Glossary

Approved terms in the Saudi National Framework for Risk Management and Business Continuity

BIA

Process of analyzing activities and the impact that business disruptions may have on them

Example: Analyzing the impact of a 4-hour banking system outage on financial operations

Overall process of risk identification, risk analysis and risk evaluation

Example: Assessing cybersecurity risks in government systems

BCP

Documented procedures that guide organizations to respond, recover, resume and restore business processes

Example: Continuity plan for electronic citizen services during emergencies

DRP

Set of policies, tools and procedures to enable recovery or continuation of vital technology infrastructure

Example: Government data recovery plan from backup data center

RTO

Target duration set by the organization to restore a product, activity or process

Example: Restore payroll system within 24 hours of disruption

RPO

Point in time to which data loss is acceptable in the event of disruption

Example: No more than 1 hour of financial transaction data loss

MTPD

Time after which the effects of not restoring a product, activity or process become unacceptable

Example: Medical emergency service disruption not exceeding 30 minutes

Quantitative measure of organization's ability to adapt and recover from disruptions

Example: Achieving 85% resilience index in health crisis management