Glossary

A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
Alternate or Recovery Site
A secondary location to be used by the business when the Primary Site is inaccessible. This could be a pre-identified computer center and/or work area for temporarily operating business functions in the event of a Disaster. Could also be called a secondary, back-up, fallback or failover site.
Asset
An item of property or business practice valued by an organization. (e.g. physical buildings & equipment, financial instruments & deposits, intangibles such as goodwill & reputation)
At Time of Disaster (AToD)
Time of occurrence of an event or Incident declared as a Disaster.
Backup (Data)
The process of copying original, production files to media (e.g. electronic, physical) that can be stored both on or off-site. Media that can be used to restore individually corrupted, lost or destroyed data, or entire systems or databases in the event of a Disaster.
Business Continuity Plan
Documented procedures to enable the recovery of business functions at an Alternate Site.
Defines resources, actions and systems required to complete the transition of business functions (people, processes & technology).
Business Continuity Planning
A program to develop, test and maintain plans to mitigate the effects of a Disaster on critical functions of an organization. A strategy in response to a major business disruption, that enables recovery within expected timeframes, avoiding unacceptable losses.
Business Impact Analysis
The process of prioritizing business functions according to their importance to the organization (or impact when disrupted by a Disaster).
Cold Site
An Alternate Site / facility that has environmental infrastructure in-place to recover critical business functions or information systems. Typically lack pre-installed computer hardware, telecommunications equipment and services, software, Backup Data, etc. These may need to be provisioned, delivered, installed and tested following a disaster Declaration.
Contact List
A list of team members and/or key personnel to be contacted, including backups during and following Declaration of a Disaster. The list may include contract and third-party resources and usually includes confidential information such as alternate, personal addresses, phone numbers, e-mail addresses, etc.
Crisis
A critical event, which, if not handled in an appropriate manner, threatens or causes catastrophic impact on Assets or other items of value to an organization (e.g. profitability, reputation, ability to operate, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals).
Critical Service
A service (function, system or IT component) of highest priority to the “well-being” of an organization. An organization is highly sensitive to disruptions of critical services (functions, systems or IT components), and as a result, suffer the most significant negative impact when unavailable.
Declaration
A formal decision, communicated by pre-authorized personnel to trigger Failover to an Alternate Site. May be the result of a prolonged outage caused by a catastrophic event or the expectation of a prolonged outage.
Disaster
A unplanned event with potential to cause catastrophic damage or loss to an organization.
Disaster Recovery Co-ordinator
A designated individual for coordinating IT Disaster Recovery Planning (or Emergency or Business Continuity Planning) activities or responses to negative events. May also have responsibilities for creating, implementing, and testing Disaster Recovery Strategies.
Disaster Recovery Planning
A program to develop, test and maintain plans mitigating the effect of a Disaster to computer center. A strategy in response to a major computer center disruption, that enables recovery within expected timeframes to ensure survivability of the organization’s IT systems.
Disaster Recovery Plan
Documented procedures to enable the recovery of IT systems at an Alternate Site. Defines resources, actions and data required to complete the Failover of IT systems (including technological components such as infrastructure, telecommunications, applications and data). Standalone or a component of a Business Continuity Plan. May include subsequent Failback, resumption and restoration of IT systems at a new or original Primary Site.
Disaster Recovery Strategy
An approach chosen by an organization to respond to an IT Disaster. Approach may include advance allocation of resources and identification of planned recovery processes to be applied in the event of loss of specific systems (or applications), consistent with recovery objectives (RTOs & RPOs). This may include such solutions as internal or third-party Hot Sites, Cold Sites, shared service agreements, etc.
Emergency Power
An independent source of power, or backup generator, usually fueled by diesel or natural gas.
Escalation
The process by which information and/or requests for assistance are communicated upwards within an organization, or to third parties.
Exposure
The potential susceptibility to loss and the vulnerability to a particular Risk.
Failover
The process of transferring or falling back system operations to an Alternate Site. This may be done as part of a test or At Time of Disaster.
Failback
The process of transferring system operations back to the Primary Site from a recovery or Alternate Site. This may be done following a Failover test or after Disaster Recovery.
Gap Analysis
An assessment of the differences between current situation and desired future state. A comparison highlighting differences between current capabilities and planned improvements.
High Availability
Built-in redundancy and configuration of systems, applications or IT components to reduce vulnerability to failure and minimize unplanned downtime. A high level of reliability and Resilience. May also be hardened to resist breaches of security as well.
Hot Site
An Alternate Site that already has operating computers, telecommunications and other business infrastructure in place to rapidly recover critical business functions or systems.
Impact
The effect, acceptable or unacceptable, of an event on an asset or assets of the organization. The types of business impact are usually described as financial or non-financial and are further divided into sub-categories.
Incident
An event which is not part of normal business operations which may impact or interrupt services and, in some cases, lead to a Disaster.
Primary Site
The location of normal IT data center and business operations. Will contain Assets of the organization. May be exposed to a range of potential Threats.
Prioritization
The relative ordering or ranking of business functions, services, systems or other IT infrastructure components according to their business criticality. Usually determined during the Business Impact Assessment phase of Business Continuity Planning, or strategy development of Disaster Recovery Planning. Priorities can be grouped into Tiers.
Recovery Point Objective (RPO)
Maximum tolerable data loss as defined by the organization. The expected data loss resulting from an outage (i.e. catastrophic event), taking into account the ability of the recovery processes to restore systems to their original state at time of disruption. Typically measured in units of time (e.g. “two hours worth of transactions”). Data lost during this period would likely have to be recreated and re-entered into recovered systems.
Recovery Period
The length of a system outage At Time of Disaster. Normally the time between occurrence of a Disaster and a return to operation, taking into account the recovery process.
Recovery Process
Prioritized sequence of actions to reactivate business processes or information systems following a disruption.
Recovery Services
Contracted services with third parties for the provision of equipment, facilities or services, usually within specified timeframes, in response to a Disaster. May involve subscription fees, standby resources, declaration & testing fees, regular monthly services, performance expectations, price & availability guarantees, shared & optional services, etc.
Recovery Time Objective (RTO)
Maximum acceptable unavailability of business functions or IT systems. The expected period between the outage (i.e. catastrophic event) and the restoration of service.
Resilience
The ability of an organization, business function, service or system to absorb the impact of a Threat (i.e. negative event or business interruption), and continue to provide an acceptable level of service.
Risk
The potential exposure or vulnerability of an Asset and expected business loss determined by either qualitative or quantitative measures. (Can be calculated by multiplying probability of occurrence x potential impact.)
Service Level Agreement (SLA)
A formal agreement between a third party service provider and an organization, defining the nature, quality, scope and performance characteristics of a service. The SLA could cover both normal operations and contingency-related services.
Single Point of Failure (SPoF)
A unique activity, devide or element of a system that may cause a critical vulnerability. Lacking an alternatice, this may lead to challenges devising a Recovery Process.
Threat
An event that has negative consequences or impact, causing a Risk to occur.
Tier
Groupings of IT systems or services with common recovery objectives (RTO & RPO). May co-relate to pre- established IT Service Level Agreements (SLAs), budgetary allocations, security classifications, etc.
Uninterruptible Power Supply
A device to protect IT equipment during power fluctuations and outages. Functions as a time-limited backup electrical power supply (usually minutes, enabling orderly shut-down of equipment), providing continuous power temporarily in the event regular power supply is lost. May also protect IT equipment from the effects of disruptive fluctuations in power supply such as variations, dips and surges.
Warm Site
An Alternate Site equipped with sufficient IT systems infrastructure (e.g. hardware, software, communications, facilities) to reduce the Recovery Period of systems. Additional provisioning, software or customization is required to complete a warm Recovery. May also be the location of Backup Data, pre-installed equipment and recovery services.
Workaround
An alternative procedure that may be used in response to an Incident when normal operations are disrupted. Workarounds will enable the full or partial (potentially degraded) operaration of systems on a temporary basis.