Business Continuity Glossary

From Open Risk Manual

Business Continuity Glossary

A Business Continuity Glossary compiled from a variety of sources [1], [2] [3], [4], [5] [6] and [7]

Term Definition Category
Activation The implementation of business continuity procedures, activities and plans in response to a serious Incident, Emergency, Event or Crisis. Business Continuity Plan
Activity A process or set of processes undertaken by an organization (or on its behalf) that produces or supports one or more products and services. Business Continuity
Alert Notification that a potential disruption is imminent or has occurred. Business Continuity Communications
Alternate Routing The routing of information via an alternate cable or other medium (i.e. using different networks should the normal network be rendered unavailable). Business Recovery Strategy
Alternate Work Area Recovery environment complete with necessary infrastructure (e.g., desk, telephone, workstation, and associated hardware and equipment, communications). Business Recovery Strategy
Annual Loss Exposure A risk management method of calculating loss based on a value and level of frequency. Business Impact Analysis
Annual Program Review A structured yearly opportunity for top management to review the status of important components of the business continuity management program, with the objectives of approving future initiatives, allocating resources and confirming program scope. Business Continuity Management
Application Recovery The component of Disaster Recovery that deals specifically with the restoration of business system software and data after the processing platform has been restored or replaced. Business Recovery Strategy
Assembly Area The designated area at which employees, visitors, and contractors assemble if evacuated from their building/site. Business Recovery Strategy
Awareness To create understanding of basic BC issues and limitations. This will enable staff to recognise threats and respond distribution of posters and accordingly. Business Continuity Training
Backlog a) The amount of work that accumulates when a system or process is unavailable for a long period of time. This work needs to be processed once the system or process becomes available and may take a considerable amount of time to process. b) A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so large that the backlog cannot be cleared. Business Recovery Strategy
Data Backup A process by which data (electronic or paper-based) and programs are copied in some form so as to be available and used if the original data from which it originated are lost, destroyed or corrupted. Business Continuity Plan
Backup Generator An independent source of power, usually fueled by diesel or natural gas. Business Recovery Strategy
Battle Box A container - often literally a box or brief case - in which data and information are stored so as to be immediately available post incident. Business Recovery Strategy
Black Swan A term popular in BCM, based upon a book of the same name in which the author defines a Black Swan as an event that has not been predicted by normal scientific or probability methods. Business Impact Analysis
Building Denial A situation in which premises cannot, or are not allowed to be, accessed. Business Impact Analysis
Business Continuity Coordinator A role within the BCM program that coordinates planning and implementation for overall recovery of an organization or unit(s). Business Continuity Management
Business Continuity Policy The key document that sets out the scope and governance of the BCM programme and reflects the reasons why it is being implemented. Business Continuity Management
Business Continuity Professional An experienced individual with responsibilities for practicing and/or managing business continuity. Business Continuity Management
Business Continuity Management Program Ongoing management and governance process supported by Top Management and appropriately resourced to implement and maintain business continuity management. Business Continuity Management
Business Continuity Management System Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. Business Continuity Management
Business Continuity Management Team A group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster. Business Continuity Management
Business Continuity Maturity Model A tool to measure the level and degree to which BCM activities have become standard and assured business practices within an organization. Business Continuity Management
Business Continuity Plan Administrator The designated individual responsible for plan documentation, maintenance, and distribution. Business Continuity Plan
Business Continuity Planning The process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption. Business Continuity Plan
Business Continuity Programme Board A management group to give advice, guidance and management authorization to the BC Manager/coordinator/professional. Business Continuity Management
Business Continuity Steering Committee A committee of decision makers, (e.g., Business leaders, technology experts and continuity professionals) tasked with making strategic policy and continuity planning decisions for the organization, and for providing the resources to accomplish all business continuity program goals. Business Continuity Management
Business Continuity Strategy An approach selected by an organization to ensure its recovery and continuity in the face of a disaster or other business disruption Business Recovery Strategy
Business Continuity Team Designated individuals responsible for developing, execution, rehearsals, and maintenance of the business continuity plan. Business Continuity Management
Business Function A description of work that is performed to accomplish the specific business requirements of the organization. Examples of business function include delivering raw materials, paying bills, receiving cash and inventory control. Business Continuity
Business Interruption Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of business operations at an organization's location. Business Impact Analysis
Business Interruption Costs The impact to the business caused by different types of outages, normally measured by revenue lost. Business Impact Analysis
Business Interruption Insurance Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a provides reimbursement disaster. Business Continuity Plan
Business Recovery Coordinator An individual or group designated to coordinate or control designated recovery processes or testing. Business Continuity Management
Business Recovery Team A group responsible for: relocation and recovery of business unit operations at an alternate site following a business disruption; and subsequent resumption and restoration of those operations at an appropriate site. Business Continuity Management
Business Recovery Timeline The approved sequence of activities, required to achieve stable operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and methodology. Business Recovery Strategy
Business Unit A unit, department or division within an organization. Business Continuity
Business Unit BC Coordinator A staff member appointed by a business unit to serve as the liaison person responsible for all BCM direction and activities within the unit. Business Continuity Management
Business Unit Recovery A component of Business Continuity which deals specifically with the recovery of a key function or department in the event of a disaster. Business Recovery Strategy
Call Tree A document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation. Business Continuity Communications
Call Tree Test A test designed to validate the currency of contact lists and the processes by which they are maintained. Business Continuity Communications
Campus A set of buildings which are geographically grouped together and might form one inter-connected set of Business Continuity Plans. Business Recovery Strategy
Capability Assessment Readiness This is the process of self-assessment under the US Standard NFPA 1600. Business Continuity Plan
Capability Resilience Level The relative degree to which a capability can be impacted by a single disaster event. Business Continuity Plan
Cascade System A system whereby one person or organization calls out/contacts others who in turn initiate further call-outs/contacts as necessary. Business Continuity Communications
Casualty Bureau The central police controlled contact and information point for all records and data relating to casualties and fatalities. Business Continuity Communications
Checklist a) Tool to remind and /or validate that tasks have been completed and resources are available, to report on the status of recovery. b) A list of items (e.g., names or tasks) to be checked or consulted. Business Continuity Plan
Checklist Exercise A method used to exercise a completed disaster recovery plan. This type of exercise is used to determine if the information in the plan (e.g., phone numbers, manuals, equipment) is accurate and current. Business Continuity Plan
Civil Emergency Event or situation which threatens serious damage to human welfare in a place, environment or a place or the security of that place. Business Impact Analysis
Cold Site An environmentally equipped facility that provides only the physical space for recovery operations while the organization using the space provides its own office equipment, hardware and software systems and any other required resources to establish and continue operations. A site (data Center/work area) equipped with appropriate environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by key employees required to resume business operations. Business Recovery Strategy
Command Center The (facility) location, local to the event but outside the immediate affected area, where tactical response, recovery and restoration activities are managed. Business Continuity Plan
Common Recognized Information Picture A statement of shared situational awareness and understanding, which is briefed to crisis decision-makers and used as the accepted basis for auditable and defensible decisions. Business Continuity Communications
Communications Recovery The component of disaster recovery which deals with the restoration or rerouting of an organization's telecommunication network, or its components, in the event of loss. Business Recovery Strategy
Competence Demonstrated ability to apply knowledge and skills to achieve intended results Business Continuity
Conformity Fulfillment of a requirement of a management system. Business Continuity
Consortium Agreement An agreement made by a group of organizations to share processing facilities and/or office facilities, if one member of the group suffers a disaster. Business Continuity Plan
Contact List A list of key people to be notified at the time of disruption or as needed. The contact data used by Call Tree and Cascade processes and systems. Business Continuity Communications
Contingency Fund A budget for meeting and managing operating expense at the time of a business continuity invocation. Business Continuity Plan
Contingency Plan An event specific preparation that is executed to protect an organization from certain and specific identified risks and/or threats. A plan to deal with specific set of adverse circumstances. Business Continuity Plan
Contingency Planning Process of developing advanced arrangements and procedures that enable an organization to respond to an undesired event that negatively impacts the organization. Business Continuity Plan
Continuity of Operations Management policy and procedures used to guide an enterprise response to a major loss of enterprise capabilities or damage to its' facilities. It defines the activities of individual departments and agencies and their subcomponents to ensure their essential functions are performed. Business Continuity Plan
Continuity of Operations Plan Management policy and procedures used to guide an enterprise response to a major loss of enterprise capabilities or damage to its' facilities. It defines the activities of individual departments and agencies and their subcomponents to ensure their essential functions are performed. Business Continuity Plan
Continuous Availability A system or application that supports operations which continue with little to no noticeable impact to the user. Business Continuity
Continuous Operations The ability of an organization to perform its processes without interruption. Business Continuity
Control Framework A model or recognised system of control categories that covers all internal controls expected within an organization. Business Continuity
Control Review Involves selecting a control and establishing whether it has been working effectively and as described and expected during the period under review. Business Continuity
Cordon The boundary line of a zone that is determined, reinforced by legislative power, and exclusively controlled by the emergency services from which all unauthorised persons are excluded for a period of time determined by the emergency services. Business Continuity Plan
Corporate Risk A category of risk management that looks at ensuring an organization meets its corporate governance responsibilities takes appropriate actions and identifies and manages emerging risks. Business Impact Analysis
Corrective Action Action to eliminate the cause of a non- conformity and to prevent recurrence. Business Continuity Plan
COSHH Control of Substances Hazardous to Health regulations 2002. A European Union directive. Business Continuity Plan
Counseling The provision of assistance to staff, customers and others who have suffered mental or physical injury in a disaster or incident. Business Recovery Strategy
Creeping Disaster A slow degradation of service or deterioration in quality or performance over a period of time which ultimately leads to a business interruption of disaster proportions. Business Impact Analysis
Crisis Abnormal and unstable situation that threatens the organization's strategic objectives, reputation or viability. Business Impact Analysis
Crisis Management The overall direction of an organization's response to a disruptive event, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, and ability to operate. Development and application of the organizational capability to deal with a crisis. Business Continuity Plan
Crisis Management Team A team consisting of key leaders (e.g., media representative, legal counsel, facilities manager, disaster recovery coordinator), and the appropriate business owners of critical functions who are responsible for recovery operations during a crisis. Business Continuity Management
Critical A qualitative description used to emphasize the importance of a resource, process or function that must be available and operational either constantly or at the earliest possible time after an incident, emergency or disaster has occurred. Business Impact Analysis
Critical Activities Those activities which have to be performed to deliver the key products and services and which enable an organization to meet the most important and time-sensitive objectives. Business Recovery Strategy
Critical Business Functions The critical operational and/or business support functions that could not be interrupted or unavailable for more than a mandated or predetermined timeframe without significantly jeopardizing the organization. Vital functions without which an organization will either not survive or will North America, Australia lose the capability to effectively achieve its critical objectives. Business Recovery Strategy
Critical Component Failure Analysis A review of the components involved in delivery of an enterprise wide process and an assessment of the relationship dependencies and impact of failure of one component. Business Impact Analysis
Critical Data Point The point in time to which data must be restored and synchronized to achieve a Maximum Acceptable Outage. Business Recovery Strategy
Critical Infrastructure Physical assets whose incapacity or destruction would have a debilitating impact on the economic or physical security of an entity (e.g., organization, community, nation). Business Impact Analysis
Critical Service Mission critical office based computer applications. Business Impact Analysis
Critical Success Factors A management technique developed in 1970’s but still popular, in which an organization identifies a limited number of activities it has to get correct to achieve its primary missions. Business Impact Analysis
Critical Supplier Looking back in the logistical process (upstream) of a product or service, any supplier that could cause a disruption or outage to the organization’s critical functions as documented in the BIA. Business Impact Analysis
Culture Sets the tone for an organization, influencing the consciousness of its people. Cultural factors include the integrity, ethical values and competence of the entity’s people: management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by a Board. Business Continuity
Customer Relationship Management System A computer application or integrated set of applications which brings together all aspects of customer communications and management. Business Continuity
Damage Assessment An appraisal of the effects of the disaster or incident on human, physical, economic and operational capabilities. Business Impact Analysis
Data Backup Strategies Data backup strategies will determine the technologies, media and offsite storage of the backups necessary to meet an organization's data recovery and restoration objectives. Business Continuity Plan
Data Backups The copying of production files to media that can be stored both on and/or offsite and can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster. Business Continuity Plan
Data Center Recovery The component of disaster recovery which deals with the restoration of data center services and computer processing capabilities at an alternate location and the migration back to the production site. Business Recovery Strategy
Data Mirroring The act of copying data from one location to a storage device at another location in or near real time. Business Continuity Plan
Data Protection Statutory requirements to manage personal data in a manner that does not threaten or disadvantage the person to whom it refers. Business Continuity
Data Recovery The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup. Business Recovery Strategy
Database Replication The partial or full duplication of data from a source database to one or more destination databases. Business Continuity Plan
Declaration Fee A fee charged by a commercial hot site vendor for a customer invoked disaster declaration Business Continuity Plan
Decision Point The latest moment at which the decision to invoke emergency procedures has to be taken to ensure the continued viability of the organization. Business Continuity Plan
Dedicated Work Area Work space provided for sole use by a single organization, configured ready for use. Business Recovery Strategy
Denial of Access Loss of access to any asset (premises, hardware, systems) when no physical damage has been done to the asset. Business Impact Analysis
Denial of Physical Access The inability of an organization to access and/or occupy its normal physical, working environment. Business Impact Analysis
Desk Check One method of validating a specific component of a plan. Business Continuity Testing
Desktop Exercise Technique for rehearsing teams in which participants review and discuss the single team, or multiple actions they would take according to their plans, but do not perform any of these actions. Business Continuity Testing
Disaster Situation where widespread human, material, economic or environmental losses have occurred which exceeded the ability of the affected organization, community or society to respond and recover using its own resources. Business Impact Analysis
Disaster Declaration The staff should be familiar with the list of assessment criteria of an incident versus disaster situation established by the BCM or DR Steering Committee and the notification procedure when a disaster occurs. Business Continuity Communications
Disaster Management Strategies for prevention, preparedness and response to disasters and the recovery of essential post-disaster services. Business Continuity Plan
Disaster Recovery The process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications which are vital to an organization after a disaster or outage. The strategies and plans for recovering and restoring the organizations technological infra-structure and capabilities after a serious interruption. Business Recovery Strategy
Disaster Recovery Plan The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery effort. Business Recovery Strategy
Disaster Recovery Planning The process of developing and maintaining recovery strategies for information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Business Recovery Strategy
Disruption An event that interrupts normal business, functions, operations, or processes, whether anticipated (e.g., hurricane, political unrest) or unanticipated (e.g., a blackout, terror attack, technology failure, or earthquake). Business Impact Analysis
Diverse Routing The routing of information through split or duplicated cable facilities. Business Continuity Communications
Diversification A continuity and recovery strategy requiring the live undertaking of activities at two or more geographically dispersed locations. Business Recovery Strategy
Downtime A period in time when something is not in operation. Business Recovery Strategy
Drop Ship A strategy for: a) Delivering equipment, supplies, and materials at the time of a business continuity event or exercise. b) Providing replacement hardware within a specified time period via prearranged contractual arrangements with an equipment supplier at the time of a business continuity event. Business Continuity Plan
Duty of Care A corporate governance requirement to take care of the assets of the organization. A duty incumbent on officers of an enterprise. Business Continuity Management
Effectiveness Extent to which planned activities are realized and planned results achieved. Business Continuity Testing
Efficiency Relationship between the result achieved and the resources used. Business Continuity Testing
Electronic Vaulting The transfer of data by electronic means to a backup site, as opposed to the physical shipment of backup tapes or disks. The transfer of data to an offsite storage facility using a communications link. Business Continuity Plan
Embedding Business Continuity Integrations of Business Continuity into day-to- day activities and organizational culture. Business Continuity Plan
Emergency Any incident, whether natural, technological, or human-caused, that requires responsive action to protect life or property. Business Impact Analysis
Emergency Control Center The Command Center used by the Crisis Management Team during the first phase of an event. Business Continuity Management
Emergency Coordinator The person designated to plan, exercise, and implement the activities of sheltering in place or the evacuation of occupants of a site with the first responders and emergency services agencies. Business Continuity Management
Emergency Data Services Remote capture and storage of electronic data, such as journaling, electronic vaulting and database shadowing/ mirroring. Business Continuity Plan
Emergency Marshal A person responsible for ensuring that all employees, visitors and contractors evacuate a site/building and report to the emergency coordinator when their designated floor/area is clear. Business Continuity Management
Emergency Operations Center The physical location at which the coordination of information and resources to support incident management (on- scene operations) activities normally takes place. The facility used by the Incident or Crisis Management Team after the first phase of a plan invocation. An organization must have a primary and secondary location for an EOC in the event of one being unavailable. It may also serve as a reporting point for deliveries, services, press and all external contacts. Business Continuity Management
Emergency Planning Development and maintenance of agreed procedures to prevent, reduce, control, mitigate and take other actions in the event of a civil emergency. Business Continuity Plan
Emergency Preparedness The capability that enables an organization or community to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage. Business Continuity Plan
Emergency Procedures A documented list of activities to commence immediately to prevent the loss of life and minimize injury and property damage. Business Continuity Plan
Emergency Response Actions taken in response to a disaster warning or alert to minimize or contain the eventual negative effects, and those taken to save and preserve lives and provide basic services in the immediate aftermath of a disaster impact, for as long as an emergency situation prevails. Business Continuity Plan
Emergency Response Plan A documented plan usually addressing the immediate reaction and response to an emergency situation Business Continuity Plan
Emergency Response Procedures The initial response to any event and is focused upon protecting human life and the organization's assets. Business Continuity Plan
Emergency Response Team Qualified and authorized personnel who have been trained to provide immediate assistance. Business Continuity Management
Enterprise-Wide Planning The overarching master plan covering all aspects of business continuity within the entire organization. Business Continuity
Escalation The process by which event-related information is communicated upwards through an organization's established chain of command. The process by which an incident is communicated upwards through an organization's business continuity and/or incident and crisis management reporting process. Business Continuity Communications
Essential Services Infrastructure services without which a building or area would be considered disabled and unable to provide normal operating services; typically includes utilities (water, gas, electricity, telecommunications), and may also include standby power systems or environmental control systems. Business Recovery Strategy
Estimated Maximum Loss Insurance policies are written based upon the EML as the maximum amount that can be claimed against an insured peril. Business Impact Analysis
Evacuation The movement of employees, visitors and contractors from a site and/or building to a safe place (assembly area) in a controlled and monitored manner at time of an event. Business Continuity Plan
Event Occurrence or change of a particular set of circumstances. Business Impact Analysis
Exclusion Zone Boundary line of an area or zone that is controlled by emergency services personnel, and from which all unauthorized persons are excluded for a period of time determined by emergency services leadership. Business Recovery Strategy
Executive Management A person or group of people who directs and controls an organization at the highest level. In larger organizations, this might be called the Board, Directors, Executives or Senior Managers. In a small organization, the owner or sole proprietor. Business Continuity Management
Exercise A people focused activity designed to execute business continuity plans and evaluate the individual and/or organization performance against approved standards or objectives. Process to train for, assess, practice, and improve performance in an organization. Business Continuity Testing
Exercise Auditor An appointed role that is assigned to assess whether the exercise aims / objectives are being met and to measure whether activities are occurring at the right time and involve the correct people to facilitate their achievement. The exercise auditor is not responsible for the mechanics of the exercise. This independent role is crucial in the subsequent debriefing. Business Continuity Management
Exercise Coordinator The person responsible for the mechanics of running the exercise. Person responsible for planning, execution, and evaluation activities of an exercise. Business Continuity Management
Exercise Observer An exercise observer has no active role within the exercise but is present for awareness and training purposes. Business Continuity Management
Exercise Owner An appointed role that has total management oversight and control of the exercise and has the authority to alter the exercise plan. Business Continuity Management
Exercise Plan A plan designed to periodically evaluate tasks, teams, and procedures that are documented in business continuity plans to ensure the plan’s viability. Business Continuity Testing
Exercise Program Series of exercise events designed to meet an overall objective or goal. Business Continuity Testing
Exercise Script A set of detailed instructions identifying information necessary to implement a predefined business continuity event scenario for evaluation purposes. Business Continuity Testing
Expense Log Record of expenditure enabling loss assessment and adjustment following an incident or crisis. Business Continuity Plan
Extra Expense The extra cost necessary to implement a recovery strategy and/or mitigate a loss. Business Continuity Plan
Fallback Another (but less popular) term for alternative or alternate. A fallback facility is another site/building that can be used when the original site/building is unusable or unavailable. Business Recovery Strategy
Financial Impact Actual or potential losses incurred. A member of an emergency service who Business Impact Analysis
First Responder is first on the scene at a disruptive incident. Business Continuity Management
Fit-for-purpose Meeting an organization's requirements. Business Continuity Testing
Floor Warden Person responsible for ensuring that all employees, visitors and contractors evacuate a floor within a specific site. A discussion held within weeks of the Business Continuity Management
Formal Debrief exercise, addressing the wider organizational issues that identifies learning opportunities. An exercise that simulates a Business Continuity event where the organization Business Continuity Communications
Full Rehearsal or some of its component parts are suspended until the exercise is completed. Business Continuity Testing
Full Test A simulation exercise involving a Business Continuity scenario where the organization or some of its component parts are suspended until the exercise is completed. Business Continuity Testing
Gain A positive consequence of an event or incident. Business Impact Analysis
Gap Analysis A survey whose aim is to identify the differences between BCM/Crisis Management requirements (what the business says it needs at time of an incident) and what is in place and/or currently available A guide to global good practice in Business Continuity Testing
Governance, Risk and Compliance GRC is the umbrella term covering an organization's approach across these three areas. Business Continuity
Grab List A list of items that individuals should take with them prior to evacuating a building. Business Continuity Plan
Hardening The process of making something more secure, resistant to attack, or less vulnerable. Business Continuity Plan
Hazard A source of potential harm. Business Impact Analysis
Health and Safety The process by which the wellbeing of all employees, contractors, visitors and the public is safeguarded. Business Continuity Plan
High-Availability Systems or applications requiring a very high level of reliability and availability. Business Recovery Strategy
High-Risk Areas Areas identified during the risk assessment that are highly susceptible to a disaster situation or might be the cause of a significant disaster. Business Impact Analysis
Horizon Scanning Systematic examination of potential threats, opportunities and future developments, which might have the potential to create new risks or change the character of risks already identified. Business Impact Analysis
Hot Debrief A discussion about the issues and concerns held immediately following an exercise. Business Continuity Communications
Hot Site A facility equipped with full technical requirements including IT, telecoms and infrastructure, and which can be used to provide rapid resumption of operations. Business Recovery Strategy
Housekeeping The process of maintaining procedures, systems, people and plans in a state of readiness. Business Continuity Plan
Human Continuity The ability of an organization to provide support for its associates and their families before, during, and after a business continuity event to ensure a viable workforce. Business Continuity Plan
Human Threats Possible disruptions in operations resulting from human actions as identified during the risk assessment (e.g., disgruntled employee, terrorism, blackmail, job actions, riots). Business Impact Analysis
ICT Continuity Capability of the organization to plan for and respond to incidents and disruptions in order to continue lCT (Information and Communications Technology) services at an acceptable level. Business Continuity Plan
ICT Disaster Recovery The ability of the ICT elements of an organization to support its most urgent business functions to acceptable levels within a pre-determined period of time following a disruption. Business Recovery Strategy
ICT Disaster Recovery Plan A clearly defined and documented plan which recovers ICT capabilities when a disruption occurs. Business Recovery Strategy
Impact Analysis The process of analyzing all operational activities and the effect that an operational impact might have upon them. Business Impact Analysis
Incident An event which is not part of standard business operations which may impact or interrupt services and, in some cases, may lead to disaster. Situation that might be, or could lead to, a disruption, loss, emergency or crisis. Business Impact Analysis
Incident Command System A standardized on-scene emergency management construct specifically designed to provide for the adoption of an integrated organizational structure that reflects the complexity and demands of single or multiple incidents, without being organizational structure, hindered by jurisdictional boundaries. emergencies and is applicable to small as well as large and complex incidents. ICS is used by various jurisdictions and functional agencies, both public and private, to organize field-level incident management operations. The combination of facilities, equipment, personnel, procedures and communications operating within a common organizational structure, designed to aid in the management of resources during incidents. Business Continuity Management
Incident Management The process by which an organization responds to and controls an incident using emergency response procedures or plans. Business Continuity Management
Incident Management Plan A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services and actions needed to implement the incident management process. Business Continuity Plan
Incident Management Team A Group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision-makers trained in incident management and prepared to respond to any situation. Business Continuity Management
Incident Manager Commands the local emergency operations center (EOC) reporting up to senior management on the recovery progress. Has the authority to invoke the recovery plan. Business Continuity Management
Incident Response The response of an organization to a disaster or other significant event that may significantly impact the organization, its people, or its ability to function productively. Business Continuity Plan
Increased Cost of Working The additional expenditure incurred following an incident in order to minimize the loss of gross profit. Business Impact Analysis
Indemnity Period The period during which insurers will pay for losses following an incident covered as an insured peril. Business Continuity Plan
Information Security The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization. Business Continuity
Information Technology Disaster Recovery An integral part of the organization's BCM plan by which it intends to recover and restore its ICT capabilities after an Incident. Business Recovery Strategy
Infrastructure The term infrastructure refers to the entire system of facilities, equipment, and services needed for the operation of the organization. Business Continuity
Integrated Capability Analysis An analytical methodology which considers concurrent and contextual review of multiple metrics, to provide a more complete picture regarding a particular plan, artifact, or aspect of the business continuity program. Business Impact Analysis
Integrated Exercise An exercise conducted on multiple interrelated components of a Business Continuity Plan, typically under simulated operating conditions. Examples of interrelated components may include interdependent departments or interfaced systems. Business Continuity Testing
Integrated Testing Examination of a plan that addresses multiple plan components, in conjunction with each other, typically under simulated operating conditions. Business Continuity Testing
Interested Party A person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. Business Continuity Communications
Interim Site A temporary location used to continue performing business functions after vacating a recovery site and before the original or new home site can be occupied. Business Recovery Strategy
Internal Audit Audit conducted by, or on behalf of, the organization itself for management review and other internal purposes, and which might form the basis for an organization's self-declaration of conformity. Business Continuity Testing
Internal Control All the means, tangible and intangible that can be employed or used to ensure that established objectives are met. Business Continuity
Internal Hot site A fully equipped alternate processing site owned and operated by the organization. Business Recovery Strategy
Invocation The act of declaring that an organization's business continuity arrangements need to be put into effect in order to continue to deliver key products and services. Business Continuity Communications
Journaling Remote capture and storage of electronic data, at a transaction level so that it can be applied to an earlier overall system backup. Business Continuity Plan
Just-in-Time System whereby dependencies for critical business processes are provided exactly when required, without requiring intermediate inventory. Business Continuity Plan
Key Tasks Priority procedures and actions in a Business Continuity Plan that must be executed within the first few minutes/hours of the plan invocation. Business Continuity Plan
Lead Time The time it takes for a supplier - either equipment or a service - to make that equipment or service available. Business Continuity Plan
Legislative Actions within a Business Continuity Plan that must be prioritised as a result of legal, statutory or regulatory requirements. Business Continuity Plan
Likelihood Chance of something happening, whether defined, measured or estimated objectively or subjectively. It can use general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities. It can be expressed qualitatively or quantitatively. Business Impact Analysis
Line Re-routing A facility provided by telephone service providers (Telco’s) to re-route dedicated lines to backup sites or other defined locations. Business Recovery Strategy
Logistics Team A team comprised of various members representing departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilization of hardware, supplies, and support materials. This team is also responsible for transporting and supporting staff. Business Continuity Management
Loss Adjuster Designated position activated at the time of a Business Continuity event to assist in managing the financial implications of the event and should be involved as part of the management team where possible. Invaluable at the time of a Business Continuity incident to assist in managing the financial implications of the incident and should be involved as part of the management team where possible. Business Continuity Plan
Loss Reduction The technique of instituting mechanisms to lessen the exposure to a particular risk. Loss reduction involves planning for, and reacting to, an event to limit its impact. Business Continuity Plan
Loss Transaction Recovery Paper documents may area and/or system entries) destroyed or Recovery of data (paper within the work lost at the time of the disaster or interruption. Business Recovery Strategy
Major Incident UK Emergency Services definition. Any emergency that requires the implementation of special arrangements by one or more of the Emergency Services, National Health Service or a Local Authority Business Impact Analysis
Management System Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives. Business Continuity
Manual Procedures An alternative method of working following a loss of IT systems. Business Continuity
Marshalling Area A safe area where resources and personnel not immediately required can be directed to standby to await further instruction. Business Continuity Plan
Maximum Acceptable Outage Time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable. Business Recovery Strategy
Maximum Tolerable Period of Disruption The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing and activity, to become unacceptable. Business Recovery Strategy
Minimum Business Continuity Objective A minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption. Business Recovery Strategy
Minimum Planning Duration A recovery strategy imperative, established by an organization, which mandates how long each contingency plans recovery strategy is expected to endure, while relying only on resources or dependencies identified in the plan. Business Recovery Strategy
Minimum Planning Radius A recovery strategy imperative, established by an organization, which identifies the minimum geographic range of an event that its contingency plans must address. Business Recovery Strategy
Mission-Critical Activities The critical operational and/or business support activities (either provided internally or outsourced) required by the organization to achieve its objective(s) i.e. services and/or products. Business Recovery Strategy
Mission-Critical Application Applications that support business activities or processes that could not be interrupted or unavailable for 24 hours or less without significantly jeopardizing the organization. Business Recovery Strategy
Mobile Recovery A mobilized resource purchased or contracted for the purpose of business recovery. Transportable operating environment - often a large trailer - complete with office facilities and computer equipment that can be delivered and deployed a suitable site at short notice. Business Recovery Strategy
Mobile Standby Trailer A transportable operating environment, often a large trailer, that can be configured to specific recovery needs such as office facilities, call centers, data centers, etc. Business Recovery Strategy
Mobilization The activation of the recovery organization in response to a disaster declaration Business Continuity Plan
Mock Disaster One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Business Continuity Testing
Mutual Aid Agreement A pre-arranged understanding between two or more entities to render assistance to each other. Business Continuity Plan
N plus One A fault-tolerant strategy that includes multiple systems or components protected by one backup system or component. (Many-to-one relationship) Business Continuity Plan
Network Outage An interruption of voice, data, or IP network communications. Business Impact Analysis
Non Compliance Failure to fulfill an agreed requirement or expectation of a BCM program. Business Continuity Testing
Non Conformity The non fulfillment of a specific requirement defined in a standard, documented practice, agreed procedure or legislation. Business Continuity Testing
Offsite Location A site at a safe distance from the primary site where critical data (computerised or paper) and/ or equipment is stored from where it can be recovered and used at the time of a disruptive incident if original data, material or equipment is lost or unavailable. Business Recovery Strategy
Off-Site Storage Any place physically located a significant distance away from the primary site, where duplicated and vital records (hard copy or electronic and/or equipment) may be stored for use during recovery. Business Recovery Strategy
Operational Resilience Ability of an organization, staff, system, telecommunications network, activity or process to absorb the impact of a business interruption, disruption or loss and continue to provide an acceptable level of service. Business Impact Analysis
Operations Control Process, practice or other actions that assure management outcomes. Business Continuity Testing
Operations Planning Scheme specifying the approach, management elements and resources to be applied to the management of the organization. Business Continuity
Orderly Shutdown The actions required to rapidly and gracefully suspend a business function and/or system during a disruption. Business Continuity Plan
Organizational Culture The combined assumptions, beliefs, values and patterns of behaviour that are shared by members of an organization. The way in which an organization views itself, its place in its market and the environment in which it operates. Business Continuity
Organizational Resilience The ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper. Business Impact Analysis
Outage The interruption of automated processing systems, infrastructure, support services, or essential business operations, which may result, in the organizations inability to provide services for some period of time. A period in time when something is not in operation. Business Impact Analysis
Outsourced Activities Those processes that are performed by, or in part by, a third party. The transfer of business functions to an independent (internal and/or external) third party supplier Business Continuity Plan
Peer Review A review of a specific component of a plan by personnel (other than the owner or author) with appropriate technical or business knowledge for accuracy and completeness. Business Continuity Testing
Performance A measurable outcome Business Continuity Testing
Performance Evaluation A process of determining measurable results. Business Continuity Testing
Plan Maintenance The management process of keeping an organization's business continuity management plans up to date and effective. Business Continuity Management
Plan, Do, Check, Act A model used to plan, establish, implement and operate, monitor and review, maintain and continually improve the effectiveness of a management system or process. Business Continuity Plan
Post Incident Acquisition A continuity and recovery strategy where resources are provided following an incident at short notice. Business Recovery Strategy
Post-Traumatic Stress Disorder PTSD is caused by a major traumatic incident where a person experienced, witnessed or was confronted with an incident that involved actual or threatened death or serious injury or threat to the physical integrity of self or others, and the person’s response involved intense fear, helplessness or horror. Business Impact Analysis
Preparedness Activities implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions. Business Continuity Plan
Press Conference The provision of an organization spokesperson(s) at a specific venue and time(s) to brief and answer any questions or enquiries from the media. Business Continuity Communications
Preventative Action An action taken to eliminate a threat or other undesirable situation. Business Continuity
Preventative Measures Controls aimed at deterring or mitigating undesirable events from taking place. Business Continuity
Prevention Countermeasures against specific threats that enable an organization to avoid a disruption. Business Continuity Plan
Prioritization The ordering of critical activities and their dependencies are established during the BIA and Strategic-planning phase. The business continuity plans will be implemented in the order necessary at the time of the event. Business Continuity Plan
Prioritized activities Activities to which priority must be given following an incident in order to mitigate impacts. Business Continuity Plan
Procedure Specified way to carry out an activity. Business Continuity Plan
Products and Services Beneficial outcomes provided by an Organization to its customers, recipients and interested parties. Business Continuity
Qualitative Assessment The process for evaluating a business function based on observations and does not involve measures or numbers. Instead, it uses descriptive categories (e.g., customer service, regulatory requirements) to allow for refinement of the quantitative assessment. Business Continuity Testing
Quantitative Assessment The process for placing value on a business function for risk purposes. It is a systematic method that evaluates possible financial impact for losing the ability to perform a business function. It uses numeric values to allow for prioritizations. Business Continuity Testing
Readiness Activities implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions. Business Continuity Testing
Reception Center A secure area to which the uninjured can be taken for shelter, first aid, interview and documentation as appropriate to the incident. Business Recovery Strategy
Reciprocal Agreement Agreement between two organizations (or two internal business groups) with similar equipment/environment that allows each one to recover at the others location. Business Continuity Plan
Recoverable Loss Financial losses due to an event that may be reclaimed in the future, e.g. through insurance or litigation. Business Impact Analysis
Recovery Implementing the prioritized actions required to return the processes and support functions to operational stability following an interruption or disaster. Business Recovery Strategy
Recovery Period The time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed. Business Recovery Strategy
Recovery Point Capability The point in time to which data was restored and/or systems were recovered (at the designated recovery/alternate location) after an outage or during a disaster recovery exercise. Business Recovery Strategy
Recovery Point Objective The point in time to which data is restored and/or systems are recovered after an outage. have been recovered. RPO for applications can be enumerated in business time (i.e., business hours after a Sunday disaster restores to close of business Thursday) or elapsed time, but is always measured in terms of time before a disaster. RPO for systems typically must be established at time of disaster as a specific point in time (e.g., end of previous day’s processing) or software version/release. The point to which information used by an In purely IT DR terms it activity must be restored to enable the can be seen as the precise activity to operate on resumption. time to which data and transactions have to be restored (e.g. close of business, last intra-day backup). Can also be referred to as maximum data loss Business Recovery Strategy
Recovery Services Agreement A contract with an external organization A typical contract will guaranteeing the provision of specified specify multiple equipment, facilities, or services, usually components (e.g., a within a specified time period, in the event monthly subscription fee, a of a business interruption. Business Recovery Strategy
Recovery Site A designated site for the recovery of business unit, technology, or other operations, which are critical to the enterprise. Business Recovery Strategy
Recovery Teams A structured group of teams ready to take control of the recovery operations if a disaster should occur. Business Recovery Strategy
Recovery Time Capability The demonstrated amount of time in which systems, applications and/or functions have been recovered, during an exercise or actual event, at the designated recovery/alternate location (physical or virtual). Business Recovery Strategy
Recovery Time Objective The period of time within which systems, applications, or functions must be recovered after an outage. RTO includes the time required for: assessment, execution and verification. includes the activities activities related to accomplishing the pre-planned steps required within the phase to deliver a function, system or application in a new location to its owner. Verification includes steps taken by a function, system or application owner to ensure everything is in readiness to proceed to live operations. The period of time following an incident within which a product or service or an activity must be resumed, or resources must be recovered. Business Recovery Strategy
Recovery Timeline The sequence of recovery activities, or The timeline may range critical path, which must be followed to from minutes to weeks, resume an acceptable level of operation depending upon the following a business interruption. recovery requirements and methodology. Business Recovery Strategy
Redundancy Can be used to mean the provision of In human resource terms, redundancy delegates or alternates for key employees or Incident/Crisis Management Team members. Business Continuity Plan
Regulatory Similar to Legislative or Statutory but usually rules imposed by a regulator rather than through direct government legislation. Business Continuity
Replication A continuity and recovery strategy where resources are copied to a dormant site, only being brought into live operations after an incident. Business Recovery Strategy
Requirement A need or expectation that is stated, generally implied or obligatory. Business Continuity Plan
Resilience The process and procedures required to maintain or recover critical services such as remote access or end-user support during a business interruption. Business Continuity Plan
Resilient The ability of an organization to absorb the impact of a business interruption, and continue to provide a minimum acceptable level of service. Business Continuity Plan
Resources All assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in order to operate and meet its objective. Business Continuity Plan
Response The reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required. Business Continuity Plan
Rest Center A building taken over by the Local Authority for the temporary accommodation of evacuees Business Recovery Strategy
Restart The procedure or procedures that return applications and data to a known start point. Business Recovery Strategy
Restoration Process of planning for and/or implementing procedures for the repair of hardware, relocation of the primary site and its contents, and returning to normal operations at the permanent operational location. Business Recovery Strategy
Resumption The process of planning for and/or implementing the restarting of defined business processes and operations following a disaster. Business Recovery Strategy
Risk Avoidance An informed decision to not become involved in or to withdraw from a risk situation. Business Continuity
Risk Categories Risks of similar types are grouped together under key headings, otherwise known as risk categories Business Continuity
Risk Classification The categorisation of risk, normally focusing on likely impact to the organization or likelihood of occurrence. Business Continuity
Risk Concentration The risks associated with having Mission Critical Activities and/or their dependencies, systemic processes and people located either in the same building or close geographical proximity (zone), that are not reproduced elsewhere i.e. a single point of failure. Business Impact Analysis
Risk Controls All methods of reducing the frequency and/or severity of losses including exposure avoidance, loss prevention, loss reduction, segregation of exposure units and non-insurance transfer of risk Business Continuity
Risk Criteria Terms of reference against which the significance of a risk is evaluated. Business Continuity
Risk Profiling The identification and prioritization of threats in a Risk Analysis methodology. Business Impact Analysis
Risk Ranking The ordinal or cardinal rank prioritisation of the risks in various alternatives, projects or units Business Continuity
Risk Reduction A selective application of appropriate techniques and management principles to reduce either probability of an occurrence or its impact, or both. Business Continuity
Risk Register All risks of an organization, listed, ranked and categorized so that appropriate treatments can be assigned to them. Business Impact Analysis
Risk Source Element which alone or in combination has the intrinsic potential to give rise to risk. Business Impact Analysis
Risk Treatment Selection and implementation of measures to modify risk. Business Continuity Plan
Roll Call The process of identifying that all employees, visitors and contractors have been safely evacuated and accounted for following an evacuation of a building or site. Business Continuity Communications
Safe Separation Distance An adequate geographical spread between the original and duplicate resources, the various suppliers, the replica operations or the base site and its recovery site. Business Continuity Plan
Salvage & Restoration The act of conducting a coordinated assessment to determine the appropriate actions to be performed on impacted assets. Business Recovery Strategy
Security Review A periodic review of policies, procedures, and operational practices maintained by an organization to ensure that they are followed and effective. Business Continuity Testing
Self-Insurance The pre-planned assumption of risk in which a decision is made to bear loses that could result from a Business Continuity event rather than purchasing insurance to cover those potential losses. Business Continuity Plan
Service Continuity The process and procedures required to maintain or recover critical services such as remote access or end-user support during a business interruption. Business Continuity Plan
Service Continuity Planning A process used to mitigate, develop, and document procedures that enable an organization to recover critical services after a business interruption. Business Continuity Plan
Service Level Agreement A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day-to-day situations and disaster situations, as the need for the service may vary in a disaster. An agreement between a service provider and a customer defining the scope, quality and timeliness of service delivery. Business Continuity Plan
Service Level Management The process of defining, agreeing, documenting and managing the levels of any type of services provided by service providers whether internal or external that are required and cost justified. Business Continuity Plan
Simulation Exercise One method of exercising teams in which Simulation exercises, participants perform some or all of the actions they would take in the event of plan activation. Business Continuity Testing
Single Point of Failure A unique pathway or source of a service, activity, and/or process. Typically, there is no alternative and a loss of that element could lead to a failure of a critical function. Unique (single) source or pathway of a service, activity and/or process; typically there is no alternative, and loss of that element could lead to total failure of a mission critical activity and/or dependency. Business Impact Analysis
Situational Analysis The process of evaluating the severity and consequences of an incident and communicating the results. Business Impact Analysis
Stakeholder Individual or group having an interest in the performance or success of an organization e.g., customers, partners, employees, shareholders, owners, the local community, first responders, government, and regulators. Business Continuity Communications
Stand Down Formal notification that the response to a Business Continuity event is no longer required or has been concluded. A formal announcement that alert status is over and the plan will not be invoked any further. Business Continuity Communications
Standalone Test A test conducted on a specific component of a plan in isolation from other components to validate component functionality, typically under simulated operating conditions. Business Continuity Testing
Standby A continuity and recovery strategy where a facility is available to be made operational as required. Business Recovery Strategy
Structured Walkthrough Types of exercise in which team members physically implement the business continuity plans and verbally review each step to assess its effectiveness, identify enhancements, constraints and deficiencies. Business Continuity Testing
Subcontracting A continuity and recovery strategy where third parties are used to produce a product or service, provide process infrastructure and undertake activities. Business Continuity Plan
Succession Plan A predetermined plan for ensuring the continuity of authority, decision-making, and communication in the event that key members of executive management unexpectedly become incapacitated. Business Continuity Plan
Supply Chain The complete logistical process (life cycle) of a product or service including: raw materials, transportation, manufacturing, distribution, through end- of-life. end-of-life of the product The linked processes that begins with the acquisition of raw material and extends through the delivery of products or services to the end user across the modes of transport. Business Continuity
Supply Chain Resilience Analysis A proactive analysis of vulnerabilities affecting the logistical process of a product or service to establish risk thresholds. Business Impact Analysis
Syndicated Subscription Service Work space shared by a limited number of organizations, configured for general occupation (not for a particular organization). Business Continuity Plan
Syndication Ratio Number of times that a work area is sold. A work area's availability by the third party providers at a resource recovery location. Business Continuity Plan
System Recovery The procedures for rebuilding a computer system and network to the condition where it is ready to accept data and applications, and facilitate network communications. Business Recovery Strategy
System Restore The procedures necessary to return a system to an operable state using all upon having a live, available data including data captured by alternate means during the outage. Business Recovery Strategy
System Risk Potential difficulties, such as failure of one participant or part of a process, system, industry or market to meet its obligations, that could cause other participants to not meet their obligations; this could cause liquidity and other problems, thereby threatening stability of the whole process, system, industry or market. Business Impact Analysis
Table Top Exercise One method of exercising plans in which participants review and discuss the actions they would take without actually performing the actions. Technique for rehearsing emergency teams in which participants review and discuss the actions they would take according to their plans, but do not perform any of these actions; can be conducted with a single team, or multiple teams, typically under the guidance of exercise facilitators. Business Continuity Testing
Task List Defined mandatory and discretionary tasks allocated to teams and/or individual roles within a Business Continuity Plan Business Continuity Plan
Technical Recovery Team A group responsible for: relocation and recovery of technology systems, data, applications and/or supporting infrastructure components at an alternate site following a technology disruption; and subsequent resumption and restoration of those operations at an appropriate site. Business Continuity Management
Threat A combination of the risk, the consequence of that risk, and the likelihood that the negative event will take place. A potential cause of an unwanted incident, which may result in harm to individuals, a system or organization, the environment, or the community. Business Impact Analysis
Threat Analysis The process of evaluating threats to identify unacceptable concentrations of risk to activities and single points of failure. Business Impact Analysis
Top Management Also Senior Management. Person or group of people who directs and controls an organization at the highest level. Business Continuity Management
Trauma Counseling The provisioning of counseling assistance by trained individuals to employees, customers and others who have suffered mental or physical injury as the result of an event. Business Recovery Strategy
Trauma Management The process of helping employees deal with trauma in a systematic way following an event by proving trained counselors, support systems, and coping strategies with the objective of restoring employee’s psychological well-being. Business Recovery Strategy
Trigger An event that causes a system to initiate a response. Business Impact Analysis
Uninterruptible Power Supply A backup electrical power supply that provides continuous power to critical equipment in the event that commercial power is lost. A battery powered backup power supply use to provide short-term temporary power in the event of failure of mains supply. Business Continuity Plan
Urgent Activity A term used to cover activities in support of Product and Services which needs to be done within a short timescale. Business Continuity Plan
Validation Script A set of procedures within the Business Continuity Plan to validate the proper function of a system or process before returning it to production operation. Business Continuity Testing
Virtual Battle Box An electronic form of a storage location held on the internet, intranet or cloud so that data and information are immediately available post incident and accessible by the Incident/Crisis Management Team. Business Recovery Strategy
Virtual Command Center A means of operating when it is physically impossible for members of the Incident Management Team to move to a Command Center. A virtual command Center working using telephony and internet solutions including a Virtual Battle Box can be established. Business Continuity Management
Virus An unauthorised program that inserts itself into a computer system and then propagates itself to other computers via networks or disks. When activated, it interferes with the operation of the computer systems. Business Impact Analysis
Vital Materials Any materials that are essential for recovery from a disaster or major incident. Business Continuity Plan
Vital Records Records essential to the continued functioning or reconstitution of an organization during and after an emergency and also those records essential to protecting the legal and financial rights of that organization and of the individuals directly affected by its activities. Business Continuity Plan
Warm Site An alternate processing site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of providing backup after additional provisioning, software or customization is performed. A designated standby site equipped and serviced to a level which will allow the organization to resume essential operations before their non-availability threatens business viability. Business Recovery Strategy
Wide Area Disaster A catastrophic event that impacts a large geographic area and requires emergency services and civil authorities to take control. Business Impact Analysis
Work Area Facility A pre-designated space provided with desks, telephones, PCs, etc. ready for occupation by business recovery teams at short notice. Business Recovery Strategy
Work Area Recovery The component of recovery and continuity which deals specifically with the relocation of a key function or department in the event of a disaster, including multiple elements, e.g., personnel, essential records, equipment supplies, work space, communication facilities, work station computer processing capability, fax, copy machines, mail services. Office recovery environment complete with necessary office infrastructure (desk, telephone, workstation, hardware, communications). Restoration of office activities at an alternative location which provides desks, telephony, office systems and networking capability. Business Recovery Strategy

See Also


  1. BCBS, High-level principles for business continuity, August 2006
  2. Business Continuity Planning and Crisis Management, FRBNY, 2015
  3. Guide for All-Hazard Emergency Operations Planning, FEMA, 1996
  4. Market Intermediary Business Continuity and Recovery Planning, IOSCO, 2015
  5. Glossary of General Business Continuity Management Terms, Business Continuity Institute (BCI), December 2002
  6. Business Continuity Glossary, Disaster Recovery Journal (DRJ)
  7. Disaster Recovery Institute International (DRII)