|
Alert
|
A warning of a potential or imminent incident prior to it actually occurring
|
|
Alternate Site
|
see Standby Site
|
|
Back-up Generator
|
A source of power independent of the main electricity grid and which can be 'switched-in' to replace lost power supply. These generators can be purchased, leased or hired.
|
|
Backups
|
See data backup
|
|
BCMSC
|
see also Business Continuity Management Steering Committee
|
|
BCP
|
see Business Continuity Planning
|
|
BCP Co-ordinator
|
A role within the Business Continuity team to administer and maintain records, plans, actions etc. relating to the development of the BCP. This may be a seconded or recruited post, or may be amalgamated into the Head of Business Continuity depending on the size and complexity of your business, operation or business continuity plans
|
|
BCP Unit
|
Headed by the Head of Business Continuity and including the BCP Co-ordinator this function is responsible for the production, testing and training of the BCP.
|
|
BIA
|
see Business Impact Analysis
|
|
Business Continuity Management Steering Committee (BCMSC)
|
Depending on the size and complexity of your business or business continuity plans you may decide to form a Steering Committee (called the BCMSC) to oversee the work of the Business Continuity Unit and any project management function you have created to ensure timely, cost effective and high quality output.
|
|
Business Continuity Management Strategy.
|
The organisation staff roles and responsibilities that will have to implement the Business Continuity Plan (see also Crisis Management Team)
|
|
Business Continuity Plan
|
The documents that provide a framework for dealing with an emergency, disaster or crisis
|
|
Business Impact Analysis
|
The Business Impact Analysis (BIA) identifies what would be the impact upon the organisation’s goals if critical processes and functions were disrupted or lost and what the recovery time scales and requirements are
|
|
Call Tree
|
An organisation chart indicating who contacts whom in the event of an emergency. Often represented as a tree structure or hierarchy chart.
|
|
Cascade Chart
|
see Call Tree
|
|
Category A
|
Definition of recovery requirements for a unit, function or department within the BCP, A represents those areas where there is No tolerance for disruption
|
|
Category B
|
Definition of recovery requirements for a unit, function or department within the BCP, B represents those areas where the requirement is for Resumption within 24 hours
|
|
Category C
|
Definition of recovery requirements for a unit, function or department within the BCP, C represents those areas where the requirement is for Resumption within 48 hours
|
|
Category D
|
Definition of recovery requirements for a unit, function or department within the BCP, D represents those areas where the requirement is for Resumption within one week
|
|
Category E
|
Definition of recovery requirements for a unit, function or department within the BCP, E represents those areas where the requirement is for Resumption after one week
|
|
Checklist
|
A common form of document that presents a set of issues to be addressed or to allow you to identify which issues have/have not been addressed
|
|
Cold Site
|
An expression often used in Business Continuity Planning for an alternative or standby site that can be called in to use when a BCP is invoked but must have the IT, telecoms, office facilities etc. installed at the time of invocation. Invariably this is a less expensive option than a warm or hot site where the IT, telecoms and office facilities are ready at all times.
|
|
Command Centre
|
Location where the Crisis Management Team will operate from in the event of the invocation of the Business Continuity Plan.
|
|
Contingency
|
Actions taken as part of risk management to be taken in the event of a disaster, emergency or crisis
|
|
Contingency Planning
|
Often used as an alternative name for Business Continuity Planning this is the process of defining and establishing the actions required by an organisation in the event of an emergency, disaster or crisis.
|
|
Crisis
|
A critical event that may have an impact on the business such as to significantly reduce its ability to operate, its reputation or its financial security
|
|
Crisis Management Team
|
The designated staff members who will lead the response in the event of an emergency, disaster or crisis and evoke/implement the Business Continuity Plan. Within this team and reporting to it will be a range of other teams and function depending on the complexity of your business and business continuity plans.
|
|
Critical Data
|
see Critical Functions
|
|
Critical Functions
|
Used to categorise those business units, activities or areas (or their data) that can not be interrupted for a noticeable period without significantly affecting an organisation's ability to operate, its reputation or its financial security
|
|
Critical Infrastructure
|
Those systems or facilities that cannot be interrupted for a noticeable period of time without significantly affecting the organisation's ability to operate, its reputation or its financial security
|
|
Critical Systems
|
see Critical Infrastructure
|
|
Damage Assessment
|
An assessment by qualified professionals of the degree of damage to Critical Infrastructure following an incident. This will include an estimate of the time required to repaid the damage and allow resumption of use of the facilities/infrastructure
|
|
Data Backup
|
The storage of critical and operational data to ensure that it is not lost in the event of a disaster, emergency or crisis.
|
|
Deliverables
|
Outputs from a project. In terms of Business Continuity Planning the principal outputs are the planning documents themselves, and the RIA and BIA that were carried out to arrive at the plan and implemented recovery facilities
|
|
Desk Check
|
A review or test of a plan by one or more people reading and discussing the contents of the plan. Possibly involving a discussion through a scenario and taking the invocation of the plan in a sequential order. See also Peer Review
|
|
Disaster
|
Any incident that causes a severe disruption to the working environment of a business or organisational unit, as defined by the facilities and personnel, which results in an inability to function or to provide service to internal or external customers
|
|
Disaster
|
A critical event that may have an impact on the business such as to significantly reduce its ability to operate, its reputation or its financial security
|
|
Disk Mirroring
|
A technical IT process that allows data to be held concurrently on two separate physical units (potentially at different sites)
|
|
Document Registry
|
A list of all key documents within Business Continuity Planning including information such as location, authorship, date of last update etc.
|
|
Emergency
|
A critical event that may have an impact on the business such as to significantly reduce its ability to operate, its reputation or its financial security
|
|
Emergency Operations Centre
|
see Command Centre
|
|
Evacuation Procedure
|
Instructions to staff of what to do in the event of a disaster, emergency or crisis.
|
|
Hazard Identification
|
see Risk Identification and Assessment
|
|
Head of Business Continuity
|
A high profile role to ensure that company, operation or site is well prepared and able to respond to both internal and external events and incidents which may impact on its continued business operations
|
|
Health Check
|
A document within PLAN-IT-CONTROL-IT that enables you to test your own readiness to deal with a disaster and to identify key elements of business continuity and best practise.
|
|
Hot Site
|
An expression used in Business Continuity Planning for an alternative or standby site that can be called in to use when a BCP is invoked and already has the IT, telecomm’s, office facilities etc. installed and available at the time of invocation. Invariably this is a more expensive option than a cold site where the IT, telecomm’s and office facilities are must be installed when the plan is invoked.
|
|
Incident Command Centre
|
see Command Centre
|
|
Integrated Test
|
A test that is carried out across several if not all functions to test recovery of the en-to-end business processing
|
|
Interim Site
|
see Standby Site
|
|
Loss Reduction
|
see Mitigation
|
|
Mitigation
|
Action take as part of risk management to reduce the likelihood and/or impact of a risk
|
|
Mock Disaster
|
see Scenario Testing
|
|
Objectives of BCP
|
Should include as a minimum I) Staff safety, welfare and internal communications, 2) Resumption of critical business functions, 3) Meeting contractual obligations, 4) Management of risk, 5) Maintenance of customer confidence and reputation, 6) Meeting all legal and regulatory requirements
|
|
Ownership
|
Ownership within Business Continuity Planning is a very important concept and must rest with the most senior management within an organisation.
|
|
Peer Review
|
Review of a part of the Business Continuity Plan by a group of staff to evaluate its likely effectiveness
|
|
PLAN-IT-CONTROL-IT
|
A resource or toolbox of documents that enables you to develop your own BUSINESS CONTINUITY PLANS by tailoring a series of plans, checklists, spreadsheets, report layouts, training guides, templates and forms
|
|
Project Structure
|
Projects should be divided into the following structure : Phases, then Activities within Phases, and Tacks within Activities
|
|
Quick Hits Document
|
A series of simple and easy to implement actions that if followed will allow a measure of control and containment in the event of an emergency, disaster or crisis.
|
|
Reciprocal Agreement
|
A procedure sometimes used by two or more comparable organisations (or units within the same organisation) to provide 'cover' for each other in the form of potential standby sites, data back-up etc.
|
|
Resumption
|
A measurement of how quickly a department, unit or area will need to be operating again in order to minimise the impact to the business
|
|
RIA
|
see Risk Identification and Assessment
|
|
Risk Identification and Assessment
|
Risk Identification and Assessment (RIA) is used to determine the internal and external threats that could cause loss or disruption and their likelihood of occurrence
|
|
Risk Log
|
Register of risks identified within RIA and determining likelihood, impact and actions to be taken.
|
|
Scenario Testing
|
Testing of a Business Continuity Plan through a realistic feigned disaster, emergency or crisis. Staff act their roles as if a real emergency had occurred.
|
|
Standby Site
|
A location with contracted or prearranged facilities that can be used as an emergency location in to which to move key staff in order to resume some degree of trading. This standby site may be externally contracted or be another location within the organisation.
|
|
Supplier List
|
A register of all key suppliers identified from within the business as part of BIA and RIA, and detailing key information about each supplier on the supplier list. This will include contact details, owner within your organisation, extent of supplier BCP's etc.
|
|
Version Control
|
Information added to a document to allow the latest version/update to be identified. This should include version number and issue date..
|
|
Warm Site
|
A standby site which had facilities in place which are partly configured but which will need additional work following an incident to become fully operational. An intermediate state between a Cold Site and a Hot Site
|
