Crisis

Unstable condition involving an impending abrupt or significant change that requires urgent attention and action to protect life, assets, property or the environment (ISO 22300:2021).

Disruption

Incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organisation’s objectives (ISO22301:2019).

Incident

Event that can be, or could lead to, a disruption, loss, emergency or crisis (ISO22301:2019).

Business Continuity (BC)

Capability of an organisation to continue the delivery of products and services within acceptable time frames at a predefined capacity during a disruption (ISO 22301:2019).

Business Continuity Management System (BCMS)

Part of the overall management system that established, implements, operated, monitors, reviews, maintains and improves business continuity (ISO 22300:2021).

Business Continuity Plan (BCP)

Documented information that guides an organisation to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives (ISO 22301:2019).

Business Impact Analysis (BIA)

Process of analysing the impact over time of a disruption on the organisation (ISO 22301:2019).

Exercise

Process to train for, assess, practise, and improve performance in an organisation (ISO22300:2021).

Maximum Tolerable Period of Disruption (MTPD)

The time it would take for adverse impacts, which can arise as a result of not providing a product/service or performing an activity, to become unacceptable (ISO 22300:2021).

Product and Services

Output or outcome provided by an organisation to interested parties (ISO22300:2021).

Recovery Point Objective (RPO)

Point to which information used by an activity is restored to enable the activity to operate on resumption (ISO22300:2021).

Recovery Time Objective (RTO)

Period of time following an incident within which a product and service or an activity is resumed, or resources are recovered (ISO22300:2021).

Test

Unique and particular type of exercise, which incorporates an expectation of a pass or fail element within the aim or objectives of the exercise being planned (ISO22300:2021).

Impact Tolerance (ITOL)

The maximum tolerable level of disruption for an important business service … as measured by a length of time and any other relevant metrics (PRA Rulebook:2025).

Important Business Services (IBS)

A service provided by a firm, or by another person on behalf of the firm, to another person which, if disrupted, could pose a risk to:

(1) the stability of the UK financial system; or

(2) the firm’s safety and soundness ; or

(3) cause intolerable levels of harm to any one or more of the firm’s clients (combined definition from the PRA Rulebook 2025 and the FCA Operational Resilience Instrument 2021).

Intolerable Customer Harm

Constitutes harm from which customers cannot easily recover, this could mean:

• Being unable to put a customer back into a correct financial position, post disruption,
• There have been serious non-financial impacts that cannot be effectively remedied,
• Ill effects would be felt in the medium/long term by a customer (FCA: PS21/3).

Mapping

Process of identifying and documenting the necessary people, processes, technology, facilities and information required to deliver each important business service (PRA Rulebook 2025).

Operational Resilience (OpRes)

The ability of firms, financial market infrastructures and the financial sector to prevent, adapt and respond to, and recover and learn from operational disruption. (FCA: 2024)

Scenario Testing

Process of testing an organisation’s ability to remain within its impact tolerance for each of its important business services in the event of a severe but plausible disruption to its operations (PRA Rulebook 2025).

Self Assessment

The preparation and regular updating of a document which outlines the organisations operational resilience compliance (PRA Rulebook:2025).

Risk to Safety and Soundness

Reputational, regulatory, financial and legal impacts, which would impact the viability of the organisation (PRA: SS1/21).