Chapter 4: Domain Four: Response Management

Question 1

Activity

Answer 1

Process or set of processes undertaken by an organization (or on its behalf) that produces or supports one or more products or services.

NOTE: Examples of such processes include accounting, call center, information services, manufacturing, distribution, and other services.

Question 2

Alternate Worksite

Answer 2

A work location, other than the primary location, to be used when the primary location is not accessible. (ASIS International Business Continuity Guideline: 2004)

Question 3

Auditor

Answer 3

A person with the competence to conduct an audit.

Question 4

Business Continuity

Answer 4

Ability of an organizatin to operate at predefined levels following a disruptive event.

Question 5

Business Continuity Management

Answer 5

(BCM) a proactive set of planning, preparedness, and related activities that are intended to restore and organization’s critical business functions to predeterminded levels, enabling the organization to operate despite serious disruptive events and recover to an operational state expeditiously.

Question 6

Business Continuity Plan

Answer 6

(BCP) A collection of procedures and information which is developed, tested and maintained in preparation for use in a disruptive event to continue operations at predefined levels follow the event.

Question 7

Conformity

Answer 7

Fulfillment of a requirement

Question 8

Continual Improvement

Answer 8

Recurring process of enhancing the security, preparedness, and continuity (SPC) management system to achieve improvements in overall SPC management performance consistent with the organization’s SPC management policy.

NOTE: The process need not take place in all areas activity simultaneously.

Question 9

Crisis

Answer 9

An unstable condition invovlving an impending abrupt or significant change that requires urgent attention and action to protect life, assets, property, or the enviroment.

Question 10

Crisis Management

Answer 10

Holistic management process that identifies potential impacts that threaten and organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and values creating activities, as well as effectively restoring operational capabilities.

NOTE: Crisis management also involves the management of preparedness, mitigation response, continuity or recovery in the event of an incident, as well as management of the overall program through training, rehearsals, and reviews to ensure the preparedness, response, and continuity plans stays current and up to date.

Question 11

Crisis Management Team

Answer 11

Group of individuals functionally responsible for directing the development and execution of the response and operational continuity plan, declaring an operational disruption or emergency/ crisis situation, and providing direction during the recovery process, both pre-and post-incident.

NOTE: The crisis management team may include individuals from the organization as well as immediate and first responders, stakeholders, and other interested parties

Question 12

Disaster

Answer 12

Event that causes significant damage to assets or loss of life.

Question 13

Disruption

Answer 13

An event that interrupts normal business, functions. operations, or processes, whether anticipated (hurricane, political unrest) or unanticipated (blackout, terror attack, technology failure, or earthquake).

NOTE: A disruption can be caused by either positive or negative factors that will disrupt normal functions, operations, or processes.

Question 14

Downtime

Answer 14

Period of time when something is not in operation.

Question 15

Emergency

Answer 15

Serious, unexpected, and precarious situation requiring immediate action.

Question 16

Evacuation

Answer 16

Organized, phased, and supervised dispersal of people from dangerous or potentially dangerous areas. (ASIS International Business Continuity Guideline: 2004)

Question 17

Exercises

Answer 17

Evaluating management programs, rehearsing the roles of team members and staff, and testing the recovery or continuity of an organization’s systems (technology, telephony, administration)
to demonstrate management competence and capability

NOTE 1: Exercises include activities performed for the purpose of training and conditioning team members and personnel in appropriate responses with the goal of achieving maximum performance.

NOTE 2: An exercise can involve invoking response and operational continuity procedures, but it is more likely to involve the simulation of a response and/or operational continuity incident, announced or unannounced, in which participants role-play to assess what issues might arise, prior to a real invocation.
structure)

Question 18

Facility (Infrastucture)

Answer 18

Plant, machinery, equipment, property, buildings, vehicles, information systems, transportation facilities, and other items of infrastructure or plant and related systems that have a distinct and quantifiable function or service.

Question 19

First Responder

Answer 19

A member of an emergency service who is first on the scene at a disruptive incident

NOTE: Emergency services include any public or private service that deals with disruptions, such as the initial responding law enforcement officers, other public safety officials, emergency medical personnel, rescuers, and/or other emergency response service providers.

Question 20

Hazard

Answer 20

Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect.

Question 21

Incident Command System

Answer 21

(ICS) A command and control mechanism used by many public safety agencies and jurisdictions.

Question 22

Internal Audit

Answer 22

Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the management system audit criteria set by the organization are fulfilled.

NOTE: In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.

Question 23

Key Performance Indicator

Answer 23

Key performance indicator (KPI) is a metric used to evaluate factors that are crucial to the success of an organization or of a particular activity in which it engages.

NOTE: A KPI is a metric that indicates how an organization is performing against its objectives.

Question 24

Loss

Answer 24

Being deprived of someone or something of value.

Question 25

Management Plan

Answer 25

Clearly defined and documented plan of action, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.

Question 26

Mitigation

Answer 26

Limitation of any negative consequence of a particular incident. Encompasses activities providing a critical foundation in the effort to reduce the loss of life and property from natural and/or manmade disasters by avoiding or lessening the impact of a disaster and providing value to the public by creating safer communities.

Question 27

Mutual Aid Agreement

Answer 27

Written agreement between agencies, organizations, or iurisdictions to lend assistance across jurisdictional boundaries.

Question 28

Organizational Resilience Management System

Answer 28

(ORMS) Includes coordinated activities to direct and Management System control an organization with regard to managing risk
to enhance resilience and security in the organization and its supply chain.

NOTE: Direction and control with regard to ORMS generally include establishment of the policy, planning, and objectives directing operational processes and continual improvement.

Question 29

ORMS Objective

Answer 29

Something sought, or aimed for, related to managing risk to enhance resilience and security in the organization and its supply chain.

NOTE 1: Quality objectives are generally based on the organization’s quality policy.

NOTE 2: Quality objectives are generally specified for relevant functions and levels in the organization.

Question 30

ORMS Policy

Answer 30

Overall intentions and direction of an organization related to managing risk to enhance resilience and security in the organization and its supply chain as formally expressed by top management.

NOTE 1: Generally, the security and resilience policy is consistent with the overall policy of the organization and provides a framework for the setting of security and resilience objectives.

NOTE 2: ORMS principles can form a basis for the establishment of a quality policy

Question 31

Policy

Answer 31

Overall intentions and direction of an organization, as formally expressed by top management. (ANSI/ ASIS/RIMS RA. 1-2015)

Question 32

Prepardness (Readiness)

Answer 32

Activities, programs, and systems developed and implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions, disasters, or emergencies.

Question 33

Probability

Answer 33

A number between zero and one that shows how likely a certain event is.

Question 34

Problem Assessment

Answer 34

An evaluative process of decision making that will determine the nature of the issue to be addressed.

Question 35

Procedure

Answer 35

An established or specified way to conduct an activity or a process. (ANSI/ASIS/RIMS RA.1-2015)

Question 36

Process

Answer 36

Actions, changes, or steps taken to achieve a particular end.

Question 37

Product

Answer 37

Goods and services that are the result of a process.

NOTE: Typically, a product is an item or service that is produced to create value.

Question 38

Recovery Point Objective

Answer 38

The point in time to which data or capacity of a process is in a known and valid or integral state can be restored from. This should be less than the maximum amount of loss tolerance and may be defined in hours or days.

Question 39

Recovery Time Objective

Answer 39

(RTO) The time goal for the restoration and recovery of functions or resources based on the acceptable downtime and acceptable level of performance in case of a disrupution of operations.

Question 40

Resilience

Answer 40

Absorptive and adaptive capacity in a complex and changing environment.

Question 41

Resources

Answer 41

Any asset (human, physical, information, or intangible), facilities, equipment, materials, products, or waste that has potential value and can be used.

Question 42

Response Plan

Answer 42

Documented collection of procedures and information that is developed, compiled, and maintained in readiness for use in an incident.

Question 43

Response Team

Answer 43

Group of individuals responsible for developing, executing, rehearsing, and maintaining the response plan, including the processes and procedures.

Question 44

Safety

Answer 44

Freedom from danger, risk, or injury.

Question 45

Security

Answer 45

The condition of being protected against risks, hazards, threats, or loss.

Question 46

Severity Assessment

Answer 46

The process of determining the severity of the crisis and what any associated costs may be in the long run.

Question 47

Target

Answer 47

Something you are trying to do or achieve with defined metrics.

Question 48

Testing

Answer 48

Activities performed to evaluate the effectiveness or capabilities of a plan relative to specified objectives or measurement criteria. Testing usually involves exercises designed to keep teams and employees effective in their duties, and to reveal weaknesses in the preparedness and response/continuity/recovery plans. (ASIS International Business Continuity Guideline: 2004)

Question 49

Threat

Answer 49

Potential cause of an unwanted incident, which may result in harm to individuals, assets, a system or organization, the environment, or the community.

Question 50

Top Management

Answer 50

Directors, managers, and officers of an organization who can ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earning capacity, and the reputation of the organization.

Question 51

Vulnerablity

Answer 51

State of being susceptible to harm or injury.

NOTE: Susceptibility to negative outcomes or a risk.

Question 52

Vulnerablity Analysis

Answer 52

Process of indentifying and quantifying something that creates susceptibility to a source of risk that can lead to a consequence.