliminate all risk, the objective is to reduce risks to an acceptable level

RISK TRANSFER: A common technique used by Risk Managers to address or mitigate potential exposures of the organization.  A series of techniques describing the various means of addressing risk through insurance and similar products.

ROLL CALL: The process of identifying that all employees, visitors and contractors have been safely evacuated and accounted for following an evacuation of a building or site.

S             return to top

SALVAGE & RESTORATION:  The act of conducting a coordinated assessment to determine the appropriate actions to be performed on impacted assets.  The assessment can be coordinated with Insurance adjusters, facilities personnel, or other involved parties.  Appropriate actions may include: disposal, replacement, reclamation, refurbishment, recovery or receiving compensation for unrecoverable organizational assets.

SCENARIO: A pre-defined set of Business Continuity events and conditions that describe, for planning purposes, an interruption, disruption, or loss related to some aspect(s) of an organization’s business operations to support conducting a BIA, developing a continuity strategy, and developing continuity and exercise plans.    Note: Scenarios are neither predictions nor forecasts.

SECURITY REVIEW: A periodic review of policies, procedures, and operational practices maintained by an organization to ensure that they are followed and effective.

SELF INSURANCE: The pre-planned assumption of risk in which a decision is made to bear loses that could result from a Business Continuity event rather than purchasing insurance to cover those potential losses.

SERVICE CONTINUITY: The process and procedures required to maintain or recover critical services such as “remote access” or “end-user support” during a business interruption.

SERVICE CONTINUITY PLANNING: A process used to mitigate, develop, and document procedures that enable an organization to recover critical services after a business interruption.

SERVICE LEVEL AGREEMENT (SLA): A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day-to-day situations and disaster situations, as the need for the service may vary in a disaster.

SERVICE LEVEL MANAGEMENT (SLM): The process of defining, agreeing, documenting and managing the levels of any type of services provided by service providers whether internal or external that are required and cost justified.

SIMULATION EXERCISE:  One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Simulation exercises, which may involve one or more teams, are performed under conditions that at least partially simulate ‘disaster mode’. They may or may not be performed at the designated alternate location, and typically use only a partial recovery configuration.

SINGLE POINT OF FAILURE: (SPOF) A unique pathway or source of a service, activity, and/or process.  Typically, there is no alternative and a loss of that element could lead to a failure of a critical function.

SPECIALIST OF BUSINESS CONTINUITY INSTITUTE (SBCI): A professional certification granted by the Business Continuity Institute for specialist practitioners with at least two years of full time experience in a business continuity management related profession and who have good general knowledge of some of the BCI Certification Standards.

STAND DOWN: Formal notification that the response to a Business Continuity event is no longer required or has been concluded.

STANDALONE TEST:  A test conducted on a specific component of a plan in isolation from other components to validate component functionality, typically under simulated operating conditions.

STRUCTURED WALKTHROUGH:  Types of exercise in which team members physically implement the business continuity plans and verbally review each step to assess its effectiveness, identify enhancements, constraints and deficiencies.

SUBSCRIPTION:  See: Recovery Services Agreement \ Contract

SUPPLY CHAIN:  All suppliers, manufacturing facilities, distribution centers, warehouses, customers, raw materials, work-in-process inventory, finished goods, and all related information and resources involved in meeting customer and organizational requirements.

SYSTEM: Set of related technology components that work together to support a business process or provide a service.

SYSTEM RECOVERY: The procedures for rebuilding a computer system and network to the condition where it is ready to accept data and applications, and facilitate network communications.

SYSTEM RESTORE:  The procedures necessary to return a system to an operable state using all available data including data captured by alternate means during the outage.  System restore depends upon having a live, recovered system available.

T             return to top

TABLE TOP EXERCISE:  One method of exercising plans in which participants review and discuss the actions they would take without actually performing the actions.  Representatives of a single team, or multiple teams, may participate in the exercise typically under the guidance of exercise facilitators.

TASK LIST: Defined mandatory and discretionary tasks allocated to teams and/or individual roles within a Business Continuity Plan

TEST:  A pass/fail evaluation of infrastructure (example-computers, cabling, devices, hardware) and\or physical plant infrastructure (example-building systems, generators, utilities) to demonstrate the anticipated operation of the components and system.  Tests are often performed as part of normal operations and maintenance.  Tests are often included within exercises. (See Exercise).

TEST PLAN:  See Exercise Plan

THREAT: A combination of the risk, the consequence of that risk, and the likelihood that the negative event will take place. 

TRAUMA COUNSELING: The provisioning of counseling assistance by trained individuals to employees, customers and others who have suffered mental or physical injury as the result of an event.

TRAUMA MANAGEMENT: The process of helping employees deal with trauma in a systematic way following an event by proving trained counselors, support systems, and coping strategies with the objective of restoring employees psychological well being.


U             return to top

UNEXPECTED LOSS: The worst-case financial loss or impact that a business could incur due to a particular loss event or risk. The unexpected loss is calculated as the expected loss plus the potential adverse volatility in this value. It can be thought of as the worst financial loss that could occur in a year over the next 20 years.

UNINTERTUPTIBLE POWER SUPPLY (UPS):  A backup electrical power supply that provides continuous power to critical equipment in the event that commercial power is lost.  The UPS (usually a bank of batteries) offers short-term protection against power surges and outages. The UPS usually only allows enough time for vital systems to be correctly powered down.

V

VALIDATION SCRIPT: A set of procedures within the Business Continuity Plan to validate the proper function of a system or process before returning it to production operation.

VITAL RECORDS:  Records essential to the continued functioning or reconstitution of an organization during and after an emergency and also those records essential to protecting the legal and financial rights of that organization and of the individuals directly affected by its activities.


W             return to top

WARM SITE:  An alternate processing site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of providing backup after additional provisioning, software or customization is performed.

WORK AREA FACILITY: A pre-designated space provided with desks, telephones, PCs, etc. ready for occupation by business recovery teams at short notice. May be internally or externally provided.

WORK AREA RECOVERY: The component of recovery and continuity that deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, equipment supplies, work space, communication facilities, work station computer processing capability, fax, copy machines, mail services, etc.    Office recovery environment complete with necessary office infrastructure (desk, telephone, workstation, hardware, communications).

WORK AREA RECOVERY PLANNING: The business continuity planning process of identifying the needs and preparing procedures and personnel for use at the work area facility.

WORKAROUND PROCEDURES:  Alternative procedures that may be used by a functional unit(s) to enable it to continue to perform its critical functions during temporary unavailability of specific application systems, electronic or hard copy data, voice or data communication systems, specialized equipment, office facilities, personnel, or external services.


X             return to top


Y


Z

Copyright by ResiliencyPlus; 2009; v1.6