Impact Toleranceis a key concept inOperational Resilience, defined as the ability of a firm to withstand, respond to, and recover from disruptions. According to PRMIA and global regulatory frameworks (such as theBank of England's Operational Resilience Framework), impact tolerance isspecifically tied to business services rather than processes.
Impact toleranceis the maximum acceptable level of disruption to animportant business service, beyond which there would be intolerable harm to customers, financial markets, or regulatory obligations.
It isnot the same as risk appetiteorrisk capacity, as those deal with broader organizational risk exposure.
PRMIA defines business services asend-to-end services delivered to clients and stakeholders, such as payments processing, trade execution, or loan approvals.
Disruptions to these servicesdirectly impact customers and financial stability, making business service resilience the core focus of impact tolerance.
Option A ("tolerance for disruption to a particular business process")
Incorrect because impact tolerance applies toservices, not just internal processes.
Option C ("a firm's risk appetite statement")
Incorrect because risk appetite focuses on how much risk a firm is willing to take, whileimpact tolerance is about surviving disruptions.
Option D ("a firm's risk capacity statement")
Incorrect because risk capacity is themaximum level of risk a firm can bear, which is broader than business service disruptions.
Step 1: Defining Impact ToleranceStep 2: Why Business Services MatterStep 3: Why the Other Options Are Incorrect
PRMIA Operational Resilience Guidelines– Defines impact tolerance as aservice-basedmetric.
Bank of England’s Operational Resilience Framework– Establishes impact tolerance as a limit on business service disruption.
PRMIA Risk References Used:
Final Conclusion:Impact tolerancefocuses on business services, not just internal processes or risk appetite, makingOption B the correct answer.
