BCP Glossary of Terms
Act of Sabotage: An act of sabotage is the deliberate serious disruption of an organization’s activities with an attempt to discredit or financially damage the organization. Business will often be immediately and seriously affected by successful acts of sabotage. This can affect the normal operations and also serve to de-stabilize the workforce. An internal attack on the IT systems through the use of malicious code can be considered to be an act of sabotage.
Act of terrorism: Acts of terrorism include explosions, bomb threats, hostage taking, sabotage and organized violence. Whether this is perpetrated through a recognized terrorist organization or a violent protest group, the effect on individuals and business is the same. Such acts create uncertainty and fear and serve to destabilize the general environment.
Act of War: An act of war is the commencement of hostilities between one country and another. This could take the form of air strikes, ground strikes, invasion or blockades. Business could be immediately affected where they are either located near the outbreak of hostilities or where they are dependent upon imports or exports for survival. Many businesses do not survive a prolonged outbreak of war.
Air conditioning failure: An air conditioning (AC) failure could have serious consequences where the AC unit is protecting particularly sensitive equipment such as a main computer processing unit, and the rise in temperature could cause the equipment to fail and be damaged. It can also affect the workforce as conditions in buildings can become extremely uncomfortable with a significant rise in temperatures and where the staff is adversely affected. Portable AC equipment may possibly be used as back up.
Alert: A formal notification that an incident has occurred which may develop into a disaster.
Alternate Site: A location where critical business functions can resume processing in the event of an interruption or disaster.
Arson: Arson is the deliberate setting of a fire to damage the organizations premises and contents. As this can cause both loss of premises and loss of goods and other assets, this can be highly disruptive to the organization.
Building denial: Any damage, failure or other condition, which causes denial of access to the building or the working area within the building, e.g. fire, flood, contamination, loss of services, air conditioning failure, forensics.
Business Continuity Plan: A collection of procedures and information that is developed and maintained in readiness for use in the event of an emergency or disaster.
Business Continuity Planning (BCP): Preparations made to keep a business running during and after a disaster, ensuring the availability of those resources required to maintain the ongoing viability of the organization.
Business Continuity Team Leader: A member of the recovery management team who is assigned the overall responsibility for coordination of the recovery planning program ensuring team member training, testing and maintenance of recovery plans.
Business impact analysis (BIA): A management level analysis, which identifies the impacts of losing company resources. The BIA measures the effect of resources loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning.
Business Impact Assessment (BIA): Ask the following questions: How bad can things get? What are the most important resources, systems, outputs, and dependencies by business function? What impact does unavailability have?
Business Recovery Coordinator: Activates Business Continuity Plan, Disaster Recovery Plans and/or Emergency Preparedness Plans and works with administration, advisory committees, and Recovery Teams to allocate resources and coordinate implementation of the Recovery Plans. Serves as the primary contact and coordinates the recovery effort. Insures that status of the recovery effort is communicated to the appropriate levels of the organization. Insures that a post mortem review is conducted and that upgrades are incorporated into the plan as appropriate.
Cold Site: One or more data centers or office space facilities equipped with sufficient pre-qualified environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by critical staff required to resume business operations.
Command Center: This is the location set up for management and BCP to operate from during emergency situations. The continuity plan document and other needed resources should be maintained there.
Communications services breakdown: Most businesses are fully dependent upon their telecommunications services to operate their normal business processes and to enable their networks to function. A disruption to the telecommunications services can result in a business losing revenue and customers. The use of cell-based telephones can help to alleviate this but the main reliance is likely to be on the land based lines.
Contamination and Environmental Hazards: Contamination and environmental hazards include polluted air, polluted water, chemicals, radiation, asbestos, smoke, dampness and mildew, toxic waste and oil pollution. Many of these conditions can disrupt business processes directly and, in addition, cause sickness among employees. This can result in prosecution or litigation if more permanent damage to employees’ health occurs.
Controllable: UTMB would be able to exercise restraint and direct influence over the event, remaining in relative control of business.
Crisis: An abnormal situation, or perception, which threatens the operations, staff, customers or reputation of an enterprise.
Critical: UTMB would find that quality, service, and/or property could suffer, causing a change or disruption in business resulting in a moderate state of crisis or emergency.
Critical Business Functions: Those functions considered essential to the ongoing operation of the organization or business unit. Critical functions also include anything that might adversely impact service delivery or significantly impair the administrative or financial integrity of the organization.
Cyber crime: Cyber crime is a major area of information security risk. It includes attacks by hackers, denial of service attacks, virus attacks, hoax virus warnings and premeditated internal attacks. All cyber crime attacks can have an immediate and devastating affect on the organization’s normal business process. The average cost of an information security incident has been estimated at $30,000 and over 60% of organizations are reported to experience one or more incidents every year.
Devastating: UTMB services would be significantly degraded, but would be able to conduct business.
Disaster Recovery Planning (DRP): Typically, the technology aspects of a business continuity plan, to recover information system resources to full or partial production processing levels in the event of an extended outage. Normally, information system resources will be restored according to a priority indicated by what is “mission critical” to the organization.
Disclosure of sensitive information: This is a serious information security incident, which can result in severe embarrassment, financial loss, and even litigation where damage has been caused to someone’s reputation or financial standing. Further types of serious disclosure involve secret patent information, plans and strategic directions, research, information disclosed to legal representatives etc. Deliberate unauthorized disclosure of sensitive information is also referred to as espionage.
Electrical Storms: The impact of lightning strikes can be significant. It can cause disruption to power and can also cause fires. It may also damage electrical equipment including computer systems. Structural damage is also possible through falling trees or other objects.
Electrical power failure: All organizations depend on electrical power to continue normal operations. Without power the organization’s computers, lights, telephones and other communication medium will not be operational and the impact on normal business operation can be devastating. All organizations should be prepared for a possible electrical power failure, as the impact can be so severe. Data can be lost, customers can be lost and there can be a serious impact on revenue. Pre-planning is essential as a regional outage can cause a shortage of backup electrical generators.
Epidemic: An epidemic can occur when a contagious illness affects a large number of persons within a country or region. This can have a particularly devastating short term impact on business through a large number of persons being absent from work at the same time. Certain illnesses can have a longer-term effect on the business where long term illness or death results.
Equipment Failure (excluding IT hardware): All businesses rely on a whole range of different types of equipment in order to run their business processes. In many cases, it is possible to move to alternative processes to enable the businesses process to continue but has required considerable planning and preparation.
Fire: Fires are often devastating and can be started through a wide range of events, which may be accidental or environmental. The impact on the business will vary depending on the severity of the fire and the time within which it can be brought under control. A fire can cause human injury or death and damage can also be caused to records and equipment and the fabric or structure of premises.
Flood: Floods result from thunderstorms, tropical storms, or heavy and prolonged rainfall-causing rivers to overflow their banks and flood the surrounding areas. Floods can seriously affect buildings and equipment causing power failures and loss of facilities and can even result in injury or death.
Freezing Conditions: Freezing conditions can occur in winter periods and the effects can be devastating. Where temperatures fall to freezing, they can create conditions, which significantly disrupt businesses and even cause death or injury. Businesses and homes can be seriously affected through burst pipes, inadequate heating facilities, disruption to transportation and malfunctioning equipment. Work undertaken outside of buildings in the open environment will obviously be seriously affected.
Hot Site: A data center facility or office facility with sufficient hardware, communications interfaces and environmentally controlled space capable of providing relatively immediate backup data processing support.
Hurricane: Hurricanes are storms with heavy circular winds exceeding 70 miles per hour. The hurricane contains both extremely strong winds and torrential rain. Hurricanes can cause flooding, massive structural damage to homes and business premises with associated power failures, and even injury and death.
Impact: Impact is the cost to the enterprise, which may or may not be measured in purely financial terms.
Incident: Any event, which may be, or may lead to, a disaster.
Information Security: The securing or safeguarding of all sensitive information, electronic or otherwise, which is owned by an organization.
Internal arrangement: Other rooms within the organization could be equipped to support business functions (i.e., training rooms, cafeterias, conference rooms, etc)
Internal power failure: An internal power failure is an interruption to the electrical power services caused through internal equipment or cabling failure. This type of fault will need to be repaired by a qualified electrician and delays will inevitably impact the business process. Where particularly serious faults have occurred, such as damage to main cables, the repairs could take some time and could have a severe effect on the business.
Irritating: UTMB would be able to exercise restraint and direct influence over the event, remaining in relative control of business.
Loss of drainage / waste removal: The loss of drainage or waste removal is likely to cause a serious sanitation and health issue for most businesses. This is likely to impact the business through the possible loss of its workforce during the period where drainage services are not available. This, in turn, will have an immediate impact on revenue.
Loss of gas supply: The loss of gas supply can be extremely serious where the business relies on gas to fuel either its production processes or provide heating within its premises. The impact that a loss of gas supply can have on the production process can result in the whole process shutting down. The impact on the organization will also be particularly acute where the loss of gas-fired heating could render the premises unusable during periods of low external temperatures.
Loss of records or data: The loss of records or data can be particularly disruptive where poor backup and recovery procedures result in the need to re-input and re-compile the records. This is normally a slow process and is particularly labor intensive. This can result in an increase in costs through additional working hours and a great deal of embarrassment where information is unexpectedly not available.
Loss of water supply: The loss of the water supply is likely to close down a business premises until the supply is restored. Where the water is used in the production process this is particularly serious. The loss of water supply is also a health and safety issue as minimum sanitary needs cannot be met. This is often caused through a fault in a water supply route or as a result of a particularly severe drought.
Island accessibility: Since Galveston is an island and has limited accessibility, access to the island by employees, supplies and customers will need to be evaluated and assessed.
IT system failure: With the almost total level of dependence on IT systems within the vast majority of businesses, a failure to these systems can be particularly devastating. The types of threats to computer systems are many and varied, including hardware failure, damage to cables, water leaks and fires, air conditioning system failures, network failures, application system failures, telecommunications equipment failures etc.
Neighborhood hazard: A neighborhood hazard is defined as a disruptive event in the close vicinity, which directly or indirectly affects your own premises and employees. An example would be seepage of hazardous waste or the escape of toxic gases from a local chemical plant. Health and safety regulations require that the organization take suitable action to protect its employees. This may have severe disruptive implications for the business particularly where it can take some time to clear the hazard.
Off-site location: A storage facility at a safe distance from the primary facility, which is used for housing recovery, supplies, equipment, vital records etc.
Operational Impact: An impact, which is not quantifiable in financial terms but its effects, may be among the most severe in determining the survival of an organization following a disaster.
Outage: The interruption of automated processing systems, support services or essential business operations that may result in the organization’s inability to provide service for some period of time.
Petroleum and oil shortage: For most countries in the world, a petroleum shortage can occur at any time. This has a serious impact on businesses as rationing is likely to be imposed immediately affecting transportation and the normal operations of diesel or gasoline fuelled machinery.
Reciprocal arrangement: An agreement in which two parties agree to allow the other to use their site, resources or facilities during a disaster.
Recovery Point Objective (RPO): This is defined by the data content owner of an IT application. It is the acceptable level of data loss expressed in time, usually since the last backup.
Recovery Time Objective (RTO): This is defined by the data content owner for an IT application. It is the time from disaster declaration to the restoration of the application.
Resumption: The process of planning for and/or implementing the recovery of critical business operations immediately following an interruption or disaster.
Risk Assessment & Management: The identification and evaluation of operational risks that particularly affect the enterprise’s ability to function and addressing the consequences.
Risk Reduction or Mitigation: The implementation of the preventive measures, which risk assessment, has identified.
Scenario: A pre-defined set of events and conditions, which describe an interruption, disruption or disaster related to some aspect (s) of an organization’s business for purposes of exercising a recovery plan (s).
Self-service: An organization or business function can transfer work to another of it’s own locations.
Service Level Agreement (SLA): An agreement between a service provider and service user as to the nature, quality, availability and scope of the service to be provided.
Site access denial: Any disturbance or activity within the area surrounding the site which renders the site unavailable, e.g. fire, flood, riot, strike, loss of services, forensics. The site itself may be undamaged.
System Recovery: The procedures for rebuilding a computer system to the condition where it is ready to accept data and applications. System recovery depends on having access to suitable hardware.
Terminal: UTMB would be unable to achieve its core purpose and unable to conduct its mission
Theft: This hazard could range from the theft of goods or equipment to the theft of money or other valuables. In addition to possible financially damaging the organization, they can cause suspicion and uncertainty with the workforce where it may be believed that one or more of them could have been involved.
Tornado: Tornadoes are tight columns of circling air creating a funnel shape. The wind forces within the tornado can reach over 200 miles per hour. Tornadoes can often travel in excess of 50 miles per hour. They can cause significant structural damage and can also cause severe injuries and death.
Vital Records: All data and information required to support business functions (i.e., historical, regulatory requirements including, but not limited to, policy and procedures manuals, input documents or data, manuals for software and other applications, vendor/customer lists with phone numbers, and backup tape files.) Additionally, these records should be maintained off-site at a third party vendor or command center.
Warm Site: A data center or office facility which is partially equipped with hardware, communications interfaces, electricity and environmental conditioning capable of providing backup operating support.
Workplace violence: Acts of violence in the workplace can affect moral, absenteeism, create fear and uncertainty and increase the rate of turnover of employees. This can have a significant affect on productivity and could also result in claims for workers compensation, harassment claims and a need for increased security measures. Statistically, this type of incident is especially prevalent at organizations which have recently merged or are being re-sized or restructured, where there are regular threats of industrial action, or where permanent employees have been replaced with temporary employees.