Annex A - definitions of key terms

Published: 04 February 2025
Freedom of information class: How we manage our resources

Definitions of key terms for RoS business continuity policy.


Business Continuity Plan (BCP)

A documented collection of procedures and information that is developed, compiled, and maintained in readiness for use in an incident to enable an organisation to continue to deliver its critical products and services at an acceptable predefined level.

OR - A documented plan that details how an individual organisation will ensure it can continue to perform its essential functions during a wide range of events that impact normal operations.

Business Continuity Policy

The key document that sets out the scope and governance of the BCM programme and reflects the reasons why it is being implemented.

Business Continuity Programme

Ongoing management and governance process supported by Top Management and appropriately resourced to implement and maintain Business Continuity Management.

Business Continuity Management System (BCMS)

Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. ISO Editor’s Note: The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources.

Business Continuity Steering Group

The Business Continuity Taskforce Steering Group is an interdisciplinary team to ensure the RoS Business Continuity Taskforce aligns to corporate strategy and objectives, is maturing, making forward progress towards annual goals, and furthermore, helps to raise the profile and awareness of Business Continuity Management.

Business Impact Analysis (BIA)

Process of analysing activities and the effect that a business disruption might have on them.

Contingency Plan

A plan used by an organisation or business unit to respond to a specific systems failure or disruption of operations.

Disaster Recovery (DR)

The technical aspect of Business Continuity. The collection of resources and activities to re-establish information technology services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption of IT services. Disaster recovery includes subsequent resumption and restoration of those operations at a more permanent site.

Disaster Recovery Plan

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Embedding Business Continuity

The Management Practice within the BCM Lifecycle that continually seeks to integrate Business Continuity into day-today activities and organizational culture.

Important Business Service

A service provided by RoS, or on behalf of RoS, to customers (both external and internal) which, if disrupted, could cause intolerable levels of harm to any one or more RoS customers.

Incident

An event that has the potential to cause interruption, disruption, loss, emergency, crisis, disaster, or catastrophe.

Incident Management Plan

A document that helps an organisation return to normal as quickly as possible following an unplanned event.

Information Security Continuity

A term used within ISO 27001 to describe the process for ensuring confidentiality, integrity and availability of data is maintained in the event of an incident, i.e. the focus is on ensuring information security functions are maintained, not that Services are maintained.

Intolerable Harm

Something from which customers cannot easily recover, e.g. where a firm is unable to put a client back into a correct financial position, post-disruption, or where there have been serious non-financial impacts that cannot be effectively remedied.

Maximum Tolerable Period of Disruption (MTPD)

The time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing and activity, to become unacceptable.

Operational Resilience

Ability of an organization, staff, system, telecommunications network, activity or process to absorb the impact of a business interruption, disruption or loss and continue to provide an acceptable level of service.

Organisational Resilience

The ability of an organisation to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper.

OR – The ability of an organisation to absorb and adapt in a changing environment.

Recovery Point Objective (RPO)

Point to which information used by an activity must be restored to enable the activity to operate on resumption. Note: Can also be referred to as “maximum data loss”.

Recovery Time Objective (RTO)

Time goal for the restoration and recovery of functions or resources based on the acceptable down time and acceptable level of performance in case of a disruption of operations.

Resilience

The ability to prepare for and adapt to changing conditions and recover rapidly from operational disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.