Chapter 4: Domain Four: Response Management Flashcards
Activity
Process or set of processes undertaken by an organization (or on its behalf) that produces or supports one or more products or services.
NOTE: Examples of such processes include accounting, call center, information services, manufacturing, distribution, and other services.
Alternate Worksite
A work location, other than the primary location, to be used when the primary location is not accessible. (ASIS International Business Continuity Guideline: 2004)
Auditor
A person with the competence to conduct an audit.
Business Continuity
Ability of an organizatin to operate at predefined levels following a disruptive event.
Business Continuity Management
(BCM) a proactive set of planning, preparedness, and related activities that are intended to restore and organization’s critical business functions to predeterminded levels, enabling the organization to operate despite serious disruptive events and recover to an operational state expeditiously.
Business Continuity Plan
(BCP) A collection of procedures and information which is developed, tested and maintained in preparation for use in a disruptive event to continue operations at predefined levels follow the event.
Conformity
Fulfillment of a requirement
Continual Improvement
Recurring process of enhancing the security, preparedness, and continuity (SPC) management system to achieve improvements in overall SPC management performance consistent with the organization’s SPC management policy.
NOTE: The process need not take place in all areas activity simultaneously.
Crisis
An unstable condition invovlving an impending abrupt or significant change that requires urgent attention and action to protect life, assets, property, or the enviroment.
Crisis Management
Holistic management process that identifies potential impacts that threaten and organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and values creating activities, as well as effectively restoring operational capabilities.
NOTE: Crisis management also involves the management of preparedness, mitigation response, continuity or recovery in the event of an incident, as well as management of the overall program through training, rehearsals, and reviews to ensure the preparedness, response, and continuity plans stays current and up to date.
Crisis Management Team
Group of individuals functionally responsible for directing the development and execution of the response and operational continuity plan, declaring an operational disruption or emergency/ crisis situation, and providing direction during the recovery process, both pre-and post-incident.
NOTE: The crisis management team may include individuals from the organization as well as immediate and first responders, stakeholders, and other interested parties
Disaster
Event that causes significant damage to assets or loss of life.
Disruption
An event that interrupts normal business, functions. operations, or processes, whether anticipated (hurricane, political unrest) or unanticipated (blackout, terror attack, technology failure, or earthquake).
NOTE: A disruption can be caused by either positive or negative factors that will disrupt normal functions, operations, or processes.
Downtime
Period of time when something is not in operation.
Emergency
Serious, unexpected, and precarious situation requiring immediate action.
Evacuation
Organized, phased, and supervised dispersal of people from dangerous or potentially dangerous areas. (ASIS International Business Continuity Guideline: 2004)
Exercises
Evaluating management programs, rehearsing the roles of team members and staff, and testing the recovery or continuity of an organization’s systems (technology, telephony, administration)
to demonstrate management competence and capability
NOTE 1: Exercises include activities performed for the purpose of training and conditioning team members and personnel in appropriate responses with the goal of achieving maximum performance.
NOTE 2: An exercise can involve invoking response and operational continuity procedures, but it is more likely to involve the simulation of a response and/or operational continuity incident, announced or unannounced, in which participants role-play to assess what issues might arise, prior to a real invocation.
structure)
Facility (Infrastucture)
Plant, machinery, equipment, property, buildings, vehicles, information systems, transportation facilities, and other items of infrastructure or plant and related systems that have a distinct and quantifiable function or service.
First Responder
A member of an emergency service who is first on the scene at a disruptive incident
NOTE: Emergency services include any public or private service that deals with disruptions, such as the initial responding law enforcement officers, other public safety officials, emergency medical personnel, rescuers, and/or other emergency response service providers.
Hazard
Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect.
Incident Command System
(ICS) A command and control mechanism used by many public safety agencies and jurisdictions.
Internal Audit
Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the management system audit criteria set by the organization are fulfilled.
NOTE: In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
Key Performance Indicator
Key performance indicator (KPI) is a metric used to evaluate factors that are crucial to the success of an organization or of a particular activity in which it engages.
NOTE: A KPI is a metric that indicates how an organization is performing against its objectives.
Loss
Being deprived of someone or something of value.
Management Plan
Clearly defined and documented plan of action, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.
Mitigation
Limitation of any negative consequence of a particular incident. Encompasses activities providing a critical foundation in the effort to reduce the loss of life and property from natural and/or manmade disasters by avoiding or lessening the impact of a disaster and providing value to the public by creating safer communities.
Mutual Aid Agreement
Written agreement between agencies, organizations, or iurisdictions to lend assistance across jurisdictional boundaries.
Organizational Resilience Management System
(ORMS) Includes coordinated activities to direct and Management System control an organization with regard to managing risk
to enhance resilience and security in the organization and its supply chain.
NOTE: Direction and control with regard to ORMS generally include establishment of the policy, planning, and objectives directing operational processes and continual improvement.
ORMS Objective
Something sought, or aimed for, related to managing risk to enhance resilience and security in the organization and its supply chain.
NOTE 1: Quality objectives are generally based on the organization’s quality policy.
NOTE 2: Quality objectives are generally specified for relevant functions and levels in the organization.
ORMS Policy
Overall intentions and direction of an organization related to managing risk to enhance resilience and security in the organization and its supply chain as formally expressed by top management.
NOTE 1: Generally, the security and resilience policy is consistent with the overall policy of the organization and provides a framework for the setting of security and resilience objectives.
NOTE 2: ORMS principles can form a basis for the establishment of a quality policy
Policy
Overall intentions and direction of an organization, as formally expressed by top management. (ANSI/ ASIS/RIMS RA. 1-2015)
Prepardness (Readiness)
Activities, programs, and systems developed and implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions, disasters, or emergencies.
Probability
A number between zero and one that shows how likely a certain event is.
Problem Assessment
An evaluative process of decision making that will determine the nature of the issue to be addressed.
Procedure
An established or specified way to conduct an activity or a process. (ANSI/ASIS/RIMS RA.1-2015)
Process
Actions, changes, or steps taken to achieve a particular end.
Product
Goods and services that are the result of a process.
NOTE: Typically, a product is an item or service that is produced to create value.
Recovery Point Objective
The point in time to which data or capacity of a process is in a known and valid or integral state can be restored from. This should be less than the maximum amount of loss tolerance and may be defined in hours or days.
Recovery Time Objective
(RTO) The time goal for the restoration and recovery of functions or resources based on the acceptable downtime and acceptable level of performance in case of a disrupution of operations.
Resilience
Absorptive and adaptive capacity in a complex and changing environment.
Resources
Any asset (human, physical, information, or intangible), facilities, equipment, materials, products, or waste that has potential value and can be used.
Response Plan
Documented collection of procedures and information that is developed, compiled, and maintained in readiness for use in an incident.
Response Team
Group of individuals responsible for developing, executing, rehearsing, and maintaining the response plan, including the processes and procedures.
Safety
Freedom from danger, risk, or injury.
Security
The condition of being protected against risks, hazards, threats, or loss.
Severity Assessment
The process of determining the severity of the crisis and what any associated costs may be in the long run.
Target
Something you are trying to do or achieve with defined metrics.
Testing
Activities performed to evaluate the effectiveness or capabilities of a plan relative to specified objectives or measurement criteria. Testing usually involves exercises designed to keep teams and employees effective in their duties, and to reveal weaknesses in the preparedness and response/continuity/recovery plans. (ASIS International Business Continuity Guideline: 2004)
Threat
Potential cause of an unwanted incident, which may result in harm to individuals, assets, a system or organization, the environment, or the community.
Top Management
Directors, managers, and officers of an organization who can ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earning capacity, and the reputation of the organization.
Vulnerablity
State of being susceptible to harm or injury.
NOTE: Susceptibility to negative outcomes or a risk.
Vulnerablity Analysis
Process of indentifying and quantifying something that creates susceptibility to a source of risk that can lead to a consequence.
