|
PreEmpt, Inc. Home |
|
Definition Forum |
|
This page is maintained by PreEmpt Inc. as a service to the Business Continuity Community. As a relatively new profession, it is important that the industry establish standards for terminology used within the industry. If we don't, someone else will!
|
|
|
|
Contribute to the Business Continuity Profession by using this web page! See how below. I have read this before. Skip to the list of BCP terms. |
Why are we concerned? Terms dealing with Disaster Recovery & Business Continuity are used inconsistently by planners, vendors, users, and management. |
|
How can you be part of the process?
This web page lists commonly used BC/DR terms. If you know of a good source of definitions that you would like to see referenced here, please let us know. Definitions provided are from various industry sources (see Legend).
The purpose of comparing definitions from varied sources is to identify differences and, hopefully, stimulate a dialog to improve definitions, resolve discrepancies or deficiencies in definitions, and eventually improve and standardize the meaning of commonly used terms. YOU can be part of the process. Please send your comments to: mailto:languageisimportant@preemptinc.com?subject=Language is Important Comments will be screened and posted, as appropriate. We prefer to post comments using your name and the name of your company. However, comments will be posted with initials only and without a company name, unless you specify that your name and/or your company name may be used.
~~~~~ Opinions! ~~~~~
This page is not intended to be opinion free. If you feel a particular definition is great as it stands, let us know. If you think the definition is off-base, let us know as well, but please tell us why, so your thoughts can be shared with other readers. Each definition has a link for submission of comments to that definition.
If you have a term that you would like to see discussed on this page, please let us know!
Special thanks to the North Texas Chapter of Association of Contingency Planners for providing the initial impetus to get this web page started.
Commonly Used Business Continuity Terms
This page is a work in progress! Definitions for some of the terms listed below have not yet been added to this forum. If the term you are looking for is listed, but has no link, please be patient and check this page at a later date. Thanks - WM (Web Master)
|
|
|
Business Continuity Management |
Disaster Preparedness | |
| Business Continuity |
Redundant Site | ||
|
|
Disaster Recovery Plan | Resiliency | |
| Business Continuity Planning | Disaster Recovery Planning | ||
| Business Continuity Program | |||
| Disruption Impact Assessment | |||
| Business Recovery |
Response | ||
|
Duplicate Site |
|||
| Business Resumption |
Restoration Plan | ||
|
Hot Site |
Restored | ||
| Cold Site | Impact |
Resumed or Resumption | |
| Risk | |||
| Continuity - Webster | |||
| Risk Analysis | |||
|
|
Minimum Required Resources | Risk Management | |
|
|
Crisis |
Mirroring |
Strategy Options Analysis |
|
Crisis Management |
Mitigation | ||
|
|
Critical Processes (or Functions) | Pre-positioned Resources | Warm Site |
|
|
Recovery |
| |
| Recovery Plan | |||
|
|
Disaster Prevention | Recovery Point Objective | |
|
|
|||
|
|
|
|
BCP = Business Contingency Preparedness DRII-DRJ = Disaster Recovery Institute International - Disaster Recovery Journal FCP = Forbes Calamity Prevention NIST = National Institute of Standards & Technology NFPA = National Fire Prevention Association OCC = Office of the Comptroller of Currency WM = Web Master NOAD = New Oxford American Dictionary |
Definitions & Proposed Definitions from Various Sources
|
|
|
|
NIST
|
The BCP focuses on sustaining an organization’s business functions during and after a disruption. An example of a business function may be an organization’s payroll process or consumer information process. A BCP may be written for a specific business process or may address all key business processes. Information systems are considered in the BCP only in terms of their support to the larger business processes. In some cases, the BCP may not address long-term recovery of processes and return to normal operations, solely covering interim business continuity requirements.
|
|
PreEmpt |
A set of instructions, procedures, and guidelines for protecting and ensuring (to the extent possible) the continuity of business processes. The plan includes procedures for use prior to any potentially disruptive event (problem elimination or mitigation) and procedures to be used during and following any disruptive event. |
|
COMMENTS
|
|
|
WM |
Oddly enough, of the sources used for this comparison, NIST is the only entity (other than PreEmpt) that provides a definition for this term. It is important to note that the NIST definition classifies Information Systems as a resource to support the business process. PreEmpt agrees that IS or IT is indeed a resource, with the exception that an organization that sells computer support would have to consider IT or IS as a business process. We do not feel that the last part of the definition (possibly) restricting BCP to "interim continuity only" is necessary.
Note that the PreEmpt definition includes procedures for use prior to, during, and following a disruption, while the NIST definition restricts procedures to "during and after" a disruption. |
|
|
|
|
|
|
|
|
|
| BCP |
The overall process of developing an approved set of arrangements and procedures to insure your business can respond to a disaster and resume its critical business functions within a required time frame objective. It is an ongoing process to plan, develop, and implement disaster recovery procedures to ensure the optimum availability of the critical business functions. The primary objective is to reduce the level of risk and cost to you and the impact on your staff, customers and suppliers.
|
|
DRII-DRJ |
Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. SIMILAR TERMS: Contingency Planning, Disaster Recovery Planning.
|
| FCP |
Business Continuity Planning, or BCP, means making advance preparations to continue your business activities after an interruption. BCP is sometimes called "disaster recovery planning" or "contingency planning." The BCP process should answer two questions, "What could go wrong?" (called a risk analysis), and "If something went wrong, how would it affect our business?" (called a business impact analysis). Your answers to those questions help determine your recovery strategies, which should be written down and tested every year.
|
|
PreEmpt |
Process of developing advance arrangements to protect and ensure (to the extent possible) the Continuity of business processes.
|
|
COMMENTS
|
|
|
WM |
We would like to modify the DRII-DRJ definition to include planning efforts that mitigate or prevent (not just respond to) interruptions all together. We do like the part of the DRII-DRJ definition that speaks to planned levels of interruption as opposed to the Merriam Webster definition (of continuity) that allows for no interruptions at all. See the PreEmpt definition of "Continuity" on this web page.
The BCP definition uses the term "Disaster" We would prefer to use another term such as "Disruptive Event" because we feel that Business Continuity Planning should and does address disruptions of all sizes - not just large scale events (as the BCP definition of Disaster implies). We also feel that the use of the term "recovery" weakens the definition. See the definitions of recovery vs continuity.
Sometimes less is more. The PreEmpt definition is more inclusive (less restrictive) than the DRII-DRJ definition and, as the examples show, can encompass mitigation planning as well as response planning. |
|
|
|
|
|
|
|
|
|
|
DRII-DRJ |
An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.
|
|
NFPA |
An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity of services through personnel training, plan testing, and maintenance.
|
|
PreEmpt |
An ongoing process that supports developing and maintaining advance arrangements to protect and ensure (to the extent possible) the Continuity of business processes. |
|
COMMENTS
|
|
|
WM |
Both the DRII-DRJ and NFPA definitions use the term "recovery." This brings up the issue of whether "recovery" and "continuity" are interchangeable terms. Other definitions on this web page, such as "Business Recovery Plan" as defined by NIST make a clear distinction between "continuity" and "recovery." The DRII-DRJ definition of "recovery" hints at actions addressed at some time distant from the event, while the NFPA definition of "recovery" is clearly aimed at reestablishing an acceptable level of operations and not continuation of processes during an event.
In other words, as a whole, the terms "recovery" and "continuity" are sometimes used interchangeably and sometimes there is a defined difference between the two terms. "Recovery" seems to be a confusing term, particularly when used in the context of DR (Disaster Recovery), where it commonly applies only to recovery of the technical component.
PreEmpt's definition avoids use of the word "recovery" in the definition of "Business Continuity Program." |
|
|
|
|
|
|
| Business Impact Analysis | |
| DRII-DRJ |
The process of analyzing all business functions and the effect that a specific disaster may have upon them. 1) Determining the type or scope of difficulty caused to an organization should a potential event identified by the risk analysis actually occur. The BIA should quantify, where possible, the loss impact from both a business interruption (number of days) and a financial standpoint. SIMILAR TERMS: Business Exposure Assessment, Risk Analysis
|
| FCP |
A Business Impact Analysis, or BIA, estimates the possible consequences to your company of a sudden, unplanned, severe interruption for any reason.
|
| NFPA |
A management level analysis that identifies the impacts of losing the entity’s resources. The analysis measures the effect of resource loss and escalating losses over time in order to provide the entity with reliable data upon which to base decisions concerning hazard mitigation, recovery strategies, and continuity planning.
|
| PreEmpt | A management level analysis that identifies the impact to business process and an organization's total operation resulting from the loss of a resources or set of resources over time. |
|
COMMENTS
|
|
| Make a comment | |
|
Business Recovery |
|
|
|
|
|
OCC |
Business recovery preparations enable a firm to recover the operation of a disrupted business process or function in order to manage firm and customer risks
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Clearly, the OCC definition is directed at a business process. However, the term "recovery" is problematic. We did not find an OCC definition of "recovery," but there are definitions of "recovery" from the DRII-DRJ and NFPA, neither of which indicates that recovery is synonymous with Continuity. If we apply the NFPA definition of recovery (see below) in the OCC definition of "business recovery," then the term would mean returning business process to normal and not Continuity of business processes following a disruption. That having been said, it is our guess that the intention of the definition was to include Continuity. Language is important. |
|
|
|
|
|
|
|
NIST |
The BRP addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but unlike that plan, the BRP typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption.
|
|
OCC |
The goal of business recovery plans is the recovery of a particular activity or function, and not the recovery of a disabled facility or system.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
The NIST definition clearly makes a distinction between business recovery and business continuity. By implication, the NIST definition concedes that a pause or break in business processes will occur (continuity is broken). The OCC definition makes it clear that BRP includes "recovery" of a business process and does NOT include recovery of a facility or a system.
PreEmpt feels the concepts expressed in the definitions provided by both NIST and OCC are adequately addressed by PreEmpt's definition of Business Continuity Plan, therefore, we have decided not to include the term BRP in our vernacular. |
|
|
|
|
|
|
|
| |
|
OCC |
The goal of business resumption is the effecting and processing of new transactions after old transactions have been completed.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Although other sites (NIST) use the term Business Resumption Plan, OCC is the only one that bothers to define the term. DRII-DRJ does define "resumption."
Like the term "Business Recovery Plan," PreEmpt feels the concepts expressed by this term are adequately covered by PreEmpt's definition of "Business Continuity," therefore we have decided not to use the term BR. While it is logically consistent to define a plan that does not insist on strict continuity of business processes and only specifies processes be resumed following a disruption, we feel that the PreEmpt definition of Continuity, which tolerates interruptions of acceptable length or severity, obviates the need for a separate "resumption" plan. |
|
|
|
|
|
|
|
|
|
|
NIST |
The BRP addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but unlike that plan, the BRP typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. |
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Like the term "Business Recovery Plan," PreEmpt feels the concepts expressed by this term are adequately covered by PreEmpt's definition of "Business Continuity," therefore we have decided not to use the term BRP. |
|
|
|
|
|
|
| Contingency Plan | |
|
BCP |
A specific planned response to an event which is possible, but uncertain, to occur.
|
|
DRII-DRJ |
A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources including workaround procedures, an alternate work area, a reciprocal agreement, or replacement resources.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
Merriam- Webster |
a : uninterrupted connection, succession, or union b : uninterrupted duration or continuation especially without essential change |
|
COMMENTS
|
|
|
WM |
None of the sources used in this comparison defines "continuity," so we went to the Merriam-Webster website for a definition. Note the reference to "uninterrupted" in the definition. In most cases, the definitions of compound terms reviewed on this web page that contain the word "continuity" allow for some, perhaps brief, interruption to a business or process.
See PreEmpt's definition of Continuity below. |
|
|
|
|
|
|
|
PreEmpt |
Continuation of business and or operations without interruption or with acceptable levels or lengths of interruption following a disruptive or potentially disruptive event. |
|
COMMENTS
|
|
|
WM |
The Merriam-Webster definition of continuity specifies there will be no interruption at all. For business continuity planning purposes, we felt the definition could be modified to allow continuity to exist if the interruptions were of acceptable lengths or levels. Because we would like to use this definition in the term "Continuity Planning," we also qualified the definition to address actual disruptions, as well as potentially disruptive events (i.e. events that would have been disruptive except for proper planning and mitigation). Also note, the definition carefully avoids the use of the term "Disaster," which in itself is difficult to define. |
| Make a comment | |
|
|
|
|
|
|
|
PreEmpt |
The boundaries of time and service level within which a business process must be accomplished to avoid unacceptable consequences associated with a break in Continuity. |
|
COMMENTS
|
|
|
WM |
PreEmpt uses this term as a replacement for the infamous RTO. Note that we have introduced the concept of tolerance for degradation of service level, as well as time delay as a means of determining acceptable levels for performance or non-performance associated with a process. |
|
|
|
|
|
|
|
BCP |
A process in your business which is critical for the continuation of your business. The criticality of each process may change at various times during the activity and life of your business. The Business Impact Analysis will identify these processes, critical time frames and support requirements. The process may be an internal or external process.
|
|
DRII-DRJ |
Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
|
|
FCP |
Business activities which you believe must be performed in order to satisfy customers, shareholders, or government authorities, are "critical" functions. Critical functions also include activities which must be done to protect the assets or reputation of your company.
|
|
PreEmpt |
A process which, if not performed for a defined time period, will result in unacceptable consequences. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition references an interruption of "several business days." In today's world, tolerance for loss of critical processes may be considerably less than several days. We think the definition could be improved by removing the several days reference. |
| Make a comment | |
|
DRII-DRJ |
The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. and determining what can be salvaged or restored and what must be replaced.
|
|
NFPA |
An appraisal or determination of the effects of the disaster on human, physical, economic, and natural resources.
|
|
PreEmpt |
The process of determining the loss of or reduction in usefulness of a resource or asset, including an evaluation of whether the resource or asset can be repaired or restored and in what time frame. |
|
COMMENTS
|
|
|
WM |
Both the DRII-DRJ and the NFPA definitions indicate that a damage assessment is used to determine the damage to or loss of resources. The DRII-DRJ definition indicates that damage assessment also includes some analysis of the resource loss (as opposed to a simple list). Neither definition specifically includes a component to determine how business operations would be IMPACTED by the loss of or damage to resources. An assessment of the impact (of a disruption) is usually accomplished based on the information from the damage assessment, perhaps by an executive team or group or by a committee or other decision making group. See Disruption Impact Assessment.
Note that the PreEmpt definition does not use the word "disaster," as we feel it is simply not necessary. |
|
|
|
|
|
|
|
BCP |
A sudden, unplanned calamitous event that causes great damage or loss. In the business environment, it is an event that creates an inability on an organization's part to provide the critical business functions for some predetermined period of time.
|
|
DRII-DRJ |
A sudden, unplanned calamitous event causing great damage or loss. 1) Any event that creates an inability on an organizations part to provide critical business functions for some predetermined period of time. 2) In the business environment, any event that creates an inability on an organization’s part to provide the critical business functions for some predetermined period of time. 3) The period when company management decides to divert from normal production responses and exercises its disaster recovery plan. Typically signifies the beginning of a move from a primary to an alternate location. SIMILAR TERMS: Business Interruption; Outage; Catastrophic
|
|
FCP |
A disaster is any sudden, unplanned, severe interruption of normal business activities. ... In business continuity planning, the cause of the interruption is not as important as the consequences to your business.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
We like the concept expressed in the 2nd part of the DRII-DRJ definition. We also like the first sentence of part 3. We don't, however, like the assumption in the last sentence that disaster implies movement to an alternate site or that movement to an alternate site defines a disaster.
On the whole, when discussing business continuity, PreEmpt prefers to use the term "Disruptive Event" where many others use the term "disaster." Disruptive events can include both large and small events, while for most, the term disaster implies a large catastrophic event. Since most so-called "disaster plans" must address small events, as well as large events, we simply do not think "disaster" is the most appropriate term for most business plans. Indeed, we feel that in most cases, it is a misnomer.
In a good number of cases, PreEmpt has found that planners try to use the definition of "Disaster" as the criteria for activation of their "Disaster Plan." We feel strongly that activation criteria should be part of the plan (by whatever name) and not a function of a definition.
We especially like the last phrase of the FCP definition: "In business continuity planning, the cause of the interruption is not as important as the consequences to your business." |
|
|
|
|
BCP |
Activities, programs, and systems developed prior to a disaster that are used to support and enhance mitigation, emergency response, and recovery.
|
|
PreEmpt |
PreEmpt does not use this term |
|
COMMENTS
|
|
|
WM |
The use of the term "recovery" in the BCP definition could be problematic. We assume that the definition is intended to include business continuity or continuation as well as recovery. The terms "recovery" and "continuation" or "continuity" are not consistently used as interchangeable terms within the business continuity field. Additionally, we would include remediation planning in the definition. |
| Make a comment | |
|
BCP |
Measures employed to prevent, detect, or contain incidents, which, if left unchecked, could result in disaster.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
|
|
|
|
|
|
DRII-DRJ |
Activities and programs designed to return the entity to an acceptable condition. 1) The ability to respond to an interruption in services by implementing a disaster recovery plan to restore an organization's critical business functions.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition of Disaster Recovery is consistent with their definition of Disaster Recovery Plan, but not necessarily with their definition of Disaster Recovery Planning. Their Planning definition is clearly technology specific, while their definition of Disaster Recovery is oriented to business functions. Certainly the technical component will eventually support the business processes. However, if the term "Disaster Recovery Planning" is to be technology specific, the definition of "Disaster Recovery" should be also. |
|
|
|
|
|
|
|
DRII-DRJ |
The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster recovery goals.
|
|
NIST |
As suggested by its name, the DRP applies to major, usually catastrophic, events that deny access to the normal facility for an extended period. Frequently, DRP refers to an IT-focused plan designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency. The DRP scope may overlap that of an IT contingency plan; however, the DRP is narrower in scope and does not address minor disruptions that do not require relocation.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Note that the NIST definition is much more specific than the DRII-DRJ definition, and it clearly denotes a DRP is usually specific to Information Technology. The NIST definition also makes a clear distinction between a DRP and IT Contingency Plan. While the DRII-DRJ definition leaves room for the plan to address both major and minor disruptions, NIST restricts the DRP to major disruptions only.
PreEmpt simply does not use this term, as we feel the functionality specified by the DRII-DRJ and NIST definitions are adequately addressed by the scope of PreEmpt's definition of "Business Continuity Plan." We realize, as NIST does, that the term is widely used to refer to the plan that addresses restoration of IT functionality. Still, we see no reason to use this term and prefer to address restoration of IT functionality under the definition of "Resource Restoration" (a component of a business continuity plan). We try to avoid use of the word "disaster" altogether, as it brings a mental picture of a building in rubble, which is not likely to be the nature of event that causes plans of this type to be activated. |
|
|
|
|
|
|
|
|
|
|
DRII-DRJ |
The technological aspect of business continuity planning. The advance planning and preparations that are necessary to minimize loss and ensure continuity of the critical business functions of an organization in the event of disaster. SIMILAR TERMS: Contingency Planning; Business Resumption Planning; Corporate Contingency Planning; Business Interruption Planning; Disaster Preparedness.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Note that the DRII-DRJ definition is specific to technology, a qualification not stated in the DRII-DRJ definition of "Disaster Recovery Plan" ... a small, but significant inconsistency. |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
An occurrence or set of circumstances that prevents an organization from providing business continuity using the normal set of procedures and/or resources. |
|
COMMENTS
|
|
|
WM |
As noted in comments under the definition of "disaster," PreEmpt uses this term to define any circumstance that prevents a business from meeting Continuity requirements via normal procedure. i.e. alternate procedures and/or resources must be implemented or activated. |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
1. An evaluation of the impact that a disruptive event has had on an organization determined by applying the Damage Assessment to the findings of the BIA (Business Impact Analysis).
or in the event that no BIA has been performed
2. An evaluation of the impact that a disruptive event has had on the ability of an organization to continue to do business.
Impact Examples: 1) operational, 2) financial, 3) employee morale, 4) stakeholder confidence, and 5) all other impacts to the organization. |
|
| |