Published under Risk Management
Terminology Explanation Source
ICT The department responsible for managing IT components within an organisation ENISA
IED Improvised Explosive Device NASP; National Association of Security Professionals
IMMEDIATE RECOVERY Broadly speaking, this Business Continuity option provides for the immediate recovery of services in a contingency situation.  The instant availability of services distinguishes this option from what may be referred to as 'Hot Stand-by/Start', which typically will permit services to be recovered within 2 to 24 hours depending on the criticality of the business method they support.  Depending on that business criticality, 'immediate' recovery may then vary from zero to 24 hours.  See: Gradual Recovery and Intermediate Recovery ENISA
IMMEDIATE RECOVERY TEAM The team with responsibility for implementing the Business Continuity Plan and formulating the organisations initial recovery strategy ENISA
IMPACT A measure of the effect that an Incident, Problem or Change is having or might have on the business being provided with Business Continuity.  Often equal to the extent to which agreed or expected levels of service may be distorted.  Together with urgency, and perhaps technical security, it is the major means of assigning priority for dealing with Incidents, Problems or Changes. The Disaster Recovery Journal modified by ENISA
IMPACT ANALYSIS The identification of critical business processes and the potential damage or loss that may be caused to the organisation resulting from a disruption to those processes, or perhaps from a proposed change.  Business impact analysis identifies the form the loss or damage will take; how that degree of damage or loss is likely to escalate with time following an Incident; the minimum staffing, facilities and services needed to enable business processes to continue to operate at a minimum acceptable level; and the time within which they should be recovered.  The time within which full recovery of the business processes is to be achieved is also identified. ENISA
INCIDENT Any event that is not part of the standard operation of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service ITIL
INCIDENT CATEGORISATION A sub-division of Classification, which provides a means of identifying -- using a series of structured codes: firstly, what appears to have gone wrong with the IS Service (the symptoms); secondly why the failure occurred (cause); and thirdly  the component likely to be at fault. The category codes are elements within the classification data string and are essential for fault analysis purposes. ENISA
INCIDENT COMMAND SYSTEM (ICS) Combination of facilities, equipment, personnel, procedures, and communications operating within a common organisational structure with responsibility for the command, control, and coordination of assigned resources to effectively direct and control the response and recovery to an incident ENISA
INCIDENT MANAGEMENT The process by which an organisation responds to and controls an incident using emergency response procedures or plans The BCI
INCIDENT MANAGEMENT PLAN A clearly defined and documented plan of action for use during an incident ENISA
INCIDENT MANAGER Commands the local emergency operations centre (EOC) reporting up to senior management on the recovery progress. Has the authority to invoke the recovery plan.  See Crisis Manager ENISA
INCIDENT RESPONSE The response of an organisation to an incident that may significantly impact the organisation, its people, or its ability to function productively.  Concentrates on the safety of personnel ENISA
INCIDENT ROOM See:  Command Centre ENISA
INFORMATION SECURITY Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can be involved. BS ISO/IEC 17799: 2005
INFORMATION TECHNOLOGY (IT) Technology components (computer systems, networks, applications, telecommunications, technical support and service desk) Pas 77
INFRASTRUCTURE The underlying foundation, basic framework, or interconnecting structural elements that support an organisation ENISA
INHERENT RISK The possibility that some human activity or natural event will have an adverse affect on the asset(s) of an organisation and which cannot be managed or transferred away The BCI modified by ENISA
INNER CORDON Surrounds and protects the immediate scene of an incident ENISA
INTEGRATED EXERCISE An exercise conducted on multiple interrelated components of a Business Continuity Plan, typically under simulated operating conditions. Examples of interrelated components may include interdependent departments or interfaced systems. UK Financial Sector Continuity
INTERIM SITE A temporary location used to continue performing business functions after vacating a recovery site and before the original or new home site can be occupied. Moving to an interim site may be necessary if ongoing stay at the recovery site is not feasible for the period of time needed or if the recovery site is located far from the normal business site that was impacted by the disaster. An interim site move is planned and scheduled in advance to minimize disruption of business processes; equal care must be given to transferring critical functions from the interim site back to the normal business site. ENISA
INTERNAL HOTSITE A fully equipped alternate processing site owned and operated by the organisation ENISA
ISO 9000 Guidelines and assurances of method and procedure standards for quality assurance systems ISO
IT Service Continuity Management (ITSCM) The discipline which takes ITDR and aligns it with BC requirements to provide a resilient IT service which inherently supports BC by maintaining the RTO and reducing downtime. BS 25777. The Disaster Recovery Journal modified by ENISA
ITDR See Disaster Recovery ENISA
ITIL Information Technology Infrastructure Library ITIL
INVOCATION The act of declaring that an organisation’s Business Continuity plan needs to be put into effect in order to continue delivery of key products or services BS 25999-1
JOURNALLING The process of logging changes or updates to a database since the last full backup ENISA
KEY PERFORMANCE INDICATOR A measure (quantitative or qualitative) that enables the overall delivery of a service to be assessed by both business and IS representatives.  KPIs should be few in number and focus on the service's potential contribution to business success.  To be effective in improving business performance, they must be linked to a strategic plan which details how the business intends to accomplish its vision and mission.  The metrics selected must address all aspects of performance results, describe the targeted performance in measurable terms and be deployed to the organisational level that has the authority, resources and knowledge to take the necessary action. UK Financial Sector Continuity modified by ENISA
KEY BUSINESS ACTIVITY The critical operational and/or business support functions that could not be interrupted or made unavailable for less than a mandated or predetermined time-frame without significantly jeopardizing the organisation. These tasks identified within a Business Continuity Plan as a priority action typically to be carried out within the first few minutes/hours of the plan invocation. ENISA
KNOWLEDGE BASE Data repository holding information on Incidents, Problems and Known Errors, enabling an organisation to match new Incidents against previous ones and thus to reuse established solutions and approaches ENISA
LEAD TIME The time it takes for a supplier - either equipment or service - to make that equipment or service available. Business continuity plans should try to minimise this by agreeing Service Levels (Service Level Agreement) with the supplier in advance of a Business Continuity incident rather than relying on the supplier's best efforts. The BCI
LIKELIHOOD The chance of something happening, whether defined, measured or estimated objectively or subjectively, or in terms of general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities BS 25999-1
LINE RE-ROUTING A short-term change in the routing of telephone traffic, which can be planned and recurring, or a reaction to an outage situation The BCI
A team comprised of various members representing departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilization of hardware, supplies, and support materials. This team is also responsible for transporting and supporting staff. The BCI
LOSS Negative consequence BS 25999-1
LOSS ADJUSTER Designated position activated at the time of a Business Continuity event to assist in managing the financial implications of the event and should be involved as part of the management team where possible. The BCI, modified by ENISA
LOSS REDUCTION The technique of instituting mechanisms to lessen the exposure to a particular risk ENISA
LOST TRANSACTION RECOVERY Recovery of data (paper within the work area and/or system entries) destroyed or lost at the time of the disaster or interruption. Paper documents may need to be requested or re-acquired from original sources. Data for system entries may need to be recreated or re-entered ENISA
LVBIED Large Vehicle-Borne Improvised Explosive Device NASP; National Association of Security Professionals
MAJOR INCIDENT A UK Emergency Services definition. Any emergency that requires the implementation of special arrangements by one or more of the Emergency Services, National Health Service or a Local Authority.  Many organisations will use this terminology internally for an incident which causes widespread operational disruption and is likely to involve the Emergency Services. The BCI, modified by ENISA
MANAGEMENT SYSTEM The framework of processes and procedures used to ensure that the organisation can fulfil all tasks required to achieve its objectives ENISA
MANUAL PROCEDURES An alternative process of working following a loss of IS systems. As working practices rely more and more on computerised activities, the ability of an organisation to fall back to manual alternatives lessens. However, temporary measures and methods of working can help mitigate the impact of a Business Continuity incident and give staff a feeling of doing something. The BCI
MARSHALLING AREA Area to which resources and personnel not immediately required at the scene or being held for further use can be directed to stand by The BCI
MAXIMUM ACCEPTABLE OUTAGE (MAO) The maximum period of time that critical business processes can operated before the loss of critical resources affects their operations.  See MTPD, MBCO HB 292-2006
MAXIMUM TOLERABLE PERIOD OF DISRUPTION (MTPD) The time after which disruption will become critical to the organisation or cause irrevocable damage.  See MAO, MTPD The BCI
METRIC Measurable element of a service, method or function.  The real value of metrics is seen in their change over time.  Reliance on a single metric is not advised, especially if it has the potential to affect User behaviour in an undesirable way. ENISA
MINIMUM BUSINESS CONTINUITY OBJECTIVE (MBCO) Minimum level of services and/or products which is acceptable to the organisation to achieve its business objectives during an incident, emergency or disaster.  MBCO is set by the executive management of the organisation and can be influenced, dictated and/or changed by current regulatory requirements or industry practice.  See MTPD, MAO TR19: 2005
MIRRORED STANDBY SITE A fully redundant facility with full, real-time information mirroring.  Mirrored sites are identical to the primary site in all technical aspects. The Disaster Recovery Journal modified by ENISA
MISSION-CRITICAL ACTIVITIES The critical operational and/or business support activities (either provided internally or outsourced) required by the organisation to achieve its objective(s) i.e. services and/or products The BCI
MISSION-CRITICAL APPLICATION Applications that support business activities or processes that could not be interrupted or unavailable for 24 hours or less without significantly jeopardizing the organisation The Disaster Recovery Journal modified by ENISA
MITIGATION Limitation of any negative consequence of a particular event ENISA
MOBILE RECOVERY A mobilized resource purchased or contracted for the purpose of business recovery. The mobile recovery centre might include: computers, workstations, telephone, electrical power, etc. ENISA
MOBILE STANDBY A transportable operating environment, usually complete with accommodation and equipment, which can be transported and set up at a suitable site at short notice The BCI
MOBILE STANDBY SITE Self contained, transportable units which are custom fitted with specific telecommunications and IT equipment necessary to meet system requirements ENISA
MOBILE STANDBY TRAILER A transportable operating environment, often a large trailer, that can be configured to specific recovery needs such as office facilities, call centres, data centres, etc. This can be contracted to be delivered and set up at a suitable site at short notice. ENISA
MOBILISATION The activation of the recovery organisation in response to an emergency or disaster declaration. The BCI, modified by ENISA
MOCK DISASTER One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all, or most, of the applicable teams. Under the guidance of exercise coordinators, the teams walk through the actions they would take per their plans, or simulate performance of these actions. Teams may be at a single exercise location, or at multiple locations, with communication between teams simulating actual disaster mode communications. A mock disaster will typically operate on a compressed time-frame representing many hours, or even days. ENISA
N + 1 A fault tolerant strategy that includes multiple systems or components protected by one backup system or component ENISA
NATURAL THREATS Events caused by nature that have the potential to impact an organisation ENISA
NETWORK OUTAGE An interruption of voice, data, or IP network communications ENISA
OFF-SITE LOCATION A site at a safe distance from the primary site where critical data (computerised or paper) and/ or equipment is stored from where it can be recovered and used at the time of a Business Continuity incident if original data, material or equipment is lost or unavailable The BCI
OFF-SITE STORAGE Any place physically located a significant distance away from the primary site, where duplicated and vital records (hard copy or electronic and/or equipment) may be stored for use during recovery The BCI, modified by ENISA
OPERATIONAL IMPACT An impact which is not quantifiable in financial terms but whose effects may be among the most severe in determining the survival of an organisation following a disaster UK Financial Sector Continuity
OPERATIONAL IMPACT ANALYSIS The risk that deficiencies in information systems or internal controls will result in unexpected loss. The risk is associated with human error, system failures and inadequate procedures and controls. ENISA
OPERATIONAL RISK The risk of loss resulting from inadequate or failed procedures and controls ENISA
OPERATIONAL TEST A test conducted on one or more components of a plan under actual operating conditions ENISA
ORDERLY SHUTDOWN The actions required to rapidly and gracefully suspend a business function and/or system during a disruptio The Disaster Recovery Journal, modified by ENISA
ORGANISATION A company, firm, association, group, enterprise, a corporate entity; a firm, an establishment, a public or government body, department or agency; a business or a charity or other legal entity or part thereof, whether incorporated or not, which has its own functions and administration The BCI, with modifications from HB 292-2006
OUTAGE Period of time that a service, system, method or business function is expected to be unusable or inaccessible which has a high impact on the organisation, compromising the achievement of the organisation's business objectives. An outage is different to 'downtime' where method or system failures happen as a part of normal operations, and where the impact merely reduces the short-term effectiveness of processes The BCI
OUTSOURCING The transfer of business functions to an independent (internal and/or external) supplier The BCI
PEER REVIEW A review of a specific component of a plan by personnel (other than the owner or author) with appropriate technical or business knowledge for accuracy and completeness  
PERIOD OF TOLERANCE The period of time in which a Business Continuity incident can escalate to a potential disaster without undue impact to the organisation The BCI
PIPELINES SAFETY REGULATIONS 1996 UK Legislation on the management of pipeline safety, using an integrated, goal-setting, risk-based approach encompassing both onshore and offshore pipelines; includes the major accident prevention document, the arrangements for emergency plans and the transitional arrangements The Health and Safety Executive (HSE)
PLAN ADMINISTRATOR The individual responsible for documenting recovery activities and tracking recovery progress ENISA
PLAN CURRENCY Business Continuity Plans must be maintained (housekeeping) to an adequate state. Measures of how up-to-date BC and CMT plans are recorded. A good (recent) plan currency is vital if plans are to be reliable. The BCI
PLAN MAINTENANCE The management process of keeping an organisation’s Business Continuity Management plans up to date and effective. Maintenance procedures are a part of this process for the review and update of the BC plans on a defined schedule. Maintenance procedures are a part of this process. The BCI, modified by ENISA
PLANNING ASSUMPTIONS Descriptions of the types and scales of consequences for which organisations should be prepared to respond ENISA
POST IMPLEMENTATION REVIEW One or more reviews held after the implementation of a change to determine initially, if the change has been implemented successfully and subsequently, if the expected benefits have been obtained ENISA
PRE-POSITIONAL RESOURCE Material (i.e. equipment, forms and supplies) stored at an off-site location to be used in business resumption and recovery operations (associated terms: pre-positioned inventory) The BCI
PREVENTATIVE MEASURES Measures put in place to lessen the likelihood of a Business Continuity Incident The BCI
PROBABILITY Extent to which an event is likely to occur.  See likelihood ENISA
PRIORITY Sequence in which an incident or problem needs to be resolved  ENISA
PRIORITISATION The ordering of key business activities and their dependencies are established during the BIA and Strategic-planning phase. The Business Continuity Plans will be implemented in the order necessary at the time of the event. ENISA
PROBABILITY The measure of chance of occurrence expressed as a number HB 292-2006
PROCESS An organised set of tasks which uses resources to transform inputs to outputs ENISA
PROCESS OWNER/MANAGER An individual held accountable and responsible for the workings and improvement of one of the organisations defined processes ENISA
PROGRAM An organised list of instructions that, when executed, causes a computer to behave in a predetermined manner.  Programs contain variables representing numeric data, text or graphical images and statements that instruct the computer what to do with variables. ENISA
PROGRAMME A portfolio of projects and other activities that are planned; initiated and managed in a co-ordinated way in order to achieve a set of defined business objectives ENISA
PROJECT A temporary organisation created for the purpose of delivering one or more business products according to a specified business case ENISA
PROJECT MANAGEMENT The techniques and tools used to describe, control and deliver a series of activities with given deliverables, time-frames and budgets The BCI
PROTECTIVE SECURITY The safeguarding of physical and personnel welfare or information NASP; National Association of Security Professionals


Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies