Are you new to the business continuity world? Have you been perusing trade literature or listening to industry experts and find yourself wondering things like, what the heck is a CPSCP? Or what does a “virtual battle box” do? Often times, those “in the know” are so familiar with industry terms that speaking or writing them nonchalantly without elaboration is second nature. But for those who are still adapting their business continuity (BC) sea legs, may need a BC “shop talk” dictionary to decipher what’s being said.
And that’s exactly what we have for you – your BC quick-reference cheat sheet. Alphabetized and simple, easy to comprehend definitions. Enjoy.
Business Continuity Cheat Sheet
Business Continuity Basics
Let’s start out with the most basic industry fundamentals and core terminology:
- Business Continuity (BC) – an organization’s ability to maintain critical services and operations during and after a business disrupting incident. This includes prior strategic planning and prep to accomplish this.
- Business Continuity Plan (BCP) – the documented steps and processes that guide an organization through continuance of business-critical operations during an incident and after an incident. May also be referred to as Business Recovery Plan (BRP) or Business Contingency Plan (BCP).
- Business Impact Analysis (BIA) – an analysis of business-critical operations and services and to what degree a business disruption could impact them.
- Business-Critical Functions – Also called “mission-critical.” Operations and support activities that are critical to an organization to achieve its business objectives and survive.
- Business Continuity Management (BCM) – a governance process that identifies potential threats and the impact of those threats to an organization’s business operations; and therein devices, plans and processes to secure an organization’s ability to prevent incidents, mitigate damage and loss, and maintain and recover business operations in the event of an unavoidable incident.
- Business Continuity Management Program (BCMP) – an ongoing management process, supported by executive-level management, to implement and maintain business continuity through documented plans and procedures.
- Disaster Recovery Plan (DRP) – documented steps and procedures that prescribe resources, actions, and tasks used after a disaster to help an organization recover and restore function.
- Emergency Response Plan – documented steps and procedures that guides an organization to protect the human safety, assets, and environment in the event of a threatening incident. This can include evacuation plans and emergency communications.
- Incident – any event that disrupts standard business functions, and those things that, if not managed quickly, could escalate into a disaster or emergency.
- Incident Management Plan – the documented processes and actions an organization uses to respond to and control an incident
- Risk – the potential of exposure to loss or damage; the probability of an incident
- Risk Assessment – identification and analysis of potential risks and threats for an organization
- Scenario – a purposed set of hypothetical circumstances, event, disruption, disaster or emergency, used to develop a related plan or perform testing and drills.
- Supply Chain – the complete lifecycle of a product or service, for example: from raw material acquisition through production, transportation, distribution, and delivery.
- Table Top Testing – A method of determining a plan’s resiliency and identifying weaknesses through participants’ discussions of proposed scenarios and how they would approach each according to their plan.
- Threat – a potential situation, circumstance, action, or event that has the potential to disrupt business, harm individuals, or cause damage to property and assists.
Business Continuity on the Next Level
Now that we’ve covered the foundation, let’s move on to a slightly higher level of BC knowledge:
- Alternate Site – A previously prepared site for an organization to conduct critical business in the event their standard location becomes compromised.
- Annual Program Review (APR) – a review conducted to evaluate the status and relevancy of the business continuity management program.
- Application Recovery – the restoration of critical business software and data after a disruption
- Audit – an independent, systemic process to evaluate an organization’s adherence to a defined set of industry or government-regulated criteria.
- Backup (Data) – a copy (typically electronic) of business data easily and immediately accessible should the original data become compromised.
- Building Denial - When access to a premise is denied or unattainable.
- Business Continuity Plan Administrator – the individual selected to be responsible for plan development, documentation, maintenance, and distribution.
- Business Recovery Timeline – an approved and documented sequence of processes that are necessary to maintain stable and continual operation after an incident.
- Business Unit Recovery – component of business continuity that deals with the recovery of a particular key function or department.
- Certified Business Continuity Professional (CBCP) – an individual who has passed the qualifying exam and possesses their DRII Certification approval, along with a minimum two years enterprise continuity management experience in 5 of 10 Professional Practice areas.
- Compliance – Fulfillment of a requirement or meeting of a standard, often in relation to government or industry regulations.
- Data Protection – The implementation of processes and procedures to safeguard sensitive data from unauthorized access and use.
- Declaration – a formal notification by authorized personnel that a disaster or severe incident is anticipated or has occurred that requires response.
- Dependency – the reliance of one activity or process upon another
- Downtime – a timeframe in which an operation or service is not functioning
- Emergency Response – actions in response to a disaster or an alert to minimize the damage and escalation of further loss and damage.
- Enterprise-Wide Plan – a plan that addresses all business continuity components throughout the entire organization
- Gap Analysis – an evaluation to determine what resources an organization thinks it needs during an incident and what is actually available or in place.
- Good Practice Guidelines – the global knowledge and practices of business continuity outlined by the Business Continuity Institute.
- Integrity – protection of accuracy and completeness of assets, particularly data.
- Maximum Acceptable Outage (MAO) – the maximum time permitted for loss of business functions before an organization is unable to meet objectives and survive.
- Organizational Resilience – an organization’s ability to avoid, anticipate, prepare for and respond to threats and risks, and ultimately maintain critical functionality throughout.
- Preparedness – the establishment of plans and processes in anticipation of an incident to help an organization mitigate damage and recover quickly.
- Preventative Measures – Controls put forth to deter or mitigate disruptive or damaging events from occurring.
- Probability – the chance of an incident occurring.
- Recovery Time Objective (RTO) – a timeframe discovered from the BIA that defines how quickly mission-critical operations must be restored before greater loss and damage occur.
- Redundancy – in relation to human resources, a redundancy can be the provision of additional and alternative employees or BCM/Crisis Management Team members.
- Resources – All people, assets, information, technology, supplies, etc. that an organization has available to operate and meet its objective.
- Restoration – Process of returning to normal operations with all required resources and functions.
- Risk Acceptance – a decision to forgo action to mitigate the impact of a particular risk.
- Risk Avoidance – a calculated decision to withdraw from a particular situation to eliminate risk.
- Security Review – a periodic reviews of policies, practices, and procedures to evaluate their effectiveness and adherence to.
Business Continuity Deep Dive
Now we’re going to go a little deeper into the business continuity realm for terms that may not be so common or familiar:
- Annual Loss Exposure/Expectancy (ALE) – a method of risk management that calculates loss based on value and level of frequency.
- Black Swan – a term used in the BC community based on a book of the same name for author’s definition of a “black swan” as an event that has not been predicted by normal scientific or probability methods.
- Business Continuity Steering Committee – a group of decision-makers designated to develop continuity planning and providing resources to realize all business continuity goals.
- Capability Assessment for Readiness – self-evaluation process under the US Standard NFPA 1600.
- Certified Functional Continuity Professional (CFCP) – an individual with more than two years’ experience in continuity who has demonstrated practical working experience in at least three of the Professional Practice areas.
- Continuance of Government – a U.S. concept relating to government entities’ plans to maintain critical public governance in the event of an emergency or disaster.
- Critical Data Point – the degree to which data must be restored in order to achieve recovery objectives.
- DBCI – a standalone certified membership grade that is a business continuity academic qualification, and a route to higher BCI grades.
- Decision Point – The last possible moment in which a decision must be made to commence emergency procedures in order to ensure viability of the organization.
- Diversification – response and recovery strategies simultaneously at two or more locations.
- High Availability – Applications or systems that require a high level of reliability
- Intrusion Detection System – an automated alert system that detects unauthorized network breaches and notifies appropriate responders.
- Just-in-Time (JIT) – a system that provides business critical processes immediately when required without delay
- Qualitive Assessment – an evaluation of current general structures and systems that uses descriptive methodology rather than detailed measurements or numbers.
- Service Level Agreement – an agreement between a customer and service provider that defines the range and timeliness of a service, such as between a business and BC management software provider.
- Single Point of Failure (SPOF) – a unique or single-source service, function, or process for which there is no alternative and its loss could cause failure of mission critical operations.
- Safe Separation Distance – a sufficient geographical separation between original and backup resources.
- Validation Script – a set of procedures that verifies the proper function of a process or system before considering it operable again.
- Virtual Battle Box – an electronic data storage location, such as the cloud, to allow immediate access to critical data during or following an incident.
- Virtual Command Center – the use of phones and the internet to conduct business operations when the standard facility has been compromised and no alternative physical location is available.
Though this is not a fully comprehensive guide, hopefully you’ll find it helpful whether you’re new to the BC waters or just brushing up on your BC vocabulary.
Want to see Assurance in action? Watch our recorded demo:
Topics: Business Continuity
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. With Assurance as your go-to partner for continuity and resilience, you can confidently mitigate risk, manage recovery, and safeguard your employees, customers, operations and brands.