Acronyms And Jargon Everywhere

Many industries have their own shorthand and business continuity planning and management is no different. If you’re confused by BCP, BCM, RTO, DR RPO then this glossary will help you finally cut through the jargon. If you still need help then contact our Business Continuity Team who will be glad to help.

Audit

Formal inspection and verification to check adherence to a standard or set of guidelines, or that records are accurate, or that efficiency and effectiveness or other targets or key performance indicators are being met.

Best Practice

Activities or processes that have been proven to be successfully and are used by multiple Organizations. ITIL is an example of a framework of best practices that have been collected from (IT) organizations around the world.

Business Continuity

The activity of allowing a business to continue operating after (and ideally during) a disaster or crisis.

Business Continuity Management

The Business Process responsible for managing and minigating risks that have the potential to seriously impact your company. BCM safeguards the interests of key stakeholders, reputation, brand and value-creating activities.

Business Continuity Plan/Planning (BCP)

A comprehensive plan (ideally held in a secure location on the Internet) to maintain or resume business in the event of a crisis. A good BCP covers all aspects of the business, not just one aspect such as IT.

Business Impact Analysis

An analysis of all business functions and the effect that a specific crisis may have upon them.

The BIA should include dependencies such as suppliers, people, business processes, IT Services, and other key aspects of the business.

A good BIA should define the recovery requirements for IT and other services include requirements such as Recovery Time Objectives, Recovery Point Objectives as well as minimum service levels required.

Business Objective

The Objective of the business as whole as well as individual business process. Business Objectives support the business strategy and target operating model.

Business Recovery Process

This is the path that companies follow during a recovery effort. There are major points along the path which are followed largely speaking regardless of the organisation. For example: crisis response, environmental restoration or relocation, functional restoration, data recovery and synchronization, business functions restoration, crisis operation and return to normal.

Change Management

The Process responsible for controlling the control, prioritisation, and implementation of changes usually to computer systems, but in some other areas of business as well

Cold Site

An alternate facility that is void of any resources or equipment except air-conditioning, raised flooring and power (as required for the housing of computer servers). Equipment and resources would be installed at time of crisis to duplicate the critical business functions of an organisation.

Compliance

Ensuring that standards or guidelines are ahered to, or that proper, consistent accounting or other practices are being employed.

Crisis

A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate.

Disaster

In General, defined as any damaging or destructive event that overwhelms available resources, causes serious loss, destruction, hardship, unhappiness, or death.

In Business Continuity and Disaster Recovery terms, a disaster is something that reaps any of these factors on your business in a business threatening way. These can take the form of natural, environmental or other forms of disaster (fire, earthquake, riot, etc.)

Disaster Recovery

Recovery of business and IT functions after a disaster or crisis.

Governance

Ensuring that policies and strategy are actually implemented, and that required processes are correctly followed. Governance includes defining roles and responsibilities, measuring and reporting, and taking actions to resolve any issues identified.

ISO 9000

A generic term that refers to a number of international Standards and Guidelines for Quality Management Systems. See www.iso.org for more information.

ISO/IEC 17799

ISO Code of Practice for Information Security Management. See www.iso.org for more information.

ISO/IEC 20000

ISO Specification and Code of Practice for IT Service Management. ISO/IEC 20000 is aligned with ITIL Best Practice. See www.iso.org for more information.

ISO/IEC 27001

ISO Specification for Information Security Management. The corresponding Code of Practice is ISO/IEC 17799. See www.iso.org for more information.

ITIL

A set of best practice guidance for IT Service Management. See www.itil.co.uk for more information.

N + 1

A fault tolerant strategy that includes multiple systems or components protected by one backup system or component.

PRINCE2

The standard UK government methodology for Project management and widely adopted by businesses throughout UK, Europe and beyond.

Recovery Point Objective (RPO)

The point in time to which data must be restored in order to resume processing transactions. RPO is the basis on which a data protection strategy is developed.

Recovery Time

The period from the disaster declaration to the recovery of the critical functions.

Recovery Time Objective (RTO)

The period of time within which systems, applications, or functions must be recovered after an outage (e.g. one business day). RTOs are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation.

Service Level Agreement

An agreement between a service provider and a customer. The SLA describes the service, documents Service Level Targets, and specifies the responsibilities of the service provider and the customer.

Strategic

The highest of three levels of planning and delivery (Strategic, Tactical, Operational). Strategic activities include the setting of objectives and goals, long-term planning to achieve the overall vision.

Warm Site

An alternate processing site which is only partially equipped (in comparison to a hot site which is fully equipped).