Business Continuity and Disaster Recovery
Functions which relate to the internal control, management and administration of a College/Department supporting its ability to perform operational functions, e.g., training, payroll, personnel services, facility maintenance, etc.
Any state agency, board, commission or political subdivision.
Agency Sensitivity to Disruption
The point at which the agency requires that its operations be returned to serve their customers.
A location, other than the normal facility, which can be used to conduct core processes.
The ability to continue essential business processes at an acceptable level despite a support function outage.
Business Continuity Planning
Providing for the timely availability of all of the resources necessary to operate critical business processes at a level acceptable to the public.
A definitive function within the business process; may equate to departmental structure. Does not imply complete independence from other functions within a process.
Business Impact Analysis
To determine the operational (qualitative) and financial (quantitative) impact of an inoperable or inaccessible service area on an agency’s ability to conduct its critical business processes; provides the basis for formulating the agency’s business recovery strategies and a business continuity program.
Sets of recurring activities - a flow of information and materials that produce something of value for a customer or the public.
College, Department or unit within the University.
A written plan used to respond to the disruption of agency operations. This plan may focus on response to specific disruption scenarios.
Measures designed to reduce or mitigate the risk of exposures to threats.
Business processes on which the viability of an agency rests; without these processes, an agency could not do business.
Functions which have a direct and immediate affect on the general public in terms of the loss of life, personal injury, loss of property, and/or the ability of government to maintain direction and control. The loss of a critical function may either result in such losses or inhibit government’s ability to preclude or minimize such losses. Most State agencies will not have "critical functions."
A one-time charge, which is paid to the provider of an alternative site facility or service at the time a disaster, is officially declared.
The chief executive officer for a State agency boards or commission. Dean, Director, Department Head.
An event which leads to disruption of critical business processes; implies unrecoverability, irreparable damage, or a disruption which lasts for and unacceptable period.
An unplanned interruption of critical business processes.
Emergency Operations Center (EOC)
The facility used in case of a disruption to coordinate agency response and recovery activity.
Emergency Response Procedures
The procedures used by an College/Department to immediately respond to an emergency disruption.
Functions that provide services to the University which are not deemed "critical functions."
Emergency Response Team (ERT)
A group of personnel with the responsibility to immediately respond to an emergency.
Estimated Recovery Time (ERT)
The amount of time from the point of the disruption to the recovery of essential resources/services.
The designated individual who provides guidance to the College/Department business continuity program development and adjudicates all issues emanating from the Executive Steering Committee. This individual is typically the Director, Dean or Department Head.
Executive Steering Committee
The University ’s upper management personnel who provide oversight and direction to the Business Continuity Task Team for the development of the College/Department Business Continuity Program.
The College/Department personnel responsible for maintenance of the facilities. In the recovery efforts, this team may be expanded to include personnel with a detailed knowledge of work area recovery issues that should be incorporated into relocation considerations.
The quantifiable dollar value of lost revenue or additional expenses incurred as a result of a disruption.
Information systems recovery facilities that are either fully or partially equipped prior to a disruption. These sites can be housed internally at University facilities, at vendor provided facilities, or in mobile trailers.
Another way of describing the MAO and RTO. This assessment discusses interruption in terms of how long an agency can tolerate an interruption in critical business processes due to an unplanned interruption.
Informal but potentially viable fallback procedures existing within business areas/units to address operational mishaps and localized equipment malfunctions.
A list of all resources and components of those resources necessary both at a degraded level and to recover the College/Department 100%. (e.g. furniture, equipment, computer hardware and software.)
A likely negative effect resulting from the loss of utility, access and/or facility.
Maximum Acceptable Outage (MAO)
The maximum period that a given resource of function can be unavailable before an College/Department will sustain unacceptable consequences (financial losses, student/employee services, etc.).
Maximum Probable Loss (MPL)
Calculation of estimated financial loss, which may be incurred by an College/Department in case of an outage. MPL takes into consideration revenue/cost, losses incurred associated with property and equipment, the application of business interruption and property insurance, costs incurred by the private sector and mitigating expenses.
Cost of contingency plans or arrangements in place that would potentially offset the extent of losses or exposure over a period.
A list of personnel, staff members, media, private sector groups and organizations, vendors, insurance and other key persons to inform in the event of a disruption. It is often designed so that the most critical individuals are contacted first, to assist with recovery efforts.
The qualitative effect on an College/Department's ability to conduct business because of a disruption.
The duration of time, over which a disruption occurs, affecting both the impacts of the disruption and the alternatives used for recovery.
Individual or group within the College/Department with specific responsibility for the maintenance and testing of the Business Continuity Program. The "owner" of the plan.
An integral part of a Business Continuity Program is development of exercises to familiarize personnel with recovery procedures and identify opportunities to improve the plan.
Public & Media Relations Team
The University's personnel or representatives responsible for responding to the press and managing the public’s/campus expectations in case of a disruption.
The process of planning for and/or implementing recovery of less time sensitive business operations and processes after critical business process functions has resumed.
The options from which an College/Department may select to respond to a disruption. Alternatives may include alternate facilities, outsourcing to vendors, elimination of core processes, manual procedures, etc.
Recovery Point Objective (RPO)
The point in time to which data must be restored in order to resume processing transactions.
The set of selected recovery alternatives, which define the manner in which a College/Department intends to respond to and recover from a disruption.
Recovery Time Objective (RTO)
The target time frame for restoration of critical business processes and service areas.
Major resource(s) supporting College/Department business processes; equipment, information systems, data communications, voice communications, office facilities, staff, etc.
The reaction(s) to an incident or emergency in order to assess the level of containment and control required activities.
The process of planning for and/or implementing full-scale business operations which allow the organization to return to a normal service level.
The process of planning for and/or implementing the recovery of critical business operations immediately following an interruption or disaster.
The direct impact an outage may have upon the primary revenue streams of an agency.
The potential for exposure to loss. Risks, either man-made or natural, are constant throughout our daily lives. The potential is usually measured by its probability in years.
Hypothetical situation, which may occur as a result of an outage caused by, or associated with, potential threats and/or vulnerabilities identified.
A prepared list of responses to answer questions and telephone calls in case of a disruption. These can be generic or specific to the type of disruption.
The service level required to meet the expectations of the campus/public, e.g. quality, timely deliveries, customer service etc.
Single Point of Failure
A critical function, support service, or other key resource which cannot be effectively redirected or recovered elsewhere in an College/Department.
Statement of Assumptions
Management has agreed upon impact scenario from which the scope of the planning process is performed. Assumptions may include the type of disaster, the areas affected, the time of day or year, and so on. The assumption reflects management's risk tolerance for scoping the planning effort and selection of alternatives.
Structured Walk-Through Exercise
A simulation method used to exercise or "test" a completed disaster recovery plan. Team members meet to verbally walk through each step of the plan to confirm the effectiveness of the plan and identify gaps, bottlenecks, or other opportunities for improvement.
External in nature; College/Department would have minimal if any control in preventing occurrence; however, protective measures may be implemented to minimize impact of an occurrence.
Procedures, which cause updates and changes to be made to the Business Continuity Program.
Weakness in the design or application of control within a process, function, or facility which may promote or contribute to a disruption.