Operational Resilience Jargon Buster


The ability of an organisation to deliver critical operations through disruption.


Impact Tolerances

Impact tolerances define the maximum acceptable level of disruption to a business service. (See MTO, RTO and RPO)



The Maximum Tolerable Outage or maximum time that a service can be interrupted before significant damage is experienced by the organisation / its customers.



The Recovery Time Objective usually refers to the time that those responsible for system recovery have to get the system(s) up and running…from the time they get the order to invoke the recovery plan. It will always be less than the MTO.



The Recovery Point Objective refers to the point in time in the past that it is acceptable to go back to for the backed-up data. E.g. is it ok to go back to last night’s back up? Or is a more recent backup required.



The necessary people, processes, information, technology, facilities, and third parties required to deliver a business service.


Third Party

An entity (person or organisation) that is undertaking an outsourced process, delivering a service or activity, that is a constituent part of the service an organisation offers to customers. This refers to both external third parties and intra/inter group service providers.



The Business Continuity Plan is a set of strategies and processes to deal with disruptions (usually severe) and ensure the organisation can maintain essential services at pre-defined levels, within an acceptable timeframe.



A Business Impact Analysis is a risk assessment technique for understanding consequences and their likelihood when an organisation experiences a disruption. It provides an understanding of the capability needed to manage a disruptive incident.



Information and Communications Technology generally refers to all the IT infrastructure (inhouse and in the Cloud) plus the voice and data connectivity required to deliver a business service.



An Outsourced Service Provider is a third-party that has been contracted to deliver all or part of a service that the organisation is offering to its customers.


Process Mapping

A planning and management tool that visually describes the flow of work. This is usually supported by detailed documentation of all dependencies including people, processes, information, technology, facilities, and third parties service providers.


Scenario Exercise

Usually takes the form of a desktop walkthrough, where a facilitator presents a severe but credible disruption scenario, and the participants have to respond by describing what action they will take. They will be guided by their Incident Response and Business Continuity plans and the aim of the exercise is usually to test the feasibility of the plans and to familiarise the participants with their individual roles.


Chain Outsourcing

Sometimes referred to as Fourth Parties, where a third party outsources part of the work to one of their third-parties (fourth party to you)


Threat Intelligence

Usually used in the context of cyber threats, it refers to the collection, analysis, and dissemination of information about suspected, emerging, and active cyberthreats, including vulnerabilities, threat actors’ tactics, techniques, and procedures.



In the context of computers a vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorised access to a computer system.