[OR] [P2] [S3] [ITo] [C1] Introduction to Impact Tolerance

[P2] [S3] Chapter 1

Introduction to Impact Tolerance

Introduction

Operational resilience has emerged as a defining capability for organisations operating in an increasingly complex, interconnected, and risk-prone environment.

Traditional approaches to risk management and business continuity have focused on protecting individual processes, systems, and assets. 

However, recent disruptions—ranging from cyber incidents to large-scale operational outages—have demonstrated that such approaches are insufficient when organisations fail to maintain the continuity of services that matter most to customers, stakeholders, and the broader financial system.

This shift in perspective has led to the adoption of a service-centric approach, where the focus is no longer solely on recovering internal components, but on ensuring that critical services remain within acceptable levels of disruption. 

At the heart of this approach lies the concept of impact tolerance—a fundamental building block of operational resilience.

Impact tolerance defines the threshold at which disruption becomes unacceptable.

It provides organisations with a clear, measurable way to determine how much disruption they can withstand before causing intolerable harm. 

As such, it serves as a bridge between resilience planning and real-world outcomes, ensuring that strategies are aligned with what truly matters: the continuity of critical services and the minimisation of harm.

Purpose of the Chapter

This chapter introduces the concept of impact tolerance and explains its critical role in operational resilience. It establishes foundational understanding by:

• Defining impact tolerance and its key characteristics
• Tracing its evolution from traditional business continuity metrics
• Highlighting the shift from process-centric to service-centric thinking
• Explaining why impact tolerance is central to operational resilience
• Demonstrating its linkage to Critical Business Services (CBS)

Definition of Impact Tolerance

Impact tolerance is the maximum level of disruption an organisation can tolerate before it becomes unacceptable to customers, stakeholders, regulators, or the wider system.

This concept goes beyond traditional recovery objectives by focusing not just on how quickly a system can be restored but also on how much disruption it can absorb without causing significant harm. It reflects a forward-looking, outcome-based perspective that considers the real-world consequences of service disruption.

Key characteristics of impact tolerance include:

• Outcome-driven: Focuses on the impact on customers and stakeholders rather than internal recovery metrics
• Time-bound and measurable: Typically expressed in terms of duration, data loss, or service degradation thresholds
• Service-specific: Defined at the level of individual Critical Business Services
• Scenario-relevant: Tested against severe but plausible disruption scenarios
• Regulator-aligned: Reflects expectations from global regulators and standards bodies

In essence, impact tolerance answers a critical question:

“How much disruption is too much?”

Evolution from Traditional BCM Metrics (RTO, RPO, MTPD)

Impact tolerance builds upon, but significantly extends, traditional Business Continuity Management (BCM) metrics such as:

• Recovery Time Objective (RTO) – the target time to restore a system or process
• Recovery Point Objective (RPO) – the acceptable amount of data loss
• Maximum Tolerable Period of Disruption (MTPD) – the maximum time a process can be disrupted before causing unacceptable damage

While these metrics remain relevant, they are inherently process- and system-focused. They tend to answer operational questions such as:

• “How quickly can we recover this system?”
• “How much data can we afford to lose?”

Impact tolerance shifts the focus to service outcomes, addressing broader and more critical questions:

• “What level of disruption will customers experience?”
• “At what point does this disruption become unacceptable?”
• “What are the consequences for financial stability, regulatory compliance, and reputation?”

This evolution represents a fundamental transition:

Impact tolerance does not replace RTO, RPO, or MTPD; rather, it contextualises and aligns them to service-level outcomes, ensuring that recovery objectives are meaningful in real-world scenarios.

Service-Centric vs Process-Centric Thinking

A key transformation in operational resilience is the move from process-centric to service-centric thinking.

Process-Centric Approach

• Focuses on individual business functions, systems, or departments
• Measures the recovery of components in isolation
• May overlook interdependencies and end-to-end service delivery

Service-Centric Approach

• Focuses on end-to-end delivery of services to customers
• Considers all underlying components collectively (people, processes, technology, third parties)
• Evaluates disruption based on customer and stakeholder impact

Impact tolerance is inherently service-centric. It requires organisations to:

• Understand how services are delivered across complex interdependencies
• Assess the cumulative impact of disruptions across multiple components
• Define thresholds based on customer experience and business outcomes, not internal recovery milestones

This shift ensures that resilience efforts are aligned with what truly matters: the continuity and reliability of critical services.

Why Impact Tolerance is Central to Operational Resilience

Impact tolerance is not just another metric—it is the core anchor of operational resilience.

It plays several critical roles:

Defines Acceptable Levels of Disruption

It establishes clear boundaries between acceptable and unacceptable disruption, enabling informed decision-making.

Guides Resilience Strategy

It drives the design of:

• Recovery strategies
• Redundancy and failover mechanisms
• Resource allocation

Supports Scenario Testing

Impact tolerance provides the benchmark against which organisations test their ability to withstand severe but plausible scenarios.

Aligns Stakeholders

It creates a common understanding across:

• Business units
• Risk management
• Technology teams
• Senior management

Meets Regulatory Expectations

Regulators increasingly expect organisations to:

• Define impact tolerances for critical services
• Demonstrate the ability to remain within those tolerances during disruptions

Drives Continuous Improvement

By measuring actual performance against defined tolerances, organisations can:

• Identify gaps
• Prioritise improvements
• Enhance resilience maturity over time

In summary, impact tolerance transforms operational resilience from a theoretical framework into a measurable, actionable capability.

Link to Critical Business Services (CBS)

Impact tolerance cannot be defined in isolation—it must be applied to Critical Business Services (CBS).

A Critical Business Service is an end-to-end service whose disruption would result in intolerable harm to:

• Customers
• The organisation
• The financial system
• Regulatory compliance

Impact tolerance is therefore:

• Defined at the CBS level, not at the system or process level
• Aligned to service outcomes, such as availability, transaction processing, or customer access
• Dependent on understanding service interdependencies, including:
• People
• Processes
• Technology
• Third-party providers

For example:

• A payment service may have an impact tolerance of 2 hours of disruption before causing significant customer and systemic impact
• A customer onboarding service may tolerate longer disruption but with strict limits on regulatory compliance breaches

This linkage ensures that resilience efforts are prioritised and focused on what matters most.

Impact tolerance represents a fundamental shift in how organisations approach resilience. Moving beyond traditional recovery metrics, it introduces a service-centric, outcome-driven perspective that aligns resilience efforts with real-world impacts.

By defining the maximum tolerable level of disruption, organisations gain clarity on what must be protected, how resilience strategies should be designed, and how performance should be measured under stress.

As organisations progress in their operational resilience journey, impact tolerance will serve as a critical reference point—guiding decision-making, enabling effective scenario testing, and ensuring that critical services remain within acceptable limits, even in the face of severe disruptions.

In the next chapter, we will explore the regulatory and standards landscape, examining how global regulators and frameworks shape expectations for setting and managing impact tolerances.