Glossary

We have prepared a glossary of common terms for your convenience. These terms have been extracted from various sources. Just click on the alphabet of the term you are looking for to find the definition.

We shall be updating these terms from time to time so please visit us to get the latest updates.

You will find at the end of the definition there will be an abbreviation within bracket. This indicates the source of that definition. At times a single term may have different definition from different sources. We have included it for your benefits.

Below is the meaning for each abbreviation:

  • BCI  -  Business Continuity Institute, UK
  • DRII - Disaster Recovery Institute International, US
  • BCMI - Business Continuity Management Institute, Singapore
  • MS1970 - Business Continuity Management Framework, Department of Standards Malaysia
  • ASIS International – Organization for security professionals.
Recovery Point Objective (RPO)


The point in time to which systems and data is required to be recovered after an outage. RPOs are often used as the basis for the development of backup strategies and as a determinant of the amount of data that may need to be recreated after a system or function have been recovered. (MS 1970)

The point in time to which work should be restored following a Business Continuity E/I/C that interrupts/ disrupts the business e.g. ‘start of day’. (BCI)

The point in time to which systems and data must be recovered after an outage. (E.g. end of previous day’s processing). RPOs are often used as the basis for the development of backup strategies and as a determinant of the amount of data that may need to be recreated after the systems or functions have been recovered. (DRII)
Recovery Time Objective (RTO)


The period of time within which systems, application, or functions are required to be recovered after an outage. RTOs are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. (MS 1970)

An essential output from the BIA that identifies the time by which Mission Critical Activities and/or their dependencies must be recovered.
See: BIA, Dependencies, And Mission Critical Activities. (BCI)

The period of time within which systems, applications, or functions must be recovered after an outage (e.g. one business day). RTOs are often used as the basis for the development of recovery strategies and as a determinant as to whether or not to implement the recovery strategies during a disaster situation.
Similar Terms: Maximum Allowable Downtime. (DRII)

 
Residual Risks

The levels of uncontrolled risk remaining after all cost-effective actions have been taken to lessen the impact and probability of a specific risk or group of risks, subject to the organisation’s risk appetite.
See: Inherent Risk, Risk Appetite. (BCI)
 
Resilience

The ability of an organisation, staff, system, network, activity or process to absorb the impact of a business interruption, disruption and/or loss and continue to provide a minimum acceptable level of service.
See: Level of Business Continuity (LBC), Component Failure. (BCI)
 
Response


The reaction to a Business Continuity E/I/C in order to assess the level of containment and control activity required. (BCI)

The reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required. In addition to addressing matters of life safety and evacuation, Response also addresses the policies, procedures and actions to be followed in the event of an emergency. 1) The step or stage that immediately follows a disaster event where actions begin as a result of the event having occurred.
Similar Terms: Emergency Response, Disaster Response, Immediate Response and Damage Assessment. (DRII)
 
Restoration

Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents and for the restoration of normal operations at the primary site. (DRII)
Resumption


The implementation of steps to enable the recovery and continuity of an organisation’s Mission Critical Activities and/or their dependencies immediately following a Business Continuity E/I/C. (BCI)

The process of planning for and/or implementing the restarting of defined business operations following a disaster, usually beginning with the most critical or time-sensitive functions and continuing along a planned sequence to address all identified areas required by the business.. 1) The step or stage after the impacted infrastructure, data, communications and environment has been successfully re-established at an alternate location. (DRII)
Risk


Combination of the probability of an event and its consequence [ISO/IEC Guide 73:2002] (MS1970)

The chance of something happening, measured in terms of probability and consequences. The consequences may be either positive or negative. Risk in a general sense can be defined as the threat of an action or inaction that will prevent an organisation’s ability to achieve its business objectives. The results of a risk occurring are defined by the impact.
See: Impact (BCI)

Potential for exposure to loss. Risks, either man-made or natural, are constant. The potential is usually measured by its probability in years. (DRII)
Risk Assessment


The overall process of risk identification, analysis and evaluation. (BCI)

Process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threat or vulnerabilities, defining the critical functions necessary to continue an organization’s operations, defining the controls in place or necessary to reduce exposure, and evaluating the cost for such controls (ASIS)
Scenario

A pre- defined set of Business Continuity E/I/C and conditions that describe an interruption, disruption or loss related to some aspect(s) of an organisation’s business for purposes of exercising a plan(s) and the people that would manage a Business Continuity E/I/C. (BCI)