BCP Glossary of Terms
Business Continuity Plan (BCP) – The documented steps an organization follows to continue critical business operations after an incident. This includes contact information, floor plans, network diagrams, and anything else that is critical to implementing the steps in the plan. Also known as a Business Recovery Plan (BRP), or Business Contingency Plan (BCP).
Business Continuity Management Program (BCMP) – Documented procedures for regular maintenance, review, exercising and auditing of the BCP to keep it up to date. Also known as a Business Continuity Management System (BCMS).
Emergency Response Plan – Documented steps that an organization follows to protect the life, safety, assets and environment immediately following an incident. Examples include evacuation or shelter-in-place procedures.
Maximum Tolerable Outage (MTO) – The amount of time an organization can operate without a particular business process before it causes significant harm to the business. On a bi-weekly payroll, operating for a full 2 weeks without the ability to pay employees would cause significant harm to the business, so the MTO for this process is 2 weeks. Also known as Maximum Acceptable Outage (MAO).
Recovery Time Objective (RTO) – The amount of time data or services must be recovered within. Recovering a server that holds critical business data will have a faster RTO than recovering a non-critical application. Likewise, recovering communications with customers will have a faster RTO than recovering the process for filing completed audit records.
Threat Risk Assessment (TRA) – A review of the potential threats and risks to an organization. The assessment prioritizes them for planning purposes based on the likelihood of occurrence and potential impact on the business.