A-B
Published under Risk Management
Terminology | Explanation | Source |
---|---|---|
ACCEPTABLE RISK | The level of residual risk that has been determined to be a reasonable level of potential loss/disruption | CIAO – Critical Infrastructure Assurance Office - USA |
ACCESS OVERLOAD CONTROL (ACCOLC) | The Access Overload Control scheme gives call preference to registered essential users on the four main mobile networks in the UK if the scheme is invoked during an emergency. | NASP – National Association of Security Professionals |
ACCOUNTABILITY | The property that ensures that the actions of an entity may be traced uniquely to the entity | ENISA |
ACTION LISTS | A specific Business Continuity Management term referring to defined actions, allocated to recovery teams and individuals, within a phase of a plan. These are supported by reference data. | ENISA |
ACTIVATION | The implementation of Business Continuity procedures, activities and plans in response to a Business Continuity Emergency, Event, Incident and/or Crisis | The BCI |
ACTIVITY | Processes carried out by an organisation, for example, Accounts. See: Business Activity | Emergency Planning College |
AGREED SERVICE TIME | The time during which a particular Business Continuity is agreed to be fully available, ideally as defined in the Service Level Agreement. Different levels of service might apply within the agreed service time, for instance the Service Desk might not be available for all the hours that users can access their services. | ENISA |
ALERT | A formal notification that an incident has occurred which may develop into a Business Continuity Management or Crisis Management invocation | ENISA |
ALERT PHASE | The first phase of a Business Continuity Plan in which the initial emergency procedures and damage assessments are activated | ENISA |
ALTERNATE ROUTING | The routing of information via another medium should the primary means become unavailable | The BCI |
ALTERNATE SITE | A site held in readiness for use during a Business Continuity incident to maintain the Business Continuity of an organisation's Mission Critical Activities. The term applies equally to office or technology requirements. Alternate sites may be 'cold', 'warm' or 'hot'. This type of site is also known as a Recovery Site. | The BCI |
ALTERNATE WORK AREA | Recovery environment complete with necessary infrastructure (desk, telephone, workstation, and associated hardware and equipment, communications, etc.) | ENISA |
ALTERNATIVE | The routing of information via an alternative cable routing medium (i.e. using different networks should the normal network be rendered unavailable) | Emergency Planning College and The BCI |
ANNUAL LOSS EXPOSURE/EXPECTANCY (ALE) | A Risk Management method of calculating loss based on a value and level of frequency | Emergency Planning College |
APPLICATION RECOVERY | The component of Disaster Recovery that deals specifically with the restoration of business system software and data after the processing platform has been restored or replaced | IT Recovery Site |
ASSEMBLY AREA | The designated area at which employees, visitors, and contractors assemble if evacuated from their building/site | The BCI |
ASSET | An item of property and/or component of a business activity/process owned by an organisation | The BCI |
ASSURANCE | The activity and method whereby an organisation can verify and validate its BCM capability | ENISA |
AUDIT | The method by which procedures and/or documentation are measured against pre-agreed standards | The BCI |
AUTOMATIC FAILOVER | The ability to automatically re-route end users and applications to a replica server, where they can continue to work with minimal interruption and productivity loss | ENISA |
AVAILABILITY | An umbrella term that includes reliability (including resilience), maintainability, serviceability and security. A common definition of availability is 'the ability of a component or Business Continuity (under combined aspects of its reliability, maintainability and security) to perform its required function at a stated instant or over a stated period of time'. Service availability is sometimes expressed as an availability percentage, i.e. the proportion of time that the service is actually available for use by the customers within the agreed service time. | ENISA |
BACKLOG | The effect on the business of a build-up of work that occurs as the result of a system or method being unavailable for an unacceptable period. A situation whereby a backlog of work requires more time to action than is available through normal working patterns. In extreme circumstances, the backlog may become so marked that the backlog cannot be cleared. | The BCI |
BACKLOG TRAP | The effect on the business of a backlog of work that develops when a system or process is unavailable for a long period, and which may take a considerable length of time to reduce | ENISA |
BACK-OUT PLAN | A plan that documents all actions to be taken to restore the service if the associated Change or Release fails or partially fails. Back-out plans may provide for a full or partial reversal. In extreme circumstances they may simply call for the Business Continuity Plan to be invoked. | Emergency Planning College and the UK Financial Sector Continuity |
BACKUP | A method by which data, electronic or paper based, is copied in some form so as to be available and used if the original data from which it originated is lost, destroyed or corrupted | The BCI |
BACKUP GENERATOR | An independent source of power, usually fuelled by diesel or natural gas | ENISA |
BATTLE BOX | A container in which data, information and other essentials is stored so as to become readily available to those responding to an incident | The BCI |
BENCHMARKING | A form of comparison usually between the activities of one organisation and those of one or more comparable external organisations. Also used to describe a form of simulation modelling where the entire operational environment is replicated or simulated | UK Financial Sector Continuity |
BODY HOLDING AREA | An area close to the scene of an emergency where the dead can be held temporarily before transfer to the emergency mortuary or mortuary | NASP – National Association of Security Professionals |
BRAINSTORMING | A Problem Management technique used to quickly generate, clarify and evaluate a sizeable list of ideas, Problems, issues , themes, etc. by documenting 'what we know' as a team, tapping the creative thinking of the team and getting everyone involved. The technique is particularly useful in identifying possible causes when constructing a Cause / Effect Diagram. | UK Financial Sector Continuity |
BRONZE TEAM | Bronze or Operational (Incident) Team is the level at which the management of hands-on work is undertaken at the incident site or impacted areas. | ENISA |
BS 25999 | The British Standards Institution 'Specification for Business Continuity Management' | ENISA |
BS 7799 | The British Standards Institution standard for information security management. Section 9 deals with Business Continuity Management. The corresponding international standard is known as ISO 17799. | The BCI |
BS 7799-1:2000 | The British Standards Institution 'Code of practice for information security management'. Also referred to as ISO/IEC 17799-2000 | ENISA |
BS 15000 | The British Standards Institution 'Specification for IS service management' | ENISA |
BSA | Bomb Shelter Area; internal area that offers protection from blast, flying glass and other fragments. | The British Army |
BSI | The British Standards Institution | The BSI |
BUILDING DENIAL | Any damage, failure or other condition which causes denial of access to the building or the working area within the building, e.g. fire, flood, contamination, loss of services, air conditioning failure, and forensics | ENISA |
BUSINESS ACTIVITY | A group of activities/processes undertaken by an organisation to produce a product and/or service and/or in pursuit of a common goal | The BCI |
BUSINESS ACTIVITY LEVELS | The predicted or historic levels of business method activity that are to be or have been supported by the IS infrastructure. Measured in business terms (e.g. number of account holders). | ENISA |
BUSINESS AS USUAL (BAU) | The normal state of operations | The BCI |
BUSINESS CONTINUITY (BC) | A proactive process which identifies the key functions of an organisation and the likely threats to those functions | The BCI |
BUSINESS CONTINUITY MANAGEMENT (BCM) | A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. Also the management of the overall programme through training, rehearsals, and reviews, to ensure the plan stays current and up to date. | The BCI, modified by ENISA |
BUSINESS CONTINUITY MANAGEMENT ACTIVITY | An action or series of actions that forms part of the BCM process | The BCI |
BUSINESS CONTINUITY (MANAGEMENT) CO-ORDINATOR | A member of the Business Continuity Management team who is assigned the overall responsibility for co-coordination of the recovery planning programme including team member training, testing and maintenance of recovery plans (associated terms: business recovery planner, disaster recovery planner, business recovery co-coordinator, disaster recovery administrator) | The BCI modified by ENISA |
BUSINESS CONTINUITY MANAGEMENT LIFECYCLE | The activities and processes divided into various stages that are necessary to manage Business Continuity | The BCI |
BUSINESS CONTINUITY MANAGEMENT MATURITY | The level and degree to which Business Continuity activities have become standard and assured practices within the organisation | The BCI |
BUSINESS CONTINUITY MANAGEMENT PLAN | A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster | BS 25999-1 |
BUSINESS CONTINUITY MANAGEMENT PLANNING | The advance planning and preparations which are necessary to identify the impact of potential losses; to formulate and implement viable recovery strategies; to develop recovery plan(s) which ensure continuity of organisational services in the event of an emergency or disaster; and to administer a comprehensive training, testing and maintenance programme | The BCI |
BUSINESS CONTINUITY MANAGEMENT POLICY | A BCM policy sets out an organisation's aims, principles and approach to BCM, what and how it will be delivered, key roles and responsibilities and how BCM will be governed and reported upon | The BCI |
BUSINESS CONTINUITY MANAGEMENT PROCESS | A set of activities/processes with defined outcomes, deliverables and evaluation criteria that form a distinct part of the BCM lifecycle | The BCI, modified by ENISA |
BUSINESS CONTINUITY MANAGEMENT PROGRAMME | An ongoing management and governance method supported by senior management and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services through exercising, rehearsal, testing, training, maintenance and assurance | The BCI |
BUSINESS CONTINUITY MANAGEMENT TEAM | A group of individuals functionally responsible for directing the development and execution of the Business Continuity Plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster | ENISA |
BUSINESS CONTINUITY OBJECTIVE | The desired time within which business method should be recovered, and the minimum staff, assets and services required within this time | ENISA |
BUSINESS CONTINUITY PLAN (BCP) | Documents describing the roles, responsibilities and actions necessary to resume business processes following a disruption. The Business Continuity Plan will provide a defining structure for and exert a major influence upon the development of IS continuity plans. Its scope both encompasses and exceeds Business Continuity Management and is normally a business responsibility. | ENISA |
BUSINESS CONTINUITY TEAM | One of a number of groups of people with defined, agreed and documented roles within the business recovery process | ENISA |
BUSINESS CRITICAL FUNCTIONS | Critical operational or support activities | The BCI |
BUSINESS CRITICAL POINT | The latest moment at which the business can afford to be without a critical function or process | The BCI |
BUSINESS FUNCTION | A business unit within an organisation e.g. a department, division, branch | The BCI |
BUSINESS IMPACT ANALYSIS (BIA) | An assessment of the minimum level of resources e.g. personnel, workstations, technology, telephony required, overtime, after a Business Continuity Incident to maintain the continuity of the organisation's Mission Critical Activities at a minimum level of service/production. The BIA measures the effect of resource loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning. Generally considered to be part of a BIA it is an integral part of any subsequent resource Gap Analysis. | The BCI, UK Financial Sector Continuity, modified by ENISA |
BUSINESS INTERRUPTION | Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) which disrupts the normal course of business operations at an organisation’s location | ENISA |
BUSINESS INTERRUPTION COSTS | The impact to the business caused by different types of outages, normally measured by revenue lost | ENISA |
BUSINESS INTERRUPTION INSURANCE | Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster | ENISA |
BUSINESS OBJECTIVES | The measurable targets designed to help an organisation achieve its overall business strategy | ENISA |
BUSINESS OPERATIONS | Activities and procedures carried out by the User community in performing the business role of an organisation. A Service Desk is concerned with supporting and dealing with the comments and requests arising from those business operations. | ENISA |
BUSINESS PROCESS | A series of related business activities aimed at achieving one or more business objectives in a measurable manner. Typical business processes include receiving orders, marketing services, selling products, delivering services, distributing products, invoicing for services, accounting for money received. A business method will usually depend upon several business functions for support e.g. IT, personnel, accommodation. A business method will rarely operate in isolation, i.e. other business processes will depend on it and it will depend on other processes. See Process | ENISA |
BUSINESS RECOVERY CO-ORDINATOR | An individual or group designated to coordinate or control designated recovery processes or testing | ENISA |
BUSINESS RECOVERY TEAM | A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes See Disaster Recovery Teams | The BCI, modified by ENISA |
BUSINESS RECOVERY TIMELINE | The chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and methodology. | ENISA |
BUSINESS RISK | The risk that external factors, such as a fall in demand for an organisations products or services, will result in unexpected loss. Business risk, if managed well, can also result in a competitive advantage being gained. | ENISA |
BUSINESS UNIT RECOVERY (PLAN) | A component of Business Continuity which deals specifically with the recovery of a key function or department in the event of a disaster | UK Financial Sector Continuity |
Browse the Topics