Business continuity glossary

Plain-English definitions of the terms you'll meet across business continuity, disaster recovery and operational resilience.

Business Continuity Management(BCM)

Business Continuity Management (BCM) is the holistic process of identifying threats to an organisation and building the capability to keep critical operations running through disruption.

Business Continuity Plan(BCP)

A Business Continuity Plan (BCP) is a documented set of procedures that guides an organisation in continuing and recovering critical functions during and after a disruption.

Business Impact Analysis(BIA)

A Business Impact Analysis (BIA) identifies critical business processes and quantifies the operational, financial, legal and reputational impact of disrupting them over time.

Call Tree

A call tree (or call cascade) is a pre-defined contact list and escalation order used to rapidly notify staff and stakeholders during an incident.

Crisis Management

Crisis Management is the coordinated process of leading an organisation through a major disruptive event, covering decision-making, stakeholder communication and welfare.

Digital Operational Resilience Act(DORA)

DORA is an EU regulation, in force since January 2025, that requires financial entities and their ICT providers to manage ICT risk and maintain tested operational-resilience capabilities.

Disaster Recovery(DR)

Disaster Recovery (DR) is the subset of business continuity focused on restoring IT systems, applications and data after a disruptive event.

Incident Management

Incident Management is the process of detecting, responding to, and resolving disruptions in a structured way to limit damage and restore normal operations.

ISO 22301

ISO 22301 is the international standard specifying requirements for a Business Continuity Management System (BCMS), against which organisations can be independently certified.

Maximum Tolerable Period of Disruption(MTPD)

The Maximum Tolerable Period of Disruption (MTPD), also called MTD, is the longest a critical process can be unavailable before the resulting damage threatens the organisation's survival.

NIS2 Directive(NIS2)

NIS2 is an EU directive that strengthens cybersecurity and continuity obligations across essential and important entities, including risk management, incident reporting and business continuity.

Operational Resilience

Operational resilience is an organisation's ability to prevent, adapt to, respond to, recover from and learn from operational disruptions.

Recovery Point Objective(RPO)

A Recovery Point Objective (RPO) is the maximum amount of data, measured in time, an organisation can afford to lose in a disruption.

Recovery Time Objective(RTO)

A Recovery Time Objective (RTO) is the maximum acceptable length of time a business process or system can be down before the impact becomes unacceptable.

Risk Appetite

Risk appetite is the amount and type of risk an organisation is willing to accept in pursuit of its objectives.

Single Point of Failure(SPOF)

A single point of failure (SPOF) is any component — a system, supplier, site or person — whose failure alone would halt a critical process.

Tabletop Exercise

A tabletop exercise is a discussion-based session in which a team walks through a simulated disruption scenario to validate plans and decision-making without affecting live systems.

Work Area Recovery

Work area recovery is the provision of alternative workspace and equipment so staff can continue critical functions when their primary site is unavailable.