AS NZS 5050:2010 – Business continuity一 Managing disruption-related risk
AS NZS 5050:2010 – Business continuity一 Managing disruption-related risk.
Measure that is modifying risk.
1 Controls include any process, policy, device, practice, or other actions which modify risk.
2 Controls may not always exert the intended or assumed modifying effect.
Outcome of an event affecting objectives.
I An event can lead to a range of consequences.
2 A consequence can be certain or uncertain and can have positive or negative effects on objectives.
3 Consequences can be expressed qualitatively or quantitatively.
4 Initial consequences can escalate through knock-on effects.
Situation that is beyond the capacity of normal management structures and processes to deal with effectively.
NOTE: A crisis may require significant diversion of management time, attention and resources away from normal, routine operations to respond to the situation.
1.3.13 Critical business function
A business function or part thereof identified as essential for survival of the organization and achievement of its critical objectives.
NOTE: A business function which has the effect of protecting critical interests of the community or another stakeholder to which a duty is owed, may qualify as a critical business function
1.3.14 Critical objectives
Objectives that must he achieved during a period of disruption.
NOTE: Critical objectives may reflect the requirements of external stakeholders.
1.3.15 Disruption-related risk
Risk arising from the possibility of disruptive events.
1.3.16 Establishing the context
Defining the external and internal parameters to be taken into account when managing disruption-related risk and setting the scope and risk criteria for the BCM policy.
Occurrence or change of a particular set of circumstances.
I An event can be one or more occurrences, and can have several causes.
2 An event can consist of something not happening.
3 An event can sometimes be referred to as an ‘incident’ or ‘accident’.
4 An event without consequences may also be referred to as a near miss’, ‘incident’, ‘near hit’. or ‘close call’.
NOTE: External context can include—
(a) the cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; key drivers and trends having impact on the objectives of the organization; and
(b) relationships with, and perceptions and values of external stakeholders.
Physical assets and technologies that support an organization.
I This includes installations, utilities, plant, facilities, structures, installations and technology controlled or used by an organization.
2 For communities, this may include the built environment.
1.3.20 Internal context
Internal environment in which the organization seeks to achieve its objectives.
NOTE: internal context can include—
(a) governance, organizational structure, roles and accountabilities:
(b) policies, objectives, and the strategies that are in place to achieve them;
(c) the capabilities, understood in terms of resources and knowledge (e.g. capital. time, people, processes, systems and technologies):
(d) information systems. information flows and decision-making processes (both formal and informal);
(e) relationships with, and perceptions and values of, internal stakeholders;
(fl the organization’s culture;
(g) standards, guidelines and models adopted by the organization; and
(h) form and extent of contractual relationships.
Chance of something happening.
I This Standard uses the word ‘likelihood’ to refer to the chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively and described using general terms or mathematically (such as a probability or a frequency over a given time period).
2 The term ‘likelihood’ does not have a direct equivalent in some languages: instead, the equivalent of the term ‘probability’ is often used. However, in English, ‘probability’ is often narrowly interpreted as a mathematical term. Therefore, in risk management terminology, ‘likelihood’ is used with the intent that it should have the same broad interpretation as the term ‘probability’ has in many languages other than English.