BCP Glossary of Terms
Business Continuity (BC)
The ability of an organization to continue critical, non-IT specific operations after an incident. This also includes all planning and preparation prior to an incident.
Business Continuity Plan (BCP)
The documented steps an organization follows to continue critical business operations after an incident. This includes contact information, floor plans, network diagrams, and anything else that is critical to implementing the steps in the plan. Also known as a Business Recovery Plan (BRP), or Business Contingency Plan (BCP).
Business Continuity Management Program (BCMP)
Documented procedures for regular maintenance, review, exercising, and auditing of the BCP to keep it up to date. Also known as a Business Continuity Management System (BCMS).
Business Impact Analysis (BIA)
An assessment of critical business operations and their required resources in order to prioritize them for recovery after an incident.
A major event that has widespread human, resource, environmental or other ramifications, where the organization does not have the resources to recover on their own.
Disaster Recovery (DR)
Recovery and restoration of any and all IT infrastructure; hardware, systems, applications, programs, etc. DR is a subset of BC and supports BC recovery.
Disaster Recovery Plan (DRP)
Documented steps to be followed for the recovery and restoration of IT infrastructure.
Any incident that requires an organization to enact their Emergency Response Plans in order to protect life, safety, assets, or the environment.
Emergency Response Plan
Documented steps that an organization follows to protect the life, safety, assets, and environment immediately following an incident. Examples include evacuation or shelter-in-place procedures.
An occurrence that, if not managed, could become an emergency or disaster.
Maximum Tolerable Outage (MTO)
The amount of time an organization can operate without a particular business process before it causes significant harm to the business. On a bi-weekly payroll, operating for a full 2 weeks without the ability to pay employees would cause significant harm to the business, so the MTO for this process is 2 weeks. Also known as Maximum Acceptable Outage (MAO).
Recovery Point Objective (RPO)
A measure of the amount of data that can be lost before it hinders critical business operations. Data is recovered to a particular point.
Recovery Time Objective (RTO)
The amount of time data or services must be recovered within. Recovering a server that holds critical business data will have a faster RTO than recovering a non-critical application. Likewise, recovering communications with customers will have a faster RTO than recovering the process for filing completed audit records.
Threat Risk Assessment (TRA)
A review of the potential threats and risks to an organization. The assessment prioritizes them for planning purposes based on the likelihood of occurrence and potential impact on the business.