February 5, 2012

Posts Comments

You are here: Home / Archives for Tools & Resources

General Business Continuity Standard Terms Puzzle

August 18, 2011 By 2 Comments

You are free to use this puzzle as a learning tool to help business continuity planners and PS-Prep compliance team members become more familiar with the general terms used in most business continuity related standards or business continuity managment system (BCMS) frameworks.

This interactive crossword puzzle requires JavaScript and a reasonably recent web browser, such as Internet Explorer 5.5 or later, Netscape 7, Mozilla, Firefox, or Safari. If you have disabled web page scripting, please re-enable it and refresh the page. If this web page is saved to your computer, you may need to click the yellow Information Bar at the top of the page to allow the puzzle to load.
0:00:00 EclipseCrossword © 2000-2007
WordPress Integration by Eclipse Crossword Integration
 

Questions

Across

  • 1. business continuity plan
  • 2. the target time for resuming the delivery of a product or service to an acceptable level following its disruption
  • 3. means of delivering value for the customer by facilitating results the customer wants to achieve
  • 4. documented agreement between the service provider and the customer
  • 5. manage system to direct and control the service management activities of the service provider
  • 6. occurrence or change of a particular set of circumstances
  • 7. an unstable condition that requires urgent action to protect life, assets or the environment
  • 8. business continuity management
  • 9. American Society for Industrial Security
  • 10. the target set for the status and availability of data at the start of a recovery process
  • 11. Possible source of danger
  • 12. U.S. agency responsible for responding to wide area disasters and emergencies.
  • 13. National Emergency Management Association - U.S.
  • 14. National Fire Protection Association

Down

  • 15. root cause of one or more incidents
  • 16. negative consequence
  • 17. detailed performance requirement applicable to the organization
  • 18. benchark measurement based on objectives, targets and defined industry standards
  • 19. sets the tone for an organization, influencing the consciousness of its people
  • 20. fulfillment of a requirement in a Management Systems context.
  • 21. an activity that is performed to evaluate the effectiveness or capabilities of a plan relative to specified objectives or measurement criteria
  • 22. maximum tolerable outage
  • 23. business continuity management system
  • 24. maximum acceptable outage
  • 25. capability assessment for readiness
  • 26. Evaluated consequence of a particular outcome
  • 27. hazardous operation

Top Times

  1. Time: by autoversicherungen schweiz on 2011-10-05
  2. Time: 0:09:05 by MDC708 on 2011-09-13

Click here to view the puzzle.

 

Filed Under: Crossword Puzzles Tagged With: , , , , , ,

Business Continuity Plan Template – A Vital Tool In Business Continuity Planning

July 23, 2011 By Leave a Comment
Business continuity plan template

Image via Wikipedia

What is a Business Continuity Plan Template?

Every business, big or small have or should have a business continuity plan in place. This is something that no business should miss because without it, the company is risking the survival of the whole business in the event of a disaster. The inability to keep the computers running because of natural disasters like earthquakes or typhoon is not a good excuse, especially if a client is paying you a lot of money to maintain their servers and database and if you are an Internet services company that require a 24/7 visibility. But for some newly established firms, creating this plan is difficult, especially if no one in the company is already experienced to make one. This is where a business continuity plan template becomes useful.

A business continuity plan template is a model which you can refer to and even edit to fit your company’s plan or goals. How can you keep the business running in case something happens? What are you going to do so no information is compromised in case a disaster happens in the building? How long will you be able to put the systems back after an earthquake? These are some questions that need to be answered in a business continuity plan. Basically this template details your back up and disaster recovery plan in any situation. It also summarizes who will be responsible or what team will take care of what area in case something unimaginable happens. For companies, having a proper plan in place spells the difference between success and failure, thus, it is imperative to make an effective plan with the help of a useful business continuity plan template.

Guide in Creating Business Continuity Planning Templates

A business continuity planning template, just like any module, has crucial parts. Although there are some parts that should be specifically for your company only, there are basic parts that must be in every plan. There are templates that can be found and downloaded from the Internet, you can even buy software that has different templates. However, it is crucial that you know the things to look for in a template or software when choosing one. Here are some of the things that you need to find in a template, if one of them is missing, then you can just add it to your plan, again, depending on what your company needs.

The company logo or name, distribution list and references are the first things that must be found in a plan. This will explain who will be accountable in executing the plan, who will be in charge of updating it as well as building policy and legislation guidelines such as an earthquake evacuation plan.

Inventory or initial information should be asked in the template. How many staff members can work for this plan, the number of computers you have, the information you have on your database, all other devices and the number of sites should be accounted for to ensure that everything will have a back up and to make sure that everything and everybody will be mobilized in case any difficult situation happens.

Emergency response management should also be found in a business continuity template. This tells when the plan will be activated and what situations should you consider as an emergency.

Another thing that a template should have are flow diagrams. It is easier to understand diagrams and graphs, than a document with pure text. This will also help in mapping out the steps that every team should take. Relocating steps, recovering operations and other instructions should have corresponding diagrams to follow for easier recall.

A glossary or list of terms should also be there as everyone must be on the same page and must understand each other in order for the plan to be communicated well.

These parts should be found in business continuity plan templates. You may add some though if you wish and if you deem it necessary. However having this template is not an assurance that it will work. There are still more things to do to ensure that this plan or template is going help you in case a disaster strikes.

Ensuring the Effectiveness of Your Business Continuity Planning Template

But what consists a highly effective business continuity planning template, you may ask. The first thing to check to ensure its effectiveness is its completeness. Make sure that all the fields are there, ask yourself whether all the questions or needs of your company are going to be met by the template. It is not necessary that you follow the template to the T. Feel free to add something as it really depends on what you think is required and what will work best to your firm.

The assumptions in the template should lean more on the danger side, meaning you should be assuming that the worst can happen, hence, preparing you for the worst. Example, since all telephone calls should be diverted to another site when something happens, you should already put in the plan that you need to make arrangements with the telephone company as soon as possible. Underestimating the enormity of a potential scenario and assuming that the plan can be executed easily during the day the problem arises may compromise your company.

Another thing that the template or plan should have is a detailed information of who will do what. Making an assumption that people already know the plan is a dangerous thing. Information should be disseminated in the whole company. Everyone should have an idea on what is their participation in making the plan happen. In line with this, to make sure that everybody understands how to execute the plan, testing must be done. According to an article by Acutest CEO Barry Varley, testing should be done in ‘high likelihood’ and ‘high impact’ environment. Again, test in the most difficult environment and do not take it lightly.

Lastly, make sure that your company revise and improve the plan regularly. Creating it with a template does not mean that it is a one off deal. You must adjust it according to your firm’s current situation. Example if you think that in a given time, higher security is needed, then make an adjustment according to that need. Not adapting the plan according to your company’s situation can break the purpose of the template.

In conclusion, a business continuity plan template can be used in your business as a tool in drafting a business continuity plan. However, take time to as alter the content of template to accommodate your company’s requirement. Reviewing, testing and assuming on high impact scenarios are essential to make the plan complete. A template is only a guide, a standard but it does not mean that it is the end-all and be-all of your business continuity plan.

Enhanced by Zemanta

Filed Under: First Timers, Risk Management Tagged With: , , , , ,

Career Options and the PS-Prep Program

July 28, 2010 By Leave a Comment

An educational free Webinar to introduce potential audit candidates to employment opportunities in the Private Sector Preparedness Program. Non-profit organizations Association of Contingency Planners and Continuity Compliance are sponsors.

Filed Under: PS-Prep Program, Tools & Resources

Frequently Asked Questions:

October 12, 2009 By Leave a Comment

Q. What is the idea behind the Continuity Compliance website?

A. Continuity Compliance is an expert or “authority” site dedicated to the areas of Security, Regulatory Compliance, and Business Continuity. Various professionals periodically contribute new material not found elsewhere, to the site. The ambition of the site is to be the first place you go when you have a question about a variety of security, compliance or business continuity topics. 

As a community-driven website, the people behind Continuity Compliance are very interested in hearing from you on ways it could be improved.

**********

Q. What topics are addressed on the website?

 Continuity Compliance spends a tremendous amount of energy updating and maintaining its content. On the site you will find articles, white papers, presentations and a vast array of reference links and tools. The following is a partial list of the topics currently receiving attention at www.ContinuityCompliance.org.

 

Business Continuity ManagementRisk Management

Organizational Resilience

Physical security

Information security plans

  Security Risk ManagementRegulatory Compliance

Compliance Risk Assessment

Business Continuity Guidelines

Certification Audits

 

  Information securityBusiness Impact Analysis

Disaster Recovery Planning

Table Top Plan Testing

Environmental Security

 **********

Q. Who contributes to the site?

This is an all volunteer site. No one receives a salary for contributing information or helping to maintain the site. The cost of keeping the site current is covered by advertising.

**********

Q. Is there a membership charge?

There is no membership fee to use the site or its resources. This said, we do ask that you respect the copyrights of our contributors where they exist.

**********

Filed Under: FAQs Tagged With: , , , , , ,

Community Toolbox

September 28, 2009 By Leave a Comment

One of the objectives of this website is to provide its readers with tools, resources, and information regarding business continuity and contingency planning for organizations ranging in size from the enterprise level to the small business category, but, also to include even the micro businesses and/or single proprietor owned home-based businesses.

This area of our website has been labeled the “Community Sandbox” to illustrate the intent of using an area to allow input from our readers to view a proposed project tool or resource, test that tool or resource in real time, and then be part of the community contribution to suggest ways and methods to improve that tool or resource, and, finally allow that ongoing improvement process to deliver a best of class tool or resource back to the readers of this site.

As defined by Wikipedia, the free encyclopedia, a “sandbox” is a testing environment that allows changes and experimentation to take place in an isolated environment where it is safe to make modifications and improvements until a final output is produced.

It is the goal of this site to create such a “sandbox” environment, and promote a community sharing spirit that will attempt to answer the most pressing needs and wants of its users, and then, provide a methodology to answer those needs and wants with community created, relevant, value-added and simple to use tools and resources.

The first tool to be developed in this environment will address the necessity of having to perform a Business Impact Analysis in or for an organization.

The output of this request will involve first a presentation of relevant information related to the objective.  In this case, it is a white paper on the subject written by Don Byrne, a contributing editor and writer to this site.  And, then a simple BIA Work Effort Calculator developed by Lisa DuBrock, also a contributing editor for this site.  This Calculator was developed utilizing information received from consultants, which detailed their BIA development experiences.

We encourage our readers to review this information, test this calculator and then share their comments, their suggestions for improvement and their ideas for making an even more valuable tool that will then be shared with our community of readers.

We also welcome additional writers and others to contribute their ideas for making this BIA Work Effort Calculator the benchmark of excellence in the business continuity industry.

Filed Under: Tools & Resources Tagged With: , , , ,

Business Continuity & Business Compliance Terms (Cont. 1)

August 27, 2009 By Leave a Comment

Compliance
Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practiceslegislation, prescribed rules and regulations, specified standards, or the terms of a contract.

Copyright©2009 BusinessDictionary.com

Compliance audit
Audit undertaken to confirm whether a firm is following the terms of an agreement (such as a bond indenture), or the rules and regulations applicable to an activity or practice prescribed by an external agency or authority.

Copyright©2009 BusinessDictionary.com

Compliance test
Audit undertaken to confirm whether a firm is following the rules and regulations (prescribed by its internal authority or control system) applicable to an activity or practice. See also substantive test.

Copyright©2009 BusinessDictionary.com

Conformance
Certification or confirmation that a good, service, or conduct meets the requirements of legislation, accepted practices, prescribed rules and regulations, specified standards, or terms of a contract.

Copyright©2009 BusinessDictionary.com

Supplier quality assurance
Confidence in a supplier’s ability to deliver a good or service that will satisfy the customer’s needs. Achievable through interactive relationship between the customer and the supplier, it aims at ensuring the product’s ‘fit’ to the customer’s requirements with little or no adjustment or inspection. The US quality guru Joseph Moses Juran (born 1904 in Romania ) divides the supplier quality assurance process into nine steps: (1) definition of the product’s   quality requirements, (2) evaluation of alternative suppliers. (3) selection of the most appropriate supplier, (4) conduction of joint quality planning, (5) cooperation during relationship period, (6) validation of conformance to requirements, (7) certification of qualified suppliers, (8) conduction of quality improvement plans, (9) creation and use of supplier ratings.

Copyright©2009 BusinessDictionary.com

Conflict resolution
Intervention aimed at alleviating or eliminating discord through conciliation.

Copyright©2009 BusinessDictionary.com
Scope of work

Chronological division of work to be performed under a contract or subcontract in the completion of a project. Also called work scope.

Copyright©2009 BusinessDictionary.com

Work scope
Alternative term for scope of work.

Copyright©2009 BusinessDictionary.com

Information security
Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.

Copyright©2009 BusinessDictionary.com

Inherent risk
Probability of loss arising out of circumstances or existing in an environment.

Copyright©2009 BusinessDictionary.com

Risk mitigation
Systematic reduction in the extent of exposure to a risk and/or the likelihood of its occurrence. Also called risk reduction.

Copyright©2009 BusinessDictionary.com

Business continuity
Ability of the key operations of a firm to continue without stoppage, irrespective of the adverse circumstances or events.

Copyright©2009 BusinessDictionary.com

Business continuity planning (BCP)
Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm’s key operations in the event of an accidentdisasteremergency, and/or threat. It involves (1) risk mitigation planning (reducing possibility of the occurrence of adverse events), and (2) business recovery planning (i.e. ensuring continued operation in the aftermath of a disaster).

Copyright©2009 BusinessDictionary.com

Business continuity program
Ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidentsdisastersemergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis.

Copyright©2009 BusinessDictionary.com

Business risk
Probability of loss inherent in a firm’s operations and environment (such as competition and adverse economic conditions) that may impair its ability to provide returns on investment. Business risk plus the financial risk arising from use of debt (borrowed capital and/or trade credit) equal total corporate risk.

Copyright©2009 BusinessDictionary.com

Disaster recovery
Process of returning an organization, society, or system to a state of normality after the occurrence of a disastrous event.

Copyright©2009 BusinessDictionary.com

Operational risk
Probability of loss occurring from the internal inadequacies of a firm or a breakdown in its controlsoperations, or procedures.

Copyright©2009 BusinessDictionary.com

System testing
The process of performing a variety of tests on a system to explore functionality or to identify problems. System testing is usually required before and after a system is put in place. A series of systematic procedures are referred to while testing is being performed. These procedures tell the tester how the system should perform and where common mistakes may be found. Testers usually try to “break the system” by entering data that may cause the system to malfunction or return incorrect information. For example, a tester may put in a city in a search engine designed to only accept states, to see how the system will respond to the incorrect input.

Copyright©2009 BusinessDictionary.com

System analysis
Use of experimental approach (simulation) in understanding the behavior of an economymarket, or other complex phenomenon where mathematical analysis techniques are inadequate or unfeasible. See also system dynamics and systems analysis.

Copyright©2009 BusinessDictionary.com

System dependability
Probability that a computer or other system will perform its intended functions in its specified environment without significant degradation.

Copyright©2009 BusinessDictionary.com

Quality management system (QMS)
Collective policiesplanspractices, and the supporting infrastructure by which an organization aims to reduce and eventually eliminate non-conformance to specifications, standards, and customer expectations in the most cost effective and efficient manner.

Copyright©2009 BusinessDictionary.com

Niche marketing

This is the practice of concentrating all marketing efforts on a small but specific and well defined segment of the population. Niches do not ‘exist’ but are ‘created’ by identifying needs, wants, and requirements that are being addressed poorly or not at all by other firms, and developing and delivering goods or services to satisfy them. As a strategy, niche marketing is aimed at being a big fish in a small pond instead of being a small fish in a big pond.

Copyright©2009 BusinessDictionary.com

Regulations

A type of “delegated legislation” promulgated by a state, federal or local administrative agency given authority to do so by the appropriate legislature.  Regulations generally are very specific in nature; they are also referred to as “rules” or simply “administrative law.”

Source: Georgetown Law School

Best Practices

Methods and techniques that have consistently shown results more superior than those achieved with other means, and which are used as benchmarks to strive for.

Source: Business Dictionary, COM

Standards

Documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

Source: International Standards Organization – ISO

Spoliation

Spoliation, in a legal context, is any act that renders potential evidence invalid, either intentionally or through negligence. In the case of a document, for example, destroying, altering or hiding it would all be considered spoliation if the document were relevant to current litigation.

Spoliation is illegal in many countries, including the United States, and is punishable by fine and/or incarceration. Furthermore, the legal system has established through case law that when spoliation has occurred it may be inferred that the evidence was unfavorable to the responsible party. As a result, that inference may be factored into the decision of the case.

Spoliation comes from the Latin spoliare, meaning to plunder. The use of the word in its current legal context dates back to a Roman rule of conduct, Omnia praesumuntur contra spoliatorem, which translates, roughly, as “Let everything be presumed against the spoiler of evidence.”

SearchCIO.com Definitions (Powered by WhatIs.com)

Cold site

In business continuity planning, empty building equipped with electric power, air conditioning, telephone connections, water, etc., but without computers, office equipment, and furniture. A cold site provides a less timely response to a disaster because it must be converted into a hot-site for use.

Source: Business Dictionary, COM

Hot site

Fully-equipped alternative computer center, office, work space or industrial facility that can be made immediately available to continue critical business functions affected by a disaster at the primary location. See also cold site and warm site.

Source: Business Dictionary, COM

Internal Audit

An audit conducted by, or on behalf of, the organization itself for management review and other internal purposes, and which might form the basis for an organization’s self-declaration of conformity.

Source: International Standards Organization – ISO

Organization

A group of people and facilities with an arrangement of responsibilities, authorities and relationships.  An organization can be public or private.

Source: International Standards Organization – ISO

Process

A set of interrelated or interacting activities which transforms inputs into outputs.

Source: International Standards Organization – ISO

Recovery time objective (RTO)

A target time set for resumption of product, service or activity delivery after an incident.

Source: International Standards Organization – ISO

Resiliency

The ability of an organization to resist being affected by an incident.

Source: International Standards Organization – ISO

System

A set of interrelated or interacting elements.

Source: International Standards Organization – ISO

Incident

A situation that might be, or could lead to, a business disruption, loss, emergency or crisis.

Source: International Standards Organization – ISO

Critical activities

Those activities which have to be performed in order to deliver the key products and services which enable an organization to meet its most important and time-sensitive objectives.

Source: International Standards Organization – ISO

Consequence

The outcome of an incident that will have an impact on an organization’s objectives.  There can be a range of consequences from one incident.  A consequence can be certain or uncertain and can have positive or negative impact on objectives.

Source: International Standards Organization – ISO

Cost-benefit analysis

A financial technique that measures the cost of implementing a particular solution and compares this with the benefit delivered by that solution.  The benefit may be defined in financial, reputational, service delivery, regulatory or other terms appropriate to the organization.

Source: International Standards Organization – ISO

Disruption

An event, whether anticipated or unanticipated, which causes an unplanned, negative deviation from the expected delivery of products or services according to the organization’s objectives.

Source: International Standards Organization – ISO

Exercise

An activity in which the business continuity plan(s) is rehearsed in part or in whole to ensure that the plan(s) contains the appropriate information and produces the desired results when put into effect.  An exercise can involve invoking business continuity procedures, but is more likely to involve the simulation of a business continuity incident, announced or unannounced, in which participants role-play in order to assess what issues might arise, prior to a real invocation.

Source: International Standards Organization – ISO

Invocation

An act of declaring that an organization’s business continuity plan needs to be put into effect in order to continue delivery of key products or services.

Source: International Standards Organization – ISO

>Maximum Tolerable Period of Disruption

The duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.

Source: International Standards Organization – ISO

Nonconformity

The non-fulfillment of a requirement.  A nonconformity can be any deviation from relevant work standards, practices, procedures, legal requirements, etc.

Source: International Standards Organization – ISO

Emergency planning

The development and maintenance of agreed procedures to prevent, reduce, control, mitigate and take other actions in the event of a civil emergency.

Source: International Standards Organization – ISO

Likelihood

The chance of something happening, whether defined, measured or estimated objectively or subjectively, or in terms of general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities.  Likelihood can be expressed qualitatively or quantitatively.  The word “probability” can be used instead of “likelihood” in some non-English languages that have no direct equivalent.

Source: International Standards Organization – ISO

Filed Under: Community Projects, Glossary, Tools & Resources Tagged With: ,

Business Continuity & Business Compliance Terms

August 24, 2009 By 4 Comments

Audit:

au·dit (ôdt)

n.

1. An examination of records or financial accounts to check their accuracy.

2. An adjustment or correction of accounts.

3. An examined and verified account.

v. au·dit·ed, au·dit·ing, au·dits

v.tr.

1. To examine, verify, or correct the financial accounts of: Independent accountants audit the company annually. The IRS audits questionable income tax returns.

2. To attend (a course) without requesting or receiving academic credit.

v.intr.

To examine financial accounts.

[Middle English (influenced by auditor, auditor), from Latin audtus, a hearing, from past participle of audre, to hear; see au- in Indo-European roots.]

au dit·a·ble adj.

The American Heritage® Dictionary of the English Language, Fourth Edition copyright ©2000 by Houghton Mifflin Company. Updated in 2009. Published by Houghton Mifflin Company. All rights reserved.

Audit Business Continuity

An organization should provide for the independent audit if its Business Continuity Management system’s competence and capability to identify actual and potential shortcomings.  It should establish, implement and maintain procedures for dealing with these.  Independent audits should be conducted by competent persons, whether internal or external

Source:  BS25999-1:2006; 9.5.5

Business Continuity

Business Continuity is the strategic capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level.

Source:  BS25999-1:2006; 2.2

Business Continuity Institute

The Business Continuity Institute (BCI) was established in 1994 to enable individual members to obtain guidance and support from fellow business continuity practitioners. The BCI currently has over 4000 members in 85+ countries.

Professional membership of the BCI provides internationally recognized status as this valued certification demonstrates the members’ competence to carry out business continuity management (BCM) to a consistent high standard.

In order to apply for full membership of the Institute it is necessary to first obtain a ‘Pass with Merit’ of the Certificate of the Business Continuity Institute. Following the introduction of the BCI Certificate in 2007, a non-membership credential was launched in April 2008 – CBCI. Holders of the CBCI have achieved success in the BCI Certificate demonstrating a through knowledge and understanding of the BCI’s Good Practice Guidelines. Holders of the CBCI may proceed to professional membership of the BCI if they can also prove practical experience of BCM to supplement their knowledge and understanding.

2007 also saw the launch of the BCI Partnership enabling organizations to work more closely with the Business Continuity Institute to deliver the overall BCI mission of:

Promoting the art and science of business continuity management worldwide

The wider role of the BCI and the BCI Partnership is to promote the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and services.

The BCI is the world’s most eminent BCM institute and the name is instantly recognized as standing for good practice and professionalism.

From:  Wikipedia, the free Encyclopedia

Business Continuity Management

Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

Additionally, it involves managing the recovery or continuation of business activities in the event of a business disruption, and management of the overall program through training, exercises and reviews to ensure the business continuity plan(s) stays current and up-to-date.

Source:  BS25999-1:2006; 2.3

Business Continuity Manager

The individual in charge of a group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster.

Disaster Recovery Journal (DRJ)

Business Continuity Methodology

A holistic process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of that organization’s key stakeholders, reputation, brand and value creating activities.

Business Continuity Plan

A Business Continuity Plan (BCP) is a documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable pre-defined level.

Source:  BS25999-1:2006; 2.6

Business Continuity Planning

Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

In plain language, BCP is working out how to stay in business in the event of disaster. Incidents include local incidents like building fires, regional incidents like earthquakes, or national incidents like pandemic illnesses.

BCP may be a part of an organizational learning effort that helps reduce operational risk associated with lax information management controls. This process may be integrated with improving information security and corporate reputation risk management practices.

In December 2006, the British Standards Institution (BSI) released a new independent standard for BCP — BS 25999-1. Prior to the introduction of BS 25999, BCP professionals relied on BSI information security standard BS 7799, which only peripherally addressed BCP to improve an organization’s information security compliance. BS 25999′s applicability extends to organizations of all types, sizes, and missions whether governmental or private, profit or non-profit, large or small, or industry sector.

In 2007, the BSI published the second part, BS 25999-2 “Specification for Business Continuity Management”, that specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS).

In 2004, the United Kingdom enacted the Civil Contingencies Act 2004, a statute that instructs all emergency services and local authorities to actively prepare and plan for emergencies. Local authorities also have the legal obligation under this act to actively lead promotion of business continuity practices amongst its geographical area.

From:  Wikipedia, the free Encyclopedia

Business Continuity Process

That process that provides guidance on good practices that cover the whole Business Continuity Management (BCM) lifecycle and combines five (5) key elements: (1) Understanding your business, (2) BCM strategies, (3) Developing a BCM response, (4) Establishing a BCM culture, and (5) Exercising, Maintenance and Audit.

Disaster Recovery Journal (DRJ)

Business Continuity Strategy

An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage.  Plans and methodologies are determined by the organization’s strategy.  There may be more than one solution to fulfill an organization’s strategy.  Examples: Internal or external hot-site, or cold site, Alternate Work Area reciprocal agreement, Mobile Recovery, Quick Ship / Drop Ship, Consortium-based solutions, etc.

Disaster Recovery Journal (DRJ)

Business Impact Analysis (BIA)

A process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that might result if an organization was to experience a business continuity event.

Disaster Recovery Journal (DRJ)

Compliance

-noun

1.            the act of conforming, acquiescing, or yielding.

2.            a tendency to yield readily to others, esp. in a weak and subservient way

3.            conformity; accordance; in compliance with orders.

4.            cooperation or obedience: Compliance with the law is expected of all.

5.            Physics: (a) the strain of an elastic body expressed as a function of the force producing the strain; and (b) a coefficient expressing the responsiveness of a mechanical system to a periodic force.

Based on the Random House Dictionary. © Random House, Inc. 2009

Contingency Plan

A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations.

Disaster Recovery Journal (DRJ)

Contingency Planning

A process of developing advanced arrangements and procedures that enable an organization to respond to an undesired event that negatively impacts the organization.

Disaster Recovery Journal (DRJ)

Crisis Management

The overall coordination of an organization’s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organizations’ profitability, reputation, and ability to operate.

Disaster Recovery Journal (DRJ)

Disaster Recovery

The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions.

Disaster Recovery Journal (DRJ)

Disaster Recovery Training

Methods, classes and/or coursed that teach you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster. 

Information Security

The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization.

Disaster Recovery Journal (DRJ)

Information Security Policy

A guideline document written by an organization intended to help it’s employees determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of the organization without proper authorization.

SANS Institute

Risk Analysis

The process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls.  Risk analysis often involves an evaluation of the probabilities of a particular event.

Disaster Recovery Journal (DRJ)

Risk Assessment

The process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls.  Risk analysis often involves an evaluation of the probabilities of a particular event.

Disaster Recovery Journal (DRJ)

Risk Management

The culture and processes and structures that are put in place to effectively manage potential negative events.  As it is not possible or desirable to eliminate all risk, the objective is to reduce risks to an acceptable level.

Disaster Recovery Journal (DRJ)

Security

security. (n.d.). The Free On-line Dictionary of Computing. Retrieved, from Dictionary.com website: http://dictionary.reference.com/browse/security

security. Dictionary.com. The Free On-line Dictionary of Computing. Denis Howe. http://dictionary.reference.com/browse/security .

“security.” The Free On-line Dictionary of Computing. Denis Howe. 13 Aug. 2009. <Dictionary.com http://dictionary.reference.com/browse/security>.

Dictionary.com, “security,” in The Free On-line Dictionary of Computing. Source location: Denis Howe. http://dictionary.reference.com/browse/security. Available: http://dictionary.reference.com.

BibTeX Bibliography Style (BibTeX)

@article {Dictionary.com2009,
title = {The Free On-line Dictionary of Computing},
month = {Aug},
day = {13},
year = {2009},
url = {http://dictionary.reference.com/browse/security},

Filed Under: Community Projects, Glossary, Tools & Resources Tagged With: , ,