The following terms and definitions
are based on ISO 22301 2019 and |
Activity An activity
is a set of tasks oriented towards |
Audit An audit is an evidence
gathering process. Evidence is used Audit evidence includes records, factual
statements, and other |
Business continuity (BC) Business continuity is a
corporate capability. This capability exists |
Business continuity management (BCM) Business continuity management
is a holistic management process |
Business continuity management system (BCMS) A BCMS
is a set of interrelated elements
that organizations use to All of these elements are used to
ensure that operations continue In most cases, a business
continuity management system |
Business continuity plan Business continuity plans are documents that
organizations |
Business continuity program (or programme) A business
continuity program is an ongoing
management |
Business impact analysis A business impact analysis is
a process that organizations use |
Competence Competence
means being able to apply knowledge
and skill |
Conformity Conformity is the
"fulfillment of a requirement". To conform means
|
Continual improvement Continual improvement is
a set of recurring activities that an |
Correction A correction
is any action that is taken to eliminate
a |
Corrective action Corrective
actions are steps taken to eliminate the
causes nonconformities in order to prevent recurrence. The
corrective |
Disruption A disruption is an
incident that causes an unplanned negative |
Documented information The term documented
information refers to information that must Documented information includes
information about the management |
Effectiveness Effectiveness refers to
the degree to which a planned effect is |
Impact An impact is the outcome
of a business disruption. Business |
Exercise An exercise is any
process that an organization uses to assess, |
Incident An incident is an event
that can be or could lead |
Infrastructure The term infrastructure
refers to the entire system of |
Interested party (stakeholder) An interested party is
anyone who can affect, be affected |
Internal audit Organizations use internal
audits to audit themselves. Internal audits An audit
is an evidence gathering process. Audit evidence is used |
Invocation An invocation is an
official declaration that an organization's |
Management system A management system is
a set of interrelated or interacting elements A process-based management
system uses a process approach to The process approach is
a management strategy. When managers |
Maximum acceptable outage (MAO) The maximum
acceptable outage is the amount of time
that |
Maximum tolerable period of disruption (MTPD) See 3.25 Maximum
acceptable outage. According to ISO 22301, |
Measurement Measurement is a process
that is carried out |
Minimum business continuity objective (MBCO) A
minimum business
continuity objective is the lowest |
Monitoring To monitor means to
determine the status of an activity, process, |
Mutual aid agreement A mutual aid agreement
is a promise or a pre-arranged understanding |
Nonconformity Nonconformity is a
nonfulfilment or failure to meet a requirement. |
Objective An objective is a result
you wish to achieve. Objectives can be |
Organization According to ISO
22301, an organization can be a single
person An organization can be a
company, corporation, enterprise,
It can also be a single operating
unit that is part of a larger entity. |
Outsource When an organization makes an arrangement with an outside |
Performance A performance is a
measurable result that is achieved by an This definition allows us to
consider performance measurements. |
Performance evaluation A performance evaluation is
a process that is used to determine |
Personnel Personnel are people
working for and under the control of an |
Policy A policy is a general
commitment, direction, or intention and is formally |
Procedure A procedure is a way of
carrying out a process or activity. |
Process A process is a set of
activities that are interrelated or that interact |
Products and services Products and services are
outputs or outcomes that are |
Prioritized activities Prioritized
activities are those that must urgently
continue |
Records Records provide evidence
that activities have been performed or |
Recovery point objective (RPO) The term recovery point
objective refers to a data recovery objective. |
Recovery time objective (RTO) The term recovery time
objective refers to a time period. It is the |
Requirement A requirement is a need,
expectation, or obligation. It can be stated or |
Resources Resources include all the
assets that organizations need in order |
Risk According to ISO Guide 73:2009,
definition 1.1, risk
is the “effect ISO Guide 73 recognizes
that all of us operate in an uncertain world. Uncertainty (or lack of
certainty) is a state or condition that involves |
Risk appetite In the context of this ISO
22301 standard, risk appetite refers to |
Risk assessment Risk assessment is a
process that is, in turn, made up of three Risk identification is a
process that is used to find, recognize, and Risk analysis is a
process that is used to understand the nature, Risk evaluation is a
process that is used to compare risk analysis |
Risk management Risk management refers
to a coordinated set of activities and |
Testing According to ISO
22301, testing is an evaluation procedure
that is |
Top management The term top management normally
refers to the people at |
Verification Verification
is a process that uses objective evidence |
Work environment The term work environment
refers to working conditions. It refers to |
Updated on October 5, 2020. First published on March 23, 2013.
Praxiom Research Group Limited help@praxiom.com 780-461-4514 |
Legal Restrictions on the Use of this
Page Copyright © 2013 - 2020 by Praxiom Research Group Ltd. All Rights Reserved. |