268 BCP/DR Glossary
Plan Maintenance: Periodic and regular review and updating of a contin-
gency plan.
Planning Software: A computer program designed to assist in the develop-
ment, organization, printing, distribution, and maintenance of contingency
plans.
Platform: A hardware or software architecture of a particular model or fam-
ily of computers (e.g., IBM, Tandem, HP).
Portable Shell: An environmentally protected and readied structure that
can be transported to a disaster site so equipment can be obtained and
installed near the original location. See also Mobile Hot Site, Relocatable
Shell.
Preparedness: Actions taken to ready employees before an event that can
include training, exercises, and equipment to assist during a disaster (e.g.,
first aid kits). When an event occurs, this leads to response.
Procedural Safeguards: Procedural measures taken to prevent a disaster,
such as safety inspections, fire drills, security awareness programs, records
retention programs, and so on.
Processing Backlog: The documentation of work and processes performed
by manual or other means during the time the data center was unavailable.
Qualitative Risk Analysis: The relative measure of risk or asset value by
using subjective terms such as low, medium, high; 1–10; not important or
very important, and so on.
Quantitative Risk Analysis: Using objective statistical data to measure
risk, asset value, and probability of loss. Similar terms: corporate loss analysis,
exposure analysis, exposure assessment, impact assessment, risk assessment, risk
identification.
Readiness Audit: The determination whether the resources for business
recovery are currently available.
Reciprocal Agreement: A written arrangement between organizations or
agencies in which they agree to assist one another upon request, by furnish-
ing personnel and equipment. (Also known as a mutual aid agreement.)
Record Retention: Storing historical documentation for a set period of
time, usually mandated by state and federal law or the Internal Revenue
Service.
Recovery: The process in which regular business operations and “lost” data
are restored. At this point, other technological issues are resolved, enabling
the business processes to begin addressing the backlog of work. Lessons
BCP/DR Glossary 269
Gloassary
learned from each event will build mitigation efforts to prevent future
losses.
Recovery Action Plan: The comprehensive set of documented tasks to be
carried out during recovery operations.
Recovery Alternative: The method selected to recover the critical business
functions following a disaster. In data processing, some possible alternatives
would be manual processing, use of service bureaus, or a backup site (hot or
cold). A recovery alternative is usually selected following either a risk analy-
sis, a business impact analysis, or both. Similar terms: backup alternative,
backup site.
Recovery Capability: This defines all of the components necessary to per-
form recovery. These components can include a plan, an alternate site,
change control process, network rerouting, and others.
Recovery Management Team: A group of individuals responsible for
directing the development and ongoing maintenance of a disaster recovery
plan. Also, the group is responsible for declaring a disaster and providing
direction during the recovery process.
Recovery Planning Team: A group of individuals appointed to oversee the
development and implementation of a disaster recovery plan.
Recovery Point Objective (RPO): The point in time to which data must
be restored in order to resume processing transactions. RPO is the basis on
which a data projection strategy is developed.
Recovery Strategy: The method selected by an organization to recover its
critical business functions following a disaster. Possible strategies for recov-
ering from an event that degrades or halts scheduled data processing ser-
vices delivery are: (1) Revert to manual procedures; (2) Temporarily
suspend data processing operations to affect recovery onsite; (3) Contract
with a service to provide essential data processing operations from that loca-
tion; and (4) Transfer essential data files and applications from offsite stor-
age to a hot-site facility and begin processing from the hot site.
Recovery Support Plans: (For a larger business that has units.) These plans
ensure that the required technology and infrastructure components are in
place to allow business units to restore, recover, and resume the core busi-
ness processes. Recovery Support Plans are organized around designated
team members and specific objectives. There are two types of recovery sup-
port plans, Infrastructure and Technology. Infrastructure Plans outline
guidelines for managing events to assess damage, repair as necessary, and to
sustain the work environment. Technology Plans outline how to restore the
270 BCP/DR Glossary
physical aspects of our business operations, such as our electrical systems,
computer networks, and other technology support items. (Also known as
disaster recovery plans.)
Recovery Team: See Business Recovery Team, Disaster Recovery Teams.
Recovery Time: The period from the disaster declaration to the recovery of
the critical functions.
Redundancy: Providing two or more resources to support a single function
or activity with the intention that if one resource fails or is interrupted, an
alternate resource will immediately begin to perform the function.
Relocatable Shell: See Mobile Hot Site, Portable Shell.
Remote Access: The ability to use a computer system, generally a main-
frame, from a remote location, generally by common phone lines.
Remote Journaling: The process of recording the product of a computer
application in a distant data storage environment, concurrently with the
normal recording of the product in the local environment. May be periodic
or continuous.
Response: A planned reaction to a crisis or disaster, which provides protec-
tion for employees and assets; assesses damage or impacts; and provides
notifications or declarations of the event. Response is followed the Recovery
process.
Restoration: The process of restoring the work environment or establishing
a temporary work area as necessary. This stage focuses on technology recov-
ery efforts to restore platforms and simultaneously directs employees to
minimize core business process interruptions due to lack of platform avail-
ability.
Resumption: The stage when processing the backlog of work is complete,
all related issues have been resolved, and normal core business processes can
start up or resume.
Risk: The potential for harm or loss. The chance that an undesirable event
will occur.
Risk Analysis/Assessment: The process of identifying and minimizing the
exposures to certain threats that an organization may experience.
Risk Management: The process of a business identifying, measuring, mon-
itoring, and controlling its exposures to ensure that risks are understood
and tolerances established by upper management/president/board of direc-
tors. This process ensures that capital allocation is consistent with risk expo-
sures. The process can align the strategic direction of a business’s
BCP/DR Glossary 271
Gloassary
performance incentives with risk tolerances, which ensures that risks taken
are compensated by the expected return. Continuity planning is one of
many activities that support a business’s risk management program.
Salvage and Restoration: The process of reclaiming or refurbishing com-
puter hardware, vital records, office facilities, etc., following a disaster.
Salvage Procedures: Specified procedures to be activated if equipment or a
facility should suffer any destruction.
Sample Plan: A generic disaster recovery plan that can be tailored to fit a
particular organization.
Satellite Communication: Data communications via satellite. For geo-
graphically dispersed organizations, may be viable alternative to ground-
based communications in the event of a disaster.
Scenario: A predefined set of events and conditions that describe an inter-
ruption, disruption or disaster related to some aspect(s) of an organization’s
business for purposes of exercising a recovery plan(s).
Scope: Predefined areas of operation for which a disaster recovery plan is
developed.
Secondary Disasters: Disasters that occur as collateral events associated
with a primary disaster. For example, earthquakes are primary disasters that
may cause subsequent fires, and so on.
Service Bureau (Center): A data processing utility that provides processing
capability, normally for specialized processing, such as payroll.
Service Level Agreement (SLA): An agreement between a service provider
and service user as to the nature, quality, availability and scope of the service
to be provided.
Shadow File Processing: An approach to data backup in which real-time
duplicates of critical files are maintained at a remote processing site. Similar
term: remote mirroring.
Simulation Test: A test of recovery procedures under conditions approxi-
mating a specific disaster scenario. This may involve designated units of the
organization actually ceasing normal operations while exercising their pro-
cedures.
Single Point of Failure: An element of a system for which no redundancy
exists. A failure of such a component may disable the entire system.
Skills Inventory: A roster of employees, listing their skills that apply to
recovery.
272 BCP/DR Glossary
Social Impact: Any incident or happening that affects the well-being of a
population and that is often not financially quantifiable.
Stand-Alone Processing: Processing, typically on a PC or midrange com-
puter, that does not require any communication link with a mainframe or
other processor.
Stand Down: Formal notification the alert may be called off or the state of
disaster is over.
Store/Forward: A preexisting automated system for capturing data, with
the capability to transmit the data when systems are restored.
Structured Walk-Through Test: Team members walk through the plan to
identify and correct weaknesses.
Subscription: Contract commitment providing an organization with the
right to utilize a vendor recovery facility for recovery of their mainframe
processing capability. Usually requires a subscription fee.
System Downtime: A planned interruption in system availability for
scheduled system maintenance.
System Outage: An unplanned interruption in system availability as a
result of computer hardware or software problems, or operational problems.
Table-Top Exercise: A type of test of a contingency plan in which actions
are not actually performed. Participants read through the steps and proce-
dures of the plan, in sequence, and evaluate the expected effectiveness of the
plan and the interaction between elements of the plan.
Technical Threats: A disaster-causing event that may occur regardless of
any human elements.
Temporary Operating Procedures: Predetermined procedures that
streamline operations while maintaining an acceptable level of control and
auditability during a disaster situation.
Test Plan: The recovery plans and procedures used in a systems test to
ensure viability. A test plan is designed to exercise specific action tasks and
procedures that would be encountered in a real disaster. Similar term: test
script.
Testing: See Exercise.
Threat: Threats are events that cause a risk to become a loss. For example, a
lightning strike could be the trigger that causes a fire that destroys a facility.
Threats include natural phenomena and manmade incidents.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.