News Stay informed about the latest enterprise technology news and product updates.

Speaking of business continuity: A cheat sheet

One of the challenges organizations often face as they initiate business continuity or disaster recovery planning is to reach consensus on precisely what they are trying to do. This requires identifying and closing any gap that may exist between the actual availability/recoverability of the organization's information systems and the ability/recoverability expected by the business units and executive management.

The only way to close such a gap is for the business and IT management to engage in a comprehensive discussion of current capabilities, needs, procedures, and expectations. What follows is a "cheat sheet" designed to ensure that both sides are on the same page as they begin their discussion. These definitions are not meant to be all-encompassing, but rather, a starting point for a conversation.

Business Continuity Glossary of Terms

Business continuity gap

The difference between the actual availability of an organization's information systems and the level of availability expected by its business units.

Business continuity planning

A process to safeguard the entire enterprise from the effects of a business interruption and ensure business operations continue. Disaster recovery is considered a subset that deals with the restoration of the IT infrastructure and supporting applications.

Business continuity program

An ongoing project sponsored by senior management to ensure that business continuity requirements are maintained, expanded, tested and rehearsed to meet the changing needs of the organization, as well as ensuring that the organization is compliant with all applicable regulations.

Business impact analysis (BIA)

The process of analyzing individual business functions and the effect that a specific disaster or crisis may have on them. The BIA should quantify the expected financial losses and other business impacts, based on duration, for each threat and vulnerability faced. A BIA is used to help determine recovery point and time objectives.

Business interruption

Any event that disrupts the normal course of business operations at a particular location. A disruption becomes a disaster if the duration exceeds a predetermined period of time.


Facility separate from the main facility, equipped with adequate communications equipment from which initial recovery efforts are coordinated. The management team uses this facility to coordinate the recovery process; its use continues until the disaster (crisis) is contained.

Contact list

A list of team members and/or key players to be contacted during a disaster (crisis). This list should include the alternates for each primary team member (aka notification list).

Contingency planning

The process of developing plans and procedures that enable an organization to respond to events that could evolve into a prolonged outage.

Critical functions

Business activities that can neither be interrupted nor unavailable for a period of time without significantly jeopardizing the operation of the organization.

Critical records

Records or documents that are essential for the organization to maintain and that cannot be re-created conveniently.

Data backup strategies

Those processes determined by an organization to be necessary to meet its data backup and recovery objectives. Elements of the strategy determine the time frames, technologies, media and handling of the backups as determined by policy as well as recovery point objective and recovery time objective requirements.

Data backups

The backup of any computer file to media that can be removed off-site either physically or electronically. Data backups can be used to restore corrupted or lost data on a file or media basis or to recover entire systems in the event of a disaster.

Data recovery

The restoration of computer files from backup media to a state that existed at the time of the last available backup. Also, the recovery of data from failed media in the event that backups do not exist.

Disaster (crisis)

Any event that disrupts an organization's ability to provide critical business functions for a duration greater than the length of time predetermined to be acceptable (see recovery time objective).

Disaster notification

Communication methods, processes and time frames used to notify business units and customers of a disaster.

Disaster recovery

The reaction to the interruption of a specific business process, according to a plan that ensures its orderly and timely restoration.

Disaster recovery plan

The document that defines the resources, actions, tasks and information required to execute the recovery process in the event of a disruption. The plan should be designed to provide a complete framework for restoring support for critical business processes within the stated recovery objectives.

Disaster tolerance

The measure of the ability to withstand threats and overcome disruptions. Disaster tolerance identifies the redundancies built into critical processes and facility infrastructure, and the application of other methods to reduce single points of failure.


A planned or unplanned interruption in availability. Downtime can be a result of any of a number of interruptions or events. While often measured differently by IT and business management, the net impact of downtime is that end users cannot access required resources.

Enterprise backup and recovery

An integrated set of procedures for regular, sometimes continual, data backup and data recovery that meet an organization's availability/business continuity requirements.


A polite term for a disaster or crisis.


An announced or unannounced test performed for the purpose of educating and training team members and validating the disaster recovery plan.

Financial impact

Revenue loss or operating expense that continues following an interruption or disaster, as a result of the event, and that cannot be offset by insurance and directly affects the financial position of the organization.

High availability

Systems providing a very high level of reliability and availability. High-availability systems typically provide an uptime on the order of 99.999% while operating 24 hours a day, seven days a week. These systems provide this exceptional uptime by utilizing numerous hardware and software options which minimize or eliminate single points of failure.

Information lifecycle management (ILM)

The emerging management practice for assigning appropriate degrees of importance to information as it progresses from creation to eventual deletion. ILM methodology has the promise to provide the appropriate level of cost for storage and disaster recovery at every step in the lifecycle of data, thereby minimizing data storage and disaster recovery costs.

Mitigation strategy

The processes and plans followed to lessen the impact of threat or vulnerability on an organization.

Mock disaster

A method of testing a disaster plan that involves the simulation of a disaster under the control of independent observers or coordinators. A mock disaster is a simulation with no invocation of recovery sites or facilities. This type of test is primarily intended to subject participants to "real" conditions and expose any communications or plan deficiencies. A mock disaster will typically operate on a compressed time frame.

Operating-level agreement

An IT Infrastructure Library standard that defines the underpinning contracts that support the delivery of a service -- often according to a service-level agreement -- and the technology dependencies of said operations.

Operational exercise

A complete test of all or a significant part of a disaster recovery or business continuity plan. Operational exercises are conducted in the actual recovery centers and involve a complete restoration of service up to and including the verification of the applications and users' ability to interface with those applications.


Process(es) or functional procedures to complete a given task for a specific outcome.


Documented, clear, auditable and decisive guidelines about actions or procedures for issues or circumstances that sometimes have vague and ambiguous variables or directives. Policies contain information that describes in detail their purpose, persons affected, responsibilities, procedures and any and all revisions.


Process of restoring function after an interruption. Also, the planning involved in preparing for such an activity. This term is often used as a short form of disaster recovery, but actually is more properly used to refer to any restoration of service.

Recovery point objective

The point in the data flow to which an organization must recover via backups or other recovery methodologies. This is one of two prime criteria used to determine the strategy required for the recovery of particular information.

Recovery strategy

The overall recovery approach for an organization. The strategy provides direction, while plans and processes provide the actual means.

Recovery time objective (RTO)

The amount of time an organization can afford to be without specific process and information sources. This is one of two prime criteria for the development of a recovery strategy. This value also represents the maximum duration for an interruption that might be tolerated without recourse to recovery activities.


A more general term for the duplication of data to ensure continuous availability, currency and accuracy. This process may include mirroring techniques as well as software-driven techniques specific to certain applications and operating systems.


The scripted reaction to an event in the period immediately following the occurrence. It is within this period that the severity and duration are assessed and the mitigation response is selected.


The process of reactively mitigating the interruption. The process may involve a full-scale disaster or the replacement of a single component; the bottom line is that service is available to end user(s).

Risk analysis

The process of quantifying organizational vulnerability by establishing the potential impact of an outage and matching that impact with the estimated financial result of that event. Risk analysis is often used as input in determining a risk mitigation strategy.

Risk mitigation

Actions taken to reduce the probability or severity of a known risk.

Risk tolerance

The measure of an organization's ability to survive the losses associated with specific risks.

Service-level agreement (SLA)

A formal agreement between a service provider and a client that defines the nature of their relationship. The SLA should detail normal as well as disaster (crisis) situations.

Single point of failure

The only source of a specific service in an entity. The service could be a power supply in a router or a computing system for an application.

Michael Croy has more than 20 years of experience in building, developing and implementing disaster recovery and business continuity programs. As Forsythe Solutions Group Inc.'s business continuity practice manager, Croy is responsible for the company's business continuity offerings, including risk analysis, best practice models for continuity of IT infrastructure (storage, server and network), and disaster recovery planning, strategy and management.

Dig Deeper on Enterprise disaster recovery and business continuity planning