Preparing Scotland: business resilience guidance

This guidance focuses on how organisations can become more resilient. In particular, it provides advice to Category 1 responders and information to other readers about the duties set out in the Civil Contingencies Act (2004) and associated Regulations.

Annex 2: Selected Glossary

Business Continuity - Strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level.

Business Impact Analysis - The process of determining the impacts on the organisation from interruptions to business operations or processes.

Business Resilience - A holistic approach, demonstrating how resilience can contribute to the overall strategic aims and objectives of an organisation. It extends the scope of business continuity management and emphasises the human and cultural aspects.

Community Resilience - Communities and individuals harnessing local resources and expertise to help themselves in an emergency, in a way that complements the response of emergency responders.

Crisis - An abnormal situation which threatens the operations, staff, customers or reputation of an enterprise.

Enterprise Risk Management - ( ERM) - a strategic business discipline that supports the achievement of an organisation's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks.

Incident Response Structure - Organised arrangements to provide effective direction, coordination and deployment of resources required to respond to an incident.

Maximum Tolerable Period of Disruption (or outage) - Maximum Tolerable Period of Disruption is the maximum allowable time that the organisation's key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable.

Recovery Phase - Process of rebuilding, restoring and rehabilitating following an emergency or disaster, and continuing until the disruption has been rectified, demands on services have been returned to normal levels, and the needs of those affected have been met.

Recovery Point Objective ( RPO) - The point in which information used by an activity must be restored to enable that activity to operate on resumption.

Recovery Time Objective - Recovery Time Objective ( RTO) refers to the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organisation.

Risk Appetite - Total amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any point in time.

Risk Treatment - Process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level.

Single Point of Failure ( SPOF) - The part of a service/activity/process whose failure would lead to the total failure of a key business activity.

Surge Capacity Planning - Development of arrangements to deliver an increased volume of those goods or services that are normally provided.


Back to top