Act of Sabotage:
An act of sabotage is the deliberate serious disruption of an organization’s activities with an
attempt to discredit or financially damage the organization. Business
will often be immediately and seriously affected by successful acts of
sabotage. This can affect the normal operations and also serve to
de-stabilize the workforce. An internal attack on the IT systems
through the use of malicious code can be considered to be an act of
Act of terrorism:
Acts of terrorism include explosions, bomb threats, hostage taking, sabotage and organized
violence. Whether this is perpetrated through a recognized terrorist
organization or a violent protest group, the effect on individuals and
business is the same. Such acts create uncertainty and fear and serve
to destabilize the general environment.
Act of War:
An act of war is the commencement of hostilities between one country and another. This could
take the form of air strikes, ground strikes, invasion or blockades.
Business could be immediately affected where they are either located
near the outbreak of hostilities or where they are dependent upon
imports or exports for survival. Many businesses do not survive a
prolonged outbreak of war.
Air conditioning failure:
An air conditioning (AC) failure could have serious consequences where the AC
unit is protecting particularly sensitive equipment such as a main
computer processing unit, and the rise in temperature could cause the
equipment to fail and be damaged. It can also affect the workforce as
conditions in buildings can become extremely uncomfortable with a
significant rise in temperatures and where the staff is adversely
affected. Portable AC equipment may possibly be used as back up.
A formal notification that an incident has occurred which may develop into a disaster.
Alternate Site: A location where critical
business functions can resume processing in the event of an interruption
Arson is the deliberate setting of a fire to damage the organizations premises and contents. As this can
cause both loss of premises and loss of goods and other assets, this can
be highly disruptive to the organization.
Any damage, failure or
other condition, which causes denial of access to the building or the
working area within the building, e.g. fire, flood, contamination, loss
of services, air conditioning failure, forensics.
Business Continuity Plan:
A collection of
procedures and information that is developed and maintained in readiness
for use in the event of an emergency or disaster.
Business Continuity Planning (BCP):
Preparations made to keep a business running during and after a
disaster, ensuring the availability of those resources required to
maintain the ongoing viability of the organization.
Business Continuity Team Leader:
A member of the recovery management team who is assigned the overall responsibility
for coordination of the recovery planning program ensuring team member
training, testing and maintenance of recovery plans.
Business impact analysis (BIA):
A management level analysis, which identifies the impacts of losing company
resources. The BIA measures the effect of resources loss and escalating
losses over time in order to provide senior management with reliable
data upon which to base decisions on risk mitigation and continuity
Business Impact Assessment (BIA):
Ask the following questions: How bad can things get? What are the most
important resources, systems, outputs, and dependencies by business
function? What impact does unavailability have?
Business Recovery Coordinator:
Activates Business Continuity Plan, Disaster Recovery Plans and/or Emergency
Preparedness Plans and works with administration, advisory committees,
and Recovery Teams to allocate resources and coordinate implementation
of the Recovery Plans. Serves as the primary contact and coordinates
the recovery effort. Insures that status of the recovery effort is
communicated to the appropriate levels of the organization. Insures
that a post mortem review is conducted and that upgrades are
incorporated into the plan as appropriate.
One or more data centers or
office space facilities equipped with sufficient pre-qualified
environmental conditioning, electrical connectivity, communications
access, configurable space and access to accommodate the installation
and operation of equipment by critical staff required to resume business
This is the location set up
for management and BCP to operate from during emergency situations. The
continuity plan document and other needed resources should be maintained
Communications services breakdown:
Most businesses are fully dependent upon their telecommunications services to
operate their normal business processes and to enable their networks to
function. A disruption to the telecommunications services can result in
a business losing revenue and customers. The use of cell-based
telephones can help to alleviate this but the main reliance is likely to
be on the land based lines.
Contamination and Environmental Hazards:
Contamination and environmental hazards include polluted air, polluted
water, chemicals, radiation, asbestos, smoke, dampness and mildew, toxic
waste and oil pollution. Many of these conditions can disrupt business
processes directly and, in addition, cause sickness among employees.
This can result in prosecution or litigation if more permanent damage to
employees’ health occurs.
UTMB would be able to
exercise restraint and direct influence over the event, remaining in
relative control of business.
Crisis: An abnormal situation, or
perception, which threatens the operations, staff, customers or
reputation of an enterprise.
UTMB would find that quality,
service, and/or property could suffer, causing a change or disruption in
business resulting in a moderate state of crisis or emergency.
Critical Business Functions:
Those functions considered essential to the ongoing operation of the
organization or business unit. Critical functions also include anything
that might adversely impact service delivery or significantly impair the
administrative or financial integrity of the organization.
Cyber crime is a major area of
information security risk. It includes attacks by hackers, denial of
service attacks, virus attacks, hoax virus warnings and premeditated
internal attacks. All cyber crime attacks can have an immediate and
devastating affect on the organization’s normal business process. The
average cost of an information security incident has been estimated at
$30,000 and over 60% of organizations are reported to experience one or
more incidents every year.
UTMB services would be significantly degraded, but would be able to conduct business.
Disaster Recovery Planning (DRP):
Typically, the technology aspects of a business continuity plan, to recover
information system resources to full or partial production processing
levels in the event of an extended outage. Normally, information system
resources will be restored according to a priority indicated by what is
“mission critical” to the organization.
Disclosure of sensitive information:
This is a serious information security incident, which can result in severe
embarrassment, financial loss, and even litigation where damage has been
caused to someone’s reputation or financial standing. Further types of
serious disclosure involve secret patent information, plans and
strategic directions, research, information disclosed to legal
representatives etc. Deliberate unauthorized disclosure of sensitive
information is also referred to as espionage.
The impact of lightning
strikes can be significant. It can cause disruption to power and can
also cause fires. It may also damage electrical equipment including
computer systems. Structural damage is also possible through falling
trees or other objects.
Electrical power failure:
All organizations depend on electrical power to continue normal operations. Without power
the organization’s computers, lights, telephones and other communication
medium will not be operational and the impact on normal business
operation can be devastating. All organizations should be prepared for
a possible electrical power failure, as the impact can be so severe.
Data can be lost, customers can be lost and there can be a serious
impact on revenue. Pre-planning is essential as a regional outage can
cause a shortage of backup electrical generators.
An epidemic can occur when a contagious illness affects a large number of persons within a country or
region. This can have a particularly devastating short term impact on
business through a large number of persons being absent from work at the
same time. Certain illnesses can have a longer-term effect on the
business where long term illness or death results.
Equipment Failure (excluding IT hardware):
All businesses rely on a whole range of different types of equipment in
order to run their business processes. In many cases, it is possible to
move to alternative processes to enable the businesses process to
continue but has required considerable planning and preparation.
Fire: Fires are often devastating and can be started through a wide range of events, which may be accidental or environmental. The impact on the business will vary depending on the severity of the fire and the time within which it can be brought under control. A fire can cause human injury or death and damage can also be caused to records and equipment and the fabric or structure of premises.
Flood: Floods result from thunderstorms, tropical storms, or heavy and prolonged rainfall-causing rivers to overflow their banks and flood the surrounding areas. Floods can seriously affect buildings and equipment causing power failures and loss of facilities and can even result in injury or death.
Freezing Conditions: Freezing conditions can occur in winter periods and the effects can be devastating. Where temperatures fall to freezing, they can create conditions, which significantly disrupt businesses and even cause death or injury. Businesses and homes can be seriously affected through burst pipes, inadequate heating facilities, disruption to transportation and malfunctioning equipment. Work undertaken outside of buildings in the open environment will obviously be seriously affected.