Business Continuity and Disaster Recovery

GLOSSARY

Administrative Functions

Functions which relate to the internal control, management and administration of a College/Department supporting its ability to perform operational functions, e.g., training, payroll, personnel services, facility maintenance, etc.

Agency

Any state agency, board, commission or political subdivision.

Agency Sensitivity to Disruption

The point at which the agency requires that its operations be returned to serve their customers.

Alternate Site

A location, other than the normal facility, which can be used to conduct core processes.

Business Continuity

The ability to continue essential business processes at an acceptable level despite a support function outage.

Business Continuity Planning

Providing for the timely availability of all of the resources necessary to operate critical business processes at a level acceptable to the public.

Business Function/Area/Unit

A definitive function within the business process; may equate to departmental structure. Does not imply complete independence from other functions within a process.

Business Impact Analysis

To determine the operational (qualitative) and financial (quantitative) impact of an inoperable or inaccessible service area on an agency’s ability to conduct its critical business processes; provides the basis for formulating the agency’s business recovery strategies and a business continuity program.

Business Process

Sets of recurring activities - a flow of information and materials that produce something of value for a customer or the public.

College/Department

College, Department or unit within the University.

Contingency Plan

A written plan used to respond to the disruption of agency operations. This plan may focus on response to specific disruption scenarios.

Controls

Measures designed to reduce or mitigate the risk of exposures to threats.

Core Processes

Business processes on which the viability of an agency rests; without these processes, an agency could not do business.

Critical Functions

Functions which have a direct and immediate affect on the general public in terms of the loss of life, personal injury, loss of property, and/or the ability of government to maintain direction and control. The loss of a critical function may either result in such losses or inhibit government’s ability to preclude or minimize such losses. Most State agencies will not have "critical functions."

Declaration Fee

A one-time charge, which is paid to the provider of an alternative site facility or service at the time a disaster, is officially declared.

Director

The chief executive officer for a State agency boards or commission. Dean, Director, Department Head.

Disaster

An event which leads to disruption of critical business processes; implies unrecoverability, irreparable damage, or a disruption which lasts for and unacceptable period.

Disruption

An unplanned interruption of critical business processes.

Emergency Operations Center (EOC)

The facility used in case of a disruption to coordinate agency response and recovery activity.

Emergency Response Procedures

The procedures used by an College/Department to immediately respond to an emergency disruption.

Essential Functions

Functions that provide services to the University which are not deemed "critical functions."

Emergency Response Team (ERT)

A group of personnel with the responsibility to immediately respond to an emergency.

Estimated Recovery Time (ERT)

The amount of time from the point of the disruption to the recovery of essential resources/services.

Executive Sponsor

The designated individual who provides guidance to the College/Department business continuity program development and adjudicates all issues emanating from the Executive Steering Committee. This individual is typically the Director, Dean or Department Head.

Executive Steering Committee

The University ’s upper management personnel who provide oversight and direction to the Business Continuity Task Team for the development of the College/Department Business Continuity Program.

Facilities Team

The College/Department personnel responsible for maintenance of the facilities. In the recovery efforts, this team may be expanded to include personnel with a detailed knowledge of work area recovery issues that should be incorporated into relocation considerations.

Financial Impact

The quantifiable dollar value of lost revenue or additional expenses incurred as a result of a disruption.

Hot/Warm site

Information systems recovery facilities that are either fully or partially equipped prior to a disruption. These sites can be housed internally at University facilities, at vendor provided facilities, or in mobile trailers.

Impact Tolerance

Another way of describing the MAO and RTO. This assessment discusses interruption in terms of how long an agency can tolerate an interruption in critical business processes due to an unplanned interruption.

Informal Contingencies

Informal but potentially viable fallback procedures existing within business areas/units to address operational mishaps and localized equipment malfunctions.

Inventories

A list of all resources and components of those resources necessary both at a degraded level and to recover the College/Department 100%. (e.g. furniture, equipment, computer hardware and software.)

Liability

A likely negative effect resulting from the loss of utility, access and/or facility.

Maximum Acceptable Outage (MAO)

The maximum period that a given resource of function can be unavailable before an College/Department will sustain unacceptable consequences (financial losses, student/employee services, etc.).

Maximum Probable Loss (MPL)

Calculation of estimated financial loss, which may be incurred by an College/Department in case of an outage. MPL takes into consideration revenue/cost, losses incurred associated with property and equipment, the application of business interruption and property insurance, costs incurred by the private sector and mitigating expenses.

Mitigating Expenses

Cost of contingency plans or arrangements in place that would potentially offset the extent of losses or exposure over a period.

Notification List

A list of personnel, staff members, media, private sector groups and organizations, vendors, insurance and other key persons to inform in the event of a disruption. It is often designed so that the most critical individuals are contacted first, to assist with recovery efforts.

Operational Impact

The qualitative effect on an College/Department's ability to conduct business because of a disruption.

Outage Timeframes

The duration of time, over which a disruption occurs, affecting both the impacts of the disruption and the alternatives used for recovery.

Plan Administrator

Individual or group within the College/Department with specific responsibility for the maintenance and testing of the Business Continuity Program. The "owner" of the plan.

Plan/Program Exercise

An integral part of a Business Continuity Program is development of exercises to familiarize personnel with recovery procedures and identify opportunities to improve the plan.

Public & Media Relations Team

The University's personnel or representatives responsible for responding to the press and managing the public’s/campus expectations in case of a disruption.

Recovery Phase

The process of planning for and/or implementing recovery of less time sensitive business operations and processes after critical business process functions has resumed.

Recovery Alternatives

The options from which an College/Department may select to respond to a disruption. Alternatives may include alternate facilities, outsourcing to vendors, elimination of core processes, manual procedures, etc.

Recovery Point Objective (RPO)

The point in time to which data must be restored in order to resume processing transactions.

Recovery Strategy

The set of selected recovery alternatives, which define the manner in which a College/Department intends to respond to and recover from a disruption.

Recovery Time Objective (RTO)

The target time frame for restoration of critical business processes and service areas.

Resource Requirements

Major resource(s) supporting College/Department business processes; equipment, information systems, data communications, voice communications, office facilities, staff, etc.

Response Phase

The reaction(s) to an incident or emergency in order to assess the level of containment and control required activities.

Restoration Phase

The process of planning for and/or implementing full-scale business operations which allow the organization to return to a normal service level.

Resumption Phase

The process of planning for and/or implementing the recovery of critical business operations immediately following an interruption or disaster.

Revenue Impact

The direct impact an outage may have upon the primary revenue streams of an agency.

Risk

The potential for exposure to loss. Risks, either man-made or natural, are constant throughout our daily lives. The potential is usually measured by its probability in years.

Scenario

Hypothetical situation, which may occur as a result of an outage caused by, or associated with, potential threats and/or vulnerabilities identified.

Script

A prepared list of responses to answer questions and telephone calls in case of a disruption. These can be generic or specific to the type of disruption.

Service Expectations

The service level required to meet the expectations of the campus/public, e.g. quality, timely deliveries, customer service etc.

Single Point of Failure

A critical function, support service, or other key resource which cannot be effectively redirected or recovered elsewhere in an College/Department.

Statement of Assumptions

Management has agreed upon impact scenario from which the scope of the planning process is performed. Assumptions may include the type of disaster, the areas affected, the time of day or year, and so on. The assumption reflects management's risk tolerance for scoping the planning effort and selection of alternatives.

Structured Walk-Through Exercise

A simulation method used to exercise or "test" a completed disaster recovery plan. Team members meet to verbally walk through each step of the plan to confirm the effectiveness of the plan and identify gaps, bottlenecks, or other opportunities for improvement.

Threat

External in nature; College/Department would have minimal if any control in preventing occurrence; however, protective measures may be implemented to minimize impact of an occurrence.

Triggers

Procedures, which cause updates and changes to be made to the Business Continuity Program.

Vulnerability

Weakness in the design or application of control within a process, function, or facility which may promote or contribute to a disruption.