Published under Risk Management
Terminology Explanation Source
ACCEPTABLE RISK The level of residual risk that has been determined to be a reasonable level of potential loss/disruption CIAO – Critical Infrastructure Assurance Office - USA
ACCESS OVERLOAD CONTROL (ACCOLC) The Access Overload Control scheme gives call preference to registered essential users on the four main mobile networks in the UK if the scheme is invoked during an emergency. NASP – National Association of Security Professionals
ACCOUNTABILITY The property that ensures that the actions of an entity may be traced uniquely to the entity ENISA
ACTION LISTS A specific Business Continuity Management term referring to defined actions, allocated to recovery teams and individuals, within a phase of a plan.  These are supported by reference data. ENISA
ACTIVATION The implementation of Business Continuity procedures, activities and plans in response to a Business Continuity Emergency, Event, Incident and/or Crisis The BCI
ACTIVITY Processes carried out by an organisation, for example, Accounts. See: Business Activity Emergency Planning College
AGREED SERVICE TIME The time during which a particular Business Continuity is agreed to be fully available, ideally as defined in the Service Level Agreement.  Different levels of service might apply within the agreed service time, for instance the Service Desk might not be available for all the hours that users can access their services. ENISA
ALERT A formal notification that an incident has occurred which may develop into a Business Continuity Management or Crisis Management invocation ENISA
ALERT PHASE The first phase of a Business Continuity Plan in which the initial emergency procedures and damage assessments are activated ENISA
ALTERNATE ROUTING The routing of information via another medium should the primary means become unavailable The BCI
ALTERNATE SITE A site held in readiness for use during a Business Continuity incident to maintain the Business Continuity of an organisation's Mission Critical Activities. The term applies equally to office or technology requirements. Alternate sites may be 'cold', 'warm' or 'hot'. This type of site is also known as a Recovery Site. The BCI
ALTERNATE WORK AREA Recovery environment complete with necessary infrastructure (desk, telephone, workstation, and associated hardware and equipment, communications, etc.) ENISA
ALTERNATIVE The routing of information via an alternative cable routing medium (i.e. using different networks should the normal network be rendered unavailable) Emergency Planning College and The BCI
ANNUAL LOSS EXPOSURE/EXPECTANCY (ALE) A Risk Management method of calculating loss based on a value and level of frequency Emergency Planning College
APPLICATION RECOVERY The component of Disaster Recovery that deals specifically with the restoration of business system software and data after the processing platform has been restored or replaced IT Recovery Site
ASSEMBLY AREA The designated area at which employees, visitors, and contractors assemble if evacuated from their building/site The BCI
ASSET An item of property and/or component of a business activity/process owned by an organisation The BCI
ASSURANCE The activity and method whereby an organisation can verify and validate its BCM capability ENISA
AUDIT The method by which procedures and/or documentation are measured against pre-agreed standards The BCI
AUTOMATIC FAILOVER The ability to automatically re-route end users and applications to a replica server, where they can continue to work with minimal interruption and productivity loss ENISA
AVAILABILITY An umbrella term that includes reliability (including resilience), maintainability, serviceability and security. A common definition of availability is 'the ability of a component or Business Continuity (under combined aspects of its reliability, maintainability and security) to perform its required function at a stated instant or over a stated period of time'.  Service availability is sometimes expressed as an availability percentage, i.e. the proportion of time that the service is actually available for use by the customers within the agreed service time. ENISA
BACKLOG The effect on the business of a build-up of work that occurs as the result of a system or method being unavailable for an unacceptable period. A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so marked that the backlog cannot be cleared. The BCI
BACKLOG TRAP The effect on the business of a backlog of work that develops when a system or process is unavailable for a long period, and which may take a considerable length of time to reduce ENISA
BACK-OUT PLAN A plan that documents all actions to be taken to restore the service if the associated Change or Release fails or partially fails.  Back-out plans may provide for a full or partial reversal.  In extreme circumstances they may simply call for the Business Continuity Plan to be invoked. Emergency Planning College and the UK Financial Sector Continuity
BACKUP A method by which data, electronic or paper based, is copied in some form so as to be available and used if the original data from which it originated is lost, destroyed or corrupted The BCI
BACKUP GENERATOR An independent source of power, usually fuelled by diesel or natural gas ENISA
BATTLE BOX A container in which data, information and other essentials is stored so as to become readily available to those responding to an incident The BCI
BENCHMARKING A form of comparison usually between the activities of one organisation and those of one or more comparable external organisations.  Also used to describe a form of simulation modelling where the entire operational environment is replicated or simulated UK Financial Sector Continuity
BODY HOLDING AREA An area close to the scene of an emergency where the dead can be held temporarily before transfer to the emergency mortuary or mortuary NASP – National Association of Security Professionals
BRAINSTORMING A Problem Management technique used to quickly generate, clarify and evaluate a sizeable list of ideas, Problems, issues , themes, etc. by documenting 'what we know' as a team, tapping the creative thinking of the team and getting everyone involved.  The technique is particularly useful in identifying possible causes when constructing a Cause / Effect Diagram. UK Financial Sector Continuity
BRONZE TEAM Bronze or Operational (Incident) Team is the level at which the management of hands-on work is undertaken at the incident site or impacted areas. ENISA
BS 25999 The  British Standards Institution  'Specification for Business Continuity Management' ENISA
BS 7799 The British Standards Institution standard for information security management. Section 9 deals with Business Continuity Management. The corresponding international standard is known as ISO 17799. The BCI
BS 7799-1:2000 The British Standards Institution 'Code of practice for information security management'.  Also referred to as ISO/IEC 17799-2000 ENISA
BS 15000 The British Standards Institution 'Specification for IS service management' ENISA
BSA Bomb Shelter Area; internal area that offers protection from blast, flying glass and other fragments. The British Army
BSI The British Standards Institution The BSI
BUILDING DENIAL Any damage, failure or other condition which causes denial of access to the building or the working area within the building, e.g. fire, flood, contamination, loss of services, air conditioning failure, and forensics ENISA
BUSINESS ACTIVITY A group of activities/processes undertaken by an organisation to produce a product and/or service and/or in pursuit of a common goal The BCI
BUSINESS ACTIVITY LEVELS The predicted or historic levels of business method activity that are to be or have been supported by the IS infrastructure.  Measured in business terms (e.g. number of account holders). ENISA
BUSINESS AS USUAL  (BAU) The normal state of operations The BCI
BUSINESS CONTINUITY (BC) A proactive process which identifies the key functions of an organisation and the likely threats to those functions The BCI
BUSINESS CONTINUITY MANAGEMENT (BCM) A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. Also the management of the overall programme through training, rehearsals, and reviews, to ensure the plan stays current and up to date. The BCI, modified by ENISA
BUSINESS CONTINUITY MANAGEMENT ACTIVITY An action or series of actions that forms part of the BCM process The BCI
BUSINESS CONTINUITY (MANAGEMENT) CO-ORDINATOR A member of the Business Continuity Management team who is assigned the overall responsibility for co-coordination of the recovery planning programme including team member training, testing and maintenance of recovery plans (associated terms: business recovery planner, disaster recovery planner, business recovery co-coordinator, disaster recovery administrator) The BCI modified by ENISA
BUSINESS CONTINUITY MANAGEMENT LIFECYCLE The activities and processes divided into various stages that are necessary to manage Business Continuity The BCI
BUSINESS CONTINUITY MANAGEMENT MATURITY The level and degree to which Business Continuity activities have become standard and assured practices within the organisation The BCI
BUSINESS CONTINUITY MANAGEMENT PLAN A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster BS 25999-1
BUSINESS CONTINUITY MANAGEMENT PLANNING The advance planning and preparations which are necessary to identify the impact of potential losses; to formulate and implement viable recovery strategies; to develop recovery plan(s) which ensure continuity of organisational services in the event of an emergency or disaster; and to administer a comprehensive training, testing and maintenance programme The BCI
BUSINESS CONTINUITY MANAGEMENT POLICY A BCM policy sets out an organisation's aims, principles and approach to BCM, what and how it will be delivered, key roles and responsibilities and how BCM will be governed and reported upon The BCI
BUSINESS CONTINUITY MANAGEMENT PROCESS A set of activities/processes with defined outcomes, deliverables and evaluation criteria that form a distinct part of the BCM lifecycle The BCI, modified by ENISA
BUSINESS CONTINUITY MANAGEMENT PROGRAMME An ongoing management and governance method supported by senior management and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services through exercising, rehearsal, testing, training, maintenance and assurance The BCI
BUSINESS CONTINUITY MANAGEMENT TEAM A group of individuals functionally responsible for directing the development and execution of the Business Continuity Plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster ENISA
BUSINESS CONTINUITY OBJECTIVE The desired time within which business method should be recovered, and the minimum staff, assets and services required within this time ENISA
BUSINESS CONTINUITY PLAN (BCP) Documents describing the roles, responsibilities and actions necessary to resume business processes following a disruption.  The Business Continuity Plan will provide a defining structure for and exert a major influence upon the development of IS continuity plans.  Its scope both encompasses and exceeds Business Continuity Management and is normally a business responsibility. ENISA
BUSINESS CONTINUITY TEAM One of a number of groups of people with defined, agreed and documented roles within the business recovery process ENISA
BUSINESS CRITICAL FUNCTIONS Critical operational or support activities The BCI
BUSINESS CRITICAL POINT The latest moment at which the business can afford to be without a critical function or process The BCI
BUSINESS FUNCTION A business unit within an organisation e.g. a department, division, branch The BCI
BUSINESS IMPACT ANALYSIS (BIA) An assessment of the minimum level of resources e.g. personnel, workstations, technology, telephony required, overtime, after a Business Continuity Incident to maintain the continuity of the organisation's Mission Critical Activities at a minimum level of service/production. The BIA measures the effect of resource loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning. Generally considered to be part of a BIA it is an integral part of any subsequent resource Gap Analysis. The BCI, UK Financial Sector Continuity, modified by ENISA
BUSINESS INTERRUPTION Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of business operations at an organisation’s location ENISA
BUSINESS INTERRUPTION COSTS The impact to the business caused by different types of outages, normally measured by revenue lost ENISA
BUSINESS INTERRUPTION INSURANCE Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster ENISA
BUSINESS OBJECTIVES The measurable targets designed to help an organisation achieve its overall business strategy ENISA
BUSINESS OPERATIONS Activities and procedures carried out by the User community in performing the business role of an organisation.  A Service Desk is concerned with supporting and dealing with the comments and requests arising from those business operations. ENISA
BUSINESS PROCESS A series of related business activities aimed at achieving one or more business objectives in a measurable manner.  Typical business processes include receiving orders, marketing services, selling products, delivering services, distributing products, invoicing for services, accounting for money received.  A business method will usually depend upon several business functions for support e.g. IT, personnel, accommodation.  A business method will rarely operate in isolation, i.e. other business processes will depend on it and it will depend on other processes.  See Process ENISA
BUSINESS RECOVERY CO-ORDINATOR An individual or group designated to coordinate or control designated recovery processes or testing ENISA
BUSINESS RECOVERY TEAM A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes See Disaster Recovery Teams The BCI, modified by ENISA
BUSINESS RECOVERY TIMELINE The chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and methodology. ENISA
BUSINESS RISK The risk that external factors, such as a fall in demand for an organisations products or services, will result in unexpected loss. Business risk, if managed well, can also result in a competitive advantage being gained. ENISA
BUSINESS UNIT RECOVERY (PLAN) A component of Business Continuity which deals specifically with the recovery of a key function or department in the event of a disaster UK Financial Sector Continuity
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies