Business Continuity - Glossary
Based on ISO 22300 Security and Resilience (2021), ISO 22301 Business Continuity (2019) and Business Continuity Institute Good Practice Guidelines (2018)
| A | ||
| Activity | One or more tasks undertaken by an organisation that produces or supports the delivery of products or services. | |
| Analysis | A professional practice within the business continuity management cycle that reviews and assesses an organisation to identify its objectives, how it functions and the constraints of its operating environment. | |
| Audit | One or more tasks undertaken by an organisation that produces or supports the delivery of products or services. | |
| B | ||
| Business Continuity | Capability of an organisation to continue to deliver products or services at acceptable predefined levels following a disruptive incident. | |
| Business Continuity Management | Holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability of an effective response that safeguards the interest of its key stakeholders, reputation, brand and value-creating activities. | |
| Business Continuity Management Lifecycle |
The ongoing cycle of activities of a business continuity programme that builds organisational resilience: policy & programme management; embedding; analysis; design; implementation; validation. |
|
| Business Continuity Management System (BCMS) | Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. | |
| Business Continuity Plan (BCP) | Documented information that guides an organisation to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives. | |
| Business Continuity Programme | Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. | |
| Business Impact Analysis (BIA) |
Process of analysing activities and the effect that a business disruption might have upon them. |
|
| C | ||
| Competence | Action to eliminate the cause of a non-conformity and to prevent recurrence. | |
| Conformity | A situation with a high level of uncertainty that disrupts core activities and/or credibility of an organisation and requires urgent action. | |
| Continual Improvement | Recurring activity to enhance performance. | |
| Correction | Action to eliminate a detected non-conformity. | |
| Corrective Action | Action to eliminate the cause of a non-conformity and to prevent recurrence. | |
| D | ||
| Design | A professional practice within the business continuity management lifecycle that identifies and selects appropriate solutions to determine how continuity can be achieve in the event of an incident. | |
| Document | Information and its supporting medium. | |
| Documented Information | Information required to be controlled and maintained by an organisation and the medium on which it is contained. | |
| E | ||
| Effectiveness | Extent to which planned activities are realised and planned results achieved. | |
| Embedding | A professional practice within the business continuity management cycle that defines how to integrate business continuity awareness and practice into business-as-usual activities. | |
| Event |
Occurrence or change of a particular set of circumstances. It could be one or more occurrences. An event can consist of something not happening. An event could also be referred to as an incident or accident. An event without consequences may also be referred to as near miss.
|
|
| Exercise |
Process to train for, assess, practise and improve performance in an organisation. |
|
| I | ||
| Implementation | A professional practice within the business continuity management cycle that implements the solutions agreed in the design stage. It also includes developing the Business Continuity Plans and a response structure. | |
| Incident | Situation that might be, or could lead to, a disruption, loss, emergency or crisis. | |
| Infrastructure | System of facilities, equipment and services needed for the operation of an organisation. | |
| Interested Party |
Or Stakeholder. Person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity. |
|
|
Internal Audit |
Audit conducted by, or on behalf of, the organisation itself for management review and other internal purposes, and which might form the basis for an organisation’s self-declaration of conformity. | |
| Invocation | Act of declaring that an organisation’s business continuity arrangements need to be put into effect in order to deliver key products and services. | |
| M | ||
| Management System | Set of inter-related or interacting elements of an organisation to establish policies and objectives, and processes to achieve those objectives. | |
| Maximum Acceptable Outage (MAO) | See also maximum tolerable period of disruption. The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable. | |
| Maximum Tolerable Period Of Disruption (MTPD) | See also maximum acceptable outage. The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable. | |
| Measurement | Process to determine a value. | |
| Minimum Business Continuity Objective (MBCO) | Minimum level of services/products that is acceptable to the organisation to achieve its business objectives during a disruption. | |
| Monitoring | Determining the status of a system, a process or an activity. | |
| Mutual Aid Agreement | Pre-arranged understanding between two or more entities to render assistance to each other. | |
| N | ||
| Non-Conformity | Non-fulfilment of a requirement. | |
| O | ||
| Objective | Result to be achieved. An objective could be Strategic, Tactical or Operational. It could be expressed in other ways as, for example, a goal, an aim or target. | |
| Organisation | Person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives. | |
| Organisational Culture | Values, attitudes and behaviour of an organisation that contribute to the unique social and psychological environment in which it operates. | |
| Organisational Resilience | The ability of an organisation to absorb and adapt in a changing environment. | |
| Outsource | Make an arrangement where an external organisation performs part of an organisation’s function or process. | |
| P | ||
| Performance | Measurable result. | |
| Performance Evaluation | Process of determining measurable results. | |
| Personnel | People working for and under the control of an organisation. | |
| Policy | Intentions and direction of an organisation as formally expressed by its top management. | |
| Policy And Programme Management | A professional practice within the business continuity management cycle that establishes the organisation’s policy relating to business continuity and defines how the policy should be implemented throughout the business continuity programme. | |
| Prioritised Activities | Activities to which priority must be given following an incident in order to mitigate impacts. | |
| Procedure | Specified way to carry out an activity or a process. | |
| Process | Set of inter-related or inter-acting activities which transforms inputs into outputs. | |
| Products and Services | Beneficial outcomes provided by an organisation to its customers, recipients and interested parties. | |
| R | ||
| Record | Statement of results achieved or evidence of activities performed. | |
| Recovery Point Objective (RPO) | Point to which information used by an activity must be restored to enable the activity to operate on resumption. Can also be referred to as maximum data loss. | |
| Recovery Time Objective (RTO) | Period of time following an incident within which a product or service must be resumed; or an activity is resumed; or resources are recovered. | |
| Requirement | Need or expectation that is stated, generally implied or obligatory. Generally implied means that it is customary or common practice for the organisation. | |
| Resources | All assets, people, skills, information (whether electronic or not), technology (including plant and equipment), premises and supplies that an organisation has to have available to use, when needed, in order to operate and meet its objective. | |
| Risk | Effect of uncertainty on objectives. Often expressed in terms of a combination of consequences and likelihood. | |
| Risk Appetite | Amount and type of risk that an organisation is willing to pursue or retain. | |
| Risk Assessment (RA) | Overall process of risk identification, risk analysis and risk evaluation. | |
| Risk Management | Coordinated activities to direct and control an organisation with regard to risk. | |
| S | ||
| Stakeholder | Or Interested Party. Person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity. | |
| T | ||
| Test | Unique and particular type of exercise which incorporates an expectation of a pass or fail element within the aims or objectives of the exercise being planned. | |
| Testing | Procedure for evaluation. A means of determining the presence, quality or veracity of something. | |
| Threat | Potential cause of an unwanted incident which may result in harm to individuals, assets, systems or organisation, environment or the community. | |
| Top Management | Person or group of people who direct(s) and controls an organisation at the highest level. | |
| V | ||
| Validation | A professional practice within the business continuity management cycle that confirms that the business continuity programme meets the objectives set in the policy, and that the plans and procedures in place are effective. It includes exercises, maintenance and review activities. | |
| Verification | Confirmation, through the provision of evidence, that specified requirements have been fulfilled. | |
| W | ||
| Work Environment | Set of conditions under which work is performed. |
Links to
- Business Continuity Policy
- Overview
- Business Continuity Plan Template
- Business Impact Analysis Template
- University Energy Supply Working Group Membership
- Business Continuity processes and guidance [Restricted]
- Training and Exercises [To follow]
Get in touch
For queries about Business Continuity and Major Incident Management
Book an appointment: Business Continuity Plan (BCP) Clinic | Compliance (ox.ac.uk)
Join the Business Continuity Network and/or Compliance and Risk Network: Business Continuity Network and Compliance and Risk Network
