As you prepare to construct Business Continuity plans and Business Impact Analysis information, please feel free to use the attached documents.
This glossary contains terms used in Mission Continuity in General, BC Plan, and Business Impact Analysis.
General
BETH-3 Methodology
The BETH-3 Methodology governs the way Mission Continuity Plan components are organized and recorded in Risk Cloud. It stands for Building, Equipment, Technology, Human Resources, and 3rd Party Business Partners and Suppliers.
Building
Basic information about Penn’s buildings/facilities that is essential to the resumption/continuation of your unit’s most critical processes and functions. Examples include a research laboratory or classroom in a School, the Biochemistry Laboratory in the School of Medicine’s John Morgan building, or a specific building that houses critical computing equipment, such as the Pennovation Data Center.
Equipment
Necessary equipment and supplies that are essential to an operation. Examples include an electron microscope in a specific research laboratory or backup power generator requirements for important computer systems.
Technology
Key technology and systems that are essential to the availability or resumption of your unit’s processes and functions. Examples include a Blackboard site for a class, or enterprise-wide technology like the University’s Payroll/Personnel system, PennNet, Zoom, or e-mail.
Human Resources
Personnel or job functions in your area. Some may be defined as “essential,” meaning they may be required for various functions to continue or resume. Examples include a certain lab assistant with critical knowledge of a specific experiment or a computer technician skilled in the recovery processes necessary to bring back-up servers online and make them accessible to users.
Third-Party Vendor/Supplier
Key third-party partners or suppliers that are essential to the availability or resumption of your unit’s most critical processes and functions. One example is an external vendor that supplies specific laboratory animals with a special food diet.
Mission Continuity
Mission Continuity (or Business Continuity) refers to the steps taken by an organization to ensure that critical functions, support systems, and assets will be available to the University or resumed as soon as possible after an outage.
Mission Continuity Representative
A Mission Continuity Representative is designated at each School and Center to serve as the communications conduit for important Mission Continuity Program information. Mission Continuity Representatives are often the local Mission Continuity Program experts and liaisons at their School or Center.
PennReady
PennReady is Penn’s Crisis Management initiative, managed by the Division of Public Safety. It refers to the prevention of, preparation for, response to, and recovery from any emergencies that could affect the Penn and University City communities. More information on Penn Ready visit, DPS's PennReady web guide.
Tabletop Exercise
A tabletop exercise provides a practical check of procedures to follow should a particular event occur. Participants, including MCP Representatives, Contributors, and other stakeholders who put together a department’s mission continuity plan, use a tabletop exercise to test notification, recovery management, tasks, and responsibilities, as well as overall communications. A tabletop exercise allows a department to test critical to-do lists, contact groups, and plan documents to ensure every scenario has been covered and that information is up to date and correct.
BC Plan Terms
Business Continuity Planning (BCP)
The process of identifying, documenting, and testing plans required to sustain an organization’s critical functions in the event of an outage, disaster, or emergency situation.
Action Plan
Action Plans are the sequential steps taken in case of an event or incident. An Action Plan starts with a “Trigger,” “when something happens,” followed by an “Action,” “what to do,” followed by “Responsible Persons or Contact Groups,” “who needs to do something or be notified”; and ends with “Documentation,” the “how.”
Actions
Actions are part of an Action Plan and refer to the “what to do”, such as, “evacuate the building when an outage occurs.”
Contacts
Contacts are a collection of individuals’ and organizations’ names and pertinent information such as email addresses. Contacts can be internal or external to Penn. A Plan Liaison could create a list of faculty and staff Contacts for their department by selecting individuals from a master list of faculty and staff available in the Risk Cloud software. External Contact information (e.g., for important partners or suppliers) will be entered manually.
Contact Group
The name given to a set of people or functions such as Senior Staff, Department Heads, Operating Staff. Contact Groups contain the names or roles of members.
Plan Liaisons/Representatives
A Plan Liaison or Representative creates the Mission Continuity plan for a School or Center using the MCP software. Plan Liaisons/Representatives serve as the local expert and primary communications point with the Mission Continuity Program. A School or Center may have one or more Plan Liaisons/Representatives.
Process Dependencies
The functions or other processes required by any process to remain available. These include Buildings and/or Technologies.
Responsible Persons
Responsible Persons is part of an Action Plan and refers to the “who,” such as “the designated team leader.”
Risk Cloud
Risk Cloud is the software tool used by the University for mission continuity planning and management.
Triggers
Triggers are part of an Action Plan. A trigger is an event, “when something happens,” that sets an Action Plan in motion, for example, “when a building outage occurs due to a fire or flood.”
BIA terms
Business Impact Analysis (BIA)
A business impact analysis (BIA) is the process of determining the importance of business activities and required resource requirements to ensure operational resilience and continuity of operations during and after a business disruption. The BIA quantifies the impacts of disruptions on service delivery, risks to service delivery, and recovery time objectives (RTOs). These recovery requirements are then used to develop strategies, solutions, and plans.
Achievable Recovery Time (ART)
The Achievable Recovery Time is an estimate of the time to recover a system, process, or function.
Critical Processes
A process, system, or function that directly supports the University's mission of teaching, research, service, and clinical work or that directly supports the functioning of the University as an organization. Zoom and Teams are critical for remote teaching and meetings, laboratory research, payroll, or providing access to computer systems, which could all be considered critical to the university’s mission. Information about critical processes forms the basis of the Business Impact Analysis (BIA).
Process Owners
Process Owners are those individuals responsible for the availability of critical processes.
Disaster Recovery (DR)
Plans for recovering IT in the event of a serious outage or disruption. These should be stored in Risk Cloud as part of the Technology section of the BETH3 model within the BCP.
Function
An action or set of actions that assist in achieving a goal or mission; one function of a School is teaching.
Recovery Time Objective (RTO)
The Recovery Time Objective (RTO) is the maximum tolerable length of time that a computer, system, network, or application can be unavailable in the event of an outage.
System
An IT application includes software and hardware; an example is the 0365 e-mail.