Business continuity planning is an essential part of protecting your organization ā but preparing for the unexpected can be complicated, and thereās a lot to consider. Make sure youāre covering all your bases with this glossary of important terminology you need to know.
ā Get a copy of this business continuity glossary in PDF format.Ā ā
The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration; the execution of the recovery plan
1) Notification that a disaster may occur (a standby for possible activation of the continuity plan);
2) Notification that an interruption may occur due to planned events (such as a system upgrade) or expected events (such as a hurricane warning), when preparation or relocation begins before the incident
A location other than the normal facility that is used to process data and/or conduct critical business processes in the event that access to the primary facility is denied or the facility is damaged
The verification of the identity of an individual, system, machine, or any other unique entity
The process of allowing access to specific areas of a system based on the role and needs of the user
The plan used by an organization or business unit to respond to a disaster or disruption of operations; includes a predetermined set of procedures and documentation that defines the resources, actions, tasks, data, and processing priorities required to manage business continuity and restoration processes in the event of an incident
Advance planning and preparations to minimize loss and ensure recovery of the organizationās critical business functions in the event of an unexpected incident, disaster, or other interruption; includes establishing strategies, determining procedures, and arranging for necessary recovery resources
The individual responsible for the overall continuity of a business unit, organization, or specific technology components within their department who acts as a liaison with other teams and outside service providers; this person ensures that the plan is effective, comprehensive, and sufficient to meet the organizationās recovery objectives
The process of identifying the potential impact of uncontrolled, non-specific events on an organizationās business processes; measurements are derived from analyzing impact types over time for a particular business unit
A document that identifies who is responsible for contacting management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation
Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies
A time period or continuing condition initiated by an event or incident that precludes the use of normal processes or procedures; demands focused attention from management to prevent unacceptable / catastrophic or undesirable losses
Provides the overall policies, procedures, and guidance for responding to an event that poses substantive risk to the organization; used to organize, evaluate, and control significant events that impact normal operations, focusing on managing departments and their resources during a disruption
The group responsible for maintaining, validating, and coordinating the recovery or recovery support processes for all business units and technology
Rankings used to determine process restoration (e.g., mission critical, critical, important, etc.)
1) Any resource needed to perform a process (may include applications, vendors, skills, locations, other processes, etc.);
2) The relationship between resources
An unanticipated event or interruption that impacts an organizationās critical business functions and/or technology environment
The formal notification process that takes place after determining that it is not feasible to recover normal operations at a primary business site within an acceptable time period
The compilation of technological strategies and actions that minimize both the impact of business interruptions and the effort to recover and fully resume business processes; generally focuses on technology recovery and restoration
Processes and structures implemented to communicate, manage, and monitor organizational activities
A readily available recovery facility and associated resources; typically staffed and maintained 24 hours a day, seven days a week
The influence and effect of a risk
Any unplanned event with the potential to disrupt critical business processes
A primary control that is essential for a business process; typically takes place during the process it applies to
The probability of a risk occurring
An alternate method for completing a process without the resource in question
An annual internal review process to maintain the quality of the business continuity plan; includes exercising, editing, and revising plan documents, attachments, and call lists and forms to maintain the plan in a perpetual state of readiness
The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk
An epidemic or infectious disease that can have a worldwide impact
1) The principle elements of essential business functions within work groups or business units;
2) A set of tasks completed by business continuity plan owners within a department
Activities performed to enable the timely re-initiation of business processes
The actual maximum amount of data that could be lost with current backup and recovery options
The acceptable level of data loss exposure following an unplanned event; the maximum amount of data you can afford to lose or recreate
The actual amount of time it will take for a service or technology to be recovered
The acceptable duration of time following an unplanned event until a critical business function has been restored; the maximum allowable time a service or technology can be unavailable
A person, place, or thing that provides service to your business or department
A potential event or action that would have an adverse effect on the organization
The prioritization of potential business disruptions based on the impact and likelihood of occurrence; includes an analysis of threats based on the impact to the organization, its customers, and financial markets
The process of reclaiming work in progress, refurbishing computer hardware, or recovering office facilities, equipment, or vital records following a disaster
A list that documents essential items at a business location that should be retrieved in the event that the building is intact and reentry is allowed
An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)
The difference between the amount of time a business unit needs to restore a resource and the actual time it will take for restoration (RTO vs. RT and RPO vs. RP)
Provides strategic direction and support for the crisis management team (CMT) when requested or required by events beyond the CMTās purview
A non-essential control that can still be applied effectively to a business process
Any information resources (e.g., paperwork, computer files) essential to the conduct of business
A training and evaluation event created to guide continuity and recovery processes for the organization; typically occurs at least annually as part of the maturity methodology program and includes a post-exercise review
Learn how you can take the guesswork out of business continuity and disaster recovery planning with the help of Quantivateās all-in-one Business Continuity Management Software and consulting services.