Audit:

au·dit (ôdt)

n.

1. An examination of records or financial accounts to check their accuracy.

2. An adjustment or correction of accounts.

3. An examined and verified account.

v. au·dit·ed, au·dit·ing, au·dits

v.tr.

1. To examine, verify, or correct the financial accounts of: Independent accountants audit the company annually. The IRS audits questionable income tax returns.

2. To attend (a course) without requesting or receiving academic credit.

v.intr.

To examine financial accounts.


[Middle English (influenced by auditor, auditor), from Latin audtus, a hearing, from past participle of audre, to hear; see au- in Indo-European roots.]

au dit·a·ble adj.

The American Heritage® Dictionary of the English Language, Fourth Edition copyright ©2000 by Houghton Mifflin Company. Updated in 2009. Published by Houghton Mifflin Company. All rights reserved.

Audit Business Continuity

An organization should provide for the independent audit if its Business Continuity Management system’s competence and capability to identify actual and potential shortcomings.  It should establish, implement and maintain procedures for dealing with these.  Independent audits should be conducted by competent persons, whether internal or external

Source:  BS25999-1:2006; 9.5.5

Business Continuity

Business Continuity is the strategic capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level.

Source:  BS25999-1:2006; 2.2

Business Continuity Institute

The Business Continuity Institute (BCI) was established in 1994 to enable individual members to obtain guidance and support from fellow business continuity practitioners. The BCI currently has over 4000 members in 85+ countries.

Professional membership of the BCI provides internationally recognized status as this valued certification demonstrates the members’ competence to carry out business continuity management (BCM) to a consistent high standard.

In order to apply for full membership of the Institute it is necessary to first obtain a ‘Pass with Merit’ of the Certificate of the Business Continuity Institute. Following the introduction of the BCI Certificate in 2007, a non-membership credential was launched in April 2008 – CBCI. Holders of the CBCI have achieved success in the BCI Certificate demonstrating a through knowledge and understanding of the BCI’s Good Practice Guidelines. Holders of the CBCI may proceed to professional membership of the BCI if they can also prove practical experience of BCM to supplement their knowledge and understanding.

2007 also saw the launch of the BCI Partnership enabling organizations to work more closely with the Business Continuity Institute to deliver the overall BCI mission of:

Promoting the art and science of business continuity management worldwide

The wider role of the BCI and the BCI Partnership is to promote the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and services.

The BCI is the world’s most eminent BCM institute and the name is instantly recognized as standing for good practice and professionalism.

From:  Wikipedia, the free Encyclopedia

Business Continuity Management

Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

Additionally, it involves managing the recovery or continuation of business activities in the event of a business disruption, and management of the overall program through training, exercises and reviews to ensure the business continuity plan(s) stays current and up-to-date.

Source:  BS25999-1:2006; 2.3

Business Continuity Manager

The individual in charge of a group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster.

Disaster Recovery Journal (DRJ)

Business Continuity Methodology

A holistic process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of that organization’s key stakeholders, reputation, brand and value creating activities.

Business Continuity Plan

A Business Continuity Plan (BCP) is a documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable pre-defined level.

Source:  BS25999-1:2006; 2.6

Business Continuity Planning

Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

In plain language, BCP is working out how to stay in business in the event of disaster. Incidents include local incidents like building fires, regional incidents like earthquakes, or national incidents like pandemic illnesses.

BCP may be a part of an organizational learning effort that helps reduce operational risk associated with lax information management controls. This process may be integrated with improving information security and corporate reputation risk management practices.

In December 2006, the British Standards Institution (BSI) released a new independent standard for BCP — BS 25999-1. Prior to the introduction of BS 25999, BCP professionals relied on BSI information security standard BS 7799, which only peripherally addressed BCP to improve an organization’s information security compliance. BS 25999’s applicability extends to organizations of all types, sizes, and missions whether governmental or private, profit or non-profit, large or small, or industry sector.

In 2007, the BSI published the second part, BS 25999-2 “Specification for Business Continuity Management”, that specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS).

In 2004, the United Kingdom enacted the Civil Contingencies Act 2004, a statute that instructs all emergency services and local authorities to actively prepare and plan for emergencies. Local authorities also have the legal obligation under this act to actively lead promotion of business continuity practices amongst its geographical area.

From:  Wikipedia, the free Encyclopedia

Business Continuity Process

That process that provides guidance on good practices that cover the whole Business Continuity Management (BCM) lifecycle and combines five (5) key elements: (1) Understanding your business, (2) BCM strategies, (3) Developing a BCM response, (4) Establishing a BCM culture, and (5) Exercising, Maintenance and Audit.

Disaster Recovery Journal (DRJ)

Business Continuity Strategy

An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage.  Plans and methodologies are determined by the organization’s strategy.  There may be more than one solution to fulfill an organization’s strategy.  Examples: Internal or external hot-site, or cold site, Alternate Work Area reciprocal agreement, Mobile Recovery, Quick Ship / Drop Ship, Consortium-based solutions, etc.

Disaster Recovery Journal (DRJ)

Business Impact Analysis (BIA)

A process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that might result if an organization was to experience a business continuity event.

Disaster Recovery Journal (DRJ)

Compliance

-noun

1.            the act of conforming, acquiescing, or yielding.

2.            a tendency to yield readily to others, esp. in a weak and subservient way

3.            conformity; accordance; in compliance with orders.

4.            cooperation or obedience: Compliance with the law is expected of all.

5.            Physics: (a) the strain of an elastic body expressed as a function of the force producing the strain; and (b) a coefficient expressing the responsiveness of a mechanical system to a periodic force.

Based on the Random House Dictionary. © Random House, Inc. 2009

Contingency Plan

A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations.

Disaster Recovery Journal (DRJ)

Contingency Planning

A process of developing advanced arrangements and procedures that enable an organization to respond to an undesired event that negatively impacts the organization.

Disaster Recovery Journal (DRJ)

Crisis Management

The overall coordination of an organization’s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organizations’ profitability, reputation, and ability to operate.

Disaster Recovery Journal (DRJ)

Disaster Recovery

The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions.

Disaster Recovery Journal (DRJ)

Disaster Recovery Training

Methods, classes and/or coursed that teach you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster. 

Information Security

The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization.

Disaster Recovery Journal (DRJ)

Information Security Policy

A guideline document written by an organization intended to help it’s employees determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of the organization without proper authorization.

SANS Institute

Risk Analysis

The process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls.  Risk analysis often involves an evaluation of the probabilities of a particular event.

Disaster Recovery Journal (DRJ)

Risk Assessment

The process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls.  Risk analysis often involves an evaluation of the probabilities of a particular event.

Disaster Recovery Journal (DRJ)

Risk Management

The culture and processes and structures that are put in place to effectively manage potential negative events.  As it is not possible or desirable to eliminate all risk, the objective is to reduce risks to an acceptable level.

Disaster Recovery Journal (DRJ)

Security

security. (n.d.). The Free On-line Dictionary of Computing. Retrieved, from Dictionary.com website: http://dictionary.reference.com/browse/security

security. Dictionary.com. The Free On-line Dictionary of Computing. Denis Howe. http://dictionary.reference.com/browse/security .

“security.” The Free On-line Dictionary of Computing. Denis Howe. 13 Aug. 2009. <Dictionary.com http://dictionary.reference.com/browse/security>.

Dictionary.com, “security,” in The Free On-line Dictionary of Computing. Source location: Denis Howe. http://dictionary.reference.com/browse/security. Available: http://dictionary.reference.com.

BibTeX Bibliography Style (BibTeX)

@article {Dictionary.com2009,
title = {The Free On-line Dictionary of Computing},
month = {Aug},
day = {13},
year = {2009},
url = {http://dictionary.reference.com/browse/security},

Pin It on Pinterest