activation Putting into motion all or a portion of a business continuity plan and its teams and procedures in response to a disaster.
assumptions Basic understandings about potential disaster situations upon which a business continuity plan and/or disaster recovery plan is based.
brand A name, symbol, or logo that represents a company, product, or service and makes the company, product, or service recognizable to customers and the public.
business continuity A proactive approach to ensure continuity or rapid restoration of delivery of the organization’s service or product following a disaster. The ability of an organization to provide service and support for its customers and to maintain its viability before, during, and after a disaster. Also referred to as business restoration, business recovery, or business resumption.
business continuity center (BCC) A facility or portion of a facility designed to serve as an operational center for a business continuity team to centralize and manage the business continuity process. A BCC can be located on or off the organization’s premises.
business continuity management (BCM) An ongoing enterprise-wide holistic management process that identifies risks and potential impacts that threaten an organization and its operations. Also provides a framework for building resilience and the capability for an effective response that safeguards the interests of the organization and its key stakeholders, reputation, brand, and value.
business continuity planning A process to develop, implement, and maintain strategies and procedures to ensure that key operations and essential business functions can continue or quickly be restored in the event of a disaster, state of emergency, or significant threat to the organization and its operations.
business continuity planning lifecycle A process of continuity planning that includes the development, maintenance, and testing of business continuity plans to ensure a continually maintained and enhanced business continuity program. Specific ongoing lifecycle steps include hazard assessment and mitigation, business impact analysis, development of business continuity strategies, development of business continuity plans and procedures, training, testing and exercising of developed plans, as well as ongoing efforts to maintain and improve the program.
business continuity program (BCP) A comprehensive, proactive, ongoing set of activities with the specific goal of developing and maintaining the capability of a company or other organization to respond to a serious emergency or disaster event that interrupts or threatens to interrupt normal business operations.
business impact analysis (BIA) A methodology and process used to identify the effects a disaster may have on a business and to identify, quantify, and prioritize time-critical business functions throughout the organization. The BIA identifies maximum allowable downtime, sequence of restoration and staffing requirements, support systems, special equipment, and other resources required by each critical business function, as well as the interdependencies among internal business units and dependencies outside the organization. BIA results are used as a guide in developing business continuity strategies and plans.
checklist A list of specific step-by-step actions taken by a member of the business continuity team or other related team in response to a particular disaster event or significant interruption of operations.
Continuity of Operations (COOP) plan The term used by government agencies to fulfill the requirement that all agencies have in place a viable COOP capability that ensures the performance of their essential functions during any emergency or situation that may disrupt normal operations. The counterpart in the private sector is a business continuity plan.
coordination A planned approach to working together and sharing critical resources. The extent to which organizations attempt to ensure that their activities take into account those of other organizations. Organizations’ deliberate degree of adjustment to one another.
crate and ship A contractual arrangement with an equipment vendor or supplier to ship replacement equipment within a specified time period following notification in order to facilitate a strategy for making critical equipment available following a disaster.
crisis An event that threatens life, property, or business operations beyond acceptable losses if not controlled. A turning point for better or worse, a crucial time, a decisive moment.
critical function A business activity that is essential to avoid significantly jeopardizing the organization’s ability to operate at an acceptable level. Any task or operation the loss or unavailability of which would have a catastrophic impact on the successful conduct of business. Also referred to as a vital business function or time-critical business function.
customer An individual, company, or organization that purchases or otherwise receives a service or product from another individual, company, or organization.
damage assessment The process of assessing damage following a disaster to determine what equipment, records, facilities, infrastructure, and inventory can be salvaged or restored and what must be replaced. A damage assessment can also provide an initial estimate of the length of time required to restore operations.
disaster A destructive or disruptive event, usually sudden or unexpected, beyond the response capabilities of the organizations where it has occurred. Typically brings great damage, loss, or destruction. For businesses, any event—large or small—that causes a cessation of vital business functions; an event requiring immediate action to ensure continuation or resumption of operations. Also referred to as a disaster event or event. Note: Based on its impact on operations, an event that may be only a nuisance for one company could be a disaster for another. See also event.
disaster recovery The restoration of an organization’s technology to provide the IT, telecommunications, and related technology needed to support business continuity objectives.
distributor An entity that sells a product or variety of products to customers. A company or individual who buys products, warehouses them, and resells and ships them to retailers or directly to end users.
downstream That part of the supply chain between producers of products or services and their end customers. Downstream links include distributors, wholesalers, and retailers.
emergency An urgent situation, a condition of disaster, or a condition of extreme peril to the safety of persons and property. Emergencies can be large or small.
emergency response team (ERT) Teams of designated employees organized, trained, and equipped to respond to emergencies occurring at the organization’s facilities by providing assistance to employees and visitors and, as required, directing building evacuation.
enterprise resource planning (ERP) An integrated information system, evolved from Manufacturing Resource Planning (MRP) II, that serves all departments within an enterprise to coordinate manufacturing processes to enterprise-wide back-end processes. ERP software is a multi-module application software that integrates activities across departments and can include product planning, parts purchasing, inventory control, distribution, and order tracking; it may also include application modules for finance, accounting, and human resources functions.
event An occurrence, often happening suddenly, that may cause damage to facilities or infrastructure, disruption of operations, or even loss of human life. Results are often a serious disruption of the functioning of an organization and possible material, economic, or environmental losses. See also disaster.
exercise An activity designed to promote business continuity preparedness. A process to evaluate business continuity and related operations plans, procedures, or facilities. Training for personnel assigned to business continuity and other disaster-related duties. Used as a means to test business continuity strategies, plans, and procedures. Three basic exercise categories are tabletop, simulation, and live.
Federal Emergency Management Agency (FEMA) U.S. government agency, formerly independent, that became part of the Department of Homeland Security in March 2003. Tasked with responding to, planning for, recovering from, and mitigating against disasters and for supporting disaster preparedness, response, and recovery efforts at the state and local government level. The beginnings of FEMA can be traced to the Congressional Act of 1803.
hazard Any source of damage or element of risk. A situation or condition with potential for loss or harm. Any event that will deny an organization the use of its normal work area or the connectivity or access to that area. Three basic types of hazards are natural, technological, and human-caused.
hazard assessment Identification of the most probable threats and the analysis of the related impacts of the identified threats. The evaluation of existing physical and environmental security and controls in combination with assessing existing capability to manage the potential threats to the organization. See also risk analysis.
hazardous material (hazmat incident) Any uncontrolled release of a material capable of posing a risk to health and safety and property. The hazardous material may be stationary or in transit. (1) Stationary: Areas at risk include facilities that produce, process, or store hazardous material as well as all sites that treat, store, and dispose of hazardous material. (2) In transit: Any spill during transport of material by land, waterways, or air that is potentially a risk to health and safety.
homeland security A concerted national effort to prevent terrorist attacks within the United States, reduce the nation’s vulnerability to terrorism, and minimize the damage and recover from attacks that do occur. A federal government agency, the Department of Homeland Security (DHS), is charged with carrying out the homeland security goals and has primary responsibility for ensuring that emergency response professionals are prepared for any situation. DHS also provides a coordinated, comprehensive federal response to any large-scale crisis or disaster. Includes the Federal Emergency Management Agency (FEMA).
hot site A remote, redundant (backup) computer operations location equipped with compatible hardware and the infrastructure needed to support operations. A fully operational data processing facility configured to an organization’s specifications, usually available beginning within a few hours of a disaster. Some have adjacent furnished office space and support facilities. A company may establish its own hot site at another company location, or a hot site may be contracted with a vendor; a reciprocal agreement with another company is yet another alternative. Also referred to as backup site, recovery site, recovery center, or alternate processing site.
Incident Command System (ICS) A management system for responding to and controlling an emergency or disaster caused by natural, technological, or human-caused events. The system was developed by public safety agencies and is now the nationally used standardized on-scene emergency management concept. ICS includes five parts: command/direction, operations, planning, logistics, and finance.
information technology (IT) Resources and systems used to collect and organize data and information used to conduct business. The business unit or department responsible for managing computer systems and related technology.
infrastructure A general term used to describe all systems for storing, treating, and distributing fuel, communications, water, wastewater, and electricity. By some definitions may include roadways, bridges, etc. Also referred to as lifelines.
intermodal shipping Transporting shipments using more than one method of transportation. For example, a shipment may be carried in shipping containers on a tractor trailer, transferred to rail flat cars for transit to a ship or barge, then to a truck for final delivery.
inventory Raw materials, components, or parts stored for use in the production process or finished goods or finished products stored before being shipped to a customer or to a distributor.
ISO (International Organization for Standardization) A global network of national standards institutes of approximately 160 countries coordinated by a Central Secretariat in Geneva, Switzerland. ISO provides standards and guidelines for quality in the manufacturing and service industries and is the world’s largest developer and publisher of quality management system standards, technical specifications, technical reports, handbooks, and web-based documents on quality management. Note: Because the acronyms for “International Organization for Standardization” would be different in different languages (IOS in English, OIN in French for Organisation internationale de normalisation), the group’s founders gave it a short, all-purpose name ISO, derived from the Greek isos, meaning “equal.”
just-in-time (JIT) A methodology that creates the movement of material into a specific location at a specified time, usually just before the material is needed in a manufacturing process. An inventory management philosophy aimed at improving responsiveness, reducing costs, and reducing waste and excess inventory by delivering products, components, or materials just when they are needed.
logistics (1) Supply chain: All elements of the supply chain coordinated to plan, implement, and control the upstream and downstream flow (purchasing, production, distribution) of goods, services, and information beginning with the point of origin and ending with the point of final consumption with a goal of meeting customer requirements. (2) Business continuity: Derived from the Incident Command System (ICS), a branch of the emergency response or business continuity team that is activated following a disaster declaration, typically staffed by representatives of departments associated with supply acquisition and material transportation. Responsible for ensuring the most effective acquisition and mobilization of supplies and materials necessary to support business continuity strategies. May also be responsible for transporting and supporting staff with business continuity responsibilities.
Manufacturing Resource Planning (MRP II) A computer-based management tool that expands on MRP I to include other functions throughout the company such as marketing and finance.
Material Requirements Planning (MRP I) A computer-based management tool that provides a manufacturer with a means of determining what products to produce and in what quantities, based on the response to what the manufacturer sells to its customers.
metrics In a business context, any type of measurement used to gauge a quantifiable component of an organization’s performance. For example, a company’s return on investment (ROI) is a metric used to quantify profit.
mitigation Pre-event planning and actions that aim to eliminate or lessen the effects of potential disasters. Actions taken well in advance of a destructive or disruptive event to reduce, avoid, or protect against its impacts. Must be an ongoing process to manage changes.
outsourcing Strategic use of resources outside the organization to carry out functions previously performed by internal staff and resources. The contracting out of major functions to specialized providers that may be more efficient or cost-effective.
pandemic A disease affecting a whole population or a number of countries. A global epidemic. An outbreak of an infectious disease that affects people or animals over an extensive geographical area.
Pareto Principle Named after Italian economist Vilfredo Pareto, a principle that specifies an unequal relationship between inputs and outputs. The principle states that, for many phenomena, 20 percent of invested input is responsible for 80 percent of the results obtained; 80 percent of consequences are the result of 20 percent of the causes. Also referred to as the Pareto rule or 80-20 Rule.
partnership A tailored business relationship based on mutual trust, openness, shared risk, and shared rewards that yields a competitive advantage, resulting in business performance greater for both or all parties than would be achieved by the individual entities.
pick and pack Part of the supply chain management process used in the distribution of goods. The process may be manual or computerized. (1) Pick: Small or large quantities of merchandise are picked from a warehouse to fulfill customer orders for specific destinations. (2) Pack: Picked merchandise is packaged for shipment to specific locations with an invoice enclosed and a shipping label affixed.
prodrome An event showing that a disaster could result under slightly different circumstances. A warning sign. Derived from the Greek for “running before.”
public information officer (PIO) An individual responsible for all media contact on behalf of the organization and to whom all media requests for information are referred. The PIO’s duties can include preparing press releases, conducting media briefings, and arranging for press conferences.
reciprocal agreement A formal agreement made by two or more companies or organizations to share or use each other’s resources following a disaster.
recovery Short-and long-term activities to return operations to normal. Recovery requires well-developed strategies to enable timely and orderly continuation or restoration of operations. See business continuity.
recovery point objective (RPO) The point in time to which systems and data must be recovered and restored after an outage (e.g., the end of the previous day’s processing) in order to resume processing. RPOs are often used as the basis for the development of backup strategies and as a determinant of the amount of data that must be recreated after the systems or functions have been recovered.
recovery time objective (RTO) The period of time within which systems, applications, or functions must be recovered after an outage (e.g., thirty minutes or less, twenty-four hours or less, seventy-two hours or less). RTOs are often used as the basis for the development of business continuity and disaster recovery strategies. Also referred to as maximum allowable downtime or maximum allowable outage.
redundant/redundancy The provision of more than one means or resource for performing a function. From a business continuity and/or disaster recovery perspective, redundancy refers to the duplication of critical equipment or systems—such as telecommunications, information systems, manufacturing equipment, skills, resources, suppliers, or facilities—to help ensure that the organization can continue or quickly resume operations when a disaster occurs.
resilience The capacity of a system or organization to absorb disruption and still preserve its basic structure and function. The ability of individuals, organizations, or other entities to anticipate and respond proactively to disruption, adversity, or significant change.
resilient Able to recover rapidly from adversity.
response Immediate actions taken during or immediately following a destructive or disruptive event to reduce impacts or to stop its effects.
restoration The activities needed to restore a facility or processing capability to its normal condition. Restoration involves the steps necessary to plan, organize, and continue these activities.
reverse logistics A supply chain process to handle the return of orders and packaging. Handling product returns back through the supply chain. The process of moving goods from their final destination for the purpose of capturing value or for proper disposal. Processing returns for any reason such as damage, excessive inventory, seasonal inventory, recalls, or salvage.
risk analysis Identification of the most probable threats and the analysis of the related vulnerabilities of the organization to these threats. Evaluation of existing physical and environmental security and controls, and assessing their adequacy relative to the potential threats to the organization. Also referred to as risk assessment, impact assessment, corporate loss analysis, risk identification, and exposure assessment.
risk management A process to help organizations understand, evaluate, and take action on all their risks in order to increase the probability of success and reduce the likelihood of failure or an unacceptable level of loss. A process to identify and control all risks to help ensure that the organization will continue to fulfill its mission.
Sarbanes-Oxley Act (SOX) A U.S. law passed in 2002 establishing a broad range of standards for public companies, their boards, and accounting firms. It was designed to increase corporate accountability through specific reporting requirements that companies and their executive boards must follow. The law, which is overseen by the Securities and Exchange Commission (SEC), requires infrastructure to preserve and protect information, records, and data.
scenario A brief narrative describing a hypothetical situation and conditions and the likely future when a destructive or disruptive event occurs. Beginning with a believable event, a scenario identifies the managerial setting and physical conditions and describes the impacts. Essential for preparedness planning, scenarios are also used as a basis for continuity exercises.
service level agreement (SLA) A legally binding contract or formal agreement between a supplier and a customer that details the nature, quality, and scope of the service or product to be provided. An agreement between a customer and the provider of a service or product that covers detailed specifications for the level and quality of service or product to be delivered.
stakeholder An individual, organization, or specific interest group that believes he/she or it will be impacted by the actions or inaction of another individual, organization, or specific interest group organization.
strategic planning A process that assesses the probable divergent scenarios and addresses what policies the organization should adopt to mitigate adverse impacts, prepare for the scenarios in the short term, respond, take advantage of opportunities each scenario may present, restore functions when impacts occur, and recover or change over a long time frame after a scenario occurs.
strategy An approach and course of action developed by an organization to ensure its recovery and continuity in the face of a disaster or other major operational interruption. Business continuity and/or disaster recovery plans and methodologies are determined by and support the organization’s strategy.
supplier risk analysis A hazard assessment or risk analysis of an organization’s suppliers, vendors, outsourcing companies, or contractors to identify and understand their risks and vulnerabilities and related ability to continue to deliver their product or service on time at an acceptable level of quality when disaster strikes.
supply chain A network of organizations that brings products or services to market through the exchange of resources including materials and information. The management of a network of interconnected businesses and processes involved in the ultimate delivery of products and services required by end customers. Spans and includes all activities and relationships—upstream and downstream—relating to the acquisition, movement, and storage of goods and services from the point of origin to the final delivery location. A supply chain consists of a company or organization and its suppliers, distributors, outsourcing companies, and customers. Also referred to as value chain.
supply chain management (SCM) Management of the processes that get the right things to the right places at the right time, typically with a goal of making a profit. Actionable strategies to optimize supply chain operations. Integration, coordination, and management of a network of interconnected companies and business processes from end user through original suppliers that provides products, services, and information that add value for customers.
tabletop exercise An exercise where participants walk through a response to a disaster situation, typically using only the plan document. This type of exercise provides a nonstressful way to train people and test plan documents while providing a team-building opportunity for business continuity team members. Also referred to as a walkthrough exercise or desktop exercise.
terrorism Systematic use of terror or unpredictable violence against governments, populations, or individuals, usually to attain a political objective.
threat Anything that can have a direct or indirect harmful effect on an organization or its operations.
uninterruptible power supply (UPS) An alternate short-term power supply, usually battery powered, to maintain power in the event of an electrical power outage. Typically, a UPS keeps computers or other equipment operating for several minutes after a power outage, enabling a graceful shutdown. Some UPS units include software that automates backup and shutdown procedures in the event of a power loss.
upstream That part of a supply chain between the producers of a service or product(s) and their suppliers of raw materials, parts, components, processes, or services that are used in manufacturing or creating their product(s).
value stream Activities within a supply chain that add value, especially in the estimation of the customer.
vital records Documents or records, paper or electronic, which—for legal, regulatory, or operational reasons—cannot be lost or damaged without impairing the organization’s ability to successfully conduct business.
work-around procedures Interim manual procedures that may be used by a business unit to enable it to continue to perform its critical business functions during temporary unavailability of specific computer applications, computerized systems, electronic or hard copy data, or voice or data communication.
worst-case scenario The maximum intensity of a specific hazard, coupled with the maximum estimated impact on operations. For most hazards, the highest impact will be associated with a disaster that is less likely to occur.
18.191.239.107