ISO 22301: Clause 3 - Terms and Definitions
ISO 22301: Clause 3 - Terms and Definitions contains all the terms and definitions used in ISO 22301. These terms and definitions provide a common understanding of the requirements in ISO 22301 and how they should be met.
The following terms and definitions are used in ISO 22301:
• Business Continuity: The ability of an organization to continue to operate its critical business functions in the event of an incident.
• Business Impact Analysis (BIA): The process of identifying the potential impacts of an incident on the business and assessing the level of risk.
• Business Continuity Management (BCM): The process of identifying, planning, and implementing measures to protect the organization from the potential impacts of an incident.
• Business Continuity Plan (BCP): A plan that describes the steps that will be taken to ensure the continuity of the organization’s critical business functions in the event of an incident.
• Crisis Management: The process of dealing with an incident that has already occurred and is causing disruption to the organization.
• Incident: Disruption or event that has the potential to negatively impact the organization's operations, reputation, or stakeholders.
• Recovery Time Objective (RTO): The duration of time within which business processes must be restored after a disruption in order to avoid unacceptable consequences.
• Recovery Point Objective(RPO): Point in time to which information and data must be recovered after an outage or disruption.
• Maximum Tolerable Period of Disruption (MTPD): Maximum duration that an organization can tolerate an interruption to its activities.
• Risk: The effect of uncertainty on objectives, whether positive or negative.
• Risk Assessment: The overall process of risk identification, risk analysis and risk evaluation.
• Risk Management: The coordinated activities to direct and control an organization with regard to risk.
• Risk Treatment: Process of selecting and implementing measures to modify risk.
• Risk Appetite: Amount and type of risk that an organization is willing to pursue, retain, or take.
• Recovery Point Objective (RPO): The point in time to which data must be restored after a disruption in order to resume normal operations.
• Test and Exercise: The process of testing and exercising the business continuity management system to ensure it is effective and can be relied upon in the event of an actual incident or disruption.
• Recovery Strategy: The overall approach to restoring business operations and recovering from an incident or disruption.
• Crisis Communications: The process of communicating with internal and external stakeholders during a crisis or disruption.
• Documented Information: Information that is controlled and maintained in a way that enables it to be easily identified, accessed, and used by relevant parties.
• Continual Improvement: The ongoing process of improving the effectiveness of the business continuity management system.
• Response Plan: A response plan is a document that outlines the procedures to be followed in the event of an incident. The plan should be designed to minimize the impact of the incident on the business and its customers.
• Supply Chain Continuity: Ability to ensure uninterrupted product and service delivery by managing risks associated with suppliers and partners.
These definitions are used throughout the standard and are important for understanding the requirements and implementation of a Business Continuity Management System (BCMS).