16 July 2010
Pandemic planning: a business continuity success story
If every time a potential serious event (pandemic, volcanic ash, even Y2K) is treated as a waste of time and money if things don’t go horribly wrong, we will never get business continuity...


9 July 2010
No BC Plans in 44% of Small Firms
Business continuity experts know it, but apparently not all small businesses do: 75% of small firms that sustain a disaster go out of business within five years. Yet according to a study by the...


2 July 2010
The 2010 Business Continuity Benchmark Report
New research published by Marsh shows that many firms appear to be over-confident in their ability to manage the business continuity and supply chain risks facing their organizations, leaving them...


More News



Glossary
Below is a list of terms that are often used in the BCM industry.

A B C D E F G H I K L M O P Q R S T U V W

Activation
The implementation of Business Continuity procedures, activities and plans in response to a Business Continuity Emergency, Incident, Event and/or Crisis (E/I/E/C) See: Invocation

Alert
A formal notification that an incident has occurred which may develop into a Business Continuity Plan invocation.

Alternate Site
A site held in readiness for use to maintain the business continuity of an organisation's Mission Critical Activities. The term applies equally to office or technology requirements. Alternate sites may be 'cold', 'warm' or 'hot'. This type of site is also known as a Recovery Site. See: Cold Site, Warm Site, Hot Site, Recovery Site.

Assembly Area
The designated area at which employees, visitors and contractors assemble if evacuated from their building/site.

Audit
The process by which procedures and/or documentation are measured against pre-agreed standards.

Backlog
The effect on the business of a build-up of work that occurs as the result of a system or process being unavailable for an unacceptable period. A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so marked that the backlog cannot be cleared.

Backup
Alternate actions, resources or procedures that are pre-planned for use after an E/I/E/C

Battle Box
A container - often literally a box or brief case - in which data and information e.g. BCP is stored so as to be immediately available to those responding to an E/I/E/C.

Business Continuity Management (BCM)
A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.

Business Continuity Management Co-ordinator
A role that is assigned the overall responsibility for co-ordinating the organisation(s)/business unit(s) BCM programme. See: Business Recovery Planner, Disaster Recovery Planner, Business Recovery Co-ordinator, Disaster Recovery Administrator.

Business Continuity Management Life-Cycle
The complete set of activities and processes divided into various stages that are necessary to manage business continuity.

Business Continuity Management Maturity
The level and degree to which BCM activities have become standard and assured business practices within an organisation.

Business Continuity Management Policy
A BCM policy sets out an organisation’s aims, principles and approach to BCM, what and how it will be delivered, key roles and responsibilities and how BCM will be governed and reported upon.

Business Continuity Management Process
The Business Continuity Institute’s BCM process (also known as the BC Life Cycle) combines 5 key elements: 1) Understanding Your Business 2) Continuity Strategies 3) Developing a BCM Response 4) Establishing a Continuity Culture 5) Exercising, Rehearsal & Testing See: Business Continuity Life-cycle.

Business Continuity Plan (BCP)
A clearly defined and documented plan.

Business Continuity Standards
Various Business Continuity Standards have been published around the world providing guidance for business on continuity. For example: BCI Good Practice Guide, BSI PAS 56, AS HB 221, APRA, ANAO, SPRING

Business Impact Analysis (BIA)
The management level analysis by which an organisation assesses the quantitative (financial) and qualitative (non-financial) impacts, effects and loss that might result if the organisation were to suffer a Business Continuity E/I/E/C. The findings from a BIA are used to make decisions concerning Business Continuity Management strategy and solutions.

Business Recovery
See: Business Continuity Management (BCM).

Business Recovery Plan
See: Business Continuity Plan (BCP), Disaster Recovery Plan.

Call Tree
A structured cascade process (system) that enables a list of persons, roles and/or organisations to be contacted as a part of an information or plan invocation procedure. See: Contact List

Cold site
A site (data centre/ work area) equipped with appropriate environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by key employees required to resume business operations. See: Alternate Site.

Command Centre
The facility used by a Crisis Management Team after the first phase of a Business Continuity E/I/E/C. An organisation must have a primary and secondary location for a command centre in the event of one being unavailable. It may also serve as a reporting point fo deliveries, services, press and all external contacts. See Emergency Control Centre (EEC): Emergency Operations Centre (EOC) Contact List See: Call Tree

Contingency Planning
See: BCM Planning, Business Continuity Management Programme, Business Recovery Programme, Disaster Recovery Planning.

Corporate Governance
The system/process by which the directors and officers of an organisation are required to carry out and discharge their legal, moral and regulatory accountabilities and responsibilities.

Corporate Risk
A category of risk management that looks at ensuring an organisation meets its corporate governance responsibilities, takes appropriate actions and identifies and manages emerging risks

Cost Benefit Analysis
A process (after a BIA and risk assessment) that facilitates the financial assessment of different strategic BCM options and balances the cost of each option against the perceived savings.

Counselling
See: Trauma Counselling, Post Traumatic Stress Disorder,

Crisis
An occurrence and/or perception that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of an organisation.

Crisis Management
The process by which an organisation manages the wider impact of a Business Continuity E/I/C until it is either under control or contained without impact to the organisation or the BCP is invoked as a part of the Crisis Management process.

Crisis Management Team(s) (CMT)
A defined number of roles and responsibilities for implementing the organisation’s Crisis Management Plan.

Crisis Plan
A clearly defined and documented plan of action for use at the time of a crisis. Typically a plan will cover all the key personnel, resources, services and actions required to implement and manage the Crisis Management process

Damage Assessment
The process of assessing the financial/non-financial damage following a Business Continuity E/I/E/C. It usually refers to the assessment of damage to physical assets e.g. vital records, building, sites, technology to determine what can be salvaged or restored and what must be replaced.

Data Mirroring
A process whereby critical data is copied instantaneously to another location so that it is not lost in the event of Business Continuity E/I/E/C

Data Protection
Statutory requirements to manage personal data in a manner that does not threaten or disadvantage the person to whom it refers.

Denial of Access
The inability of a organisation to access and/or occupy its normal working environment. Usually imposed and controlled by the Emergency and/or Statutory Services.

Desktop Exercise
See: Table Top Exercise

Disaster Recovery
E/I/E/C

E/I/E/C
The acronym for Emergency(ies), Incident(s) Event(s), or Crisis(es).

Electronic Vaulting
The transfer of data to an offsite storage facility using a communications link.

Emergency
An actual or impending situation that may cause injury, loss of life, destruction of property or cause the interference, loss or disruption of an organisation’s normal business operations to such an extent that it poses a threat.

Emergency Co-ordinator
The person assigned the role of co-ordinating the activities of the evacuation of a site and/or building with the statutory and/or emergency services.

Emergency Control Centre (ECC)
The Command Centre used by the Crisis Management Team during the first phase of an E/I/C. An organisation should have both primary and secondary locations for an ECC in case one of them unavailable/inaccessible. It may also serve as a reporting point for deliveries, services, press and all external contacts. See: Command Centre (CC), Emergency Operations Centre (EOC)

Emergency Operations Centre (EOC)
See: Command Centre (CC), Emergency Command Centre (EEC),

Emergency Response Procedures
The initial response to any E/I/E/C and is focused upon protecting human life and the organisation’s assets.

Emergency Services
Usually refers to the services of Police, Fire and Ambulance, Government Agencies.

Escalation
The process by which an E/I/E/C is communicated upwards through an organisation’s Business Continuity and/or risk E/I/E/C management reporting process.

Essential Service
A service without which a building would be ‘disabled’. Often applied to the utilities (water, gas, electricity, etc.) it may also include standby power systems, environmental control systems or communication networks.

Evacuation
The movement of employees, visitors and contractors from a site and/or building to a safe place (assembly area) in a controlled and monitored manner at time of an E/I/E/C. See: Assembly Area

Event
Any occurrence that may lead to a business continuity incident See: Incident

Exercise
An announced or unannounced execution of business continuity plans intended to implement existing plans and/or highlight the need for additional plan development. A way of testing part of a Business Continuity Plan. An exercise may involve invoking Business Continuity procedures but is more likely to involve the simulation of a business Continuity E/I/C in which participants role play in order to assess what issues may arise, prior to a real invocation. See: Desktop Exercise

Exercise Controller
A role that is appointed to have overall management oversight and control of the exercise and the authority to alter the exercise plan. This also includes the early termination of the exercise for reasons of safety or the aim(s)/objective(s) of the exercise cannot be met due to an unforeseen or other internal or external influence.

Facilities Management (FM)
The function that manages all aspects of an organisation’s real estate assets and infrastructure.

Fallback
Another term for alternative e.g. a fallback facility is another site/building that can be used when the original site/building is unusable or unavailable.

Gap Analysis
A survey whose aim is to identify the differences between BCM/Crisis Management requirements (what the business says it needs at time of an E/I/E/C) and what is in place and/or available.

Governance
See: Corporate Governance

Hot Site
A site (data centre, work area) that provides a BCM facility with the relevant work area recovery, telecommunications and IT interfaces and environmentally controlled space capable of providing relatively immediate backup data processing support to maintain the organisation’s Mission Critical Activities. See: Warm Site, Cold Site, Alternate Site.

Hot Standby
A term that is normally reserved for Technology Recovery. An alternate means of processing that minimises downtime so that no loss of processing occurs. Usually involves the use of a standby system or site that is permanently connected to business users and is often used to record transactions in tandem with the primary system.

Human Resources
Human Resources (HR).

Impact
The potential level of impact and effect of a Business Continuity E/I/E/C over time on an organisation. The level of impact and effect is usually relative to the size of the organisation and its BCM financial and non-financial and are further divided into specific types of impact. See: Business Impact Analysis

Incident
Any event that may be, or may lead to, a business interruption, disruption, loss and/or crisis.

Incident Management
The process by which an organisation responds to and controls an incident using Emergency Response Procedures. See: Emergency Response Procedures.

Information Security
The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organisation.

Information Technology Disaster Recovery (ITDR)
An integral part of the organisation’s BCM plan by which it intends to recover and restore its IT and telecommunications capabilities after an E/I/C. See: BCM. BCM programme, Disaster Recovery.

Infrastructure
A building and all of its supporting services. Infrastructure is usually divided into technology infrastructure (e.g. computers, cabling, telephony, etc.) and real estate infrastructure (e.g. buildings, utility supplies, air-conditioning, etc.)

Inherent Risk
The possibility that some human activity or natural event will have an adverse affect on the asset(s) of an organisation and which cannot be managed or transferred away.

Invocation
The act by which a Business Continuity Management or Crisis Management process is formally started. The term is often used to refer to the act of using a service such as work area recovery as offered by a commercial or third party provider. See: Activation.

Key Task(s)
Tasks identified within a Business Continuity Plan as a priority action typically to be carried out within the first few minutes/hours of the plan invocation.

Legislative
Actions within a Business Continuity Plan that must be prioritised as a result of legal, statutory or regulatory requirements. See: Regulatory.

Level of Business Continuity (LBC)
The minimum level of business continuity of services and/or products that is acceptable to the organisation or industry to achieve its business objectives that may be influenced or dictated by regulation or legislation.

Loss
A negative consequence, which may be financial e.g. loss of cash, or non-financial e.g. loss of information or loss of goodwill.

Loss Adjuster
Invaluable at the time of a Business Continuity E/I/E/C to assist in managing the financial implications of the E/I/E/C and should be involved as part of the management team where possible. Loss Adjusters often have useful contacts within the local community that can ease the burden at time of an E/I/E/C. Involving the Loss adjuster with the CMT will improve the speed and effectiveness of any ensuing insurance claim.

Manual Procedures
An alternative method of working following a loss if IT systems. As working practices rely more and more on computerised activities, the ability of an organisation to fallback to manual alternatives lessens. However, temporary measures and methods of working can help mitigate the impact of a Business Continuity E/I/E/C and staff a feeling of doing something.

Marshalling Area
A safe area where resources and personnel not immediately required can be directed to standby to await further instruction.

Maximum Acceptable Outage (MAO)
This is the timeframe during which a recovery must become effective before an outage compromises the ability of an organisation to achieve its business objectives and or survival. See: Outage

Mission Critical Activities
The critical operational and/or business support activities (either provided internally or outsourced) without which the organisation would quickly be unable to achieve its business objective(s) i.e. services and/or products.

Mobile Standby
A transportable operating environment – often a large trailer – complete with office facilities and computer equipment that can be delivered and set up at a suitable site at short notice.

Mobilisation
The activation of the recovery organisation in response to BCM invocation.

Occupational Health & Safety
The process by which the well being of all employees, contractors, visitors and the public is safeguarded. All business continuity plans and planning must be cognisant of OH&S statutory and regulatory requirements and legislation

Offsite Location
A site at a safe distance from the primary site where critical data (computerised or paper) and/or equipment is stored from where it can be recovered and used at the time of a Business Continuity E/I/E/C if original data, material or equipment is lost or unavailable.

Operational Risk
The risk that deficiencies in information systems or internal controls will result in unexpected loss. The risk is associated with human error, system failures and inadequate procedures and controls.

Organisation
An enterprise, a corporate entity; a firm, an establishment, a public or government body, department or agency; a business or a charity.

Outage
Period of time that a service, system, process or business function is expected to be unusable or inaccessible which has a high impact on the organisation, compromising the achievement of the organisation’s business objectives. An outage is different to ‘downtime’ where process or system failures happen as a part of normal operations, and where the impact merely reduces the short-term effectiveness of processes. See: Maximum Acceptable Outage

Outsourcing
The transfer of business functions to an independent (internal and/or external) third party supplier.

Plan Maintenance
The management process of keeping an organisation’s BCM competence and capability up-to-date, fit-for-purpose and effective.

Post Traumatic Stress Disorder (PTSD)
PTSD is caused by a major traumatic E/I/C where a person experienced, witnessed or was confronted with an E/I/C that involved actual or threatened death or serious injury or threat to the physical integrity of self or others, and the person’s response involved intense, fear, helplessness or horror. See: Trauma Counselling

Prioritisation
The order in which Mission Critical Activities and their dependencies are addressed following invocation of the BCM process.

Probability
The chance of a risk occurring.

Project Management
The techniques and tools used to describe, control and deliver a series of activities with given deliverables, timeframes and budgets.

Qualitative Assessment
A form of assessment that analyses the general structures and systems currently in place. A descriptive methodology, which typically involves risk mapping and risk matrices. These assessments do not involve detailed measurements.

Quantitative Assessment
A form of assessment that analyses the actual numbers and values involved. This type of methodology typically applies mathematical and statistical techniques and modelling.

Recovery Point Objective (RPO)
The point in time to which work should be restored following a Business Continuity E/I/E/C that interrupts/disrupts the business e.g.start of day, last day of each month, last day of each week

Recovery Site
See: Alternate Site.

Recovery Team
A team of people that are responsible for recovering an aspect of the organisation, or obtaining the resources required for the recovery.

Recovery Time Objective (RTO)
An essential output from the BIA that identifies the time by which Mission Critical Activities and/or their dependencies must be recovered. See: BIA, Dependencies, Mission Critical Activities.

Redundancy
In human resource terms, redundancy can be used to mean the provision of delegates or alternates for key employees or BCM/Crisis Management Team members. See: Backup, Alternate Site.

Regulatory
See: Legislative

Residual Risk
The level of uncontrolled risk remaining after all cost-effective actions have been taken to lessen the impact and probability of a specific risk or group of risks, subject to the organisations risk appetite. See: Inherent Risk, Risk Appetite.

Resilience
The ability of an organisation, staff, system, network, activity or process to absorb the impact of a business interruption, disruption and/or loss and continue to provide a minimum acceptable level of service.

Resumption
The implementation of steps to enable the recovery and continuity of an organisation’s Mission Critical Activities and/or their dependencies immediately following a Business Continuity E/I/E/C.

Risk
The chance of something happening, measured in terms of probability and consequences. The consequence may be either positive or negative. Risk in a general sense can be defined as the threat of an action or inaction that will prevent an organisation’s ability to achieve its business objectives. The results of a risk occurring are defined by the impact. See: Impact.

Risk Appetite
The willingness of an organisation to accept a defined level of risk in order to conduct its business cost-effectively. Different organisations at different stages of their existence will have different risk appetites. See: Risk Context.

Risk Assessment
The overall process of risk identification, analysis and evaluation

Risk Avoidance
An informed decision not to become involved in a risk situation.

Risk Financing
The application of techniques to fund the treatment and consequences of risk e.g. using insurance. A means of accounting for potential loss exposures. Examples include various types of risk retention(e.g. internal contingency funds or reserves funding losses out of operating budgets, etc.) and risk transfer techniques including insurance contracts, self-insurance, captives, sinking funds, etc.

Risk Management
The culture, processes and structures that are put in place to effectively manage potential opportunities and adverse effects. As it is not possible or desirable to eliminate all risk, the objective is to implement cost effective processes that reduce risks to an acceptable level, reject unacceptable risks and treat risk by financial interventions i.e. transfer other risks through insurance or other means, or by organisational intervention i.e. BCM. See: Risk Control.

Risk Profile
The combined result of consequence and probability

Risk Reduction or Mitigation
A selective application of appropriate techniques and management principles to reduce or mitigate either likelihood of an occurrence or its consequences, or both.

Risk Retention
Intentional (or unintentional) retaining the responsibility for loss or risk financing within the organisation.

Risk Scenarios
A method of identifying and classifying risks through creative application of probabilistic events and their consequences. Typically a brainstorming or other creative technique used to stimulate ”what might happen.” This can be achieved through creative techniques, such as brainstorming, or through the application of mathematical and statistical techniques and modelling e.g. fault tree analysis and event tree analysis.

Risk Standards
Various Risk Standards have been published around the world providing guidance for business on managing risk. For example: the Australian/New Zealand Standard on Risk Management (AS/NZ 4360:2004)

Roll Call
The process of ensuring that all employees, visitors and contractors have been safely evacuated and accounted for following an evacuation of a building or site.

Salvage
The recovery of personal effects, documentation, office and computer equipment.

Scenario
A pre-defined set of Business Continuity E/I/E/C and conditions that describe an interruption, disruption or loss related to some aspect(s) of an organisation’s business for purposes of exercising a plan(s) and the people that would manage a Business Continuity E/I/E/C.

Self-Insurance
The decision to bear the losses that could result from a Business Continuity E/I/E/C rather than take insurance to cover the risk.

Service Level Agreement (SLA)
A formal agreement between a service provider (whether internal or external) and their client (whether internal or external) which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day-to-day situations and disaster situations, as the need for the service may vary in a disaster.

Single Point of Failure
The only (single) source of a service, activity and/or process i.e. there is no alternative, whose failure would lead to the total failure of a Mission Critical Activity and/or dependency.

Standby Service
The provision of the relevant recovery facilities. See: Cold Site, Warm Site, Hot Site, Work Area and Mobile Standby.

Structured Walk-through
A type of exercise kin which team members physically implement and verbally review each step of a plan to assess its effectiveness, identify enhancements, constraints and deficiencies. See: Testing.

Supplier
A person or company who supplies goods or services to the organisation.

Tabletop Exercise
A paper feed scenario based method of testing plans, procedures and people. See: Desktop Exercise.

Tape Backup
Key data being backed up onto tapes at a given point in time.

Telecommunications
The technology of communications by telephony, radio, television, etc.

Test
An activity in which some part(s) of a business continuity plan(s) is followed to ensure that the plan contains the appropriate information and produces the desired result. A test is distinct from an exercise in that a test occurs at an alternate site whereas an exercise is generally a simulation. See: Exercise

Trauma Counselling
The provision of assistance to staff, customers and others who have suffered mental or physical injury through being involved in an E/I/E/C. See: Trauma Counselling, Post Traumatic Stress Disorder.

Uninterrupted Power Supply (UPS)
Equipment (usually a bank of batteries) that offers short-term protection against power surges and outages. Note that UPS usually only allows enough time for vital systems to be correctly powered down.

Utilities
Companies and organisations providing essential services e.g. gas, water, electricity.

Virus
An unauthorised programme that inserts itself into a computer system and then propagates itself to other computers via networks or disks. When activated, it interferes with the operation of the computer systems.

Vital Record
Computerised or paper record which is considered to be essential to the continuation of the business following an E/I/E/C.

Voice Recovery
Restoration of voice telephony services to another site.

Warm Site
A site (data centre/work area) which is partially equipped with hardware, communications interfaces, electricity and environmental conditioning capable of providing backup operating support. See: Cold Site, Hot Site, Warm Site, Alternate Site.

Work Area Facility
A pre-designated space provided with desks, telephones, PCs, etc. ready for occupation by business recovery teams at short notice. May be internally or externally provided. See: Cold Site, Hot Site, Warm Site, Alternate Site.

Work Area Recovery Planning
The business continuity planning process of preparing procedures for use at the work area facility.






Home |About The System |What Is Business Continuity |Meet The Coach |Resources |Contact Us |Subscribe

Copyright © 2009 Continuity Coach Pty Ltd. All Rights Reserved. Terms & Conditions. Privacy Policy