Many people who are new to business continuity get tripped up by vocabulary. In today’s post, we’ll try to set the record straight on some of the most commonly misunderstood business continuity terms.
Related on MHA Consulting: What is Business Continuity? – Business Continuity 101
Remember how in high school your English teacher was always trying to get the class to grasp the difference between “imply” and “infer”?
English generally is full of confusing words, and business continuity has its fair share of them—starting with the term “business continuity” itself. (Does the term business continuity ever encompass IT, or does it only refer to the continuation of non-IT-related business processes? Short answer: It depends. For the long answer, keep reading.)
Confusion with business continuity (BC) terms usually arises in one of four situations:
Today’s list of bc terms has some words of each type.
The links in the list are to posts where we discussed that term in detail.
Without further ado, here’s my list of some of the most commonly confused business continuity management terms:
Business continuity (BC) is an organization’s ability to resume the performance of all business functions in a timely manner following an outage or crisis.
Business continuity management (BCM) is the discipline of ensuring an organization will be able to resume its business functions in a timely manner following an outage.
Business continuity planning (BCP) is an outdated synonym for business continuity management. It started going out of use when people realized there was more to what we do than writing plans.
Activities such as shipping products, serving customers, delivering services, and paying employees are all business processes. The things that need to happen so an organization can carry out its mission and sustain its operations. When used loosely, the term sometimes encompasses IT processes. In more detailed discussions, IT processes are often split out and discussed separately.
Contingency and/or contingency planning is basically a synonym for BCM. Used more by outsiders than by people in the field.
Continuity of operations plan/planning or COOP is another synonym for BCM, favored by the public sector.
A crisis is a severe adverse occurrence, one posing a significant threat to the organization’s ability to carry out its essential operations.
The process of responding to and trying to minimize the damage from a serious adverse event is called crisis management. Typically performed by a crisis management team made up of a leader and representatives of key departments.
Among people in the field, disaster recovery plan/planning is used almost exclusively in the context of the term “IT/Disaster Recovery” and refers to recovering IT data and applications. People in the general public use the term much more loosely.
An interruption in the organization’s ability to carry out its routine processes and activities, caused by some kind of adverse event is known as a disruption.
The field of identifying and preparing for risks and hazards that can interfere with an organization’s achieving its objectives is known as enterprise risk management (ERM).
In BCM, event is a term for an adverse occurrence that interferes with an organization’s ability to carry out its activities. Could be anything from a tornado to a cyber breach to an incident of workplace violence.
In BCM, functionality refers to whether something works. There are plans and there are functional plans, meaning those that have been established through testing as being capable of doing the job as intended.
The impact is the negative consequences of an event on an organization.
Incident is another word for a negative occurrence that impedes the organization’s ability to carry out its normal activities.
The aspect of BCM dealing with the protection and recovery of IT data and applications is called IT/disaster recovery.
Taking steps to reduce the potential negative impacts of a situation or course of action is termed mitigation plan/planning.
An outage is an interruption in IT services.
Getting a business or IT process back into operation after a disruption is called recovery. It includes accessing a backup medium to retrieve lost IT information.
The detailed steps to be taken to bring a business or IT process back online is defined as a recovery plan.
The amount of data loss within an application that can be manually recreated is called the recovery point objective (RPO).
The overall approach that will be used to restore a business or IT process is defined as the recovery strategy.
The recovery time objective (RTO) is the time in which a business process and its associated applications must be functional again after an outage event in order to prevent a defined amount of impact.
Used loosely, resilience plan/planning is another word for BCM.
Resiliency is a newer term referring to the durability of IT systems. Emphasizes elasticity and constant functionality, in contrast with the older term recoverability, which was more accepting of the idea that there would be intermittent outages.
The measures we take to reduce the chances that our activities will lead to a harmful result are called risk mitigation controls.
The process of taking steps to reduce the harmful results that might occur as a result of our activities is risk mitigation plan/planning.
Strategy implementation is the process of taking steps to put a recovery strategy into effect.
At its worst, business continuity terminology is unnecessarily confusing. At its best, it precisely describes important concepts and processes. I hope the list above has helped you get a better grasp of the terms and concepts that really matter when it comes to helping your organization weather life’s inevitable storms.
For more information on business continuity terms and other hot topics in business continuity and IT/disaster recovery, check out the following recent posts from MHA Consulting and BCMMETRICS: