Operational Resilience Series
BGBann_Playbook_Crisis Management

[OR] [P2-S3] What is Impact Tolerance in Operational Resilience?

Impact Tolerance is setting the maximum tolerable level of disruption to an important business service.  The Maximum Tolerable Level of Disruption (MTLD) is the time following a disruptive event after which an organisation’s viability will be irreversibly impacted if its essential or critical business services are not resumed.

How does an organisation go about setting its MTLD?

This is the introductory blog [OR-P2-S3] to Stage 3 of the "IMPLEMENT" phase of the OR Planning Methodology.  It is a pre-reading for participants attending the Operational Resilience Implementer/ Expert Implementer course.

 

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

New call-to-actionWhat is Impact Tolerance?

Impact Tolerance is setting the maximum tolerable level of disruption to a critical business service.

What Are the Tasks Required to Set Impact Tolerance?

New call-to-action

These are the tasks required to Set Impact Tolerance:

  1. Identify impact types
  2. Set impact tolerances for each type
  3. Link impact tolerances to risk appetite and risk assessment scales
  4. Set appropriate impact tolerances for critical business services

How to set appropriate impact tolerances for critical business services?

New call-to-actionSetting impact tolerances helps organisations define acceptable levels of disruption for critical business services.

The following steps guide the process:

Define Impact Tolerance Levels

Collaboratively establish impact tolerance levels in consultation with key stakeholders. Consider each critical service's maximum acceptable downtime, data loss, financial losses, and customer impact.

Consider Regulatory and Compliance Requirements

Consider specific regulatory or compliance requirements that dictate impact tolerances for particular services or industries. Ensure alignment with legal obligations and industry standards.

Document Impact Tolerance Levels

Document each critical service's agreed-upon impact tolerance levels. This documentation will be a reference point for developing resilience strategies and response plans.

Review and Update

Review and update impact tolerance levels regularly to reflect evolving business needs, technological advancements, and changes in the operating environment.

BCMPedia Operational Resilience
In addition, Impact Tolerance:
  1. Represent the point beyond which the harm caused by an operational disruption to the critical business service becomes intolerable.
  2. Do not factor in the frequency at which operational disruptions are likely to occur.
  3. Focus on limiting the impact the organisation can tolerate from a single disruption.
  4. Is different from the recovery time objective (RTO) and the maximum acceptable outage as defined in business continuity planning, as these are time-based. 
  5. Focus on outcome-based objectives: how much, when, and for how long.

  Definition Explanation Definition  
  Impact Tolerance is setting the maximum tolerable level of disruption to a critical business service. New call-to-action  
  Maximum Tolerable Level of Disruption is the time following a disruptive event after which an organisation’s viability will be irreversibly impacted if its critical business services are not resumed. OR Maximum Tolerable Level of Disruption BCMPedia  
  Important Business Service is a service provided by an organisation, or by another person on behalf of the organisation, to one or more clients which, if disrupted, could:
  • cause intolerable harm to any one or more of the organisation’s clients or
  • pose a risk to the soundness, stability or resilience of the financial system or the orderly operation of the financial markets.
 New call-to-action  
  Levels of Harm Levels of Harm are the impact or level of harm to the client when the organisation providing critical business services is disrupted. There are three levels:
  • Intolerable harm
  • Harm
  • Inconvenience
 OR Levels of Harm BCMPediaOR Blog Categorizing Level of Harm  
  What is the difference between Impact Tolerance and Recovery Time Objective? Impact Tolerance is expressed by reference to specific outcomes and metrics. They differ from the recovery time objective (RTO) and the maximum acceptable outage as defined in business continuity planning, as these are time-based.  New call-to-action  
  Impact Types Impact types refer to the various negative effects or consequences of disruptions in an organization's operations.  This is a list of impact types.  OR Blog Impact Types  
  Outcome-based objective Vs Time-based Impact tolerance focuses on outcome-based objectives, which are about how much, when, and for how long. New call-to-action  
         
"Implement" Phase of OR Planning Methodology
Identify Important Business Services Map Processes and Resources

Set Impact Tolerance

 Conduct Scenario Testing Improve Lesson Learnt  
New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action  

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

 FAQ BL-OR-5 OR-5000
[BL-OR] [3] What is BL-OR-3 Course?

New call-to-action

 [BL-OR] [3-4-5] What is BL-OR-5 Course?

 

Comments

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024