DRJ Glossary of Business Continuity Terms

A common technique used by Risk Managers to address or mitigate potential exposures of the organization. A series of techniques describing the various means of addressing risk through insurance and similar products.Refers to the shifting of the burden of loss to another party through legislation, contract, insurance or other means. It can also refer to the shifting of a physical risk or part thereof elsewhere.

Selection and implementation of measures to modify risk.

The process of identifying that all employees, visitors and contractors have been safely evacuated and accounted for following an evacuation of a building or site.

An adequate geographical spread between the original and duplicate resources, the various suppliers, the replica operations or the base site and its recovery site.

The pre-planned assumption of risk in which a decision is made to bear loses that could result from a Business Continuity event rather than purchasing insurance to cover those potential losses.

The process and procedures required to maintain or recover critical services such as ?remote access? or ?end-user support? during a business interruption.

A process used to mitigate, develop, and document procedures that enable an organization to recover critical services after a business interruption.

A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day-to-day situations and disaster situations, as the need for the service may vary in a disaster.An agreement between a service provider and a customer defining the scope, quality and timeliness of service delivery.

The process of defining, agreeing, documenting and managing the levels of any type of services provided by service providers whether internal or external that are required and cost justified.

One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation.

A unique pathway or source of a service, activity, and/or process. Typically, there is no alternative and a loss of that element could lead to a failure of a critical function.Unique (single) source or pathway of a service, activity and/or process; typically there is no alternative, and loss of that element could lead to total failure of a mission critical activity and/or dependency.

The process of evaluating the severity and consequences of an incident and communicating the results.

Non-technical or low-technology means used to attack or penetrate a system by tricking or subverting operators or users.

Individual or group having an interest in the performance or success of an organization e.g., customers, partners, employees, shareholders, owners, the local community, first responders, government, and regulators.