Activation The implementation of business continuity procedures, activities and plans in response to a business continuity emergency, event, incident
and/or crisis; the execution of the recovery plan.
Aerosolized A fine spray or colloidal suspension of tiny particles in the air. Aerosolized transmission is Person‐to‐person transmission of pathogens through the air by means of inhalation of infectious particles.
Alert Notification that a potential disruption is imminent or has occurred.
Alternate Routing The routing of information via an alternate cable or other medium (i.e. using different networks should the normal network be rendered
Alternate Site A site held in readiness for use during/following an invocation of business or disaster recovery plans to continue urgent and important activities of
Alternate Work Area Recovery environment complete with necessary infrastructure (e.g., desk, telephone, workstation, and associated hardware and equipment,
Annual Loss Exposure/Expectancy (ALE) A risk management method of calculating loss based on a value and level
Annual Program Review (APR) A structured yearly opportunity for top management to review the status of important components of the business continuity management program, with the objectives of approving future initiatives, allocating
resources and confirming program scope.
Antibody A blood protein made by the immune system in response to an invader (pathogen), such as a virus. Antibodies are unique to a particular pathogen. When the unique pathogen is present, the body has mounted an immune response to a previous infection. Antibodies protect against a reinfection, at least for a certain amount of time. The time varies by the
Antibody Test A test for a specific disease blood antigen, or protein, following an infection, to understand if the body has produced antibodies to the
Antigen An antigen is part of a virus that your immune system uses to recognize as a foreign substance. This signals your body to start making antibodies to
fight the virus.
Application Recovery The component of Disaster Recovery that deals specifically with the
restoration of business system software and data after the processing platform has been restored or replaced.
Assembly Area The designated area at which employees, visitors, and contractors
assemble if evacuated from their building/site.
Associate Business Continuity Professional (ABCP) The ABCP level is designed for individuals with less than two years of industry experience, but who have minimum knowledge in continuity
management, and have passed the DRII qualifying exam.
Associate Cyber Resilience Professional (ACRP) The ACRP level is designed for individuals with less than two (2) years of cyber resilience, business continuity, and/or cybersecurity experience. Applicants must complete a Cyber Resilience for the Business Continuity Professional course and have successfully passed the Cyber Resilience
Associate Fellow of the Business Continuity Institute (AFBCI) This certified membership grade is designed for professionals that have significant experience in business continuity and have held the MBCI
membership grade for more than three years.
Associate Healthcare Provider Continuity Professional (AHPCP) The AHPCP level is designed for individuals with less than two years of industry experience, but who have minimum knowledge in continuity management, and have passed the Healthcare qualifying exam.
Associate Member Business Continuity Institute (AMBCI) This certified membership grade is designed for professionals that have at least one year’s experience in business continuity and who have taken
and passed the Certificate of the BCI (CBCI) Examination.
Associate Public Sector Continuity Professional (APSCP) The APSCP level is designed for individuals with less than two years of industry experience, but who have minimum knowledge in continuity management, and have passed the Public Sector qualifying exam.
Associate Risk Management Professional (ARMP) The ARMP level is designed for individuals with less than two years of Risk Management experience, completed the DRII Risk Management class,
and have passed the Risk Examination.
Asymptomatic An individual who has the infection but no symptoms and will not develop
them later. Some individuals without symptoms may be able to spread a virus.
Auditor A person with competence to conduct an audit.
Awareness To create understanding of basic issues and limitations. This will enable staff to recognize threats and respond accordingly.
Backlog a) The amount of work that accumulates when a system or process is unavailable for a long period of time. This work needs to be processed once the system or process becomes available and may take a considerable amount of time to process.
b) A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so large that the backlog cannot
Backup (Data) A process by which data (electronic or paper‐based) and programs are copied in some form so as to be available and used if the original data
from which it originated are lost, destroyed or corrupted.
Backup Generator An independent source of power, usually fueled by diesel or natural gas.
Battle Box A container ‐ often literally a box or brief case ‐ in which data and information are stored so as to be immediately available post incident.
Black Swan A term popular in BCM, based upon a book of the same name in which the author defines a Black Swan as an event that has not been predicted by
normal scientific or probability methods.
Building Denial A situation in which premises cannot, or are not allowed to be, accessed.
Business Continuity The strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.
The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.
Business Continuity (BC) Policy The key document that sets out the scope and governance of the BCM
program and reflects the reasons why it is being implemented.
Business Continuity (BC) Professional An experienced individual with responsibilities for practicing and/or
managing business continuity.
Business Continuity Coordinator A role within the BCM program that coordinates planning and
implementation for overall recovery of an organization or unit(s).
Business Continuity Management (BCM) Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and
Business Continuity Management (BCM)
Lifecycle The stages of activity that an organization moves through and repeats
with the overall aim of improving organizational resilience.
Business Continuity Management Program Ongoing management and governance process supported by Top Management and appropriately resourced to implement and maintain
business continuity management.
Business Continuity Management System (BCMS) Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.
Business Continuity Management Team A group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the
recovery process, both pre‐disaster and post‐disaster.
Business Continuity Maturity Model (BCMM) A tool to measure the level and degree to which BCM activities have become standard and assured business practices within an organization.
Business Continuity Plan (BCP) Documented procedures that guide organizations to respond, recover, resume and restore to a pre‐defined level of operation following
Business Continuity Plan Administrator The designated individual responsible for plan documentation,
maintenance, and distribution.
Business Continuity Planning (BCP) The process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of
Business Continuity Program Board A management group to give advice, guidance and management
authorization to the BC Manager/coordinator/professional.
Business Continuity Steering Committee A committee of decision makers, (e.g., Business leaders, technology experts and continuity professionals) tasked with making strategic policy and continuity planning decisions for the organization, and for providing the resources to accomplish all business continuity program goals.
Business Continuity Strategy An approach selected by an organization to ensure its recovery and
continuity in the face of a disaster or other business disruption
Business Continuity Team (BCT) Designated individuals responsible for developing, execution, rehearsals,
and maintenance of the business continuity plan.
Business Function A description of work that is performed to accomplish the specific business requirements of the organization. Examples of business function include delivering raw materials, paying bills, receiving cash and
Business Impact Analysis (BIA) Process of analyzing activities and the effect a business disruption might have upon them.
Process of analyzing operational functions and the effect a disruption might have upon them.
Business Interruption Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of
business operations at an organization’s location.
Business Interruption Costs The impact to the business caused by different types of outages, normally
measured by revenue lost.
Business Interruption Insurance (BII) Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Business Recovery Steps taken to resume the business within an acceptable timeframe following a disruption.
Business Recovery Coordinator An individual or group designated to coordinate or control designated
recovery processes or testing.
Business Recovery Team A group responsible for: relocation and recovery of business unit operations at an alternate site following a business disruption; and subsequent resumption and restoration of those operations at an
Business Recovery Timeline The approved sequence of activities, required to achieve stable operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and
Business Risk Risk that internal and external factors, such as inability to provide a
service or product, or a fall in demand for an organization’s products or services will result in an unexpected loss.
Business Unit A business unit within an organization e.g. unit/department/division. A unit, department or division within an organization.
Business Unit BC Coordinator A staff member appointed by a business unit to serve as the liaison person responsible for all BCM direction and activities within the unit.
Business Unit Recovery A component of Business Continuity which deals specifically with the recovery of a key function or department in the event of a disaster.
Call Tree A document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster,
or severe outage situation.
Call Tree Test A test designed to validate the currency of contact lists and the processes
by which they are maintained.
Capability An umbrella term which generically encompasses business processes or
activities, and/or technology systems or applications.
Capability Assessment for Readiness (CAR) This is the process of self‐assessment under the US Standard NFPA 1600.
Capability Resilience Level (CRL) The relative degree to which a capability can be impacted by a single
Capacity Stress Test Testing an application with large quantities of data to evaluate its
performance during peak periods.
Cascade System A system whereby one person or organization calls out/contacts others
who in turn initiate further call‐outs/contacts as necessary.
Casualty Bureau The central police controlled contact and information point for all records
and data relating to casualties and fatalities.
Catastrophe Occurs when a disaster's effects are widespread and its impact is so great that it overwhelms a community's ability to function.
CDC The Centers for Disease Control and Prevention (CDC) – A United States federal public health institute, under the Department of Health and Human Services (HHS). Its main goal is to protect public health and safety through the control and prevention of disease, injury, and disability in the US and internationally. It focuses on infectious disease, food borne pathogens, environmental health, occupational safety and health, health promotion, injury prevention and education.
Certificate of the Business Continuity Institute (CBCI) This entry level certified membership grade is for those professionals that have passed the Certificate of the BCI (CBCI) Examination.
Certified Business Continuity Auditor (CBCA) The CBCA level is designed for the specialist who can verify the effectiveness of an organization's business continuity program against the landscape of standards, guidelines and industry regulations. The professional should demonstrate a minimum of 2 years of knowledge and experience in the fields of business continuity, emergency management and/or auditing and pass the DRII administered Audit Examination.
Certified Business Continuity Lead Auditor (CBCLA) The CBCLA level is designed for audit team leaders. The professional should demonstrate 5 years of experience in the fields of emergency management, enterprise risk management, leadership, business continuity and/or auditing and pass the DRII administered Audit
Certified Business Continuity Professional (CBCP) Certified Business Continuity Professional. The CBCP certification is for individuals with a minimum of two years of Enterprise Continuity Mgmt experience in 5 of the 10 Professional Practice areas, have passed the qualifying exam and have had their DRII ‐ Certification Application
Certified Business Continuity Vendor (CBCV) The CBCV certification is for individuals with some knowledge in business continuity planning, but who are non‐practitioners within an organization. CBCVs provide services to the industry and have acquired the experience for certification. An active ABCP, CFCP, CBCP, or MBCP certification is
Certified Cyber Resilience Professional (CCRP) The CCRP level of certification is reserved for those professionals that can demonstrate knowledge, experience, and leadership in cyber resilience and business continuity related areas. Qualified applicants should have more than two (2) years of experience and must be able to demonstrate
specific and practical experience.
Certified Functional Continuity Professional (CFCP) The CFCP level of certification is for individuals who have demonstrated knowledge and working experience in the business continuity/disaster recovery industry. The level requires more than two years of experience. Applicants must be able to demonstrate specific and practical experience in three of the subject matter areas of the Professional Practices.
Certified Healthcare Provider Continuity Professional (CHPCP) The CHPCP level is designed for the professional demonstrating 2 years of experience in the fields of emergency management, business continuity, management and clinical care principles/healthcare and passing the DRII administered Healthcare Examination. The individual should also demonstrate experience in 5 of the Professional Practices areas.
Certified Public Sector Continuity Professional (CPSCP) The CPSCP level is designed for the professional demonstrating 2 years of experience in the fields of public sector recovery planning, emergency management, business continuity and passing the DRII administered Public Sector Examination. The individual should also demonstrate
experience in 5 of the Professional Practices areas.
Certified Risk Management Professional (CRMP) The CRMP level is designed for the professional demonstrating 2 years of experience specializing in the field of risk management. The individual must pass the DRII administered Risk Management Examination and demonstrate experience in 5 of the Professional Practices areas.
Checklist a) Tool to remind and /or validate that tasks have been completed and resources are available, to report on the status of recovery.
b) A list of items (e.g., names or tasks) to be checked or consulted.
Checklist Exercise A method used to exercise a completed disaster recovery plan. This type of exercise is used to determine if the information in the plan (e.g., phone numbers, manuals, equipment) is accurate and current.
Civil Disorder Event or situation, such as a terrorist attack, riot, violent protest, demonstration, or illegal assembly, which threatens serious damage to human welfare and security in a physical location or environment.
Civil Emergency Event or situation which threatens serious damage to human welfare in a place, environment or a place or the security of that place.
Cold Site An environmentally equipped facility that provides only the physical space for recovery operations while the organization using the space provides its own office equipment, hardware and software systems and any other required resources to establish and continue operations.
A site (data center/work area) equipped with appropriate environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by key employees required to resume business operations.
Command Center/Centre Operational site (physical or virtual) used by a crisis team after the initial phase of an emergency; can also serve as a reporting point for deliveries,
services, press and all external contacts.
Common Recognized Information Picture (CRIP) A statement of shared situational awareness and understanding, which is briefed to crisis decision‐makers and used as the accepted basis for
auditable and defensible decisions.
Communications Recovery The component of disaster recovery which deals with the restoration or rerouting of an organization’s telecommunication network, or its
components, in the event of loss.
Consortium Agreement An agreement made by a group of organizations to share processing facilities and/or office facilities, if one member of the group suffers a
Contact List A list of key people to be notified at the time of disruption or as needed. The contact data used by Call Tree and Cascade processes and systems.
Contact Tracing The method of tracking and containing the spread of infectious diseases with exposed individuals to identify the people whom they have had close contact during the incubation period of the illness. Applies to both
symptomatic and asymptomatic individuals.
Contingency Fund A budget for meeting and managing operating expense at the time of a
business continuity invocation.
Contingency Plan An event specific preparation that is executed to protect an organization from certain and specific identified risks and/or threats.
A plan to deal with specific set of adverse circumstances.
Contingency Planning Process of developing advanced arrangements and procedures that enable an organization to respond to an undesired event that negatively
impacts the organization.
Continuance of Government (COG) This is a US concept for how government entities plan to continue the key elements of public governance in emergency situations.
Continuance Of Operations Planning This has applicability mainly in the United States. In most countries BC plans are used for both private and public sector bodies including government entities. In the US COOP is sometimes used as an alternative
term to BCM even in the private sector.
Continuity of Operations (COOP) Management policy and procedures used to guide an enterprise response to a major loss of enterprise capabilities or damage to its' facilities. It defines the activities of individual departments and agencies and their subcomponents to ensure their essential functions are performed.
Continuity Of Operations Plan (COOP) Management policy and procedures used to guide an enterprise response to a major loss of enterprise capabilities or damage to its' facilities. It defines the activities of individual departments and agencies and their subcomponents to ensure their essential functions are performed.
Continuous Availability A system or application that supports operations which continue with
little to no noticeable impact to the user.
Continuous Operations The ability of an organization to perform its processes without
Control The collection of activities, financial, operational and otherwise, established by a Board and company management that carry out an organization’s business in an effective and efficient manner, in line with the organization’s approved objectives, goals, and risk appetite.
Control Framework A model or recognized system of control categories that covers all
internal controls expected within an organization.
Control of Substances Hazardous to Health
(COSHH) Control of Substances Hazardous to Health regulations 2002. A European
Control Review Involves selecting a control and establishing whether it has been working effectively and as described and expected during the period under
Cordon The boundary line of a zone that is determined, reinforced by legislative power, and exclusively controlled by the emergency services from which all unauthorized persons are excluded for a period of time determined by
the emergency services.
Coronavirus A group of related RNA viruses that cause diseases in mammals and birds. In humans, they cause respiratory tract infections that can range from mild to lethal. Common viruses include COVID‐19, SARS, MERS, Influenza
and the common cold.
Corporate Governance The system/process by which top management of an organization are
required to carry out and discharge their legal, moral and regulatory accountabilities and responsibilities.
Corporate Risk A category of risk management that looks at ensuring an organization meets its corporate governance responsibilities takes appropriate actions
and identifies and manages emerging risks.
Corrective Action Action to eliminate the cause of a non‐conformity and to prevent recurrence.
Cost Benefit Analysis A process, after a BIA and risk assessment, that facilitates the financial technique for measuring the cost of implementing a particular solution and compares that with the benefit delivered by that solution.
Counseling The provision of assistance to staff, customers and others who have suffered mental or physical injury in a disaster or incident.
Creeping Disaster A slow degradation of service or deterioration in quality or performance over a period of time which ultimately leads to a business interruption of
Crisis Abnormal and unstable situation that threatens the organization’s
strategic objectives, reputation or viability.
Crisis Communication Plan A plan that specifically addresses stakeholder communications during a crisis, including the public, shareholders, clients, employees and partners.
Crisis Management The overall direction of an organization’s response to a disruptive event, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, and ability to operate.
Development and application of the organizational capability to deal with a crisis.
Crisis Management Plan Coordination and execution of actions to be taken immediately before, during and after a catastrophic incident that preserve lives, safeguard property, and reduce or minimize damage to the organization's
profitability, reputation, or ability to operate.
Crisis Management Team (CMT) A team consisting of key leaders (e.g., media representative, legal counsel, facilities manager, disaster recovery coordinator), and the appropriate business owners of critical functions who are responsible for
recovery operations during a crisis.
Critical A qualitative description used to emphasize the importance of a resource, process or function that must be available and operational either constantly or at the earliest possible time after an incident, emergency or
disaster has occurred.
Critical Activities Those activities which have to be performed to deliver the key products and services and which enable an organization to meet the most
important and time‐sensitive objectives.
Critical Business Functions The essential operational and/or business support functions that could not be interrupted or unavailable for more than a mandated or predetermined timeframe without significantly jeopardizing the organization.
Vital functions without which an organization will either not survive or will lose the capability to effectively achieve its critical objectives.
Critical Component Failure Analysis A review of the components involved in delivery of an enterprise wide
process and an assessment of the relationship dependencies and impact of failure of one component.
Critical Data Point The point in time to which data must be restored and synchronized to
achieve a Maximum Acceptable Outage.
Critical Infrastructure Physical assets (e.g., electrical power, telecommunications, water, gas and transportation) whose disruption or destruction would have a debilitating impact on the economic and/or physical security of an entity
(e.g., organization, community, nation).
Critical Staff Staff members whose skills, knowledge and/or involvement are necessary
to recover a essential business function.
Critical Success Factors A management technique developed in 1970’s but still popular, in which an organization identifies a limited number of activities it has to get
correct to achieve its primary missions.
Critical Supplier Looking back in the logistical process (upstream) of a product or service, any supplier that could cause a disruption or outage to the organization’s
essential functions as documented in the BIA.
Damage Assessment An appraisal of the effects of the disaster or incident on human, physical,
economic and operational capabilities.
Data Backup Strategies Data backup strategies will determine the technologies, media and offsite storage of the backups necessary to meet an organization’s data recovery
and restoration objectives.
Data Backups The copying of production files to media that can be stored both on
and/or offsite and can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Center Recovery The component of disaster recovery which deals with the restoration of data center services and computer processing capabilities at an alternate location and the migration back to the production site.
Data Mirroring The act of copying data from one location to a storage device at another location in or near real time.
Data Protection Statutory requirements to manage personal data in a manner that does
not threaten or disadvantage the person to whom it refers.
Data Recovery The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe
Database Replication The partial or full duplication of data from a source database to one or
more destination databases.
Declaration A formal announcement by pre‐authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre‐arranged
response and mitigating actions.
Declaration Fee A fee charged by a commercial hot site vendor for a customer invoked
Denial of Access Loss of access to any asset (premises, hardware, systems) when no
physical damage has been done to the asset.
Denial of Physical Access The inability of an organization to access and/or occupy its normal
physical, working environment.
Dependency The reliance or interaction, directly or indirectly, of one activity, or
process, or component thereof, upon another.
Design The Technical Practice within the BCM Lifecycle of the BCI Good Practice Guidelines that identifies and selects appropriate strategies to determine how continuity and recovery from disruption will be achieved.
Desk Check One method of validating a specific component of a plan.
Desktop Exercise Technique for rehearsing teams in which participants review and discuss the actions they would take according to their plans, but do not perform
any of these actions.
Differential Backup Backup process that copies only such items that have been changed since
the last full backup.
Diploma of the Business Continuity Institute (DBCI) This certified membership grade is a standalone credential. It is an academic qualification in Business Continuity and a route to higher
membership grades of the BCI depending on years of experience.
Disaster Situation where widespread human, material, economic or environmental losses have occurred which exceeded the ability of the affected organization, community or society to respond and recover using its own
Disaster Declaration The staff should be familiar with the list of assessment criteria of an incident versus disaster situation established by the BCM or DR Steering Committee and the notification procedure when a disaster occurs.
Disaster Management Strategies for prevention, preparedness and response to disasters and the recovery of essential post‐disaster services.
Disaster Recovery (DR) The process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications which are vital to an organization after a disaster or outage.
The strategies and plans for recovering and restoring the organizations technological infra‐structure and capabilities after a serious interruption.
Disaster Recovery Plan (DRP) The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery
Disaster Recovery Planning The process of developing and maintaining recovery strategies for information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity.
Disk Mirroring Data replication and recovery technique where data is duplicated on a separate disk subsystem preferably separate location, in real time or near real time, to ensure continuous availability of critical information. Data is
protected in transit through encryption.
Disruption An event that interrupts normal business, functions, operations, or
processes, whether anticipated (e.g., hurricane, political unrest) or
Diverse Routing The routing of information through split or duplicated cable facilities.
Diversification A continuity and recovery strategy requiring the live undertaking of
activities at two or more geographically dispersed locations.
Downtime A period in time when something is not in operation.
Drop Ship A strategy for:
a) Delivering equipment, supplies, and materials at the time of a business continuity event or exercise.
b) Providing replacement hardware within a specified time period via prearranged contractual arrangements with an equipment supplier at the
time of a business continuity event.
Duty of Care A corporate governance requirement to take care of the assets of the
organization – a duty incumbent on officers of an enterprise.
Ebola Virus Disease A highly infectious disease that can cause severe hemorrhagic fever in humans and nonhuman primates. Currently there is no vaccine or cure. Bats are most likely the carriers as they do not display severe symptoms.
Electronic Vaulting The electronic transfer of data to an off‐site storage facility.
Embedding Business Continuity The Management Practice within the BCM Lifecycle that continually seeks
to integrate Business Continuity into day‐to‐day activities and organizational culture.
Emergency Any incident, whether natural, technological, or human‐caused, that
requires responsive action to protect life or property.
Emergency Control Center (ECC) The Command Centre used by the Crisis Management Team during the first phase of an event.
Emergency Coordinator The person designated to plan, exercise, and implement the activities of sheltering in place or the evacuation of occupants of a site with the first
responders and emergency services agencies.
Emergency Data Services Remote capture and storage of electronic data, such as journaling,
electronic vaulting and database shadowing/ mirroring.
Emergency Management The organization and management of the resources and responsibilities for dealing with all humanitarian aspects of emergencies (preparedness,
response, and recovery).
Emergency Management Plan Documented plan for the analysis, planning, decision making, assignment, and coordination of available resources for the mitigation of, preparedness for, response to, or recovery from emergencies of any kind, whether from human‐made threats (e.g., bomb threats and suspicious packages and envelopes) or disruptions (e.g., chemical, biological, radiological, nuclear or explosive) or natural disasters (e.g., earthquake, fire and severe weather).
Emergency Marshal A person responsible for ensuring that all employees, visitors and
contractors evacuate a site/building and report to the emergency coordinator when their designated floor/area is clear.
Emergency Operations Center (EOC) The physical location at which the coordination of information and resources to support incident management (on‐scene operations) activities normally takes place.
The facility used by the Incident or Crisis Management Team after the first phase of a plan invocation. An organization must have a primary and secondary location for an EOC in the event of one being unavailable. It may also serve as a reporting point for deliveries, services, press and all external contacts.
Emergency Planning Development and maintenance of agreed procedures to prevent, reduce,
control, mitigate and take other actions in the event of a civil emergency.
Emergency Preparedness The capability that enables an organization or community to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage.
Emergency Procedures A documented list of activities to commence immediately to prevent the
loss of life and minimize injury and property damage.
Emergency Response Actions taken in response to a disaster warning or alert to minimize or contain the eventual negative effects, and those taken to save and preserve lives and provide basic services in the immediate aftermath of a disaster impact, for as long as an emergency situation prevails.
Emergency Response Plan A documented plan usually addressing the immediate reaction and
response to an emergency situation
Emergency Response Procedures The initial response to any event and is focused upon protecting human
life and the organization’s assets.
Emergency Response Team (ERT) Qualified and authorized personnel who have been trained to provide immediate assistance.
Enterprise Risk Management ERM includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
Enterprise‐Wide Planning The overarching master plan covering all aspects of business continuity
within the entire organization.
Epidemic See Pandemic
Escalation The process by which event‐related information is communicated upwards through an organization's established chain of command.
The process by which an incident is communicated upwards through an organization’s business continuity and/or incident and crisis management reporting process.
Essential Services Infrastructure services without which a building or area would be considered disabled and unable to provide normal operating services; typically includes utilities (water, gas, electricity, telecommunications), and may also include standby power systems or environmental control
Estimated Maximum Loss Insurance policies are written based upon the EML – the maximum amount that can be claimed against an insured peril.
Evacuation The movement of employees, visitors and contractors from a site and/or
building to a safe place (assembly area) in a controlled and monitored manner at time of an event.
Event Occurrence or change of a particular set of circumstances.
Exclusion Zone Boundary line of an area or zone that is controlled by emergency services personnel, and from which all unauthorized persons are excluded for a period of time determined by emergency services leadership.
Exercise Activity designed to execute business continuity or disaster recovery plans and evaluate the performance against approved standards or objectives. Process to train for, assess, practice, and improve recovery performance in an organization.
Exercise Auditor An appointed role that is assigned to assess whether the exercise aims / objectives are being met and to measure whether activities are occurring at the right time and involve the correct people to facilitate their achievement. The exercise auditor is not responsible for the mechanics of the exercise. This independent role is crucial in the subsequent debriefing.
Exercise Coordinator The person responsible for the mechanics of running the exercise.
Person responsible for planning, execution, and evaluation activities of an exercise.
Exercise Observer An exercise observer has no active role within the exercise but is present
for awareness and training purposes.
Exercise Owner An appointed role that has total management oversight and control of the exercise and has the authority to alter the exercise plan.
Exercise Plan A plan designed to periodically evaluate tasks, teams, and procedures that are documented in business continuity plans to ensure the plan’s
Exercise Program(me) Series of exercise events designed to meet an overall objective or goal.
Exercise Script A set of detailed instructions identifying information necessary to implement a predefined business continuity event scenario for evaluation
Expense Log Record of expenditure enabling loss assessment and adjustment
following an incident or crisis.
Exposure The potential susceptibility to loss; the vulnerability to a particular risk.
Extra Expense The extra cost necessary to implement a recovery strategy and/or mitigate a loss.
Facility Plant, machinery, equipment, property, buildings, vehicles, information systems, transportation facilities, and other items of infrastructure or plant and related systems that have a distinct and quantifiable function or
Fallback Another (but less popular) term for alternative or alternate. A fallback facility is another site/building that can be used when the original
site/building is unusable or unavailable.
Fellow of the Business Continuity Institute (FBCI) This prestigious certified membership grade is the highest obtainable, and is designed for professionals with over 10 years of experience and who have made significant contributions to the BCI and the industry.
FEMA Federal Emergency Management Agency – the US agency responsible for
responding to wide area disasters and emergencies.
Financial Impact Actual or potential losses incurred.
High‐Risk Areas Areas identified during the risk assessment that are highly susceptible to a disaster situation or might be the cause of a significant disaster.
Horizon Scanning Systematic examination of potential threats, opportunities and future developments, which might have the potential to create new risks or
change the character of risks already identified.
Hot Debrief A discussion about the issues and concerns held immediately following an
Hot site A facility equipped with full technical requirements including IT, telecoms and infrastructure, and which can be used to provide rapid resumption of
Hot Spot A limited geography in which a large number of people have tested
positive for a disease or virus.
Housekeeping The process of maintaining procedures, systems, people and plans in a
state of readiness.
Human Continuity The ability of an organization to provide support for its associates and their families before, during, and after a business continuity event to
ensure a viable workforce.
Human Threats Possible disruptions in operations resulting from human actions as
identified during the risk assessment.
Human‐to‐Human Transmission (HHT) A passage or transfer as of a disease from one individual to another. An
incident in which an infectious disease is transmitted.
ICT Continuity Capability of the organization to plan for and respond to incidents and disruptions in order to continue lCT (Information and Communications
Technology) services at an acceptable level.
ICT Disaster Recovery The ability of the ICT elements of an organization to support its most
urgent business functions to acceptable levels within a pre‐determined period of time following a disruption.
ICT Disaster Recovery Plan A clearly defined and documented plan which recovers ICT capabilities
when a disruption occurs.
Impact (1) The effect, acceptable or unacceptable, of an event on an organization.
(2) Results associated with a disaster or emergency situation over time on an organization.
Evaluated consequence of a particular outcome.
Impact Analysis The process of analyzing all operational activities and the effect that an operational impact might have upon them.
Implementation The Technical Practice within the Business Continuity Management (BCM) Lifecycle that executes the agreed strategies through the process of
developing the Business Continuity Plan.
Incident An event which is not part of standard business operations which may impact or interrupt services and, in some cases, may lead to disaster.
Situation that might be, or could lead to, a disruption, loss, emergency or crisis.
Incident Command System (ICS) A standardized on‐scene emergency management construct specifically designed to provide for the adoption of an integrated organizational structure that reflects the complexity and demands of single or multiple incidents, without being hindered by jurisdictional boundaries.
The combination of facilities, equipment, personnel, procedures and communications operating within a common organizational structure, designed to aid in the management of resources during incidents.
Incident Management The process by which an organization responds to and controls an
incident using emergency response procedures or plans.
Incident Management Plan (IMP) A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services and actions needed to implement the incident management process.
Incident Management Team (IMT) A Group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision‐makers trained in incident
management and prepared to respond to any situation.
Incident Manager Commands the local emergency operations center (EOC) reporting up to senior management on the recovery progress. Has the authority to invoke
the recovery plan.
Incident Response The response of an organization to a disaster or other significant event that may significantly impact the organization, its people, or its ability to function productively.
Increased Cost of Working The additional expenditure incurred following an incident in order to
minimize the loss of gross profit.
Indemnity Period The period during which insurers will pay for losses following an incident covered as an insured peril.
Information Security The securing or safeguarding of all sensitive information, electronic or
otherwise, which is owned by an organization.
Information Technology Disaster Recovery
(ITDR) An integral part of the organization’s BCM plan by which it intends to
recover and restore its ICT capabilities after an Incident.
Infrastructure The total environment (real estate, personnel, technological and non‐
technological ) needed for the operation of an organization.
Insurance A contract to finance the cost of risk. Should a named risk event (loss) occur, the insurance contract will pay the holder the contractual amount.
Integrated Capability Analysis (ICA) An analytical methodology which considers concurrent and contextual review of multiple metrics, to provide a more complete picture regarding a particular plan, artifact, or aspect of the business continuity program.
Integrated Exercise An exercise conducted on multiple interrelated components of a Business Continuity Plan, typically under simulated operating conditions. Examples of interrelated components may include interdependent departments or interfaced systems.
Integrated Testing Examination of a plan that addresses multiple plan components, in conjunction with each other, typically under simulated operating
Integrity The safeguarding of accuracy and completeness of assets, particularly
Interested Party A person or organization that can affect, be affected by, or perceive
themselves to be affected by a decision or activity.
Interim Site A temporary location used to continue performing business functions after vacating a recovery site and before the original or new home site can be occupied.
Internal Audit Audit conducted by, or on behalf of, the organization itself for management review and other internal purposes, and which might form
the basis for an organization’s self‐declaration of conformity.
Internal Control All the means, tangible and intangible that can be employed or used to
ensure that established objectives are met.
Internal Hot site A fully equipped alternate processing site owned and operated by the
Intrusion Detection System (IDS) Automated system that alerts network operators to a penetration or other contravention of a security policy.
Intrusion Prevention System (IPS) Automated system that establishes barriers to potential network penetrations or other contraventions of security policies.
Invocation The act of declaring that an organization’s contingency arrangements need to be put into effect in order to continue to deliver key products and
Isolation The complete separation from others of a person or a nation suffering from a contagious or infectious disease. Separates sick people with a
contagious disease from people who are not sick.
Journaling Remote capture and storage of electronic data, at a transaction level so
that it can be applied to an earlier overall system backup.
Just‐in‐Time (JIT) Strategy whereby dependencies for critical business processes are provided exactly when required, without requiring intermediate
Key Performance Indicators (KPI) Benchmark measurement based on objectives, targets and defined
Key Tasks Priority procedures and actions in a Business Continuity Plan that must be executed within the first few minutes/hours of the plan invocation.
Lead Time The time it takes for a supplier ‐ either equipment or a service ‐ to make that equipment or service available.
Legislative Actions within a plan that must be prioritized as a result of legal, statutory
or regulatory requirements.
Likelihood Chance of something happening, whether defined, measured or estimated objectively or subjectively. It can use general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities. It can be expressed qualitatively or quantitatively.
Line Re‐routing A facility provided by telephone service providers (Telco’s) to re‐route
dedicated lines to backup sites or other defined locations.
Lockdown a colloquial term used to reference Shelter‐in‐Place and Stay‐at‐Home Orders. Sometimes used interchangeably, however incorrectly,
depending on the situation.
Logistics Team A team comprised of various members representing departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilization of hardware, supplies, and support materials. This team is also
responsible for transporting and supporting staff.
Loss Unrecoverable resources that are redirected or removed as a result of a Business Continuity event.
Loss Adjuster Designated position activated at the time of a Business Continuity event to assist in managing the financial implications of the event and should be involved as part of the management team where possible.
Invaluable at the time of a disruptive incident to assist in managing the financial implications of the incident and should be involved as part of the management team where possible.
Loss Reduction The technique of instituting mechanisms to lessen the exposure to a
particular risk. Loss reduction involves planning for, and reacting to, an event to limit its impact.
Loss Transaction Recovery Recovery of data (paper within the work area and/or system entries) destroyed or lost at the time of the disaster or interruption.
Major Incident UK Emergency Services definition. Any emergency that requires the implementation of special arrangements by one or more of the
Emergency Services, National Health Service or a Local Authority
Management Practices Policy and program Management and Embedding Business Continuity
stages of the BCM Lifecycle.
Management System Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.
Manual Procedures An alternate method for continuing critical business services or processes following the loss of technology.
Marshalling Area A safe area where resources and personnel not immediately required can
be directed to standby to await further instruction.
Maximum Acceptable Outage (MAO) Time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.
Maximum Tolerable Outage (MTO) ‐
Maximum Tolerable Period of Disruption (MTPD) The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing and activity, to become
MBCP Master Business Continuity Professional. The Master level certification is for individuals with a minimum of five years of Enterprise Continuity Mgmt experience in 7 of the 10 Professional Practices, have passed both the qualifying exam and the Masters case study, and have had their DRII Certification Application approved.
Member of the Business Continuity Institute (MBCI) This certified membership grade is for professionals that have at least
three years’ experience in business continuity and who have taken and passed the CBCI Examination with merit.
Minimum Business Continuity Objective (MBCO) A minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption.
Minimum Planning Duration (MPD) A recovery strategy imperative, established by an organization, which mandates how long each contingency plan’s recovery strategy is expected to endure, while relying only on resources or dependencies
identified in the plan.
Minimum Planning Radius (MPR) A recovery strategy imperative, established by an organization, which identifies the minimum geographic range of an event that its contingency
plans must address.
Mission‐Critical Activity (1) A critical operational and/or business support activity (either provided internally or outsourced) required by the organization to achieve its objective(s) i.e. services and/or products.
(2) Activity determined to be essential to an organization's ability to
perform necessary business functions.
Mission‐Critical Application Applications that support business activities or processes that could not be interrupted or unavailable for 24 hours or less without significantly
jeopardizing the organization.
Mitigation Refer to Risk Mitigation.
Mobile Recovery Transportable operating environment complete with office facilities and technology that can be delivered and deployed at a suitable site on short
Mobile Standby Trailer A transportable operating environment, often a large trailer, that can be configured to specific recovery needs such as office facilities, call centers,
data centers, etc.
Mobilization The activation of the recovery organization in response to a disaster
Mock Disaster One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario.
Mutual Aid Agreement A pre‐arranged understanding between two or more entities to render
assistance to each other.
N + 1 A fault‐tolerant strategy that includes multiple systems or components protected by one backup system or component. (Many‐to‐one
Network Outage An interruption of voice, data, or IP network communications.
Non Compliance Failure to fulfil an agreed requirement or expectation of a BCM program.
Non Conformity The non fulfilment of a specific requirement defined in a standard,
documented practice, agreed procedure or legislation.
Objective An overall goal, consistent with the policy that an organization sets for
Offsite Location A site at a safe distance from the primary site where critical data (computerized or paper) and/ or equipment is stored from where it can be recovered and used at the time of a disruptive incident if original data,
material or equipment is lost or unavailable.
Off‐Site Storage Any place physically located a significant distance away from the primary site, where duplicated and vital records (hard copy or electronic and/or equipment) may be stored for use during recovery.
Operational Level Agreement (OLA) An operational‐level agreement (OLA) specifies the cross‐relationships in which organizations engage in support of a service‐level agreement (SLA). OLA is the "how" to the SLA which is the "what". (1) OLA defines the responsibilities of each internal or external support group toward other support groups, and typically includes measurable processes and timeframes for delivery of the agreed‐upon services. OLAs provide a clear, concise and measurable description of a service provider's internal or external support relationships. (2) An agreement between an IT service provider and another part of the same organization. OLAs define the goods or services to be provided and the responsibilities of both parties.
(3) Internal (ITIL) An internal agreement covering the delivery of services by an internal department (e.g., IT, Human Resources) or organization. Other similar terms: operating level agreement, operations level agreement.
Operational Resilience The demonstrated and repeated ability of key business units or processes to maintain or return to an acceptable operational status after exposure to disruptive or disastrous events.
Operational Risk The risk of loss resulting from inadequate or failed procedures and controls. This includes loss from events related to technology and infrastructure, failure, business interruptions, staff‐related problems, and
from external events such as regulatory changes.
Operations Control Process, practice or other actions that assure management outcomes.
Operations Planning Scheme specifying the approach, management elements and resources
to be applied to the management of the organization.
Orderly Shutdown The actions required to rapidly and gracefully suspend a business function
and/or system during a disruption.
Organization A person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.
Organizational Culture The combined assumptions, beliefs, values and patterns of behavior that are shared by members of an organization. The way in which an organization views itself, its place in its market and the environment in
which it operates.
Organizational Resilience The ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive
OSHA standards OSHA standards are requirements for employers to make safety and health policies for their workers necessary. As for specific standards, OSHA safety regulations require that employers are responsible for safety in their workplace. These standards may vary but are all common in that they are set to protect workers.
OSHA standards are newly introduced, updated, and revised throughout the year. For a full list of current OSHA standards, visit OSHA’s website:
Outage The interruption of automated processing systems, infrastructure, support services, or essential business operations, which may result, in the organizations inability to provide services for some period of time.
A period in time when something is not in operation.
Outbreak See Pandemic
Outsourced Activities Those processes that are performed by, or in part by, a third party.
Outsourcing The transfer of business functions to an independent (internal and/or
external) third party supplier
Pandemic A pandemic is a worldwide spread of a disease. This is a higher order of magnitude than an epidemic. In other words
• an outbreak is the occurrence of disease cases in excess of what's normally expected
• an epidemic is more than a normal number of cases of an illness, specific health‐related behavior or other health‐related events in a community or region
• a pandemic occurs on a wider scale than an epidemic, and immunity does not exist
Pandemic Plan A pandemic plan is a documented strategy for how an organization plans to provide essential services when there is a widespread outbreak of an infectious disease. Pandemic plans should be sufficiently flexible to effectively address a wide range of possible effects that could result from
Peer Review A review of a specific component of a plan by personnel (other than the owner or author) with appropriate technical or business knowledge for
accuracy and completeness.
Performance A measurable outcome
Performance Evaluation A process of determining measurable results.
Personal Protective Equipment (PPE) Personal protective equipment, commonly referred to as “PPE”, is equipment worn to minimize exposure to hazards with the potential to cause serious workplace injuries and illnesses. These injuries and illnesses may result from contact with chemical, radiological, physical, electrical, mechanical, or other hazards. PPE may include items such as face masks or coverings, face shields, gloves, safety glasses and shoes, earplugs or muffs, hard hats, respirators, or coveralls, vests and full body suits.
If PPE is to be used, a PPE program should be implemented. This program should address the hazards present, the selection, the maintenance, and use of PPE, the training of employees, and monitoring of the program to ensure its ongoing effectiveness.
Plan A structured method for doing or achieving a specific desired result. It involves establishing goals, setting objectives, and defining actions by which goals and objectives are attained. Common types of plan in the industry are Crisis Management Plan, Emergency Management Plan,
Emergency Response Plan, etc..
Plan Maintenance The management process of keeping an organization’s business
continuity management plans up to date and effective.
Plan, Do, Check, Act (PDCA) A model used to plan, establish, implement and operate, monitor and review, maintain and continually improve the effectiveness of a
management system or process.
Policy The intentions and direction of an organization as formally expressed by
its Top Management.
Policy & Program Management The Professional Practice that defines the organizational policy relating to business continuity and how that policy will be implemented, controlled
and validated through a BCM program.
Post Incident Acquisition A continuity and recovery strategy where resources are provided
following an incident at short notice.
Preparedness Activities implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions.
Press Conference The provision of an organization spokesperson(s) at a specific venue and time(s) to brief and answer any questions or enquiries from the media.
Presumptive Positive If you have a positive test result on an antibody test, it is possible that you have recently or previously had a disease. There is also a chance that the positive result is incorrect, known as a false positive.
Preventative Action An action taken to eliminate a threat or other undesirable situation.
Preventative Measures Controls aimed at deterring or mitigating undesirable events from taking
Prevention Countermeasures against specific threats that enable an organization to
avoid a disruption.
Prioritization The ordering of critical activities and their dependencies are established during the BIA and Strategic‐planning phase. The business continuity plans will be implemented in the order necessary at the time of the event.
Prioritized activities Activities to which priority must be given following an incident in order to
Probability The chance of a risk occurring.
Procedure Specified way to carry out an activity.
Process A set of interrelated or interacting activities which transforms inputs to
Products and Services Beneficial outcomes provided by an organization to its customers,
recipients and interested parties.
Professional Practices The activities that make up the six stages of the BCI’s Good Practice
Guidelines BCM Lifecycle.
Program An ongoing process supported by senior management and adequately
Public Sector The public sector is that portion of an economic system that is controlled
by national, state or provincial, and local governments.
Qualitative Assessment The process for evaluating a business function based on observations and does not involve measures or numbers. Instead, it uses descriptive categories (e.g., customer service, regulatory requirements) to allow for refinement of the quantitative assessment.
Quantitative Assessment The process for placing value on a business function for risk purposes. It is a systematic method that evaluates possible financial impact for losing the ability to perform a business function. It uses numeric values to allow
Quarantine A state or place of isolation for a person or animal who has been exposed to or diagnosed with a contagious disease to separate and restrict
movement among the general population.
Readiness Activities implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions.
Reception Centre A secure area to which the uninjured can be taken for shelter, first aid,
interview and documentation as appropriate to the incident.
Reciprocal Agreement Agreement between two organizations (or two internal business groups) with similar equipment/environment that allows each one to recover at
the other’s location.
Record A statement of results achieved or evidence of activities performed.
Recoverable Loss Financial losses due to an event that may be reclaimed in the future, e.g.
through insurance or litigation.
Recovery Implementing the prioritized actions required to return the processes and support functions to operational stability following an interruption or
Recovery Management Team ‐
Recovery Period The time period between a disaster and a return to normal functions,
during which the disaster recovery plan is employed.
Recovery Point Capability (RPC) The point in time to which data was restored and/or systems were recovered (at the designated recovery/alternate location) after an outage
or during a disaster recovery exercise.
Recovery Point Objective (RPO) The point in time to which data is restored and/or systems are recovered after an outage.
The point to which information used by an activity must be restored to enable the activity to operate on resumption.
Recovery Services Agreement / Contract A contract with an external organization guaranteeing the provision of specified equipment, facilities, or services, usually within a specified time period, in the event of a business interruption.
Recovery Site A designated site for the recovery of business unit, technology, or other
operations, which are critical to the enterprise.
Recovery Teams A structured group of teams ready to take control of the recovery
operations if a disaster should occur.
Recovery Time Capability (RTC) The demonstrated amount of time in which systems, applications and/or functions have been recovered, during an exercise or actual event, at the designated recovery/alternate location (physical or virtual).
Recovery Time Objective (RTO) The period of time within which systems, applications, or functions must be recovered after an outage. RTO includes the time required for: assessment, execution and verification.
The period of time following an incident within which a product or service or an activity must be resumed, or resources must be recovered.
Recovery Timeline The sequence of recovery activities, or critical path, which must be followed to resume an acceptable level of operation following a business
Redundancy Duplicate technology, facilities, equipment, information or personnel intended to increase reliability or availability and decrease the risk of loss.
Regulatory Similar to Legislative or Statutory but usually rules imposed by a regulator
rather than through direct government legislation.
Remediation The process of planning for and/or implementing measures taken to
repair or limit damage or exposure to loss.
Repatriation Plan Repatriation refers to anything or anyone that returns to its country of origin, which can include foreign nationals, refugees, or deportees.
Repatriation plans are necessary to help a person adjust once returned to
his or her country of origin.
Replication A continuity and recovery strategy where resources are copied to a dormant site, only being brought into live operations after an incident.
Requirement A need or expectation that is stated, generally implied or obligatory.
Residual Risk The level of risk remaining after implementation of controls intended to
lessen impact, probability and consequences
Resilience Ability of an entity to adapt to change or absorb the impact of a business interruption while continuing to provide a minimum acceptable level of
Resilient The ability of an organization to absorb the impact of a business interruption, and continue to provide a minimum acceptable level of
Resources All assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in
order to operate and meet its objective.
Response The reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required.
Rest Centre A building taken over by the Local Authority for the temporary
accommodation of evacuees
Restart The procedure or procedures that return applications and data to a
known start point.
Restoration Process of planning for and/or implementing procedures for the repair of hardware, relocation of the primary site and its contents, and returning to normal operations at the permanent operational location.
Resumption The process of planning for and/or implementing the restarting of defined
business processes and operations following a disaster.
Risk Potential for exposure to loss which can be determined by using either qualitative or quantitative measures.
Combination of the probability of an event and its consequence
Risk Acceptance A management decision to take no action to mitigate the impact of a
Risk Analysis The quantification of threats to an organization and the probability of
them being realized.
Risk Appetite Total amount of risk that an organization is prepared to accept, tolerate,
or be exposed to at any point in time.
Risk Assessment Overall process of risk identification, risk analysis, and risk evaluation.
Risk Assessment / Analysis Process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and
evaluating the cost for such controls.
Risk Avoidance An informed decision to not become involved in or to withdraw from a
Risk Categories Risks of similar types are grouped together under key headings, otherwise known as ‘risk categories’.
Risk Classification The categorization of risk, normally focusing on likely impact to the
organization or likelihood of occurrence.
Risk Concentration The risks associated with having Mission Critical Activities and/or their dependencies, systemic processes and people located either in the same building or close geographical proximity (zone), that are not reproduced
elsewhere i.e. a single point of failure.
Risk Controls All methods of reducing the frequency and/or severity of losses including exposure avoidance, loss prevention, loss reduction, segregation of
exposure units and non‐insurance transfer of risk
Risk Criteria Terms of reference against which the significance of a risk is evaluated.
Risk Management (RM) The culture, processes and structures that are put in place to effectively manage potential negative events. As it is not possible or desirable to eliminate all risk, the objective is to reduce risks to an acceptable level.
Coordinated activities to direct and control an organization with regard to risk.
Risk Mitigation Implementation of measures to deter specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner. Activities taken to reduce the severity or consequences of an emergency.
Risk Profiling The identification and prioritization of threats in a Risk Analysis
Risk Ranking The ordinal or cardinal rank prioritization of the risks in various
alternatives, projects or units
Risk Reduction A selective application of appropriate techniques and management principles to reduce either probability of an occurrence or its impact, or
Risk Register All risks of an organization, listed, ranked and categorized so that
appropriate treatments can be assigned to them.
Risk Source Element which alone or in combination has the intrinsic potential to give
rise to risk.
Risk Transfer A common technique used by Risk Managers to address or mitigate potential exposures of the organization. A series of techniques describing the various means of addressing risk through insurance and similar products.
Refers to the shifting of the burden of loss to another party through legislation, contract, insurance or other means. It can also refer to the shifting of a physical risk or part thereof elsewhere.
Risk Treatment Selection and implementation of measures to modify risk.
Roll Call The process of identifying that all employees, visitors and contractors
have been safely evacuated and accounted for following an evacuation of a building or site.
Safe Separation Distance An adequate geographical spread between the original and duplicate resources, the various suppliers, the replica operations or the base site
and its recovery site.
Salvage The act of conducting a coordinated assessment to determine the appropriate actions to be performed on impacted assets.
Self‐Insurance The pre‐planned assumption of risk in which a decision is made to bear loses that could result from a Business Continuity event rather than
purchasing insurance to cover those potential losses.
Service Continuity The process and procedures required to maintain or recover critical services such as “remote access” or “end‐user support” during a business
Service Continuity Planning A process used to mitigate, develop, and document procedures that
enable an organization to recover critical services after a business interruption.
Service Level Agreement (SLA) A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day‐to‐day situations and disaster situations, as the need for the service may vary in a disaster.
An agreement between a service provider and a customer defining the scope, quality and timeliness of service delivery.
Service Level Management (SLM) The process of defining, agreeing, documenting and managing the levels
of any type of services provided by service providers whether internal or external that are required and cost justified.
Shelter‐in‐Place – Colloquial Lockdown An official order, issued in response to an imminent danger situation, is
the act of seeking safety within the building one already occupies, rather than evacuating the area or seeking a community emergency shelter.
Simulation Exercise One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation.
Single Point of Failure (SPOF) A unique pathway or source of a service, activity, and/or process. Typically, there is no alternative and a loss of that element could lead to a failure of a critical function.
Unique (single) source or pathway of a service, activity and/or process; typically there is no alternative, and loss of that element could lead to total failure of a mission critical activity and/or dependency.
Situational Analysis The process of evaluating the severity and consequences of an incident
and communicating the results.
Social Engineering Non‐technical or low‐technology means used to attack or penetrate a
system by tricking or subverting operators or users.
Spreader Event A spreader event occurs when a single person infects other people. A Super spreader event infects a large number of other people. A spreader
event is a gathering of any type.
Stakeholder Individual or group having an interest in the performance or success of an organization e.g., customers, partners, employees, shareholders, owners, the local community, first responders, government, and regulators.
Stand Down Formal notification that the response to a Business Continuity event is no longer required or has been concluded.
A formal announcement that alert status is over and the plan will not be invoked any further.
Standalone Test A test conducted on a specific component of a plan in isolation from other
components to validate component functionality, typically under simulated operating conditions.
Standby A continuity and recovery strategy where a facility is available to be made
operational as required.
Stay‐at‐Home Order A stay‐at‐home directs the public to remain at home and away from other people unless it’s absolutely necessary to go out. While the public should stay at home as much as possible, exceptions are made for medical care, food, and essential work. Stay‐at‐home orders are more lenient and may last much longer than a Shelter‐in‐place order.
Structured Walkthrough Types of exercise in which team members physically implement the business continuity plans and verbally review each step to assess its
effectiveness, identify enhancements, constraints and deficiencies.
Succession Plan A predetermined plan for ensuring the continuity of authority, decision‐ making, and communication in the event that key members of executive
management unexpectedly become incapacitated.
Super spreader(s) A person who transmits an infectious disease or agent to an unexpectedly or unusually large number of other people. A super spreader is a person
who triggers human‐to‐human transmission.
Supply Chain Resilience Analysis A proactive analysis of vulnerabilities affecting the logistical process of a product or service to establish risk thresholds.
Symptomatic An infected individual displaying symptoms of a specific disease.
Syndicated Subscription Service Work space shared by a limited number of organizations, configured for general occupation (not for a particular organization).
System Recovery The procedures for rebuilding a computer system and network to the condition where it is ready to accept data and applications, and facilitate
System Restore The procedures necessary to return a system to an operable state using all available data including data captured by alternate means during the
System Risk Potential difficulties, such as failure of one participant or part of a process, system, industry or market to meet its obligations, that could cause other participants to not meet their obligations; this could cause liquidity and other problems, thereby threatening stability of the whole
process, system, industry or market.
Table Top Exercise One method of exercising plans in which participants review and discuss the actions to take without actually performing the actions.
Technique for rehearsing emergency teams in which participants review and discuss the actions to take according to their plans, but do not perform any of these actions; can be conducted with a single team, or multiple teams, typically under the guidance of exercise facilitators.
Copies of the BCP are distributed to appropriate personnel for review.
Technical Practices The Analysis, Design, Implementation and Validation stages of the BCM
Technical Recovery Team A group responsible for: relocation and recovery of technology systems, data, applications and/or supporting infrastructure components at an alternate site following a technology disruption; and subsequent resumption and restoration of those operations at an appropriate site.
Test A pass/fail evaluation of infrastructure (example‐computers, cabling, devices, hardware) and\or physical plant infrastructure (example‐building systems, generators, utilities) to demonstrate the anticipated operation of the components and system.
An exercise whose aim is to obtain an expected, measurable pass/fail outcome.
Threat A combination of the risk, the consequence of that risk, and the likelihood
that the negative event will take place.
A potential cause of an unwanted incident, which may result in harm to individuals, a system or organization, the environment, or the community.
Threat Analysis The process of evaluating threats to identify unacceptable concentrations
of risk to activities and single points of failure.
Trauma Management The process of helping employees deal with trauma in a systematic way following an event by proving trained counselors, support systems, and coping strategies with the objective of restoring employees psychological
Trigger An event that causes a system to initiate a response.
Uncontrolled Spread Large scale community transmission where cases increase at a rate higher than a 25% increase over a 14‐day period. Also influenced by test positivity rates, ICU capacity, cases per million per day and ability to contact trace. Spread is no longer controlled by conventional means such as
handwashing or social distancing.
Unexpected Loss The worst‐case financial loss or impact that a business could incur due to a particular loss event or risk. The unexpected loss is calculated as the expected loss plus the potential adverse volatility in this value.
Uninterruptible Power Supply (UPS) A backup electrical power supply that provides continuous power to critical equipment in the event that commercial power is lost.
A battery powered backup power supply use to provide short‐term temporary power in the event of failure of mains supply.
Vaccine A vaccine is a biological preparation that provides active acquired immunity to a particular infectious disease. A vaccine typically contains an agent that resembles a disease‐causing microorganism and is often made from weakened or killed forms of the microbe, its toxins, or one of its
Validation The Technical Practice within the BCM Lifecycle that confirms that the Business Continuity Management (BCM) program meets the objectives set in the Business Continuity (BC) Policy and that the organization’s
Business Continuity Plan (BCP) is fit for purpose.
Validation Script A set of procedures within the Disaster Recovery Plan to validate the proper function of a system or process before returning it to production
Virtual Battle Box An electronic form of a storage location held on the internet, intranet or cloud so that data and information are immediately available post incident and accessible by the Incident/Crisis Management Team.
Virtual Command Center A means of operating when it is physically impossible for members of the Incident Management Team to move to a Command Center. A virtual command center working using telephony and internet solutions
including a Virtual Battle Box can be established.
Virus An unauthorized program that inserts itself into a computer system and then propagates itself to other computers via networks or disks. When activated, it interferes with the operation of the computer systems.
Vital Records Records essential to the continued functioning or reconstitution of an organization during and after an emergency and also those records essential to protecting the legal and financial rights of that organization
and of the individuals directly affected by its activities.
Vulnerability The degree to which a person, asset, process, information, infrastructure or other resources are exposed to the actions or effects of a risk, event or
Warm Site An alternate processing site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of providing backup after additional provisioning, software or customization is performed.
A designated standby site equipped and serviced to a level which will allow the organization to resume essential operations before their non‐ availability threatens business viability.
WHO World Health Organization (WHO). An international organization that
deals with major health issues around the world. The WHO sets standards for disease control, health care, and medicines; conducts education and research programs; and publishes scientific papers and reports. A major goal is to improve access to health care for people in developing countries and in groups that do not get good health care. http://www.who.int
Wide Area Disaster A catastrophic event that impacts a large geographic area and requires
emergency services and civil authorities to take control.
Work Area Facility A pre‐designated space provided with desks, telephones, PCs, etc. ready
for occupation by business recovery teams at short notice.
Work Area Recovery The component of recovery and continuity which deals specifically with the relocation of a key function or department in the event of a disaster, including multiple elements, e.g.: personnel, essential records, equipment supplies, work space, communication facilities, work station computer processing capability, fax, copy machines, mail services. Office recovery environment complete with necessary office infrastructure (desk, telephone, workstation, hardware, communications).
Restoration of office activities at an alternative location which provides desks, telephony, office systems and networking capability.
Work Area Recovery Planning The business continuity planning process of identifying the needs and preparing procedures and personnel for use at the work area facility.
Work Remotely Resumption Plan A plan for completing regular work from another location, with little to no data loss or downtime. Includes working remotely and telecommuting
Workaround Procedures Alternative procedures that may be used by a functional unit(s) to enable it to continue to perform its critical functions during temporary unavailability of specific application systems, electronic or hard copy data, voice or data communication systems, specialized equipment, office facilities, personnel, or external services.
Zika Virus A virus transmitted by mosquitos that causes severe encephalopathy and neurological complications in infants. Pregnant women or women who may become pregnant are at high risk. In most cases symptoms do not develop. Currently there is no vaccine or treatment.
Web site to visit:https://drj.com/wp-content/
Author of the text: indicated on the source document of the above text
If you are the author of the text above and you not agree to share your knowledge for teaching, research, scholarship (for fair use as indicated in the United States copyrigh low) please send us an e-mail and we will remove your text quickly. Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders. Examples of fair use include commentary, search engines, criticism, news reporting, research, teaching, library archiving and scholarship. It provides for the legal, unlicensed citation or incorporation of copyrighted material in another author's work under a four-factor balancing test. (source: http://en.wikipedia.org/wiki/Fair_use)
The information of medicine and health contained in the site are of a general nature and purpose which is purely informative and for this reason may not replace in any case, the council of a doctor or a qualified entity legally to the profession.
The texts are the property of their respective authors and we thank them for giving us the opportunity to share for free to students, teachers and users of the Web their texts will used only for illustrative educational and scientific purposes only.
All the information in our site are given for nonprofit educational purposes