Welcome » IT Booklets » Business Continuity Planning » Appendix B: Glossary
C D E F G H I M N O P R S T U V W
CCrisis management - The process of managing an institution’s operations in response to an emergency or event that threatens business continuity. An institution’s ability to communicate with employees, customers, and the media, using various communications devices and methods, is a key component of crisis management.DData corruption - Errors in computer data that occur during writing, reading, storage, transmission, or processing, which introduce unintended changes to the original data. Data synchronization - The comparison and reconciliation of interdependent data files at the same time so that they contain the same information.Database - A collection of data that is stored on any type of computer storage medium and may be used for more than one purpose.Dedicated Synchronous Optical NETwork (SONET) - SONET is a standard for telecommunications transmissions over fiber optic cables. SONET is self-healing so that if a break occurs in the lines, it can use a back-up redundant ring to ensure that the transmission continues. SONET networks can transmit voice and data over optical networks.Digital subscriber line (DSL) - DSL provides the ability to transmit high-speed digital signals over existing telephone lines.Disaster recovery - The process of recovering from major processing interruptions. Disaster recovery exercise - A test of an institution’s disaster recovery or BCP. Disaster recovery plan - A plan that describes the process to recover from major processing interruptions.Disk shadowing - A back-up process that involves writing images to two physical disks or servers simultaneously.Diversity - A description of financial services sectors in which primary and back-up telecommunications capabilities do not share a single point of failure.Dual control - Dividing the responsibility of a task into separate, accountable actions to ensure the integrity of the process.EElectronic vaulting - A back-up procedure that copies changed files and transmits them to an off-site location using a batch process.Emergency plan - The steps to be followed during and immediately after an emergency such as a fire, tornado, bomb threat, etc.Encryption - A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that data appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key.End-to-end recoverability - The ability of an institution to recover a business process from initiation, such as customer contact, through process finalization, such as transaction closure. Enterprise-wide - Across an entire organization, rather than a single business department or function. FFEMA - FEMA is an acronym for Federal Emergency Management Agency.Financial industry participants - Financial institutions and other companies that are involved in the banking, securities, and/or insurance industry and are regulated by supervisory authorities.Frame relay - A high-performance WAN protocol that operates at the physical and data link layers of the Open Systems Interconnect (OSI) reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Frame relay uses existing T-1 and T-3 lines and provides connection speeds from 56 Kbps to T-1.Functional drill/parallel test - This test involves the actual mobilization of personnel at other sites in an attempt to establish communications and coordination as set forth in the BCP.Functionality testing - A test designed to validate that a business process or activity accomplishes expected results.GGap analysis - A comparison that identifies the difference between actual and desired outcomes.GETS - Acronym for the Government Emergency Telecommunications Service card program. GETS cards provide emergency access and priority processing for voice communications services in emergency situations. Grandfather-father-son - Retaining multiple versions of the back-up files off-site on a “grandfather-father-son” rotating basis is recommended. This tape methodology creates three sets of back-up tapes: daily incremental sets or “sons,” weekly full sets or “fathers,” and end-of-month tapes or “grandfathers.” HHierarchical storage management (HSM) - HSM is used to dynamically manage the back-up and retrieval of files based on how often they are accessed using storage media and devices that vary in speed and cost.HVAC - Heating, ventilation, and air conditioning.IIndustry testing - A test designed to validate that business processes, integrated across firms and within the financial industry, which supports the business continuity objectives of the firms, both individually and collectively.Integrated services digital network (ISDN) - Integrated test/exercise - This integrated test/exercise incorporates more than one component or module, as well as external dependencies, to test the effectiveness of the continuity plans for a business line or major function. Integrity - Assurance that information is trustworthy and accurate; Ensuring that information will not be accidentally or maliciously altered or destroyed (see “Data Integrity”).Interconnectivity - The state or quality of being connected together. The interaction of a financial institution’s internal and external systems and applications and the entities with which they are linked.Interdependencies - Where two or more departments, processes, functions, and/or third-party providers support one another in some fashion. Internet protocol (IP) - IP is a standard format for routing data packets between computers. IP is efficient, flexible, routable, and widely used with many applications, and is gaining acceptance as the preferred communication protocol. MMedia - Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs).Microwave technology - Narrowband technology that requires a direct line-of-sight to transmit voice and data communications and is used to integrate a broad range of fixed and mobile communication networks.Modeling - The process of abstracting information from tangible processes, systems and/or components to create a paper or computer-based representation of an enterprise-wide or business line activity. Module - A combination of various components of a business process or supporting system. Module test/exercise - A test designed to verify the functionality of multiple components of a business line or supporting function at the same time. Multiplexers - A device that encodes or multiplexes information from two or more data sources into a single channel. They are used in situations where the cost of implementing separate channels for each data source is more expensive than the cost and inconvenience of providing the multiplexing/de-multiplexing functions.NNetwork attached storage (NAS) - NAS systems usually contain one or more hard disks that are arranged into logical, redundant storage containers much like traditional file servers. NAS provides readily available storage resources and helps alleviate the bottlenecks associated with access to storage devices. OObject Program - A program that has been translated into machine language and is ready to be run (i.e., executed) by the computer.PPandemic - An epidemic or infectious disease that can have a worldwide impact.PBX - Private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.Permanent virtual circuit (PVC) - PVC is a pathway through a network that is predefined and maintained by the end systems and nodes along the circuit, but the actual pathway through the network may change due to routing problems. The PVC is a fixed circuit that is defined in advance by the public network carrier. Refer to switched virtual circuit for an additional virtual circuit option.RReciprocal agreement - An agreement whereby two organizations with similar computer systems agree to provide computer processing time for the other in the event one of the systems is rendered inoperable. Processing time may be provided on a “best effort” or as “time available” basis; therefore, reciprocal agreements are not usually acceptable as a primary recovery option.Recovery point objective (RPO) - The amount of data that can be lost without severely impacting the recovery of operations or the point in time in which systems and data must be recovered (e.g., the date and time of a business disruption).Recovery point objectives (RPOs) - RPOs represent the amount of data that can be lost without severely impacting the recovery of operations or the point in time in which systems and data must be recovered (e.g., the date and time of a business disruption). Recovery site - An alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as “hot” sites that are fully configured centers with compatible computer equipment and “cold” sites that are operational computer centers without the computer equipment.Recovery time objective (RTO) - The maximum allowable downtime that can occur without severely impacting the recovery of operations or the time in which systems, applications, or business functions must be recovered after an outage (e.g. the point in time that a process can no longer be inoperable). Recovery time objectives (RTOs) - RTOs represent the maximum allowable downtime that can occur without severely impacting the recovery of operations or the time in which systems, applications, or business functions must be recovered after an outage (e.g. the point in time that a process can no longer be inoperable). Recovery vendors - Organizations that provide recovery sites and support services for a fee. Risk assessment - A prioritization of potential business disruptions based on severity and likelihood of occurrence. The risk assessment includes an analysis of threats based on the impact to the institution, its customers, and financial markets, rather than the nature of the threat. SSAS 70 report - An audit report of a servicing institution prepared in accordance with guidance provided in the American Institute of Certified Public Accountant's Statement of Auditing Standards Number 70.Satellite technology - These links efficiently extend the reach of typical communication systems to distant areas and provide alternative traffic routing in an emergency.Server - A computer or other device that manages a network service. An example is a print server, which is a device that manages network printing.Service level agreement (SLA) - Formal documents between an institution and its third-party provider that outline an institution’s predetermined requirements for a service and establish incentives to meet, or penalties for failure to meet, the requirements. SLAs should specify and clarify performance expectations, establish accountability, and detail remedies or consequences if performance or service quality standards are not met.Significant firms - Firms that process a significant share of transactions in critical financial markets. Simulated loss of data center site(s) test/exercise - A type of disaster recovery test that involves the simulation of the loss of the primary, alternate, and/or tertiary data processing sites to verify that the institution can continue its data processing activities. Simulation - The process of operating a model of an enterprise-wide or business line activity in order to test the functionality of the model. Computer systems may support the simulation of business models to aid in evaluating the BCP. Sound practices - Defined in the “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System,” which was issued by the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency, and Securities and Exchange Commission. Source program - A program written in a programming language (such as C, Pascal, or COBOL). A compiler translates the source code into a machine-language object program.Split Processing - The ongoing operational practice of dividing production processing between two or more geographically dispersed facilities.Storage area network (SAN) - SAN represents several storage systems that are interconnected to form one back-up network, which allows various systems to be connected to any storage device and prevents dependence on a single line of communication.Stovepipe application - Stand-alone programs that may not easily integrate with other applications or systems.Street tests - Street tests are also called cross-market tests or market-wide tests that are sponsored by the Securities Industry Association, Bond Market Association, and Futures Industry Association. These tests validate the connectivity from alternate sites and include transaction, settlement, and payment processes, to the extent practical. Sustainability - The period of time for which operations can continue at an alternate processing facility. Synchronous data replication - A process for copying data from one source to another in which an acknowledgement of the receipt of data at the copy location is required for application processing to continue. Consequently, the content of databases stored in alternate facilities is identical to those at the original storage site, and copies of data contain current information at the time of a disruption in processing.TT-1 line - A special type of telephone line for digital communication and transmission. T-1 lines provide for digital transmission with signaling speed of 1.544Mbps (1,544,000 bits per second). This is the standard for digital transmissions in North America. Usually delivered on fiber optic lines.Table top exercise/structured walk-through test - Terminal services - A component of Microsoft Windows operating systems (both client and server versions) that allows a user to access applications or data stored on a remote computer over a network connection.Test assumptions - The concepts underlying an institution’s test strategies and plans. Test plan - A document that is based on the institution’s test scope and objectives and includes various testing methods. Test scenario - A potential event, identified as the operating environment for a business continuity or disaster recovery test, which the institution’s recovery and resumption plan must address. Test scripts - Documents that define the specific activities, tasks, and steps that test participants will conduct during the testing process. Test strategy - Testing strategies establish expectations for individual business lines across the testing life cycle of planning, execution, measurement, reporting, and test process improvement. Testing strategies include the testing scope and objectives, which clearly define what functions, systems, or processes are going to be tested and what will constitute a successful test.Transaction testing - A testing activity designed to validate the continuity of business transactions and the replication of associated data. Two-way polling - An emergency notification system that allows management to ensure that all employees are contacted and have confirmed delivery of pertinent messages.UUPS - Uninterruptible power supply. A device that allows your computer to keep running for at least a short time when the primary power source is lost. A UPS may also provide protection from power surges. A UPS contains a battery that "kicks in" when the device senses a loss of power from the primary source allowing the user time to save any data they are working on and to exit before the secondary power source (the battery) runs out. When power surges occur, a UPS intercepts the surge so that it doesn't damage your computer. Utility programs - A program used to configure or maintain systems, or to make changes to stored or transmitted data.VVirtual private network (VPN) - A computer network that uses public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. Voice over Internet Protocol (VoIP) - The transmission of voice telephone conversations using the Internet or Internet Protocol networks.WWalk-through drill/simulation test - This test represents a preliminary step in the overall testing process that may be used for training employees but not as a preferred testing methodology. During this test, participants choose a specific scenario and apply the BCP to it. Wallet card - Portable information cards that provide emergency communications information for customers and employees. Wide-scale disruption - An event that disrupts business operations in a broad geographic area. Wireless communication - The transfer of signals from place to place without cables, usually using infrared light or radio waves.Work transfer - Work-transfer is a process whereby the staff located at a recovery site accepts the workload of staff located at a primary production site, and a data center located at a recovery site accepts the workload of the primary data processing site.