Business Continuity Glossary: 40+ Important Terms for Your Continuity & Recovery Planning

  • October 17, 2018
  • Quantivate

Business continuity planning is an essential part of protecting your organization — but preparing for the unexpected can be complicated, and there’s a lot to consider. Make sure you’re covering all your bases with this glossary of important terminology you need to know.


Get a copy of this business continuity glossary in PDF format. 


 

Business Continuity Terminology

Activation:

The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration; the execution of the recovery plan

Alert:

1) Notification that a disaster may occur (a standby for possible activation of the continuity plan);

2) Notification that an interruption may occur due to planned events (such as a system upgrade) or expected events (such as a hurricane warning), when preparation or relocation begins before the incident

Alternate Site / Location:

A location other than the normal facility that is used to process data and/or conduct critical business processes in the event that access to the primary facility is denied or the facility is damaged

Authentication:

The verification of the identity of an individual, system, machine, or any other unique entity

Authorization:

The process of allowing access to specific areas of a system based on the role and needs of the user

Business Continuity Plan (BCP):

The plan used by an organization or business unit to respond to a disaster or disruption of operations; includes a predetermined set of procedures and documentation that defines the resources, actions, tasks, data, and processing priorities required to manage business continuity and restoration processes in the event of an incident

Business Continuity Planning:

Advance planning and preparations to minimize loss and ensure recovery of the organization’s critical business functions in the event of an unexpected incident, disaster, or other interruption; includes establishing strategies, determining procedures, and arranging for necessary recovery resources

Business Continuity Plan Owner:

The individual responsible for the overall continuity of a business unit, organization, or specific technology components within their department who acts as a liaison with other teams and outside service providers; this person ensures that the plan is effective, comprehensive, and sufficient to meet the organization’s recovery objectives

Business Impact Analysis (BIA):

The process of identifying the potential impact of uncontrolled, non-specific events on an organization’s business processes; measurements are derived from analyzing impact types over time for a particular business unit

Call List:

A document that identifies who is responsible for contacting management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation

Controls:

Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies

Crisis:

A time period or continuing condition initiated by an event or incident that precludes the use of normal processes or procedures; demands focused attention from management to prevent unacceptable / catastrophic or undesirable losses

Crisis Management Plan:

Provides the overall policies, procedures, and guidance for responding to an event that poses substantive risk to the organization; used to organize, evaluate, and control significant events that impact normal operations, focusing on managing departments and their resources during a disruption

Crisis Management Team:

The group responsible for maintaining, validating, and coordinating the recovery or recovery support processes for all business units and technology

Criticality Levels:

Rankings used to determine process restoration (e.g., mission critical, critical, important, etc.)

Dependency:

1) Any resource needed to perform a process (may include applications, vendors, skills, locations, other processes, etc.);

2) The relationship between resources

Disaster:

An unanticipated event or interruption that impacts an organization’s critical business functions and/or technology environment

Disaster Declaration:

The formal notification process that takes place after determining that it is not feasible to recover normal operations at a primary business site within an acceptable time period

Disaster Recovery Plan:

The compilation of technological strategies and actions that minimize both the impact of business interruptions and the effort to recover and fully resume business processes; generally focuses on technology recovery and restoration

Governance:

Processes and structures implemented to communicate, manage, and monitor organizational activities

Hot Site:

A readily available recovery facility and associated resources; typically staffed and maintained 24 hours a day, seven days a week

Impact:

The influence and effect of a risk

Incident:

Any unplanned event with the potential to disrupt critical business processes

Key Control:

A primary control that is essential for a business process; typically takes place during the process it applies to

Likelihood:

The probability of a risk occurring

Manual Workaround:

An alternate method for completing a process without the resource in question

Maturity Methodology or Exercise Program:

An annual internal review process to maintain the quality of the business continuity plan; includes exercising, editing, and revising plan documents, attachments, and call lists and forms to maintain the plan in a perpetual state of readiness

Mitigation Actions:

The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk

Pandemic:

An epidemic or infectious disease that can have a worldwide impact

Process:

1) The principle elements of essential business functions within work groups or business units;

2) A set of tasks completed by business continuity plan owners within a department

Recovery:

Activities performed to enable the timely re-initiation of business processes

Recovery Point (RP):

The actual maximum amount of data that could be lost with current backup and recovery options

Recovery Point Objective (RPO):

The acceptable level of data loss exposure following an unplanned event; the maximum amount of data you can afford to lose or recreate

Recovery Time (RT):

The actual amount of time it will take for a service or technology to be recovered

Recovery Time Objective (RTO):

The acceptable duration of time following an unplanned event until a critical business function has been restored; the maximum allowable time a service or technology can be unavailable

Resource:

A person, place, or thing that provides service to your business or department

Risk:

A potential event or action that would have an adverse effect on the organization

Risk Assessment:

The prioritization of potential business disruptions based on the impact and likelihood of occurrence; includes an analysis of threats based on the impact to the organization, its customers, and financial markets

Salvage & Restoration:

The process of reclaiming work in progress, refurbishing computer hardware, or recovering office facilities, equipment, or vital records following a disaster

Salvage Requirements:

A list that documents essential items at a business location that should be retrieved in the event that the building is intact and reentry is allowed

Secondary Control:

An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)

Solutions Gap:

The difference between the amount of time a business unit needs to restore a resource and the actual time it will take for restoration (RTO vs. RT and RPO vs. RP)

Strategic Management Team:

Provides strategic direction and support for the crisis management team (CMT) when requested or required by events beyond the CMT’s purview

Tertiary Control:

A non-essential control that can still be applied effectively to a business process

Vital Records:

Any information resources (e.g., paperwork, computer files) essential to the conduct of business

Walkthrough Exercise:

A training and evaluation event created to guide continuity and recovery processes for the organization; typically occurs at least annually as part of the maturity methodology program and includes a post-exercise review



Can you trust your business continuity plan to get you through a crisis?

Learn how you can take the guesswork out of business continuity and disaster recovery planning with the help of Quantivate’s all-in-one Business Continuity Management Software and consulting services.

Stay up to date with the latest news, compliance alerts, and thought leadership for the financial services industry: