BCP Glossary of Terms
The ability of an organization to continue critical, non-IT specific operations after an incident. This also includes all planning and preparation prior to an incident.
The documented steps an organization follows to continue critical business operations after an incident. This includes contact information, floor plans, network diagrams, and anything else that is critical to implementing the steps in the plan. Also known as a Business Recovery Plan (BRP), or Business Contingency Plan (BCP).
Documented procedures for regular maintenance, review, exercising and auditing of the BCP to keep it up to date. Also known as a Business Continuity Management System (BCMS).
An assessment of critical business operations and their required resources in order to prioritize them for recovery after an incident.
A major event that has widespread human, resource, environmental or other ramifications, where the organization does not have the resources to recover on their own.
Recovery and restoration of any and all IT infrastructure; hardware, systems, applications, programs, etc. DR is a subset of BC, and supports BC recovery.
Documented steps to be followed for the recovery and restoration of IT infrastructure.
Any incident that requires an organization to enact their Emergency Response Plans in order to protect life, safety, assets or the environment.
Documented steps that an organization follows to protect the life, safety, assets and environment immediately following an incident. Examples include evacuation or shelter-in-place procedures.
An occurrence that, if not managed, could become an emergency or disaster.
The amount of time an organization can operate without a particular business process before it causes significant harm to the business. On a bi-weekly payroll, operating for a full 2 weeks without the ability to pay employees would cause significant harm to the business, so the MTO for this process is 2 weeks. Also known as Maximum Acceptable Outage (MAO).
A measure of the amount of data that can be lost before it hinders critical business operations. Data is recovered to a particular point.
The amount of time data or services must be recovered within. Recovering a server that holds critical business data will have a faster RTO than recovering a non-critical application. Likewise, recovering communications with customers will have a faster RTO than recovering the process for filing completed audit records.
A review of the potential threats and risks to an organization. The assessment prioritizes them for planning purposes based on the likelihood of occurrence and potential impact on the business.