Industry veterans toss these terms around with apparent ease and clearly they mean something as those ‘in the club’ understand them perfectly but we appreciate it can all seem baffling to those who aren’t in the know.
So in an effort to break down barriers to understanding, here is Resilience Guard’s guide to some of the more commonly used business continuity and crisis management terminology. While far from being an exhaustive list, we hope you will find it a good starting point:
Business continuity jargon buster
- ALARP (or risk)
- A risk management term meaning ‘As low a risk as reasonably practical’.
- Assurance
- The process by which an organisation verifies its business continuity management capability.
- AToD
- Shorthand for ‘At time of disaster’.
- Battle box
- Often literally a box used to store vital information (such as employee contact details, third party recovery providers) and equipment (such as pens, torches, spare batteries) that may prove useful in a disaster.
- BAU
- Business as usual – quite literally meaning the normal course of business and commonly used to describe activities returning to normal following a business interruption.
- BC
- Business continuity – Defined as the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.
- BCM
- Business continuity management – A holistic management process that identifies potential threats to an organisation and the impact on business operations that those threats—if realised—might cause. BC provides a framework for building what’s known as organisational resilience: the capability of an organisation to respond effectively, safeguarding the interests of its key stakeholders and reputation.
- BCP
- Business continuity plan – A documented collection of procedures and information that is developed, and kept up-to-date in readiness for use in a potentially disruptive event to enable the organisation to continue to deliver its critical products and services as usual.
- BCMS
- Business continuity management system – An overall management system that implements, operates, monitors, reviews and improves an organisation’s business continuity.
- BIA
- Business impact analysis – the process of analysing business functions and the effect a business disruption might have on them.
- Blue light services
- Predominantly used in the UK, this term is used informally to refer to the emergency services of police, fire and ambulance.
- Campus
- A set of buildings that are geographically grouped together and might form one interconnected set of business continuity plans.
- Cold site
- A data centre or work area equipped with the appropriate environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation of equipment by key workers tasked with resuming operations.
- CMT
- Crisis management team – A group of designated individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision-makers trained in incident management and prepared to respond to any situation.
- Whereas in most countries ‘crisis’ and ‘incident’ are used interchangeably in the UK the term ‘crisis’ generally refers to wide area incidents involving the emergency services with ‘incident management’ used for normal BCM.
- Dedicated work area
- Workspace provided for sole use by a single organisation and configured ready for use.
- Desktop Exercise (also known as a tabletop exercise)
- Technique for rehearsing emergency teams in which participants review and discuss the actions they would take according to their plans, but do not actually perform any of these actions. Such an exercise can be conducted with a single team or multiple teams, typically under the guidance of exercise facilitators.
- Disaster declaration
- Nominated staff should be familiar with the list of assessment criteria of an incident versus disaster situation established by the BCM or DR Steering Committee and the notification procedure when a disaster occurs. Usually, to invoke third party services or make an insurance claim there will be a need for a formal disaster declaration to have been made.
- DR
- Disaster recovery – the process of recovering IT systems following an incident.
- Exercise
- Term used to describe rehearsing the roles of team members and staff and test the recovery of an organisation’s systems – including technology, telephony and administration – to demonstrate the effectiveness of a business continuity plan.
- Hot site
- A facility equipped with IT, telecoms and infrastructure that can be used to restore IT and telephony capabilities. When the facility is designed to accommodate business users it is more commonly referred to as a work area recovery site.
- IMT
- Incident management team – A group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision-makers trained in incident management and prepared to respond to any situation.
- Invocation
- A formal declaration that an organisation’s business continuity plan needs to be activated to continue to deliver key products and services in the event of a business interruption.
- ITDR
- Refers to the pure IT aspects of disaster recovery, specifically restoring IT to the level required to support an organisation’s critical business functions to acceptable levels within a pre-determined period of time following a disruption.
- KPI
- Key performance indicators – Benchmark measurements based on the organisation’s objectives, targets and industry practice.
- MTDL
- Maximum tolerable data loss – The maximum loss of information (electronic and other data) that an organisation can tolerate. The age of the data could make operational recovery impossible or the value of the lost data is so substantial as to put business viability at risk.
- MTPoD
- Maximum tolerable period of disruption – the amount of downtime an organisation can withstand in the event disaster strikes after which its viability will be threatened if product or service delivery cannot be resumed.
- Outage
- A period of time in which IT services and systems are out of commission. For other plant and equipment the term ‘downtime’ is commonly used.
- PDCA
- Abbreviation for Plan, Do, Check, Act – This is the model used as a framework for all management systems including business continuity management systems.
- Residual risk
- The level of risk remaining after all cost-effective actions have been taken to lessen the impact, probability and consequences of a specific risk according to an organisation’s risk appetite.
- Risk appetite
- The degree of risk an organisation is prepared to accept being exposed to at any point in time.
- RPO
- Recovery point objective – The target set for the status and availability of data (electronic and paper) at the start of the recovery process. In purely ITDR terms it can be seen as the precise time to which data and transactions have to be restored, for example close of business or last backup.
- RTO
- Recovery time objective – The target time for resuming the delivery of a product or service to an acceptable level – either full or partial – following its disruption.
- SLA
- Service Level Agreement – An agreement between a service provider and a customer defining the scope, quality and timeliness of service delivery.
- Simulation
- Simulation is a process whereby recovery team members perform all of the actions they would take in the event of a crisis plan activation. It may involve one or more of the recovery teams and is performed under conditions that simulate a real world business interruption.
- SPOF
- Single point of failure – A service, activity or process to which there is no alternative meaning that loss of that element could lead to total failure of a mission-critical activity.
- Syndicated service
- A workspace shared by a limited number of organisations, set-up for general use rather than any one organisation.
- Syndication ratio
- The number of times that a particular work area is sold by a third party provider. This is an important figure as a work area’s availability at the time of an incident could be allocated on a first come, first served basis or on a reduced allocation basis.
- Virtual battle box
- An electronic form of a storage location held on the internet, intranet or cloud so that data and information is immediately available post incident and accessible by the Incident Management Team.
- WAR
- Work area recovery – Restoration of office activities at an alternative location that provides desks, telephony, office systems and networking capability.
- Warm site
- A designated standby site equipped and serviced to a level which will allow the organisation to resume essential operations before their non-availability threatens business viability. However, there is no definitive distinction between a warm and a hot site, although clearly recovery at a hot site could be almost immediate whereas at a warm site it might take several hours to accomplish.
- Wide area disaster
- A catastrophic event such as a terror attack or industrial accident that impacts a large geographic area and requires emergency services (or even the military) to take control.
- WRC
- Workplace recovery centre – a fully-equipped alternative workspace for use by employees in the event their normal premises or the technology and communications they need to do their jobs are unavailable for any reason.
If you’d like to talk to a business continuity expert consultant on any aspect of business continuity or crisis management, contact us.