January2011

DICTIONARYOFBUSINESSCONTINUITYMANAGEMENTTERMS

LyndonBirdFBCI

TheBCI2011 2|P a g e

DictionaryofBusinessContinuityManagementTerms

TableofContents

SOURCESANDREFERENCES.........................................................................................................3

A(ActivationtoAwareness)...........................................................................................................4

B(BacklogtoBusinessUnitBCMCoordinator)................................................................................6

C(CallTreetoCulture)...............................................................................................................10

D(DamageAssessmenttoDowntime).........................................................................................15

E(EmergencytoExercise)...........................................................................................................17

F,G(FacilitytoGRC)....................................................................................................................19

H(HACCPtoHotSite).................................................................................................................20

I,J(ICTContinuitytoJustinTime)..............................................................................................21

K,L(KPItoLoss).........................................................................................................................23

M(ManagementSystemtoMTO).................................................................................................24

N(NEMAtoNonconformity).......................................................................................................26

O(ObjectivetoOutage)..............................................................................................................27

P,Q(PDCAtoProgrammeManagement).......................................................................................28

R(ReadinesstoRiskTreatment)..................................................................................................29

S(SafetytoSystemicRisk)..........................................................................................................32

T(TableTopExercisetoTraining)...............................................................................................34

U,V(UrgentActivitytoVulnerability)............................................................................................36

W,X,Y,Z(WalkthroughtoWorkAreaRecovery)..........................................................................37

TheBCI2011 3|P a g e

DictionaryofBusinessContinuityManagementTerms

SOURCESANDREFERENCES

It is recognizedthatmanytermsanddefinitionsexist throughout theworldthat relatetoBCMorsynergicsubjectslikeRiskManagementandEmergencyPlanning.ItwouldbeimpossibletoincludethemallbuttheBCIdoesattempttokeepanuptodateaspossibledictionaryof importantBCMtermsandtheirsources.Terms in thisglossarywhicharealsodefined inGPG2010and/orBS25999generallyuse thesamedefinitionasthatsourcedocument.Howeversomeadditionalexplanationmighthavebeenmadetoimproveclarityandunderstanding.All other definitions and editorial notes are consolidated definitions from the various sourcedocumentsthatprovidethetermintheirglossarysections.In the columnheaded References the following codes designatewhere the termhasalso beendefined.TheBCIdefinitionwillnormallyretainthesamemeaningasinthesealternativedocumentsbutwordingwillnotnecessarilybeidentical.AGoodPracticeGuidelines2010BusinessContinuityInstituteBBS25999Parts1and2BritishStandardsInstitutionCBCM.012010AmericanSocietyforIndustrialSecurityandBritishStandardsInstitutionDAS/NZ5050StandardsAustraliaESS540SingaporeStandardsCouncilFMS1970MalaysianStandardsandAccreditationCouncilGNFPA1600SS540NationalFireProtectionAssociationXDefinitiveGuidetoBCM3rdEditionJohnWileyWherenoreferencecodeexists,thesearetermsincommonusageinBusinessContinuitybuthavenotbeencodifiedbyprofessionalbodiesornationalstandardsbodiesasyet.ThedefinitionshownisthepreferredBCImeaningofthewordorterm.

TheBCI2011 4|P a g e

DictionaryofBusinessContinuityManagementTerms

A(ActivationtoAwareness) TERM DEFINITION REFERENCES

Activation Theimplementationofbusinesscontinuityprocedures,activitiesandplansinresponsetoaseriousIncident,Emergency,EventorCrisis.EditorsNote:SeedefinitionsforIncident,Emergency,EventandCrisis.

Activity Aprocessorsetofprocessesundertakenbyanorganization(oronitsbehalf)thatproducesorsupportsoneormoreproductsorservices.

A,B,C,D

ALARP(ofrisk) Alevelaslowasreasonablypractical XAlert Aformalnotificationthatanincidenthasoccurred

whichmightdevelopintoaBusinessContinuityManagementorCrisisManagementinvocation.

X

AlternateRouting Theroutingofinformationviaanalternatecableorothermedium(i.e.usingdifferentnetworksshouldthenormalnetworkberenderedunavailable).

AlternateSite AsiteheldinreadinessforuseduringaBusinessContinuityinvocationtocontinuetheurgentandimportantprocessesofanorganization.Thetermappliesequallytoofficeortechnologyrequirements.EditorsNote:Alternatesitesmaybeknownascold,warmorhot.TheymightalsobecalledsimplyaRecoveryorBackupSite.

D,E,F,G,X

ASIS AmericanSocietyforIndustrialSecurity.DevelopersofUSnationalstandardsforANSIinBCMandOperationalResilience.

ASIS/BSiBCM.012010 AUSNationalStandardforBusinessContinuityManagement.

AssemblyPoint/Area Thedesignatedareaatwhichemployees,visitorsandcontractorsassembleifevacuatedfromtheirbuilding/site.EditorsNote:AssemblyPointorAreamightalsobeknownasInitialAssemblyPoint(IAP),RendezvousPointor(bytheEmergencyServices)MarshallingPoint.

Asset Anythingthathasvaluetotheorganization.EditorsNote:Thiscanincludephysicalassetssuchaspremises,plantandequipmentaswellasHRresources,intellectualproperty,goodwillandreputation.

A,B,C,X

Assurance Theactivityandprocesswherebyanorganization

TheBCI2011 5|P a g e

DictionaryofBusinessContinuityManagementTerms

canverifyandvalidateitsBCMcapability.AS/NZ5050 AstandardforBusinessContinuitybaseduponRisk

ManagementprinciplesproducedbytheAustralianandNewZealandstandardsbodies.EditorsNote:ThisstandardbuildsonthesuccessfulAustralianRiskManagementstandardthatformedthebasisoftheISOriskStandard.

ATOF Recoveryattimeoffailure XATOP Recoveryattimeofpeak XAudit Asystematic,independent,anddocumented

processforobtainingauditevidenceandevaluatingitobjectivelytodeterminetheextenttowhichauditcriteriaarefulfilled.Firstpartyauditsareconductedbytheorganizationitselfformanagementreviewandotherinternalpurposes,andmayformthebasisforanorganizationsdeclarationofconformity.Secondpartyauditsareconductedbypartieshavinganinterestintheorganization,suchascustomers,orbyotherpersonsontheirbehalf.Thirdpartyauditsareconductedbyexternal,independentauditingorganizations,suchasthoseprovidingcertificationofconformitytoastandard.

A,B,C,D

Auditor Apersonwithcompetencetoconductanaudit.ForaBCMAuditthiswouldnormallyrequireapersonwithformalBCMauditqualifications.

A,B,C

Awareness TocreateunderstandingofbasicBCMissuesandlimitations.Thiswillenablestafftorecognisethreatsandrespondaccordingly.Examplesofcreatingsuchawarenessincludedistributionofpostersandflyerstargetedatcompanywideaudienceorconductingspecificbusinesscontinuitybriefingsforexecutivemanagementoftheorganization.Awarenessislessformalthantrainingandisgenerallytargetedatallstaffintheorganization

E

TheBCI2011 6|P a g e

DictionaryofBusinessContinuityManagementTerms

B(BacklogtoBusinessUnitBCMCoordinator) TERM DEFINITION REFERENCES

Backlog Theeffectonthebusinessofabuildupofworkthatoccursastheresultofasystemorprocessbeingunavailableforanunacceptableperiod.Asituationwherebyabacklogofworkrequiresmoretimetoactionthanisavailablethroughnormalworkingpatterns.EditorsNote:Inextremecircumstances,thebacklogmaybecomesomarkedthatthebacklogcannotbeclearedandthisisreferredtoastheBacklogTrap.

Backup Aprocessbywhichdata,electronicorpaperbasediscopiedinsomeformsoastobeavailableandusediftheoriginaldatafromwhichitoriginatedislost,destroyedorcorrupted.

BaselCommitteeBCMPrinciples

TheHighLevelPrinciplesforBusinessContinuityoftheJointForum/BaselCommitteeonBankingSupervision(publishedbyBankforInternationalSettlements,August2006.EditorsNote:ThekeyelementsoftheseHighLevelPrinciplesare:1.FinancialmarketparticipantsandsupervisoryauthoritiesshouldhaveaneffectiveandcomprehensiveBusinessContinuityManagementprocessattheirdisposal.ResponsibilityforensuringbusinesscontinuitylieswiththeBoardofDirectorsandSeniorManagement.2.FinancialmarketparticipantsandsupervisoryauthoritiesmustintegratetheriskofsignificantoperationaldisruptionsintotheirBusinessContinuityManagementprocesses.3.Financialmarketparticipantsmustdeveloprecoveryobjectivesthattakeaccountoftheirsystemicrelevanceandtheresultingriskforthefinancialsystem.4.TheBusinessContinuityPlansofbothfinancialmarketparticipantsandsupervisoryauthoritiesmustdefineinternalandexternalcommunicationmeasuresintheeventofmajorbusinessinterruptions.5.Wherebusinessinterruptionshaveinternationalimplications,thecorrespondingcommunicationconceptsmustcoverinparticularcommunicationwithforeignsupervisoryauthorities.

TheBCI2011 7|P a g e

DictionaryofBusinessContinuityManagementTerms

6.FinancialmarketparticipantsandsupervisoryauthoritiesmusttesttheirBusinessContinuityPlans,evaluatetheireffectivenessandamendtheirBusinessContinuityManagementprocessesasnecessary.7.ItisrecommendedthatsupervisoryauthoritiesassesstheBusinessContinuityManagementprogrammesoftheinstitutionssubjecttosupervisionaspartoftheongoingmonitoringprocess.

BattleBox Acontaineroftenliterallyaboxorbriefcasein