Business Continuity Glossary: 40+ Important Terms for Your Continuity & Recovery Planning
- October 17, 2018
- Quantivate
Business continuity planning is an essential part of protecting your organization — but preparing for the unexpected can be complicated, and there’s a lot to consider. Make sure you’re covering all your bases with this glossary of important terminology you need to know.
→ Get a copy of this business continuity glossary in PDF format. ←
Business Continuity Terminology
Activation:
The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration; the execution of the recovery plan
Alert:
1) Notification that a disaster may occur (a standby for possible activation of the continuity plan);
2) Notification that an interruption may occur due to planned events (such as a system upgrade) or expected events (such as a hurricane warning), when preparation or relocation begins before the incident
Alternate Site / Location:
A location other than the normal facility that is used to process data and/or conduct critical business processes in the event that access to the primary facility is denied or the facility is damaged
Authentication:
The verification of the identity of an individual, system, machine, or any other unique entity
Authorization:
The process of allowing access to specific areas of a system based on the role and needs of the user
Business Continuity Plan (BCP):
The plan used by an organization or business unit to respond to a disaster or disruption of operations; includes a predetermined set of procedures and documentation that defines the resources, actions, tasks, data, and processing priorities required to manage business continuity and restoration processes in the event of an incident
Business Continuity Planning:
Advance planning and preparations to minimize loss and ensure recovery of the organization’s critical business functions in the event of an unexpected incident, disaster, or other interruption; includes establishing strategies, determining procedures, and arranging for necessary recovery resources
Business Continuity Plan Owner:
The individual responsible for the overall continuity of a business unit, organization, or specific technology components within their department who acts as a liaison with other teams and outside service providers; this person ensures that the plan is effective, comprehensive, and sufficient to meet the organization’s recovery objectives
Business Impact Analysis (BIA):
The process of identifying the potential impact of uncontrolled, non-specific events on an organization’s business processes; measurements are derived from analyzing impact types over time for a particular business unit
Call List:
A document that identifies who is responsible for contacting management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation
Controls:
Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies
Crisis:
A time period or continuing condition initiated by an event or incident that precludes the use of normal processes or procedures; demands focused attention from management to prevent unacceptable / catastrophic or undesirable losses
Crisis Management Plan:
Provides the overall policies, procedures, and guidance for responding to an event that poses substantive risk to the organization; used to organize, evaluate, and control significant events that impact normal operations, focusing on managing departments and their resources during a disruption
Crisis Management Team:
The group responsible for maintaining, validating, and coordinating the recovery or recovery support processes for all business units and technology
Criticality Levels:
Rankings used to determine process restoration (e.g., mission critical, critical, important, etc.)
Dependency:
1) Any resource needed to perform a process (may include applications, vendors, skills, locations, other processes, etc.);
2) The relationship between resources
Disaster:
An unanticipated event or interruption that impacts an organization’s critical business functions and/or technology environment
Disaster Declaration:
The formal notification process that takes place after determining that it is not feasible to recover normal operations at a primary business site within an acceptable time period
Disaster Recovery Plan:
The compilation of technological strategies and actions that minimize both the impact of business interruptions and the effort to recover and fully resume business processes; generally focuses on technology recovery and restoration
Governance:
Processes and structures implemented to communicate, manage, and monitor organizational activities
Hot Site:
A readily available recovery facility and associated resources; typically staffed and maintained 24 hours a day, seven days a week
Impact:
The influence and effect of a risk
Incident:
Any unplanned event with the potential to disrupt critical business processes
Key Control:
A primary control that is essential for a business process; typically takes place during the process it applies to
Likelihood:
The probability of a risk occurring
Manual Workaround:
An alternate method for completing a process without the resource in question
Maturity Methodology or Exercise Program:
An annual internal review process to maintain the quality of the business continuity plan; includes exercising, editing, and revising plan documents, attachments, and call lists and forms to maintain the plan in a perpetual state of readiness
Mitigation Actions:
The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk
Pandemic:
An epidemic or infectious disease that can have a worldwide impact
Process:
1) The principle elements of essential business functions within work groups or business units;
2) A set of tasks completed by business continuity plan owners within a department
Recovery:
Activities performed to enable the timely re-initiation of business processes
Recovery Point (RP):
The actual maximum amount of data that could be lost with current backup and recovery options
Recovery Point Objective (RPO):
The acceptable level of data loss exposure following an unplanned event; the maximum amount of data you can afford to lose or recreate
Recovery Time (RT):
The actual amount of time it will take for a service or technology to be recovered
Recovery Time Objective (RTO):
The acceptable duration of time following an unplanned event until a critical business function has been restored; the maximum allowable time a service or technology can be unavailable
Resource:
A person, place, or thing that provides service to your business or department
Risk:
A potential event or action that would have an adverse effect on the organization
Risk Assessment:
The prioritization of potential business disruptions based on the impact and likelihood of occurrence; includes an analysis of threats based on the impact to the organization, its customers, and financial markets
Salvage & Restoration:
The process of reclaiming work in progress, refurbishing computer hardware, or recovering office facilities, equipment, or vital records following a disaster
Salvage Requirements:
A list that documents essential items at a business location that should be retrieved in the event that the building is intact and reentry is allowed
Secondary Control:
An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)
Solutions Gap:
The difference between the amount of time a business unit needs to restore a resource and the actual time it will take for restoration (RTO vs. RT and RPO vs. RP)
Strategic Management Team:
Provides strategic direction and support for the crisis management team (CMT) when requested or required by events beyond the CMT’s purview
Tertiary Control:
A non-essential control that can still be applied effectively to a business process
Vital Records:
Any information resources (e.g., paperwork, computer files) essential to the conduct of business
Walkthrough Exercise:
A training and evaluation event created to guide continuity and recovery processes for the organization; typically occurs at least annually as part of the maturity methodology program and includes a post-exercise review
Can you trust your business continuity plan to get you through a crisis?
Learn how you can take the guesswork out of business continuity and disaster recovery planning with the help of Quantivate’s all-in-one Business Continuity Management Software and consulting services.