Why this glossary exists
Continuity work gets harder when words are vague. “Backup”, “restore”, “audit trail”, and “recovery” can mean very different things to finance, operations, IT, legal, and vendors. This glossary defines the terms as Control-C uses them when discussing independent SaaS backup, recovery evidence, data retention, and compliance.
Backup and recovery
Backup
A separate copy of business data that can be accessed if the original system is unavailable, changed, deleted, or unreliable. For SaaS systems, a useful backup needs more than a vendor promise: it needs independent access and enough history to answer what changed.
Continuity copy
An independent copy kept so the business can keep working, investigate changes, or satisfy records obligations even when the source application is disrupted.
Restore
The act of putting data back into a live system. In accounting platforms, restore work must be handled carefully because overwriting or replaying transactions can create new problems.
Recovery
The broader process of understanding what happened, finding the right historical data, exporting or reconstructing records, and returning the business to a usable state.
Point-in-time recovery
The ability to inspect or recover data as it existed at a specific moment. This is useful after accidental deletion, bad imports, integration faults, and disputed changes.
Rollback
A reversal to an earlier state. Rollbacks can be risky in accounting systems because later activity may depend on the records being changed.
Data export
A downloadable copy of records, usually for review, audit, migration, or recovery. Exports are most useful when they preserve context such as dates, relationships, identifiers, attachments, and change history.
Recovery objective
A practical target for what recovery needs to achieve: for example, prove what changed, rebuild a report, export deleted records, or support an auditor.
Evidence and audit
Audit trail
A record of activity that helps show who did what, when it happened, and what changed. A strong audit trail supports accountability during reviews, disputes, and investigations.
Evidence record
Data preserved in a way that can support a decision, investigation, compliance review, or audit. Evidence should be clear, traceable, and separated from the system being questioned where possible.
Change history
The timeline of additions, edits, deletions, imports, syncs, and other events that explain how a record reached its current state.
Immutable history
A historical record designed not to be altered casually after capture. It helps preserve confidence when teams need to know what was true at a given time.
Retention
The period records are kept for operational, legal, tax, audit, or contractual reasons. Retention requirements can outlast vendor access, staff turnover, or subscription changes.
Legal hold
A requirement to preserve records because of a dispute, investigation, audit, or regulatory process. Legal hold usually means normal deletion or cleanup rules should pause for affected data.
SaaS responsibility
Shared responsibility
The principle that SaaS vendors run the platform, while customers remain responsible for how they configure, access, export, retain, and protect their own data.
Vendor outage
A disruption in a cloud provider, SaaS product, integration, or supporting service that affects customer access or data workflows.
Data sovereignty
The idea that data may need to be stored, accessed, or governed according to the laws and expectations of a particular country or region.
Subprocessor
A third-party service provider that helps deliver a service and may process customer or operational data under defined contractual controls.
Data Processing Addendum
A contract document that sets out privacy and data protection responsibilities between a controller and processor, including processing scope, safeguards, and rights.
Procurement review
The process a customer, finance team, security team, or legal team uses to assess whether a vendor is suitable before purchase or renewal.
Accounting and operations data
Ledger
The accounting record that tracks financial activity. If ledger data is deleted, corrupted, or misunderstood, reporting and compliance can be affected.
Journal
A structured accounting record used to represent transactions and adjustments. Journals are important during investigation because they help explain how balances changed.
Attachment
A supporting file connected to a transaction, bill, invoice, contact, or operational record. Attachments often contain the evidence behind the accounting entry.
Organisation
A company, client, or entity inside an accounting or operations platform. In Xero, an organisation is the workspace whose data is connected, backed up, and reviewed.
CSV import
A bulk upload of rows from a spreadsheet or comma-separated file. CSV imports are useful, but mistakes can affect many records at once.
API integration
A connection where systems exchange data automatically. Integrations save time, but sync bugs, permissions, or mapping mistakes can create continuity risk.
Security and access
Multi-factor authentication
An access control that requires more than a password, such as an authenticator app or security prompt. MFA reduces the risk of account takeover.
Least privilege
The practice of giving users and integrations only the access they need to do their job. It limits damage from mistakes, misuse, or compromised accounts.
Tenant
A customer’s logical environment inside a cloud service. Tenant boundaries help separate data, configuration, users, and permissions.
Access review
A periodic check of who can access systems and data. Reviews help remove stale users, excessive permissions, and old integrations.
Suggest a term
If a term needs clarification or refinement, contact support. We will update the glossary as recurring questions appear in real customer, partner, and audit conversations.
