[OR] [P2] [S3] [ITo] [C8] Scenario-Based Calibration of Impact Tolerance

[P2] [S3] Chapter 8

Scenario-Based Calibration of Impact Tolerance

Introduction

Defining impact tolerance is only the first step. The real test of its effectiveness lies in whether the organisation can operate within those tolerances under stress.

Without validation, impact tolerances risk being theoretical, overly optimistic, or misaligned with real-world disruption dynamics.

Scenario-based calibration ensures that tolerances are realistic, evidence-based, and defensible. It enables organisations to simulate disruptions, observe how impacts evolve, and determine whether existing capabilities are sufficient to prevent breaches.

This chapter focuses on how to use structured scenarios—particularly Severe but Plausible Scenarios (SuPS)—to test, validate, and refine impact tolerances.

Purpose of the Chapter

The purpose of this chapter is to:

• Ensure that impact tolerances are realistic and achievable
• Introduce the concept and application of Severe but Plausible Scenarios (SuPS)
• Guide on selecting and designing relevant disruption scenarios
• Demonstrate how to assess time-based service degradation
• Enable organisations to test tolerance limits under stress conditions

Severe but Plausible Scenarios (SuPS)

Scenario-based calibration is anchored on the concept of Severe but Plausible Scenarios (SuPS).

Definition

A Severe but Plausible Scenario is:

A disruption event that is sufficiently severe to challenge the organisation’s resilience, yet credible based on its operating environment, historical incidents, and emerging risks.

Characteristics of Effective SuPS

Effective scenarios should be:

Purpose of SuPS in Impact Tolerance

SuPS are used to:

• Validate whether the organisation can remain within defined tolerances
• Identify hidden vulnerabilities and interdependencies
• Stress-test operational, technological, and organisational capabilities
• Provide evidence for regulatory and governance review

Scenario Types for Calibration

Organisations should develop a diverse set of scenarios that reflect key risk domains.

Technology Failure

Technology disruptions are among the most common and impactful scenarios.

Examples:

• Core banking system outage
• Payment processing system failure
• Data centre outage
• Network connectivity disruption

Impact Considerations:

• Immediate service unavailability
• Transaction processing delays
• Data synchronisation issues
• Dependency on backup systems

Cyber Attack

Cyber incidents can escalate rapidly and affect multiple services simultaneously.

Examples:

• Ransomware attack encrypting core systems
• Distributed Denial-of-Service (DDoS) attack on digital channels
• Data breach affecting customer records
• Malware disrupting transaction processing

Impact Considerations:

• Extended system downtime
• Data integrity concerns
• Regulatory reporting obligations
• Reputational damage

Third-Party Disruption

Modern organisations rely heavily on external providers.

Examples:

• Cloud service provider outage
• Payment gateway failure
• Telecommunications disruption
• Vendor system compromise

Impact Considerations:

• Limited control over recovery timelines
• Cascading failures across multiple CBS
• Contractual and SLA limitations
• Concentration risk

Pandemic / People Unavailability

People-related disruptions can significantly affect operational capacity.

Examples:

• Pandemic is causing widespread staff absenteeism
• Industrial action or labour disruption
• Travel restrictions limiting workforce mobility
• Loss of key personnel or specialised roles

Impact Considerations:

• Reduced processing capacity
• Increased operational backlog
• Dependence on cross-trained staff
• Challenges in manual workaround execution

Time-Based Degradation Analysis

A key component of scenario-based calibration is understanding how impact evolves.

Impact tolerance is not static—it reflects the point at which disruption becomes unacceptable.

Typical Degradation Profile

Key Observations

• Impact is non-linear: escalation often accelerates after a threshold
• Customer harm increases rapidly after a few hours for critical services
• Operational strain accumulates, making recovery more complex
• Manual workarounds degrade over time due to fatigue and volume

Application in Calibration

For each scenario, organisations should:

1. Track how the CBS performs over time
2. Compare actual performance against defined tolerance thresholds
3. Identify the point at which tolerance is breached or at risk

This enables calibration of whether the defined tolerance is:

• Too lenient (risk of excessive harm)
• Too strict (unrealistic or unachievable)
• Appropriate (aligned with capability and expectations)

Testing Tolerance Limits Under Stress

Scenario testing should explicitly assess whether the organisation can remain within impact tolerance.

Key Testing Questions

• Can the CBS continue operating within tolerance limits?
• How long does it take before thresholds are approached or breached?
• Which dependencies fail first?
• Are backup systems and recovery strategies effective?
• Do manual workarounds sustain operations?
• Are escalation and crisis management processes timely and effective?

Example Scenario Assessment

Interpretation

• Breaches indicate gaps in resilience capability
• Near-breaches indicate risk of future failure under slightly worse conditions
• Successful outcomes provide confidence and validation

Calibration and Refinement of Tolerance

Scenario testing results should be used to refine impact tolerances.

Calibration Actions

Balancing Considerations

Calibration must balance:

• Customer expectations (minimise harm)
• Operational feasibility (realistic capabilities)
• Regulatory expectations (compliance and defensibility)
• Cost of resilience investment

Integration with Scenario Testing

Scenario-based calibration is closely linked to Operational Resilience Phase 2 – Stage 4: Scenario Testing

Scenario testing provides the evidence base for refining tolerances.

Common Challenges in Scenario-Based Calibration

Best Practices

To ensure effective calibration:

• Use cross-functional workshops to design scenarios
• Incorporate historical incidents and near misses
• Include third-party and ecosystem dependencies
• Simulate prolonged disruptions, not just short-term outages
• Test multiple concurrent disruptions where relevant
• Document assumptions, outcomes, and lessons learned
• Align with regulatory expectations and audit requirements

Scenario-based calibration is essential to ensure that impact tolerances are not merely theoretical but grounded in operational reality.

By applying Severe but Plausible Scenarios, organisations can test how disruptions unfold, understand how impact escalates over time, and determine whether they can truly operate within defined thresholds.

This process transforms impact tolerance from a static definition into a dynamic, evidence-based capability.

It enables organisations to identify weaknesses, prioritise improvements, and demonstrate to regulators that their resilience framework is both credible and effective.

In the next chapter, we will examine how to embed impact tolerance into governance, monitoring, and reporting, ensuring that it becomes an integral part of day-to-day resilience management rather than a one-time exercise.

C1	C2	C3	C4	C5	C6
C7	C8	C9	C10	C11	C12
C13	C14	C15	C16	C17	C18

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

	If you have any questions, click to contact us.