Compliance
Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practiceslegislation, prescribed rules and regulations, specified standards, or the terms of a contract.

Copyright©2009 BusinessDictionary.com

Compliance audit
Audit undertaken to confirm whether a firm is following the terms of an agreement (such as a bond indenture), or the rules and regulations applicable to an activity or practice prescribed by an external agency or authority.

Copyright©2009 BusinessDictionary.com

Compliance test
Audit undertaken to confirm whether a firm is following the rules and regulations (prescribed by its internal authority or control system) applicable to an activity or practice. See also substantive test.

Copyright©2009 BusinessDictionary.com

Conformance
Certification or confirmation that a good, service, or conduct meets the requirements of legislation, accepted practices, prescribed rules and regulations, specified standards, or terms of a contract.

Copyright©2009 BusinessDictionary.com

Supplier quality assurance
Confidence in a supplier’s ability to deliver a good or service that will satisfy the customer’s needs. Achievable through interactive relationship between the customer and the supplier, it aims at ensuring the product’s ‘fit’ to the customer’s requirements with little or no adjustment or inspection. The US quality guru Joseph Moses Juran (born 1904 in Romania ) divides the supplier quality assurance process into nine steps: (1) definition of the product’s   quality requirements, (2) evaluation of alternative suppliers. (3) selection of the most appropriate supplier, (4) conduction of joint quality planning, (5) cooperation during relationship period, (6) validation of conformance to requirements, (7) certification of qualified suppliers, (8) conduction of quality improvement plans, (9) creation and use of supplier ratings.

Copyright©2009 BusinessDictionary.com

Conflict resolution
Intervention aimed at alleviating or eliminating discord through conciliation.

Copyright©2009 BusinessDictionary.com
Scope of work

Chronological division of work to be performed under a contract or subcontract in the completion of a project. Also called work scope.

Copyright©2009 BusinessDictionary.com

Work scope
Alternative term for scope of work.

Copyright©2009 BusinessDictionary.com

Information security
Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.

Copyright©2009 BusinessDictionary.com

Inherent risk
Probability of loss arising out of circumstances or existing in an environment.

Copyright©2009 BusinessDictionary.com

Risk mitigation
Systematic reduction in the extent of exposure to a risk and/or the likelihood of its occurrence. Also called risk reduction.

Copyright©2009 BusinessDictionary.com

Business continuity
Ability of the key operations of a firm to continue without stoppage, irrespective of the adverse circumstances or events.

Copyright©2009 BusinessDictionary.com

Business continuity planning (BCP)
Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm’s key operations in the event of an accidentdisasteremergency, and/or threat. It involves (1) risk mitigation planning (reducing possibility of the occurrence of adverse events), and (2) business recovery planning (i.e. ensuring continued operation in the aftermath of a disaster).

Copyright©2009 BusinessDictionary.com

Business continuity program
Ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidentsdisastersemergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis.

Copyright©2009 BusinessDictionary.com

Business risk
Probability of loss inherent in a firm’s operations and environment (such as competition and adverse economic conditions) that may impair its ability to provide returns on investment. Business risk plus the financial risk arising from use of debt (borrowed capital and/or trade credit) equal total corporate risk.

Copyright©2009 BusinessDictionary.com

Disaster recovery
Process of returning an organization, society, or system to a state of normality after the occurrence of a disastrous event.

Copyright©2009 BusinessDictionary.com

Operational risk
Probability of loss occurring from the internal inadequacies of a firm or a breakdown in its controlsoperations, or procedures.

Copyright©2009 BusinessDictionary.com

System testing
The process of performing a variety of tests on a system to explore functionality or to identify problems. System testing is usually required before and after a system is put in place. A series of systematic procedures are referred to while testing is being performed. These procedures tell the tester how the system should perform and where common mistakes may be found. Testers usually try to “break the system” by entering data that may cause the system to malfunction or return incorrect information. For example, a tester may put in a city in a search engine designed to only accept states, to see how the system will respond to the incorrect input.

Copyright©2009 BusinessDictionary.com

System analysis
Use of experimental approach (simulation) in understanding the behavior of an economymarket, or other complex phenomenon where mathematical analysis techniques are inadequate or unfeasible. See also system dynamics and systems analysis.

Copyright©2009 BusinessDictionary.com

System dependability
Probability that a computer or other system will perform its intended functions in its specified environment without significant degradation.

Copyright©2009 BusinessDictionary.com

Quality management system (QMS)
Collective policiesplanspractices, and the supporting infrastructure by which an organization aims to reduce and eventually eliminate non-conformance to specifications, standards, and customer expectations in the most cost effective and efficient manner.

Copyright©2009 BusinessDictionary.com

Niche marketing

This is the practice of concentrating all marketing efforts on a small but specific and well defined segment of the population. Niches do not ‘exist’ but are ‘created’ by identifying needs, wants, and requirements that are being addressed poorly or not at all by other firms, and developing and delivering goods or services to satisfy them. As a strategy, niche marketing is aimed at being a big fish in a small pond instead of being a small fish in a big pond.

Copyright©2009 BusinessDictionary.com

Regulations

A type of “delegated legislation” promulgated by a state, federal or local administrative agency given authority to do so by the appropriate legislature.  Regulations generally are very specific in nature; they are also referred to as “rules” or simply “administrative law.”

Source: Georgetown Law School

Best Practices

Methods and techniques that have consistently shown results more superior than those achieved with other means, and which are used as benchmarks to strive for.

Source: Business Dictionary, COM

Standards

Documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

Source: International Standards Organization – ISO

Spoliation

Spoliation, in a legal context, is any act that renders potential evidence invalid, either intentionally or through negligence. In the case of a document, for example, destroying, altering or hiding it would all be considered spoliation if the document were relevant to current litigation.

Spoliation is illegal in many countries, including the United States, and is punishable by fine and/or incarceration. Furthermore, the legal system has established through case law that when spoliation has occurred it may be inferred that the evidence was unfavorable to the responsible party. As a result, that inference may be factored into the decision of the case.

Spoliation comes from the Latin spoliare, meaning to plunder. The use of the word in its current legal context dates back to a Roman rule of conduct, Omnia praesumuntur contra spoliatorem, which translates, roughly, as “Let everything be presumed against the spoiler of evidence.”

SearchCIO.com Definitions (Powered by WhatIs.com)

Cold site

In business continuity planning, empty building equipped with electric power, air conditioning, telephone connections, water, etc., but without computers, office equipment, and furniture. A cold site provides a less timely response to a disaster because it must be converted into a hot-site for use.

Source: Business Dictionary, COM

Hot site

Fully-equipped alternative computer center, office, work space or industrial facility that can be made immediately available to continue critical business functions affected by a disaster at the primary location. See also cold site and warm site.

Source: Business Dictionary, COM

Internal Audit

An audit conducted by, or on behalf of, the organization itself for management review and other internal purposes, and which might form the basis for an organization’s self-declaration of conformity.

Source: International Standards Organization – ISO

Organization

A group of people and facilities with an arrangement of responsibilities, authorities and relationships.  An organization can be public or private.

Source: International Standards Organization – ISO

Process

A set of interrelated or interacting activities which transforms inputs into outputs.

Source: International Standards Organization – ISO

Recovery time objective (RTO)

A target time set for resumption of product, service or activity delivery after an incident.

Source: International Standards Organization – ISO

Resiliency

The ability of an organization to resist being affected by an incident.

Source: International Standards Organization – ISO

System

A set of interrelated or interacting elements.

Source: International Standards Organization – ISO

Incident

A situation that might be, or could lead to, a business disruption, loss, emergency or crisis.

Source: International Standards Organization – ISO

Critical activities

Those activities which have to be performed in order to deliver the key products and services which enable an organization to meet its most important and time-sensitive objectives.

Source: International Standards Organization – ISO

Consequence

The outcome of an incident that will have an impact on an organization’s objectives.  There can be a range of consequences from one incident.  A consequence can be certain or uncertain and can have positive or negative impact on objectives.

Source: International Standards Organization – ISO

Cost-benefit analysis

A financial technique that measures the cost of implementing a particular solution and compares this with the benefit delivered by that solution.  The benefit may be defined in financial, reputational, service delivery, regulatory or other terms appropriate to the organization.

Source: International Standards Organization – ISO

Disruption

An event, whether anticipated or unanticipated, which causes an unplanned, negative deviation from the expected delivery of products or services according to the organization’s objectives.

Source: International Standards Organization – ISO

Exercise

An activity in which the business continuity plan(s) is rehearsed in part or in whole to ensure that the plan(s) contains the appropriate information and produces the desired results when put into effect.  An exercise can involve invoking business continuity procedures, but is more likely to involve the simulation of a business continuity incident, announced or unannounced, in which participants role-play in order to assess what issues might arise, prior to a real invocation.

Source: International Standards Organization – ISO

Invocation

An act of declaring that an organization’s business continuity plan needs to be put into effect in order to continue delivery of key products or services.

Source: International Standards Organization – ISO

>Maximum Tolerable Period of Disruption

The duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.

Source: International Standards Organization – ISO

Nonconformity

The non-fulfillment of a requirement.  A nonconformity can be any deviation from relevant work standards, practices, procedures, legal requirements, etc.

Source: International Standards Organization – ISO

Emergency planning

The development and maintenance of agreed procedures to prevent, reduce, control, mitigate and take other actions in the event of a civil emergency.

Source: International Standards Organization – ISO

Likelihood

The chance of something happening, whether defined, measured or estimated objectively or subjectively, or in terms of general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities.  Likelihood can be expressed qualitatively or quantitatively.  The word “probability” can be used instead of “likelihood” in some non-English languages that have no direct equivalent.

Source: International Standards Organization – ISO

Pin It on Pinterest