Alert is the notification that an incident or disaster situation has occurred. It implies a possible activation of the plan.
Business Impact Assessment (BIA)
Assesses business critical functions, identifies and quantifies the impact that a loss of those functions may have to the organisation.
Business Continuity Management (BCM)
The processes that organizations use to ensure business continuity is maintained across their organization.
Business Unit
Is a collection of risks, this collection can be based on location, type, department or own configuration.
Control Measure
A counter measure for vulnerabilities, to reduce the threat of risks by taking a proactive stance.
Contingency Plan
An event specific preparation that is executed when an incident occurs to protect an organization from certain and specific identified risks and/or threats.
Corporate Governance
The system/process by which top management of an organization are required to carry out and discharge their legal, moral and regulatory account abilities and responsibilities.
Corporate Risk
A category of risk management that looks at ensuring an organization meets its corporate governance responsibilities takes appropriate actions and identifies and manages emerging risks.
Disaster Recovery
A documented process on how to recover and protect a business after an incident or disaster situation.
File Manager
A BCMfort feature to manage and consolidate supporting files and documentation.
A hazard is a situation that poses a level of threat to the business or environment.
Health Safety, Quality and Environment
Impact Rating (IR)
Is the expected cost of a potential incident, in time, money and resources.
Implementation notes
A document explaining how actual controls have been implemented.
Taking steps to reduce adverse effect of a threat.
Maximum Tolerable Downtime
A message sent to predefined response group and what actions should be taken when an alert has been raised.
Probability Rating (PR)
An assessment of the likelihood that an event will occur.
A series of logically related activities or tasks (such as planning, production, or sales) performed together to take a set of inputs and produce a defined set of outputs.
Recovery Contact
A staff member that is responsible for the recovery and restoration of business operations after a disruption. The recipient of a notification.
Recovery Group
A group responsible for the recovery and restoration of business operations after a disruption.
Recovery Time Capable (RTC)
The amount of time it currently takes to restore a process (starting point).
Recovery Time Requirement (RTR)
An external requirement (contractual, legal, statutory or an SLA) of the amount of time to restore a process.
Recovery Point Objective
The maximum amount of data that can be lost. (If one hour then a standby solution is required. If 24 hours, then backups may suffice.)
Recovery Site
A designated site for the recovery of business unit, technology, or other operations, which are critical to the enterprise, when an incident occurs.
Recovery Time Objective
The targeted duration of time and service level within which a service must be restored.
An economic or productive factor required to accomplish a process or activity, such as labour, information or expertise.
Reminder schedule
A predefined alert to notify the risk owner that a procedure is up for revue.
Review approval
The decision if the risk is in an acceptable state or not. (If not the Risk Owner will need to implement additional control measures.)
The possibility for loss or injury created if a hazard becomes an incident.
Risk Categories
A grouping of risks of similar type under key headings.
Risk Controls
The method by which firms evaluate potential losses and take action to reduce or eliminate threats.
Risk Library
A collection of example risks to help setup the system.
Used to further categorise risks within risk categories. (aka Keyword)
Two factor authentication (increased security)
an indication of something impending that may cause injury, or damage
Selecting one or more options for treating each unacceptable risk. (Start by concentrating risks that are rated higher during the BIA and look to mitigate these were possible by identifying the relevant hazards and control measures.)
Susceptible to harm, degradation, or destruction on being exposed to a hostile agent or factor.