AS NZS 5050 pdf download – Business continuity— Managing disruption-related risk
1.3.22 Maximum acceptable outage (MAO)
Maximum period of time that an organization can tolerate the disruption of a criticalbusiness function.
l Disruption may include both the discontinuance of an activity or the inability to perform it to
an acceptable quality or with sufficient reliability.
2Sometimes known as ‘maximum tolerable outage’or ‘maximum tolerable period of
Continual checking， supervising,critically observing or determining the status in order toidentify change from the performance level required or expected.
NOTE:Monitoring can be applied to the framework，systems,processes and controls associatedwith managing disruption-related risk.
1.3.24 Mutual aid
Formalized and documented reciprocal arrangements between two or more organizationsproviding for unilateral, bilateral or multilateral assistance in specified circumstances.
Actions taken following the commencement of a disruptive event to return the organizationto routine management.
NOTE: The organization may choose to recover to the pre-disruption state or to a different state.1.3.26Recovery Time Estimate (RTE)
Estimated period of time required to restore a particular level of functionality after takinginto account any uncertainties.
NOTE:The period is measured from the commencement of the restoration activity and not fromthe commencement of the disruptive event.
Adaptive capacity of an organization in a complex and changing environment.
NOTE:Resilience is a relative expression describing one outcome of the organization’s riskmanagement activity. It is not a process，system or framework or other single element of anorganization.
Activity undertaken to determine the suitability, adequacy and effectiveness of the subjectmatter to achieve established objectives.
NOTE:Review can be applied to a risk management framework, risk management process, risk orcontrol.
Effect of uncertainty on objectives.NOTES:
1 An effect is a deviation from the expected, it may be positive and/or negative.
2 0bjectives can have different aspects (such as financial, health and safety, and environmentalgoals) and can apply at different levels (such as strategic, organization-wide, project, product,
3 Risk is often characterized by reference to potential events and consequences，or acombination of these.
4Risk is often expressed in terms of a combination of the consequences of an event (includingchanges in circumstances) and the associated likelihood of occurrence.
5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
1.3.30 Risk analve 16
Process to comprehend the nature of risk and to determine the level of risk.NOTES:
l Risk analysis provides the basis for risk evaluation and decisions about risk treatment.2Risk analysis includes risk estimation.
1.3.31 Risk assessment’
Overall process of risk identification, risk analysis and risk evaluation.1.3.32 Risk criteriaTS
Terms of reference against which the significance of a risk is evaluated.NOTES:
l Risk criteria are based on organizational objectives and external and internal context.2Risk criteria can be derived from standards，laws, policies and other requirements.1.3.33 Risk evaluation
Process of comparing the results of risk analysis with risk criteria to determine whether therisk and/or its magnitude is acceptable or tolerable.
NOTE: Risk evaluation assists in the decision about risk treatment.1.3.34 Risk identification3
Process of finding, recognizing and describing risks.NOTES:
l Risk identification involves the identification of risk sources,events，their causes and theirpotential consequences.
2Risk identification can involve historical data，theoretical analysis，informed and expert
opinions, and stakeholder’s needs.
Coordinated activities to direct and control an organization with regard to risk.