Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BCI Good Practice Guidelines > CBCI Glossary of Terms & Exam > Flashcards

CBCI Glossary of Terms & Exam Flashcards

1
Q

One or more tasks undertaken by, or for an organization, that produces or supports the delivery of one or more products and services.

Procedure or procedures
Activity or activities
Process or processes

A

Activity or activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Professional Practice within the business continuity management lifecycle that reviews and assesses an organization to identify its objectives, how it functions and the constraints of its operating environment.

PP1
PP2
PP3
PP4

A

Analysis (PP3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the criteria are fulfilled.

Exercise
Audit
BIA
Risk assessment

A

Audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The capability of the organization to continue delivery of products or services at acceptable pre-defined levels following disruptive incident.

Risk assessment
Business continuity
Exercising
Threat assessment

A

Business Continuity (BC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

A

Business continuity management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the ongoing cycle of activities of the business continuity programme, that build organizational resilience?

A

Business Continuity Management (BCM) Lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.

A

Business Continuity Management System (BCMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.

A

Business continuity plan (BCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management.

A

Business continuity programme

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The time frames and resources, and capabilities necessary to continue to deliver the prioritised products, services, processes, and activities following a disruption.

A

Business continuity requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The process of analysing activities and the effect that a business disruption might have upon them.

A

Business impact analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The ability to apply knowledge and skills to achieve intended results.

A

Competence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A recurring activity to enhance performance.

A

Continual improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action.

A

Crisis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Professional Practice within the business continuity management lifecycle that identifies and selects appropriate solutions to determine how continuity can be achieved in the event of an incident.

A

Design (PP4)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Professional Practice that defines how to integrate business continuity awareness and practice into business as usual activities.

A

Embedding (PP2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The process to train for, assess, practice, and improve performance in an organization.

A

Exercise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The Professional Practice within the business continuity management lifecycle that implements the solutions agreed in the Design stage. It also includes developing the business continuity plans and a response structure.

A

Implementation (PP5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A situation that might be, or could lead to, a disruption, loss, emergency or crisis.

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.

A

Interested party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The act of declaring that an organization’s business continuity arrangements need to be put into effect in order to continue delivery of key products or services.

A

Invocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.

A

Maximum acceptable outage (MAO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.

A

Maximum tolerable period of disruption (MTPD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption.

A

Minimum Business Continuity Objective (MBCO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.

A

Organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The ability of an organization to absorb and adapt in a changing environment.

A

Organisational resilience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The values, attitudes and behaviour of an organization that contribute to the unique social and psychological environment in which it operates.

A

Organisational culture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

People working for and under the control of the organization.

A

Personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The document that provides the intentions and direction of an organization as formally expressed by its top management.

A

Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The Professional Practice that establishes the organization’s stance relating to business continuity and defines how it should be implemented throughout the business continuity programme.

A

Policy and Programme management (PP1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The activities to which priority must be given following an incident in order to mitigate impacts.

A

Prioritised activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A set of interrelated or interacting activities which transforms inputs into outputs.

A

Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Beneficial outcomes provided by an organization to its customers, recipients and interested parties.

A

Products and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

The point to which information used by an activity must be restored to enable the activity to operate on resumption.

A

Recovery point objective (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The period of time following an incident within which a product or service must be resumed, or activity must be resumed, or resources must be recovered.

A

Recovery time objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

All assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in order to operate and meet its objective.

A

Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The effect of uncertainty on objectives.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

The overall process of risk identification, risk analysis and risk evaluation.

A

Risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Coordinated activities to direct and control an organization with regard to risk.

A

Risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

An exercise whose aim is to obtain an expected, measurable pass/fail outcome.

A

Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A potential cause of an unwanted incident, which can result in harm to individuals, the environment or the community.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A person or group of people who directs and controls an organization at the highest level.

A

Top management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

The Professional Practice within the business continuity management lifecycle that confirms that the business continuity programme meets the objectives set in the policy and that the plans and procedures in place are effective. It includes exercising, maintenance and review activities.

A

Validation (PP6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

To which level do the following activities belong?

  • Provide oversight and support of the business continuity programme including provision of adequate resources and approval of budget
  • Ensure the business continuity programme aligns with the organisations objectives
  • Ensure the business continuity programme complied with the business continuity policy and any related legal and regulatory requirements
  • Monitor and review the business continuity programme regularly to ensure the requirements are being met
  • Support continual improvement
A

Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

To which group do these commitments belong?

  • Recognising and communicating the requirements for business continuity as a key management discipline when building organisational resilience
  • Ensuring that the business continuity policy and programme is aligned to the objectives of the organisation
  • Ensuring that the business continuity programme delivers its expected outcomes and meets the requirements stated in the policy
  • Maintaining support for the business continuity policy and programme
  • Ensuring individuals undertake activities so the business continuity programme is effective
  • Providing the resources required to implement the policy through the ongoing cycle of activities in the business continuity programme
  • Directing and supporting continual improvement of the business continuity programme through reviews and self assessments
  • Providing direction and guidance to embed business continuity into the organisation business as usual routines
A

Leadership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Whose responsibilities are as follows?

Providing leadership, commitment and resources as part of governance

A

Top management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which group oversees, advises and manages the business continuity programme making recommendations and reporting to top management?

A

Business continuity steering group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Who ensures the business continuity plan adequately reflects the organisation business continuity capabilities?

A

Business continuity plan owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Develops and delivers an effective business continuity programme including the facilitation and coordination of plans throughout the organisation

A

Business continuity professional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

They respond to an incident or crisis

A

Incident response personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
  • Communicate the implications of departmental changes that may impact the business continuity programme
  • Collect information for the BIA
  • Develop, implement and maintain departmental plans on behalf of the plan owner
  • Conduct and participate in exercise
A

Departmental representatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Who has the following responsibilities?

  • Acknowledge roles and responsibilities during an incident to ensure effectiveness by understanding the business continuity programme
  • Recognise an incident or crisis
  • Alert incident or crisis
  • Alert incident or crisis responders
  • Escalate action to the incident or crisis management team
  • Respond appropriately to specific threats
  • Respond appropriately when evacuated from the site
  • Understand relevant plans and associated roles and responsibilities
A

All personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which group acts where relevant within the business continuity programme or in response to an incident?

A

Interested party responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q
  • Business continuity policy
  • Business continuity programme of activities
  • Project management documentation
  • Business continuity team meeting agendas minutes and action trackers
  • Skills and competency requirements and records
  • Training and awareness activities
  • BIA Questionnaires and information
  • Risk Assessments
  • Papers supporting the choice of business continuity solutions
  • Response structure
  • Business continuity plans
  • Crisis management plans
  • Exercise programme
  • Exercise Reports
  • SLAs with customers and suppliers
  • Contracts for outsourced service recovery services including workspace and salvage
  • A maintenance review programme and report
A

Business continuity programme documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

To which PP’s process do these belong?

  • Identifying the interested parties within the organisation who require engagement
  • Determining how best to engage with them and understanding their key interests and priorities
  • Engage and communicate with them using the most appropriate channels
  • Use existing events and communication channels where possible to communicate the benefits and return on investment for business continuity within the organisation
A

Embedding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A network of influential individuals in the organisation who understand the benefits of business continuity and building organisational resilience and advocate for it within the organisation

A

Business continuity champions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Project management skills and an understanding of the importance of continual improvement

A

Policy and programme management core competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q
  • An understanding of organisational culture and how to influence it
  • knowledge of the business continuity competencies and skills required and training and awareness raising capabilities
A

Embedding business continuity core competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q
  • Analytical skills related to the BIA including the ability to analyse information, identify problems and develop workable solutions
  • An understanding of risk assessment and mitigation measures
A

Analysis core competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

The ability to design and select appropriate continuity solutions for the organisation

A

Design Core Competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q
  • An understanding of incident and crisis management including knowledge of emergency response
  • The ability to develop, implement and manage plans
A

Implementation Core Competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q
  • The ability to develop, manage, coordinate and deliver an exercise programme
  • Evaluation skills to validate the effectiveness of the business continuity programme
A

Validation Core Competencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q
  • An understanding of the context of the organisation and the environment in which it operates as well as its approach to risk
  • The ability to form an organisational wide view
  • An ability to understand and collaborate with personnel in related management disciplines
  • Effective communication and interpersonal skills
  • Negotiation and influencing skills to gain top management buy-in and commitment
  • facilitation skills and guide and direct workshops,planning sessions, meetings and exercises to achieve productive outcomes
A

Business continuity management skills

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A high-level analysis that can be used to develop a framework for more detailed BIAs. It can also be used to clarify the scope of the business continuity programme

A

Initial BIA

65
Q

Identifies and prioritises products and services and determines the organisations business continuity requirements at a strategic level

A

Product and Service BIA

66
Q

Determines the process or processes required for the delivery of the organisations prioritised products and services

A

Process BIA

67
Q

Identified and prioritises the activities that deliver the most urgent products and services and determines the resources required for the continuity of these activities

A

Activity BIA

68
Q

The following are outcomes of which level of BIA?

  • A list of the organisations products and services (grouped together where appropriate)
  • Impacts over time relating to the delivery failure of products and services
  • Estimated MTPDs of products and services
  • A list of processes and owners that contribute to the delivery of the products and services
  • a breakdown of internal and external activity dependancies
  • A list of products, services, processes and activities that have been excluded along with the justification for the exclusion
A

Initial BIA

69
Q
  • Clarification or modification of the scope of the business continuity programme
  • A list of the organisations prioritised products and services
  • Evaluation of impacts over time
A

Product and Service BIA outcomes

70
Q
  • A list of processes that contribute to the delivery of the organisations prioritised products and services within the scope of the business continuity programme
  • Identification of the interdependencies of the processes
  • The MTPD, RTO and RPO where appropriate for each process
  • Identification of any process that have been outsourced by the organisation and therefore present an increased risk.
A

Process BIA outcomes

71
Q

Which BIA has the following outcomes?

  • A list of activities that contribute towards the processes needed to deliver products and services
  • The MTPD and RTO and the justification for each activity to determine the time frame for the solutions for each activity
  • A breakdown of activity dependancies both internally and externally
  • An understanding of the resources required to provide the agreed service levels
  • The RTO for data and hard copy records
  • Documentation of the internal and external interdependencies for the prioritised activities
A

Activity BIA

72
Q
  • An awareness of the range of potential threats that could disrupt the organisations activities
  • A prioritised list of the threats based on the risk of disruption to the organisations activities
  • Identification of any unacceptable risks and single points of failure
  • Identification of potential options for measures to reduce the frequency or scale of impact of the prioritised threats
A

Risk and Threat assessment outcomes

73
Q

The challenge and check of the information to finalise the business continuity requirements

A

Final analysis and consolidation

74
Q

The separation of activities and resources and running live activities at two or more locations so that in the event of disruption at one location activities can be continued. A costly solution for where the RTO is measured in seconds, minutes or hours rather than days. To work it may require the suspension of other non- essential operations to manage the additional workload from the displaced site

A

Diversification

75
Q

The duplication of resources to enable activities to be recovered quickly with the alternate site kept in a state of high readiness with all required resources in place, but not operational until its required also known as a ‘hot site’ is suitable for RTOs from hours days or weeks, but requires staff to be able and willing to work from both locations

A

Replication

76
Q

A facility available that can be made operational within the RTO (typically days) also known as a ‘warm site’

A

Standby

77
Q

Purchasing resources after disruption occurs from the third party for RTOs measured in days or weeks.

The solution relies on the organisation having a pre-defined prioritised list of resource requirements and that there a suppliers available to provide the resources.

Not a suitable solution if there is a requirement for specialist resources as they often have long lead times

Which solution type do these refer to?

A

Post incident acquisition

78
Q

Waiting until after an incident to decide what to do. May be appropriate where an RTO is measured in weeks or months where it is impossible, difficult or too expensive to provide alternative facilities or resources before an incident occurs

A

Do nothing

79
Q

Policies and technologies that enable personnel to work away from their primary place of work

A

Remote working

80
Q

Financial compensation for loss of assets, increased costs, recovery and protection for associated league liabilities

A

Insurance

81
Q

Focus on strategic issues that impact the organisations core objectives products and services and is usually lead by top management. Often called the crisis management team and has the primary responsibility for addressing any crisis impacting the organisation and may provide command and control guidance during less severe incidents and provide communications support

A

Strategic response team

82
Q

This team manages and coordinates the continuity of the processes required to deliver the impacted products and services and ensures that the resources are allocated appropriately. They are often responsible for the assessment and management of medium and short-term effects of an incident.

A

Tactical response team

83
Q

These focus on the continuity of the activities that contribute to the process or processes that deliver that prioritised products and services.

They deal with the immediate effects of an incident by containing it where possible and managing the direct consequences to ensure the necessary capability required to continue to deliver prioritised products and services

A

Operational response teams

84
Q
  • The ability to recognise and assess threats when they occur
  • Clear procedures for escalation when a disruption has occurred or may soon occur
  • Individuals and teams with the authority and capability to develop and select an appropriate response to an incident
  • Clearly understood procedures in place for the activation and control of the response to an incident or crisis
  • Responsible personnel with the authority and capability to implement the agreed business continuity solutions as defined within the organisations plans
  • An ability to communicate effectively with internal and external interested parties
  • Access to sufficient resources to support the implementation of the continuity solution
  • An ability to recognise when key external suppliers should be notified and included in the implementation of the continuity solution
  • An agreed budget for supporting the response structure
A

Response structure requirements

85
Q

A high-level plan that defines how strategic issues resulting from a crisis or incident should be addressed and managed by top management

A

Strategic response plan

86
Q

A plan that coordinates the response to an incident and facilitating the continuity of prioritised activities and provides guidelines to help analyse the impact of the incident and implement the appropriate solutions from those available in the plans to ensure the continuity of prioritised activities

A

Tactical response plan

87
Q

Plans that determine the individual departments or business unit responses

A

Operational response plans

88
Q

Structured events where participants can explore relevant issues and walk through plans in a low pressure environment that often focus on a specific area for improvement

A

Discussion based exercises

89
Q

A commonly used discussion based activity using a relevant scenario with a time frame that can either run in real time or include time jumps to allow different phases of the scenario to be exercised usually conducted in a table top environment

A

Scenario exercise

90
Q

An elaborate exercise involving strategic tactical or operational level teams working from their usual locations who are given information in a way that reflects a real incident with details such as questions from customers and interested parties using various platforms for example phone calls, emails and social media.

A

Simulation exercise

91
Q

Range from small scale rehearsals of one part of the response for example evacuation to a full rehearsal of the whole organisation they are designed to include everyone likely to be involved in that part of the response

A

Live exercises

92
Q
  • Audit
  • Self assessment
  • Quality assurance
  • Performance appraisal
  • Supplier performance
  • Management review
A

Six types of review

93
Q

Options for improving the organisations level of resilience are the outcome of which sub-stage in the BCM Lifecycle?

A

Review outcomes

94
Q
  • Identify and prioritize organization’s products and services
  • Determine org’s MTPDs (recovery timescales) and MBCOs (disruption tolerance levels)
  • Clarify/review BCM program scope (re: products/services)

These are the objectives of which BIA?

A

Product & Service BIA Objective

95
Q

Which BIA’s objectives are these?

  • Identify and prioritise activities (at operational level) that contribute to the identified processes for delivering the most urgent products/services
  • Determine resources required for activity continuity/recovery
  • Collect detailed resource requirements (may be higher than normal to cope with backlog)–inc. supplier dependencies
A

Activity BIA Objectives

96
Q

To which BIA do these processes belong?

For processes (i.e. often cuts across many departments/business units)

Identify process owner
Determine BIA scope (product/service group under consideration)
Identify dependencies for processes delivering most urgent products/services
Quantify each process’ MTPD (using those of the group as a guide)
Establish RTOs and RPOs
Process owner approves accuracy
Obtain support from Top Mgmt
Publish results

A

Process BIA Process

97
Q

Which BIA has the following outcome?

Organizational structure of products and services, processes and activities

A

Initial BIA

98
Q

High-level

How strategic issues resulting from disruption should be handled by Top Management

A

Strategic Plan Objective

99
Q

Which level of plan has the following objectives?

  • Coordinate and manage the recovery of a defined part of the organization
  • Pull together the response of the whole organization
  • Facilitate activity continuity and resumption
A

Tactical Plan

100
Q

Recovery of business activities from beginning of incident through recovery
Provide a structure for restoring services or providing alternate facilities
Responses by individual departments and business units

A

Operational Plan Objective

101
Q

Level at which decisions are made and policy is determined

A

Strategic

102
Q

At which response level are operations coordinated and managed?

A

Tactical

103
Q

Level at which activities are undertaken

A

Operational

104
Q

Reviews and assesses an organization to identify its objectives, how it functions and the constraints of its operating environment.

A

Analysis

105
Q

A set of interrelated/interacting activities which transform inputs to outputs

ex: manufacturing

A

Process

106
Q

Which sub-stage uses risk analysis techniques to identify:

  • unacceptable concentrations of risk to activities
  • single points of failure
  • consider measures to lower likelihood/decrease impact of disruption to them
A

Threat Analysis Objective

107
Q

To which PP do these belong?

Continuity and Recovery Strategies & Tactics
-strategies and tactics by which recovery will be best acheived

Threat Mitigation Measures
-proactive measures to reduce likelihood/impact of disruption to urgent activities

Incident Response Structures
-teams responsible (and relationships b/t teams) for incident response

A

Design Elements

108
Q

Business Continuity Plan

  • Strategic
  • Tactical
  • Operational

Elements of which PP?

A

Implementation Elements

109
Q

Exercise
Maintenance
Review

A

Validation Elements

110
Q 
Setting BC Policy
Determining Program Scope
Defining Governance
Implementing a BCM Program
Assigning Roles and Responsibilities
Project Management
Program Management
Managing Outsourced Activities
Managing Supply Chain Continuity
Managing Documentation
A

Policy and Program Management Elements

111
Q

Which PP’s elements are these?

Organizational Culture
Skills and Competence
-Training
-Knowledge
-Experience
Managing a Training Program
Managing an Awareness Campaign
A

Embedding Business Continuity

112
Q

The following are part of the structure of which level of plan?

  • Action oriented
  • Easy to reference under stressful conditions
  • Should always contain assumptions relating to scale of impact covered (extent, duration, staff impact)
  • Contain sufficient info to enable tactical level teams to continue or recover business activities covered by the plan; detailed procedures for team to:
    • promptly respond to activation
    • assess info and make decisions
    • mobilize team/invoke resources
    • initiate response procedures
    • monitor progress and report status
A

Tactical Plan

113
Q

Which plan’s structure do these belong to?

Specific responsibilities of strategic level team:

  • Establishing strategic objectives of incident response
  • Managing communications with all involved interesting parties (inc. media)
  • Approving external statements before they’re issued
  • Monitoring overall response and progress of recovery
  • Resolving conflicts in response and recovery
  • Ensuring response and recovery is in line with organization’s long term interests
  • Identifying and maximizing opportunities/advantages
  • Approving significant expenditure
A

Strategic Plan structure

114
Q
  • Business department plan to resume its functions within a predefined timescale
  • HR response to welfare issues during and incident
  • Procedures to assist a tactical level team (often led by dept that deals with physical incident response/salvage/restoration)
  • IT department’s response/resumption of IT applications
A

Operational Plan examples

115
Q

Which level of plan has the following structure?

May include instructions regarding:

  • staff welfare
  • access to/use of facilities
  • resumption of business unit activities
  • liaison with IT service continuity teams
  • building evacuation
  • bomb threat procedure
  • escalation procedures
  • health and safety issues
  • procedures for accounting for staff
A

Operational Plan

116
Q

one or more tasks undertaken by, or for an organization, that produces or supports the delivery of one or more products and services.

A

Activity or Activities

117
Q

The Professional Practice within the business continuity management lifecycle that reviews and assesses an organization to identify its objectives, how it functions and the constraints of its operating environment.

A

Analysis (PP3)

118
Q

What is a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the criteria has been fulfilled?

A

Audit

119
Q

The capability of the organization to continue delivery of products or services at acceptable pre-defined levels following disruptive incident.

A

Business Continuity (BC)

120
Q

A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its keystakeholders, reputation, brand and value-creating activities.

A

Business continuity management

121
Q

What is the ongoing cycle of activities of the business continuity programme, that builds organizational resilience?

A

Business Continuity Management (BCM) Lifecycle

122
Q

Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.

A

Business Continuity Management System (BCMS)

123
Q

Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.

A

Business continuity plan (BCP)

124
Q

The ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management.

A

Business continuity programme

125
Q

The time frames and resources, and capabilities necessary to continue to deliver the prioritised products, services, processes, and activities following a disruption.

A

Business continuity requirements

126
Q

The process of analysing activities and the effect that a business disruption might have upon them.

A

Business impact analysis (BIA)

127
Q

The ability to apply knowledge and skills to achieve intended results.

A

Competence

128
Q

A recurring activity to enhance performance.

A

Continual improvement

129
Q

A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action.

A

Crisis

130
Q

The Professional Practice within the business continuity management lifecycle that identifies and selects appropriate solutions to determine how continuity can be achieved in the event of an incident.

A

Design (PP4)

131
Q

The Professional Practice that defines how to integrate business continuity awareness and practice into business as usual activities.

A

Embedding (PP2)

132
Q

The process to train for, assess, practice, and improve performance in an organization.

A

Exercise

133
Q

The Professional Practice within the business continuity management lifecycle that implements the solutions agreed in the Design stage. It also includes developing the business continuity plans and a response structure.

A

Implementation (PP5)

134
Q

A situation that might be, or could lead to, a disruption, loss, emergency or crisis.

A

Incident

135
Q

The act of declaring that an organization’s business continuity arrangements need to be put into effect in order to continue delivery of key products or services.

A

Invocation

136
Q

The act of declaring that an organization’s business continuity arrangements need to be put into effect in order to continue delivery of key products or services.

A

Invocation

137
Q

The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.

A

Maximum acceptable outage (MAO)

138
Q

The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable.

A

Maximum tolerable period of disruption (MTPD)

139
Q

The minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption.

A

Minimum Business Continuity Objective (MBCO)

140
Q

The person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.

A

Organization

141
Q

The ability of an organization to absorb and adapt in a changing environment.

A

Organizational resilience

142
Q

The values, attitudes and behaviour of an organization that contribute to the unique social and psychological environment in which it operates.

A

Organizational culture

143
Q

People working for and under the control of the organization.

A

Personnel

144
Q

Provides the intentions and direction of an organization as formally expressed by its top management.

A

BC Policy

145
Q

The Professional Practice that establishes the organization’s policy relating to business continuity and defines how the policy should be implemented throughout the business continuity programme.

A

Policy and Programme management (PP1)

146
Q

The activities to which priority must be given following an incident in order to mitigate impacts.

A

Prioritised activities

147
Q

A set of interrelated or interacting activities which transforms inputs into outputs.

A

Process

148
Q

Beneficial outcomes provided by an organization to its customers, recipients and interested parties.

A

Products and services

149
Q

The point to which information used by an activity must be restored to enable the activity to operate on resumption.

A

Recovery point objective (RPO)

150
Q

The period of time following an incident within which a product or service must be resumed, or activity must be resumed, or resources must be recovered.

A

Recovery time objective (RTO)

151
Q

All assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in order to operate and meet its objective.

A

Resources

152
Q

The effect of uncertainty on objectives.

A

Risk

153
Q

The overall process of risk identification, risk analysis and risk evaluation.

A

Risk assessment

154
Q

Coordinated activities to direct and control an organization with regard to risk.

A

Risk management

155
Q

An exercise whose aim is to obtain an expected, measurable pass/fail outcome.

A

Test

156
Q

A potential cause of an unwanted incident, which can result in harm to individuals, the environment or the community.

A

Threat

157
Q

A person or group of people who directs and controls an organization at the highest level.

A

Top management

158
Q

The Professional Practice within the business continuity management lifecycle that confirms that the business continuity programme meets the objectives set in the policy and that the plans and procedures in place are effective. It includes exercising, maintenance and review activities.

A

Validation (PP6)

BCI Good Practice Guidelines (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions