BCMP Glossary of Terms
A • B • C • D • E • F • G • H • I • J • K • L • M • N • O • P • Q • R • S • T • U • V • W • X • Y • Z
ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration; the execution of the recovery plan.
ALTERNATE SITE: An alternate operating location to be used by business functions when the primary facilities are inaccessible. 1) Another location, computer center or work area designated for recovery. 2) Location, other than the main facility, that can be used to conduct business functions. 3) A location, other than the normal facility, used to process data and/or conduct critical business functions in the event of a disaster.
ALTERNATE WORK AREA: Office recovery environment complete with necessary office infrastructure (desk, telephone, workstation, and associated hardware, communications, etc.); also referred to as Work Space or Alternative work site.
ASSEMBLY AREA: The designated area at which employees, visitors, and contractors assemble when evacuated from their building/site.
BACKLOG: a) The amount of work that accumulates when a system or process is unavailable for a long period of time. This work needs to be processed once the system or process is available and may take a considerable amount of time to process.
b) A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so marked that the backlog cannot be cleared.
BUSINESS CONTINUITY: The ability of an organization to ensure continuity of service and support for its customers and to maintain its viability before after and during an event. (DRII and OR-DAS definitions are identical)
BUSINESS CONTINUITY COORDINATOR: Designated individual responsible for preparing and coordinating the business continuity process. Similar term: disaster recovery coordinator, business recovery coordinator.
BUSINESS CONTINUITY PLAN MANAGER: The designated individual responsible for plan documentation, maintenance, and distribution.
BUSINESS CONTINUITY MANAGEMENT PROGRAM: An ongoing management and governance process supported by senior management and resourced to ensure that the necessary steps are taken to coordinate the efforts of Emergency Management, Business Continuity Planning and Disaster Recovery. The program also guides the divisions to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services.
BUSINESS CONTINUITY MANAGEMENT TEAM: A group of individuals functionally responsible for directing the development and execution of the business continuity plan, and providing consultation during the recovery process, both pre-disaster and post-disaster.
BUSINESS CONTINUITY PLAN (BCP): Advance arrangements and procedures that enable an organization to respond to an event in such a manner that mission critical functions continue with planned levels of interruption or essential change.
BUSINESS CONTINUITY PLANNING (BCP): Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change.
BUSINESS IMPACT ANALYSIS (BIA)/Risk Assessment: The Business Impact Analysis/ Risk Assessment is a process designed to identify critical business functions and workflow determine the qualitative and quantitative impacts of a disruption, and to prioritize and establish recovery time objectives.
BUSINESS INTERRUPTION: Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of business operations at an organization’s location. Similar terms: outage, service interruption.
CALL TREE: A document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation.
COMMAND CENTER: A physical or virtual facility located outside of the affected area used to gather, assess, and disseminate information and to make decisions to effect recovery.
CRISIS SIMULATION: The process of testing an organization’s ability to respond to a crisis in a coordinated, timely, and effective manner by simulating the occurrence of a specific crisis.
MISSION CRITICAL FUNCTIONS (MCF): Business functions or information that could not be interrupted or unavailable anywhere from a few hours to one month or less without significantly jeopardizing the mission of the agency, and the health, welfare or safety of Oregonians.
DAMAGE ASSESSMENT: The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. and determining what can be salvaged or restored and what must be replaced.
DEPENDENCY: The reliance, directly or indirectly, of one activity or process upon another.
DISASTER RECOVERY COORDINATOR: An individual or group designated to coordinate or control designated recovery processes or testing.
DISASTER RECOVERY PLAN: The management-approved document that defines the resources, actions, tasks and data required to manage the recovery effort. Usually refers to the technology recovery effort. This is a component of the BCM Program. See: BCM Plan, Recovery Plan.
DISASTER RECOVERY PLANNING: The technological aspect of business continuity planning. The advance planning and preparation that is necessary to minimize loss and ensure continuity of the critical business functions of an organization in the event of disaster.
DISASTER RECOVERY TEAM: A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
EMERGENCY OPERATIONS CENTER (EOC): A site from which response teams/officials (municipal, county, state and federal) exercise direction and control in an emergency or disaster. Associated term: command center.
EMERGENCY PREPAREDNESS: The discipline that ensures an organization or community’s readiness to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage.
EMERGENCY RESPONSE TEAM (ERT): Teams of individuals who have been trained to provide rapid response to all type of emergencies and to provide assistance and act as a contact to responding outside agencies. Associated term: medical emergency response team (MERT).
EVENT: Any occurrence that may lead to a business continuity incident. See: Crisis and Incident
EXECUTIVE / MANAGEMENT SUCCESSION: A predetermined plan for ensuring the continuity of authority, decision-making, and communication in the event that key members of senior management suddenly become incapacitated, or in the event that a crisis occurs while key members of senior management are unavailable.
EXERCISE: A people focused activity designed to execute business continuity plans and evaluate the individual and/or organization performance against approved standards or objectives. Exercises can be announced or unannounced, and are performed for the purpose of training and conditioning team members, and validating the business continuity plan.
Exercise results identify plan gaps and limitations and are used to improve and revise the Business Continuity Plans. Types of exercises include: Table Top Exercise, Simulation Exercise, Operational Exercise, Mock Disaster, Desktop Exercise, Full Rehearsal.
HEALTH AND SAFETY: The process by which the well being of all employees, contractors, visitors and the public is safeguarded. All business continuity plans and planning must be cognizant of H&S statutory and regulatory requirements and legislation. Health and Safety considerations should be reviewed during the Risk assessment.
HUMAN THREATS: Possible disruptions in operations resulting from human actions. (i.e., disgruntled employee, terrorism, blackmail, job actions, riots, etc.)
INCIDENT: An event which is not part of a standard operating business, which may impact or interrupt services, and in some cases, may lead to disaster.
INFORMATION SECURITY: The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization.
See: BS 7799 and ISO 17799
MANUAL PROCEDURES: An alternative method of working following a loss of IT systems. As working practices rely more and more on computerized activities, the ability of an organization to fallback to manual alternatives lessens. However, temporary measures and methods of working can help mitigate the impact of a business continuity event and give staff a feeling of doing something.
MISSION-CRITICAL APPLICATION: An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business, as well as legal or regulatory impacts.
NETWORK OUTAGE: An interruption of voice, data, or IP network communications.
PLAN MAINTENANCE: The management process of keeping an organization’s Business continuity management plans up to date and effective. Maintenance procedures are a part of this process for the review and update of the BC plans on a defined schedule. Maintenance procedures are a part of this process.
PREVENTATIVE MEASURES: Controls aimed at deterring or Mitigating undesirable events form taking place.
RECOVERY PLAN ADMINISTRATOR: The individual responsible for documenting recovery activities and tracking recovery progress.
RECOVERY POINT OBJECTIVE (RPO): From a business perspective RPO is the maximum amount of data loss the business can incur in an event. The targeted point in time to which systems and data must be recovered after an outage as determined by the business unit.
RECOVERY TIME OBJECTIVE (RTO): The period of time within which systems, applications, or functions must be recovered after an outage (e.g. one business day). RTO’s are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. Similar Terms: Maximum Allowable Downtime
RESUMPTION: The process of planning for and/or implementing the restarting of defined business processes and operations following a disaster. This process commonly addresses the most critical business functions within BIA specified timeframes.
RISK: Potential for exposure to loss. Risks, either man-made or natural, are constant. The potential is usually measured by its probability in years.
RISK ASSESSMENT / ANALYSIS: Process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event.
RISK CATEGORIES: Risks of similar types are grouped together under key headings, otherwise known as “risk categories”. These categories include reputation, strategy, financial, investments, operational infrastructure, business, regulatory compliance, Outsourcing, people, technology and knowledge.
RISK MITIGATION: Implementation of measures to deter specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner.
SCENARIO: A pre-defined set of Business Continuity events and conditions that describe, for planning purposes, an interruption, disruption, or loss related to some aspect(s) of an organization’s business operations to support conducting a BIA, developing a continuity strategy, and developing continuity and exercise plans. Note: Scenarios are neither predictions nor forecasts.
TABLE TOP EXERCISE: One method of exercising teams in which participants review and discuss the actions they would take per their plans, but do not perform any of these actions. The exercise can be conducted with a single team, or multiple teams, typically under the guidance of exercise facilitators.
UNEXPECTED LOSS: The worst-case financial loss or impact that a business could incur due to a particular loss event or risk. The unexpected loss is calculated as the expected loss plus the potential adverse volatility in this value. It can be thought of as the worst financial loss that could occur in a year over the next 20 years.
UNINTERTUPTIBLE POWER SUPPLY (UPS): A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
VITAL RECORD: A record that must be preserved and available for retrieval if needed.
WORKAROUND PROCEDURES: Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of specific application systems, electronic or hard copy data, voice or data communication systems, specialized equipment, office facilities, personnel, or external services.