BCI Glossary Flashcards
One or more tasks undertaken by, or for an organization, that produces or supports the delivery of one or more products and services.
Activity or activities
The Professional Practice within the business continuity management lifecycle that reviews and assesses an organization to identify its objectives, how it functions and the constraints of its operating environment.
Analysis (PP3)
A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Audit
The capability of the organization to continue delivery of products or services at acceptable pre-defined levels following a disruptive incident.
Business Continuity (BC)
A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
Business Continuity Management (BCM)
The ongoing cycle of activities of the business continuity programme, that build organizational resilience.
Business Continuity Management (BCM) Lifecycle
Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.
Business Continuity Management System (BCMS)
Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.
Business continuity plan (BCP)
The ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management.
Business continuity programme
The time frames and resources, and capabilities necessary to continue to deliver the prioritised products, services, processes, and activities following a disruption.
Business continuity requirements
The process of analysing activities and the effect that a business disruption might have upon them.
Business impact analysis (BIA)
The ability to apply knowledge and skills to achieve intended results.
Competence
A recurring activity to enhance performance.
Continual improvement
A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action.
Crisis
The Professional Practice within the business continuity management lifecycle that identifies and selects appropriate solutions to determine how continuity can be achieved in the event of an incident.
Design (PP4)
The Professional Practice that defines how to integrate business continuity awareness and practice into business as usual activities.
Embedding (PP2)
The process to train for, assess, practice, and improve performance in an organization.
Exercise
The Professional Practice within the business continuity management lifecycle that implements the solutions agreed in the Design stage. It also includes developing the business continuity plans and a response structure.
Implementation (PP5)
A situation that might be, or could lead to, a disruption, loss, emergency or crisis.
Incident
A person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.
Interested party
The act of declaring that an organization’s business continuity arrangements need to be put into effect in order to continue delivery of key products or services.
Invocation
The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.
Maximum acceptable outage (MAO)
The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.
Maximum tolerable period of disruption (MTPD)
The minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption.
Minimum Business Continuity Objective (MBCO)
The person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.
Organization
The ability of an organization to absorb and adapt in a changing environment.
Organizational resilience
The values, attitudes and behaviour of an organization that contribute to the unique social and psychological environment in which it operates.
Organizational culture
People working for and under the control of the organization.
Personnel
Provides the intentions and direction of an organization as formally expressed by its top management.
Policy
The Professional Practice that establishes the organization’s policy relating to business continuity and defines how the policy should be implemented throughout the business continuity programme.
Policy and Programme management (PP1)
The activities to which priority must be given following an incident in order to mitigate impacts.
Prioritised activities
A set of interrelated or interacting activities which transforms inputs into outputs.
Process
Beneficial outcomes provided by an organization to its customers, recipients and interested parties.
Products and services
The point to which information used by an activity must be restored to enable the activity to operate on resumption.
Recovery point objective (RPO)
The period of time following an incident within which a product or service must be resumed, or activity must be resumed, or resources must be recovered.
Recovery time objective (RTO)
All assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in order to operate and meet its objective.
Resources
The effect of uncertainty on objectives.
Risk
The overall process of risk identification, risk analysis and risk evaluation.
Risk assessment
Coordinated activities to direct and control an organization with regard to risk.
Risk management
An exercise whose aim is to obtain an expected, measurable pass/fail outcome.
Test
A potential cause of an unwanted incident, which can result in harm to individuals, the environment or the community.
Threat
A person or group of people who directs and controls an organization at the highest level.
Top management
The Professional Practice within the business continuity management lifecycle that confirms that the business continuity programme meets the objectives set in the policy and that the plans and procedures in place are effective. It includes exercising, maintenance and review activities.
Validation (PP6)
