|
PreEmpt, Inc. Home |
|
Definition Forum |
|
This page is maintained by PreEmpt Inc. as a service to the Business Continuity Community. As a relatively new profession, it is important that the industry establish standards for terminology used within the industry. If we don't, someone else will!
|
|
|
|
Contribute to the Business Continuity Profession by using this web page! See how below. I have read this before. Skip to the list of BCP terms. |
Why are we concerned? Terms dealing with Disaster Recovery & Business Continuity are used inconsistently by planners, vendors, users, and management. |
|
How can you be part of the process?
This web page lists commonly used BC/DR terms. If you know of a good source of definitions that you would like to see referenced here, please let us know. Definitions provided are from various industry sources (see Legend).
The purpose of comparing definitions from varied sources is to identify differences and, hopefully, stimulate a dialog to improve definitions, resolve discrepancies or deficiencies in definitions, and eventually improve and standardize the meaning of commonly used terms. YOU can be part of the process. Please send your comments to: mailto:languageisimportant@preemptinc.com?subject=Language is Important Comments will be screened and posted, as appropriate. We prefer to post comments using your name and the name of your company. However, comments will be posted with initials only and without a company name, unless you specify that your name and/or your company name may be used.
~~~~~ Opinions! ~~~~~
This page is not intended to be opinion free. If you feel a particular definition is great as it stands, let us know. If you think the definition is off-base, let us know as well, but please tell us why, so your thoughts can be shared with other readers. Each definition has a link for submission of comments to that definition.
If you have a term that you would like to see discussed on this page, please let us know!
Special thanks to the North Texas Chapter of Association of Contingency Planners for providing the initial impetus to get this web page started.
Commonly Used Business Continuity Terms
This page is a work in progress! Definitions for some of the terms listed below have not yet been added to this forum. If the term you are looking for is listed, but has no link, please be patient and check this page at a later date. Thanks - WM (Web Master)
|
|
|
Business Continuity Management |
Disaster Preparedness | |
| Business Continuity |
Redundant Site | ||
|
|
Disaster Recovery Plan | Resiliency | |
| Business Continuity Planning | Disaster Recovery Planning | ||
| Business Continuity Program | |||
| Disruption Impact Assessment | |||
| Business Recovery |
Response | ||
|
Duplicate Site |
|||
| Business Resumption |
Restoration Plan | ||
|
Hot Site |
Restored | ||
| Cold Site | Impact |
Resumed or Resumption | |
| Risk | |||
| Continuity - Webster | |||
| Risk Analysis | |||
|
|
Minimum Required Resources | Risk Management | |
|
|
Crisis |
Mirroring |
Strategy Options Analysis |
|
Crisis Management |
Mitigation | ||
|
|
Critical Processes (or Functions) | Pre-positioned Resources | Warm Site |
|
|
Recovery |
| |
| Recovery Plan | |||
|
|
Disaster Prevention | Recovery Point Objective | |
|
|
|||
|
|
|
|
BCP = Business Contingency Preparedness DRII-DRJ = Disaster Recovery Institute International - Disaster Recovery Journal FCP = Forbes Calamity Prevention NIST = National Institute of Standards & Technology NFPA = National Fire Prevention Association OCC = Office of the Comptroller of Currency WM = Web Master NOAD = New Oxford American Dictionary |
Definitions & Proposed Definitions from Various Sources
|
|
|
|
NIST
|
The BCP focuses on sustaining an organization’s business functions during and after a disruption. An example of a business function may be an organization’s payroll process or consumer information process. A BCP may be written for a specific business process or may address all key business processes. Information systems are considered in the BCP only in terms of their support to the larger business processes. In some cases, the BCP may not address long-term recovery of processes and return to normal operations, solely covering interim business continuity requirements.
|
|
PreEmpt |
A set of instructions, procedures, and guidelines for protecting and ensuring (to the extent possible) the continuity of business processes. The plan includes procedures for use prior to any potentially disruptive event (problem elimination or mitigation) and procedures to be used during and following any disruptive event. |
|
COMMENTS
|
|
|
WM |
Oddly enough, of the sources used for this comparison, NIST is the only entity (other than PreEmpt) that provides a definition for this term. It is important to note that the NIST definition classifies Information Systems as a resource to support the business process. PreEmpt agrees that IS or IT is indeed a resource, with the exception that an organization that sells computer support would have to consider IT or IS as a business process. We do not feel that the last part of the definition (possibly) restricting BCP to "interim continuity only" is necessary.
Note that the PreEmpt definition includes procedures for use prior to, during, and following a disruption, while the NIST definition restricts procedures to "during and after" a disruption. |
|
|
|
|
|
|
|
|
|
| BCP |
The overall process of developing an approved set of arrangements and procedures to insure your business can respond to a disaster and resume its critical business functions within a required time frame objective. It is an ongoing process to plan, develop, and implement disaster recovery procedures to ensure the optimum availability of the critical business functions. The primary objective is to reduce the level of risk and cost to you and the impact on your staff, customers and suppliers.
|
|
DRII-DRJ |
Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. SIMILAR TERMS: Contingency Planning, Disaster Recovery Planning.
|
| FCP |
Business Continuity Planning, or BCP, means making advance preparations to continue your business activities after an interruption. BCP is sometimes called "disaster recovery planning" or "contingency planning." The BCP process should answer two questions, "What could go wrong?" (called a risk analysis), and "If something went wrong, how would it affect our business?" (called a business impact analysis). Your answers to those questions help determine your recovery strategies, which should be written down and tested every year.
|
|
PreEmpt |
Process of developing advance arrangements to protect and ensure (to the extent possible) the Continuity of business processes.
|
|
COMMENTS
|
|
|
WM |
We would like to modify the DRII-DRJ definition to include planning efforts that mitigate or prevent (not just respond to) interruptions all together. We do like the part of the DRII-DRJ definition that speaks to planned levels of interruption as opposed to the Merriam Webster definition (of continuity) that allows for no interruptions at all. See the PreEmpt definition of "Continuity" on this web page.
The BCP definition uses the term "Disaster" We would prefer to use another term such as "Disruptive Event" because we feel that Business Continuity Planning should and does address disruptions of all sizes - not just large scale events (as the BCP definition of Disaster implies). We also feel that the use of the term "recovery" weakens the definition. See the definitions of recovery vs continuity.
Sometimes less is more. The PreEmpt definition is more inclusive (less restrictive) than the DRII-DRJ definition and, as the examples show, can encompass mitigation planning as well as response planning. |
|
|
|
|
|
|
|
|
|
|
DRII-DRJ |
An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.
|
|
NFPA |
An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity of services through personnel training, plan testing, and maintenance.
|
|
PreEmpt |
An ongoing process that supports developing and maintaining advance arrangements to protect and ensure (to the extent possible) the Continuity of business processes. |
|
COMMENTS
|
|
|
WM |
Both the DRII-DRJ and NFPA definitions use the term "recovery." This brings up the issue of whether "recovery" and "continuity" are interchangeable terms. Other definitions on this web page, such as "Business Recovery Plan" as defined by NIST make a clear distinction between "continuity" and "recovery." The DRII-DRJ definition of "recovery" hints at actions addressed at some time distant from the event, while the NFPA definition of "recovery" is clearly aimed at reestablishing an acceptable level of operations and not continuation of processes during an event.
In other words, as a whole, the terms "recovery" and "continuity" are sometimes used interchangeably and sometimes there is a defined difference between the two terms. "Recovery" seems to be a confusing term, particularly when used in the context of DR (Disaster Recovery), where it commonly applies only to recovery of the technical component.
PreEmpt's definition avoids use of the word "recovery" in the definition of "Business Continuity Program." |
|
|
|
|
|
|
| Business Impact Analysis | |
| DRII-DRJ |
The process of analyzing all business functions and the effect that a specific disaster may have upon them. 1) Determining the type or scope of difficulty caused to an organization should a potential event identified by the risk analysis actually occur. The BIA should quantify, where possible, the loss impact from both a business interruption (number of days) and a financial standpoint. SIMILAR TERMS: Business Exposure Assessment, Risk Analysis
|
| FCP |
A Business Impact Analysis, or BIA, estimates the possible consequences to your company of a sudden, unplanned, severe interruption for any reason.
|
| NFPA |
A management level analysis that identifies the impacts of losing the entity’s resources. The analysis measures the effect of resource loss and escalating losses over time in order to provide the entity with reliable data upon which to base decisions concerning hazard mitigation, recovery strategies, and continuity planning.
|
| PreEmpt | A management level analysis that identifies the impact to business process and an organization's total operation resulting from the loss of a resources or set of resources over time. |
|
COMMENTS
|
|
| Make a comment | |
|
Business Recovery |
|
|
|
|
|
OCC |
Business recovery preparations enable a firm to recover the operation of a disrupted business process or function in order to manage firm and customer risks
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Clearly, the OCC definition is directed at a business process. However, the term "recovery" is problematic. We did not find an OCC definition of "recovery," but there are definitions of "recovery" from the DRII-DRJ and NFPA, neither of which indicates that recovery is synonymous with Continuity. If we apply the NFPA definition of recovery (see below) in the OCC definition of "business recovery," then the term would mean returning business process to normal and not Continuity of business processes following a disruption. That having been said, it is our guess that the intention of the definition was to include Continuity. Language is important. |
|
|
|
|
|
|
|
NIST |
The BRP addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but unlike that plan, the BRP typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption.
|
|
OCC |
The goal of business recovery plans is the recovery of a particular activity or function, and not the recovery of a disabled facility or system.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
The NIST definition clearly makes a distinction between business recovery and business continuity. By implication, the NIST definition concedes that a pause or break in business processes will occur (continuity is broken). The OCC definition makes it clear that BRP includes "recovery" of a business process and does NOT include recovery of a facility or a system.
PreEmpt feels the concepts expressed in the definitions provided by both NIST and OCC are adequately addressed by PreEmpt's definition of Business Continuity Plan, therefore, we have decided not to include the term BRP in our vernacular. |
|
|
|
|
|
|
|
| |
|
OCC |
The goal of business resumption is the effecting and processing of new transactions after old transactions have been completed.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Although other sites (NIST) use the term Business Resumption Plan, OCC is the only one that bothers to define the term. DRII-DRJ does define "resumption."
Like the term "Business Recovery Plan," PreEmpt feels the concepts expressed by this term are adequately covered by PreEmpt's definition of "Business Continuity," therefore we have decided not to use the term BR. While it is logically consistent to define a plan that does not insist on strict continuity of business processes and only specifies processes be resumed following a disruption, we feel that the PreEmpt definition of Continuity, which tolerates interruptions of acceptable length or severity, obviates the need for a separate "resumption" plan. |
|
|
|
|
|
|
|
|
|
|
NIST |
The BRP addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but unlike that plan, the BRP typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. |
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Like the term "Business Recovery Plan," PreEmpt feels the concepts expressed by this term are adequately covered by PreEmpt's definition of "Business Continuity," therefore we have decided not to use the term BRP. |
|
|
|
|
|
|
| Contingency Plan | |
|
BCP |
A specific planned response to an event which is possible, but uncertain, to occur.
|
|
DRII-DRJ |
A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources including workaround procedures, an alternate work area, a reciprocal agreement, or replacement resources.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
Merriam- Webster |
a : uninterrupted connection, succession, or union b : uninterrupted duration or continuation especially without essential change |
|
COMMENTS
|
|
|
WM |
None of the sources used in this comparison defines "continuity," so we went to the Merriam-Webster website for a definition. Note the reference to "uninterrupted" in the definition. In most cases, the definitions of compound terms reviewed on this web page that contain the word "continuity" allow for some, perhaps brief, interruption to a business or process.
See PreEmpt's definition of Continuity below. |
|
|
|
|
|
|
|
PreEmpt |
Continuation of business and or operations without interruption or with acceptable levels or lengths of interruption following a disruptive or potentially disruptive event. |
|
COMMENTS
|
|
|
WM |
The Merriam-Webster definition of continuity specifies there will be no interruption at all. For business continuity planning purposes, we felt the definition could be modified to allow continuity to exist if the interruptions were of acceptable lengths or levels. Because we would like to use this definition in the term "Continuity Planning," we also qualified the definition to address actual disruptions, as well as potentially disruptive events (i.e. events that would have been disruptive except for proper planning and mitigation). Also note, the definition carefully avoids the use of the term "Disaster," which in itself is difficult to define. |
| Make a comment | |
|
|
|
|
|
|
|
PreEmpt |
The boundaries of time and service level within which a business process must be accomplished to avoid unacceptable consequences associated with a break in Continuity. |
|
COMMENTS
|
|
|
WM |
PreEmpt uses this term as a replacement for the infamous RTO. Note that we have introduced the concept of tolerance for degradation of service level, as well as time delay as a means of determining acceptable levels for performance or non-performance associated with a process. |
|
|
|
|
|
|
|
BCP |
A process in your business which is critical for the continuation of your business. The criticality of each process may change at various times during the activity and life of your business. The Business Impact Analysis will identify these processes, critical time frames and support requirements. The process may be an internal or external process.
|
|
DRII-DRJ |
Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
|
|
FCP |
Business activities which you believe must be performed in order to satisfy customers, shareholders, or government authorities, are "critical" functions. Critical functions also include activities which must be done to protect the assets or reputation of your company.
|
|
PreEmpt |
A process which, if not performed for a defined time period, will result in unacceptable consequences. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition references an interruption of "several business days." In today's world, tolerance for loss of critical processes may be considerably less than several days. We think the definition could be improved by removing the several days reference. |
| Make a comment | |
|
DRII-DRJ |
The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. and determining what can be salvaged or restored and what must be replaced.
|
|
NFPA |
An appraisal or determination of the effects of the disaster on human, physical, economic, and natural resources.
|
|
PreEmpt |
The process of determining the loss of or reduction in usefulness of a resource or asset, including an evaluation of whether the resource or asset can be repaired or restored and in what time frame. |
|
COMMENTS
|
|
|
WM |
Both the DRII-DRJ and the NFPA definitions indicate that a damage assessment is used to determine the damage to or loss of resources. The DRII-DRJ definition indicates that damage assessment also includes some analysis of the resource loss (as opposed to a simple list). Neither definition specifically includes a component to determine how business operations would be IMPACTED by the loss of or damage to resources. An assessment of the impact (of a disruption) is usually accomplished based on the information from the damage assessment, perhaps by an executive team or group or by a committee or other decision making group. See Disruption Impact Assessment.
Note that the PreEmpt definition does not use the word "disaster," as we feel it is simply not necessary. |
|
|
|
|
|
|
|
BCP |
A sudden, unplanned calamitous event that causes great damage or loss. In the business environment, it is an event that creates an inability on an organization's part to provide the critical business functions for some predetermined period of time.
|
|
DRII-DRJ |
A sudden, unplanned calamitous event causing great damage or loss. 1) Any event that creates an inability on an organizations part to provide critical business functions for some predetermined period of time. 2) In the business environment, any event that creates an inability on an organization’s part to provide the critical business functions for some predetermined period of time. 3) The period when company management decides to divert from normal production responses and exercises its disaster recovery plan. Typically signifies the beginning of a move from a primary to an alternate location. SIMILAR TERMS: Business Interruption; Outage; Catastrophic
|
|
FCP |
A disaster is any sudden, unplanned, severe interruption of normal business activities. ... In business continuity planning, the cause of the interruption is not as important as the consequences to your business.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
We like the concept expressed in the 2nd part of the DRII-DRJ definition. We also like the first sentence of part 3. We don't, however, like the assumption in the last sentence that disaster implies movement to an alternate site or that movement to an alternate site defines a disaster.
On the whole, when discussing business continuity, PreEmpt prefers to use the term "Disruptive Event" where many others use the term "disaster." Disruptive events can include both large and small events, while for most, the term disaster implies a large catastrophic event. Since most so-called "disaster plans" must address small events, as well as large events, we simply do not think "disaster" is the most appropriate term for most business plans. Indeed, we feel that in most cases, it is a misnomer.
In a good number of cases, PreEmpt has found that planners try to use the definition of "Disaster" as the criteria for activation of their "Disaster Plan." We feel strongly that activation criteria should be part of the plan (by whatever name) and not a function of a definition.
We especially like the last phrase of the FCP definition: "In business continuity planning, the cause of the interruption is not as important as the consequences to your business." |
|
|
|
|
BCP |
Activities, programs, and systems developed prior to a disaster that are used to support and enhance mitigation, emergency response, and recovery.
|
|
PreEmpt |
PreEmpt does not use this term |
|
COMMENTS
|
|
|
WM |
The use of the term "recovery" in the BCP definition could be problematic. We assume that the definition is intended to include business continuity or continuation as well as recovery. The terms "recovery" and "continuation" or "continuity" are not consistently used as interchangeable terms within the business continuity field. Additionally, we would include remediation planning in the definition. |
| Make a comment | |
|
BCP |
Measures employed to prevent, detect, or contain incidents, which, if left unchecked, could result in disaster.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
|
|
|
|
|
|
DRII-DRJ |
Activities and programs designed to return the entity to an acceptable condition. 1) The ability to respond to an interruption in services by implementing a disaster recovery plan to restore an organization's critical business functions.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition of Disaster Recovery is consistent with their definition of Disaster Recovery Plan, but not necessarily with their definition of Disaster Recovery Planning. Their Planning definition is clearly technology specific, while their definition of Disaster Recovery is oriented to business functions. Certainly the technical component will eventually support the business processes. However, if the term "Disaster Recovery Planning" is to be technology specific, the definition of "Disaster Recovery" should be also. |
|
|
|
|
|
|
|
DRII-DRJ |
The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster recovery goals.
|
|
NIST |
As suggested by its name, the DRP applies to major, usually catastrophic, events that deny access to the normal facility for an extended period. Frequently, DRP refers to an IT-focused plan designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency. The DRP scope may overlap that of an IT contingency plan; however, the DRP is narrower in scope and does not address minor disruptions that do not require relocation.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Note that the NIST definition is much more specific than the DRII-DRJ definition, and it clearly denotes a DRP is usually specific to Information Technology. The NIST definition also makes a clear distinction between a DRP and IT Contingency Plan. While the DRII-DRJ definition leaves room for the plan to address both major and minor disruptions, NIST restricts the DRP to major disruptions only.
PreEmpt simply does not use this term, as we feel the functionality specified by the DRII-DRJ and NIST definitions are adequately addressed by the scope of PreEmpt's definition of "Business Continuity Plan." We realize, as NIST does, that the term is widely used to refer to the plan that addresses restoration of IT functionality. Still, we see no reason to use this term and prefer to address restoration of IT functionality under the definition of "Resource Restoration" (a component of a business continuity plan). We try to avoid use of the word "disaster" altogether, as it brings a mental picture of a building in rubble, which is not likely to be the nature of event that causes plans of this type to be activated. |
|
|
|
|
|
|
|
|
|
|
DRII-DRJ |
The technological aspect of business continuity planning. The advance planning and preparations that are necessary to minimize loss and ensure continuity of the critical business functions of an organization in the event of disaster. SIMILAR TERMS: Contingency Planning; Business Resumption Planning; Corporate Contingency Planning; Business Interruption Planning; Disaster Preparedness.
|
|
PreEmpt |
PreEmpt does not use this term. |
|
COMMENTS
|
|
|
WM |
Note that the DRII-DRJ definition is specific to technology, a qualification not stated in the DRII-DRJ definition of "Disaster Recovery Plan" ... a small, but significant inconsistency. |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
An occurrence or set of circumstances that prevents an organization from providing business continuity using the normal set of procedures and/or resources. |
|
COMMENTS
|
|
|
WM |
As noted in comments under the definition of "disaster," PreEmpt uses this term to define any circumstance that prevents a business from meeting Continuity requirements via normal procedure. i.e. alternate procedures and/or resources must be implemented or activated. |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
1. An evaluation of the impact that a disruptive event has had on an organization determined by applying the Damage Assessment to the findings of the BIA (Business Impact Analysis).
or in the event that no BIA has been performed
2. An evaluation of the impact that a disruptive event has had on the ability of an organization to continue to do business.
Impact Examples: 1) operational, 2) financial, 3) employee morale, 4) stakeholder confidence, and 5) all other impacts to the organization. |
|
COMMENTS
|
|
|
WM |
None of the sources used in this comparison defined a Disruption Impact Assessment, so we have included the PreEmpt, Inc. definition.
Note that the PreEmpt definition makes a clear distinction between Damage Assessment and Disruption Impact Assessment. Damage Assessment identifies which resources have been affected and to what degree they have been affected. Disruption Impact Assessment identifies how the business processes will be impacted by the loss of resources identified in the Damage Assessment.
Assuming that a BIA has been properly conducted (pre-event) and that resources were properly mapped to business processes during the BIA, then the impact on an organization due to a loss of resources (DIA) should be easily and accurately discernable by applying the Damage Assessment to the BIA.
Note that the BIA is conducted prior to the event and the DIA is conducted after the event has caused a disruption and after the damage assessment. The concept of a DIA is distinct from that of a BIA in that the BIA must address what would be affected by the loss of any or all resources, while the DIA is specific to the impact caused by the actual loss of a set of resources (identified during the damage assessment). |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
Any event that causes a disruption. |
|
COMMENTS
|
|
|
WM |
PreEmpt uses this term exclusively in lieu of "Disaster." A Business Continuity Plan should address business continuity for any disruption, not just "disasters." See WM comments under "Disaster." |
|
|
|
|
|
|
| Emergency Response Plan | |
|
DRII-DRJ |
EMERGENCY
PROCEDURES:
A plan of
action to commence immediately to prevent the loss of life and minimize
injury and property damage.
|
|
PreEmpt |
An action plan that addresses the immediate response to a situation or set of circumstances that presents a clear and present threat to the safety of personnel or other assets of an organization. An ERP is designed to address 1) life safety, 2) situation/facility stabilization, 3) damage mitigation, 4) initial damage assessment, and 5) initial notification/escalation. The ERP is concerned with "business continuity" only in the sense that BC will be the beneficiary of an effective response regarding items 1, 2, 3, 4, & 5 and only if it is safe to do so. |
|
COMMENTS
|
|
|
WM |
Strangely, as pervasive as the term "Emergency
Response" is, we did not find a definition (other than PreEmpt's) among the
sources used for reference on this web page. The DRII-DRJ did have the
term "Emergency Procedures" in their glossary, and we have included that
definition here. Note that the PreEmpt definition is broad enough to include planned response to business "situations" (i.e. competitor actions, adverse media announcements, loss of stock value, etc.) as well as life safety and facility stabilization issues. |
| Make a comment | |
|
BCP |
You will be impact tolerant when the result of a large or small "undesirable" event does not impair your delivery of business processes. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
*V. /in'fiks/ (trans.) Implant or insert firmly in something. ORIGIN: early 16th cent.: from Latin infix- ‘fixed in,’ from the verb infigere, from in- ‘into’ + figere ‘fasten | |
|
COMMENTS
|
|
|
|
|
|
WM |
This definition is included because of its use in the compound term Resource Infixation. |
|
|
|
|
PreEmpt |
Procedures to protect or ensure (to the extent possible) the Continuity of business processes from the time that normal procedures become inadequate or cannot be used until such time that normal procedures can be resumed. |
|
COMMENTS
|
|
|
WM |
This a term that PreEmpt defined and has incorporated into its lexicon. In PreEmpt's model, interim procedures are the part of a business continuity plan that is used to continue to perform business processes from the point of the disruptive event until such time as normal procedures can be resumed. Interim procedures do not address mitigation planning, recovery (as defined by PreEmpt), or restoration. They do, however, address all operations from the point of the disruption until return to normal or near normal operation. |
|
|
|
| FCP |
MINIMUM OPERATING REQUIREMENTS - Minimum Operating Requirements, or MOR's, are the minimum numbers of anything required to perform a business function for a specific period of time.
|
| PreEmpt | The minimum resources, of any type, required to perform a function or process for a defined length of time at a defined level. |
|
COMMENTS
|
|
|
|
Make a comment |
|
|
|
|
BCP |
Disaster Mitigation - : Activities taken to eliminate or reduce the level of risk to life, property and your business from hazards.
|
|
DRII-DRJ |
"Risk Mitigation - Implementation of measures to deter specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner.
|
|
NFPA |
Activities taken to eliminate or reduce the probability of the event, or reduce its severity or consequences, either prior to or following a disaster/emergency.
|
|
PreEmpt |
Measures taken to eliminate or reduce the probability of a disruptive event, or reduce its severity or consequences, either prior to, during, or following the occurrence of the event. |
|
COMMENTS
|
|
|
WM |
The NFPA definition makes it clear that mitigation measures should be addressed both prior to and following an event. We feel that this is an important point. The DRII-DRJ definition uses the word "measure" where the NFPA definition uses the word "activities". We feel that "measures" is a stronger word that indicates or implies planning "activities" as well as reactive "activities".
The DRII-DRJ definition introduces a qualification to the definition that restricts the application of mitigation measures to continuity of business operations. While BC may be the topic of this page we see no reason to have this restriction in the definition. Indeed, mitigation measures put in place for BC purposes may have value in other areas as well.
PreEmpt accepts the NFPA definition with cosmetic changes. Note that PreEmpt's definition avoids the use of terms such as disaster and emergency in our definition because mitigation can be appropriate for disruptive events that are not disasters or emergencies. |
|
|
|
|
|
|
|
PreEmpt |
Resources in place that may be used for business continuity purposes, if a disruption occurs that prevents or impairs an entity's ability to continue business using the normal set of resources.. |
|
COMMENTS
|
|
|
WM |
An important concept in business continuity planning. This term provides a generic grouping of resources that BC planners have traditionally included in planning efforts. Pre-positioned resources could include hot sites, personnel, expertise, work space, offsite storage, etc. Note that the definition does not exclude resources in place that are normally used for one purpose, but following a disruption might be used for another. i.e. pre-positioned resources need not be dedicated to business continuity. |
|
|
|
|
|
|
|
DRII-DRJ |
Process of planning for and/or implementing expanded operations to address less time-sensitive business operations immediately following an interruption or disaster. 1) The start of the actual process or function that uses the restored technology and location.
|
|
NFPA |
Activities and programs designed to return conditions to a level that is acceptable to the entity.
|
|
PreEmpt |
1) Processes or actions designed to return conditions to a level that is acceptable to the organization. 2) The return to a normal or near normal condition. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition seems a little vague in what the term addresses. The first part of the definition indicates that "recovery" addresses less time-sensitive operations, but goes on to say "immediately following an interruption." If operations are less time-sensitive, it would seem that they would not have to be addressed "immediately following the interruption." The last part of the definition refers to restored technology, which implies that processes cannot be accomplished without technology in place and that the term recovery applies to a process, but not to technology, which may not be the actual intention of the definition.
Both the DRII-DRJ and the NFPA definitions define "recovery" as a process. However, the last sentence of the DRII-DRJ definition indicates a state or point in the process of returning to normal operations.
PreEmpt accepts the NFPA definition with cosmetic changes. However, we also retain that part of the DRII-DRJ definition that indicates a state (i.e. recovered state).
We would also like to note that none of the definitions provided would be synonymous with Continuity or continuation of a process. Under the definitions shown, a process could be recovered, but that would imply that Continuity was being regained (restored) after having been lost.
If continuity and recovery are not equivalent terms, then PreEmpt feels that compound terms such as "Business Continuity" and "Business Recovery" are not equivalent terms either. |
|
|
|
|
|
|
|
|
|
|
NFPA |
The recovery plan shall be developed using strategies based on the short-term and long-term priorities, processes, vital resources, and acceptable time frames for restoration of services, facilities, programs, and infrastructure.
|
|
PreEmpt |
1) A set of instructions, procedures, and guidelines designed to return conditions to a level of operation that is acceptable to the organization. 2) A set of instructions, procedures, and guidelines designed to enable an entity to return to a normal or near normal condition. |
|
COMMENTS
|
|
|
WM |
While we did not specifically find a definition of "recovery plan" from any of our sources, we did find numerous references in NFPA 1600, an excerpt of which is included above for NFPA. There are numerous references to plans that have the word recovery in them on this web page, for example "Business Recovery Plan" or "Disaster Recovery Plan."
You will note that PreEmpt does use the term "Recovery Plan," but we do not use either Business Recovery Plan or Disaster Recovery Plan for the reasons stated in the comments associated with each term. Our definition of "recovery" is key to term usage. PreEmpt, like both the DRII-DRJ and NFPA, makes a distinction between Continuity and recovery. |
|
|
|
|
|
|
|
BCP |
RPO is the point to which a recovery process must restore process functionality to enable the business to meet or exceed deliverable requirements. Depending on agreements in place, minimum RPO requirements may be less, for short periods of time, immediately following an impact and prior to acceptable normal production recovery.
|
|
DRII-DRJ |
The point in time to which systems and data must be recovered after an outage. (e.g. end of previous day's processing). RPOs are often used as the basis for the development of backup strategies, and as a determinant of the amount of data that may need to be recreated after the systems or functions have been recovered.
|
|
FCP |
The point in time to which systems and data must be recovered after an outage, as determined by the responsible business unit(s).
|
|
PreEmpt |
An acceptable and agreed upon point (in time or transactions) in the past to which a system and/or data can be restored. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
BCP |
RTO is the maximum acceptable length of time that can elapse before the unavailability of a business function severely impacts the business entity. The RTO is comprised of two components: a) the time before a disaster is declared, during which time the impact begins, is recognized and is identified, and b) the time to perform the tasks documented in the disaster recovery plan for resumption of the critical business functions.
|
|
DRII-DRJ |
The period of time within which systems, applications, or functions must be recovered after an outage (e.g. one business day). RTOs are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. SIMILAR TERMS: Maximum Allowable Downtime.
|
|
FCP |
A Recovery Time Objective, or RTO, is the number of hours or days in which you want to recover a resource or resume a business activity.
|
|
PreEmpt |
The boundaries of time and service level within which a business process must be accomplished to avoid unacceptable consequences associated with a break in Continuity. See "Continuity Tolerance Boundaries" |
|
COMMENTS
|
|
|
WM |
We like the DRII and BCP definitions, with the exception of the use of the terms "recovery" and "disaster." Note that the definitions of "recovery" provided on this web page indicate that the terms "recovery" and "continuity" are not interchangeable. In fact, the use of the term "recovery" in the term "Recovery Time Objective" is inconsistent with the definitions provided. "Resumption Time Objective" might be more consistent with the meaning expressed by the definition.
Note that the PreEmpt definition introduces the concept of service level, as well as time. It is also important to note that the PreEmpt definition avoids the use of the term "recovery" and "disaster," as we feel they are somewhat ambiguous and not necessary for the definition.
Except for the widespread use of the term "RTO," PreEmpt would not use this term at all. Instead, we would opt to use the term Continuity Tolerance Boundaries. |
|
|
|
|
|
|
|
BCP |
Your business is "Impact Tolerant" and you are able to effectively maintain "Business Continuity" if any impact does occur. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
PreEmpt |
A schedule for use following a disruption that defines the point in time that resources required for business continuity purposes must be available to ensure business continuity within the limits of the Continuity Tolerance Boundaries established in the Business Impact Analysis. |
|
COMMENTS
|
|
|
WM |
PreEmpt's concept for the use of this term is that resources will be made available based on the CTB's for each process. Note that the definition (and the term itself) is broad enough to address scheduling requirements for the establishment of new or interim resources, restoration of old resources, or the use of undisturbed resources (i.e. there is no reason to assume that all resources will become unavailable as the result of a disruption).
PreEmpt feels that the use of the word "availability" in this term more accurately reflects the BC planner's concerns than does the word "restoration" in the more widely used term Resource Restoration Schedule.. |
|
|
|
|
|
|
|
|
|
|
PreEmpt |
The act of establishing resources necessary for business continuity purposes. The term may apply to resources put in place before, during, or following a disruptive event. |
|
COMMENTS
|
|
|
WM |
PreEmpt feels that this term is necessary for clarification and distinction between resources that have been lost and, therefore, need to be restored, and those resources that were never lost, but that are put in place for business continuity purposes either before, during, or following a disruption. |
|
|
|
|
|
|
|
|
|
|
DRII-DRJ |
RESTORATION: Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents, and for the restoration of normal operations at the primary site.
|
|
PreEmpt |
The act of restoring resources or restoring the functionality of resources that have, for whatever reason, become totally or partially unavailable (to an organization) for the support of business process continuity. |
|
COMMENTS
|
|
|
WM |
The DRII does not have a definition of "resource restoration," so we have included their definition of "restoration." We feel the DRII definition is somewhat restrictive and have, therefore, made the PreEmpt definition broad enough to include ALL resources. |
|
|
|
|
|
|
| Risk | |
|
FCP |
Risk means the potential for loss. Risk is a way of measuring the likelihood that any event will occur which could affect your business, multiplied by the consequences to your business if it did occur. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
PreEmpt |
The acceptance of a known and identifiable risk by an individual or decision making group authorized to accept that risk. Particularly, the deliberate acceptance of risk in lieu of implementing risk avoidance or mitigation measures. |
|
COMMENTS
|
|
|
|
|
|
|
|
|
DRII-DRJ |
Process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event.
|
|
FCP |
Risk Analysis is the process of identifying and ranking risks to your business. ... Risk Analysis gives your management an objective view of its environment, and an opinion about the risks your business faces.
|
|
PreEmpt |
An activity designed to identify and evaluate the risks to an organization and its operation. Typically, the analysis will include identification and evaluation of existing controls and recommendations for new controls for mitigation of identified risks. |
|
COMMENTS
|
|
|
WM |
The DRII-DRJ definition includes "assessing the critical functions necessary for an organization to continue business operations," a function usually accomplished or addressed during the BIA. See Business Impact Analysis |
| Make a comment | |
|
BCP |
A management approach designed to prevent and reduce risks, including business process and system development risks, and to lessen the impact of their occurrence. The objective is to identify the risks and mitigate to an acceptable level while considering the risk impact, probability and cost of mitigation implementation options. |
|
COMMENTS
|
|
| Make a comment | |
| Strategy Options Analysis | |
|
PreEmpt |
An exercise that produces a management level report documenting attributes of viable strategies for meeting the Recovery Time Objectives (for each business process) identified in the Business Impact Analysis. The analysis includes identification and documentation of the advantages, disadvantages, limitations, acceptability, and cost of each viable option. |
|
COMMENTS
|
|
| Make a comment | |
|
|
|
|
PreEmpt |
The process of moving responsibility for continuity of business processes from Interim Procedures to normal procedures. |
|
COMMENTS
|
|
|
WM |
Note that normal procedures may or may not be the same procedures that were in place at the time interim procedures were activated. |
|
|
|
|
|
|
|
|
|