Relevant Contents
Need Tailored Business Continuity Insights?
Contact Us Now for Personalized Guidance!
Many people who are new to business continuity get tripped up by vocabulary. In today’s post, we’ll try to set the record straight on some of the most commonly misunderstood business continuity terms.
Related on MHA Consulting: What is Business Continuity? – Business Continuity 101
Remember how in high school your English teacher was always trying to get the class to grasp the difference between “imply” and “infer”?
English generally is full of confusing words, and business continuity has its fair share of them—starting with the term “business continuity” itself. (Does the term business continuity ever encompass IT, or does it only refer to the continuation of non-IT-related business processes? Short answer: It depends. For the long answer, keep reading.)
Why Business Continuity Terms Are Often Confused
Confusion with business continuity (BC) terms usually arises in one of four situations:
- The terms you’re looking at are synonyms; the situation is simpler than it appears.
- A term has slightly different meanings depending on the situation.
- Some commonly associated words have subtle but significant differences.
- Some terms are confusing because the underlying concepts are complex.
Today’s list of bc terms has some words of each type.
The links in the list are to posts where we discussed that term in detail.
Without further ado, here’s my list of some of the most commonly confused business continuity management terms:
business continuity (BC)
Business continuity (BC) is an organization’s ability to resume the performance of all business functions in a timely manner following an outage or crisis.
business continuity management (BCM)
Business continuity management (BCM) is the discipline of ensuring an organization will be able to resume its business functions in a timely manner following an outage.
business continuity planning (BCP)
Business continuity planning (BCP) is an outdated synonym for business continuity management. It started going out of use when people realized there was more to what we do than writing plans.
business processes
Activities such as shipping products, serving customers, delivering services, and paying employees are all business processes. The things that need to happen so an organization can carry out its mission and sustain its operations. When used loosely, the term sometimes encompasses IT processes. In more detailed discussions, IT processes are often split out and discussed separately.
contingency/contingency planning
Contingency and/or contingency planning is basically a synonym for BCM. Used more by outsiders than by people in the field.
continuity of operations plan/planning (COOP)
Continuity of operations plan/planning or COOP is another synonym for BCM, favored by the public sector.
crisis
A crisis is a severe adverse occurrence, one posing a significant threat to the organization’s ability to carry out its essential operations.
crisis management
The process of responding to and trying to minimize the damage from a serious adverse event is called crisis management. Typically performed by a crisis management team made up of a leader and representatives of key departments.
disaster recovery plan/planning
Among people in the field, disaster recovery plan/planning is used almost exclusively in the context of the term “IT/Disaster Recovery” and refers to recovering IT data and applications. People in the general public use the term much more loosely.
disruption
An interruption in the organization’s ability to carry out its routine processes and activities, caused by some kind of adverse event is known as a disruption.
enterprise risk management (ERM).
The field of identifying and preparing for risks and hazards that can interfere with an organization’s achieving its objectives is known as enterprise risk management (ERM).
event
In BCM, event is a term for an adverse occurrence that interferes with an organization’s ability to carry out its activities. Could be anything from a tornado to a cyber breach to an incident of workplace violence.
functionality
In BCM, functionality refers to whether something works. There are plans and there are functional plans, meaning those that have been established through testing as being capable of doing the job as intended.
impact
The impact is the negative consequences of an event on an organization.
incident
Incident is another word for a negative occurrence that impedes the organization’s ability to carry out its normal activities.
IT/disaster recovery
The aspect of BCM dealing with the protection and recovery of IT data and applications is called IT/disaster recovery.
mitigation plan/planning
Taking steps to reduce the potential negative impacts of a situation or course of action is termed mitigation plan/planning.
outage
An outage is an interruption in IT services.
recovery
Getting a business or IT process back into operation after a disruption is called recovery. It includes accessing a backup medium to retrieve lost IT information.
recovery plan
The detailed steps to be taken to bring a business or IT process back online is defined as a recovery plan.
recovery point objective (RPO)
The amount of data loss within an application that can be manually recreated is called the recovery point objective (RPO).
recovery strategy
The overall approach that will be used to restore a business or IT process is defined as the recovery strategy.
recovery time objective (RTO)
The recovery time objective (RTO) is the time in which a business process and its associated applications must be functional again after an outage event in order to prevent a defined amount of impact.
resilience plan/planning
Used loosely, resilience plan/planning is another word for BCM.
resiliency
Resiliency is a newer term referring to the durability of IT systems. Emphasizes elasticity and constant functionality, in contrast with the older term recoverability, which was more accepting of the idea that there would be intermittent outages.
risk mitigation controls
The measures we take to reduce the chances that our activities will lead to a harmful result are called risk mitigation controls.
risk mitigation plan/planning
The process of taking steps to reduce the harmful results that might occur as a result of our activities is risk mitigation plan/planning.
strategy implementation
Strategy implementation is the process of taking steps to put a recovery strategy into effect.
Good Words, Bad Words
At its worst, business continuity terminology is unnecessarily confusing. At its best, it precisely describes important concepts and processes. I hope the list above has helped you get a better grasp of the terms and concepts that really matter when it comes to helping your organization weather life’s inevitable storms.
Further Reading
For more information on business continuity terms and other hot topics in business continuity and IT/disaster recovery, check out the following recent posts from MHA Consulting and BCMMETRICS:
- Working Remotely over the Long Haul: Living with COVID-19 as a Business
- Ready or Not, Here It Comes: 5 Steps to Protecting Your Company Against Coronavirus
- Continuing to Thrive: A Definition of Business Continuity
- Telephone Train Wreck: Crisis Call Chaos in the Time of COVID-19
- When the Quarantine Ends: How to Be Ready to Reopen Your Company
- The Cost of Calamity: How Being Unprepared Can Harm An Organization
- The Plan that Time Forgot: The Importance of Protecting Your Business Processes
- What to Include in Your Crisis Management Plan
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.