RTO/MPC Integration Lessons for ISO 22301 BCM: Architecture Design in Business Continuity

Winners Consulting Services Co., Ltd. has identified a core insight from a 2017 control system integration study on a refinery's hydrogen network that holds significant implications for Business Continuity Management (BCM) in Taiwanese enterprises. When a Real-Time Optimizer (RTO) and a Model Predictive Control (MPC) system were integrated across 18 plants in a real industrial environment, they not only significantly increased hydrocarbon throughput but also substantially reduced hydrogen consumption. The systems thinking behind this engineering practice—hierarchical decision-making, real-time data feedback, and dynamic constraint management—has a profound structural correspondence with the resilience mechanisms required by the ISO 22301 BCM framework, making it a valuable reference for Taiwan's manufacturing, petrochemical, and critical infrastructure operators.

About the Authors and This Study

The first author, C. Prada, is a senior researcher in Systems Engineering and Automatic Control at the University of Valladolid, Spain, with an h-index of 21 and over 1,634 citations, holding considerable influence in the process control and real-time optimization academic community. Co-author D. Sarabia has an h-index of 14 with 635 citations and has long focused on practical research in advanced control for industrial processes.

Published in 2017, this paper has accumulated 20 citations, marking it as a work of moderate impact with practical reference value in the field of industrial control system integration. Notably, this study is not a purely theoretical exercise but is based on a case study of a real refinery's hydrogen distribution network, covering complex operational scenarios across 18 plants, which lends it a high degree of industrial credibility. This research approach of "validating system integration in a real-world scenario" offers a direct methodological reference for considering the practical implementation of a company's Business Continuity Plan (BCP).

The RTO and MPC Integration Architecture: How Hierarchical Control Creates Resilience in Complex Systems

The core research question of this paper is: In a highly interdependent industrial network involving multiple plants, how can real-time optimization decisions be effectively translated into actual on-site control actions? The authors propose a three-layer integrated architecture of Data Reconciliation, Real-Time Optimization, and Model Predictive Control, and they validated its feasibility and benefits in the real environment of a hydrogen distribution network.

Key Finding 1: Data Reconciliation is a Prerequisite for the Reliable Operation of an Integrated System

The paper explicitly states that the quality of the RTO system's optimization calculations is highly dependent on the accuracy of the input data. In a real plant environment, sensor noise, measurement errors, and model deviations are common. The research team established a reliable basis for process state estimation in the 18-plant hydrogen network through a data reconciliation process, which then enabled the subsequent Real-Time Optimizer decisions to operate effectively. This finding reveals a critical principle: the effectiveness of any integrated control system depends on the quality of the underlying information, not the complexity of the control algorithm itself.

Key Finding 2: The Hierarchical Integration of RTO and MPC Delivers Quantifiable Operational Benefits

The results show that by having the RTO calculate optimal operating targets and the MPC execute them online, the system achieved quantifiable improvements in both hydrocarbon throughput and hydrogen consumption reduction. The design logic of this hierarchical architecture is that the RTO is responsible for "what is best to do" (strategic layer), while the MPC is responsible for "how to execute it stably" (tactical layer). They have distinct roles but work in close collaboration to achieve overall system optimization under operating constraints. This hierarchical decision-making framework is highly transferable, applicable not only to industrial control but also profoundly corresponding to the dual-layer needs of strategic planning and tactical execution in business continuity management.

Key Finding 3: The Main Challenge of System Integration Lies in the Implementation Architecture, Not the Algorithms

The authors candidly point out that the main obstacle to RTO and MPC integration in an industrial environment is not the mathematical methods themselves, but how to design a reliable implementation architecture—including communication interfaces, data flow management, and human-machine interface design. This insight is extremely familiar to BCM consultants: when companies implement ISO 22301, the primary cause of failure is often not a lack of understanding of the standard's requirements, but the lack of architectural design capability to translate those requirements into executable processes.

Three Key Implications of This Study for BCM Practices in Taiwan

Although the study by Prada et al. is set in a refinery control system, its core logic has three levels of structural correspondence with the requirements of the ISO 22301 BCM framework, which Taiwanese manufacturing and critical infrastructure operators should pay special attention to.

Implication 1: Information Quality Determines BCP Executability. The critical role of data reconciliation in the paper directly corresponds to the information foundation requirement of the Business Impact Analysis (BIA) in ISO 22301. The reason why many Taiwanese companies' Business Continuity Plans (BCPs) fail in actual drills is often rooted in incomplete and inaccurate BIA data—RTO/RPO objectives are detached from actual operational capabilities, and crisis scenario assumptions are far from reality. As the paper shows, if the underlying data is unreliable, even the most sophisticated optimization algorithm cannot produce effective decisions; similarly, if BIA data is distorted, even the most complete BCP document is mere paperwork.

Implication 2: A Hierarchical Decision-Making Architecture Enhances Organizational Resilience in BCM. The hierarchical integration model of RTO and MPC corresponds to the layered design of crisis management (strategic layer) and business recovery procedures (tactical layer) in ISO 22301. A common problem in Taiwanese companies is the conflation of these two levels—the crisis management committee gets directly involved in operational details, or conversely, operational staff make decisions on their own without a clear authorization framework. Establishing a clear, layered BCM mechanism is key to improving an organization's response speed during a disruption. In January 2026, the principles for securing operational technology (OT) in critical infrastructure released by the U.S. CISA also emphasize the importance of a layered defense architecture, which is highly consistent with the system design logic of this paper.

Implication 3: The Challenge of Integrated Architecture Lies in Implementation Design, Not Theoretical Understanding. During the ISO 22301 certification preparation process, the most common gap for Taiwanese companies is not a lack of understanding of the standard's requirements, but the lack of design capability to translate these requirements into the organization's daily processes. This paper clearly demonstrates that effective system integration requires rigorous architectural design, including interface definition, information flow design, and clarification of personnel roles. This is precisely the core service value that Winners Consulting Services provides when assisting companies in implementing BCM systems.

How Winners Consulting Services Helps Taiwanese Companies Translate These Insights into ISO 22301 Compliance Actions

Winners Consulting Services Co., Ltd. assists Taiwanese companies in establishing Business Continuity Plans (BCPs) in accordance with the ISO 22301 standard, setting RTO/RPO objectives, and conducting Business Impact Analysis (BIA) and crisis management drills. In response to the system integration logic revealed in this paper, we offer the following three concrete action recommendations:

1. Prioritize strengthening BIA data quality to establish a reliable foundation for business impact assessment. Referencing the decisive impact of data reconciliation on RTO effectiveness in the paper, Taiwanese companies should incorporate BIA data validation into the core agenda of their annual ISO 22301 review. This ensures that Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are supported by real operational data, not subjective estimates. Winners Consulting Services offers structured BIA workshops to help companies complete a quantifiable impact assessment within 6 to 8 weeks.
2. Establish a hierarchical BCM decision-making architecture, clearly distinguishing between the crisis management layer and the business recovery execution layer. Corresponding to the RTO/MPC hierarchical integration model, companies should clearly define the strategic decision-making responsibilities of the crisis management committee and the tactical execution procedures of each business unit in their BCP. The collaborative effectiveness between these two layers should be validated through tabletop exercises. We recommend conducting at least one full-scale tabletop exercise and two unit-specific drills annually.
3. Re-examine the BCM documentation system with an architectural design mindset to ensure BCP executability. Drawing from the paper's insightful analysis of implementation architecture challenges, companies should regularly review their BCP documents to ensure they reflect the latest operational processes, system architectures, and personnel assignments, preventing a disconnect between documentation and reality. Winners Consulting Services recommends a complete BCP document update review every 12 months, in line with the requirements for business continuity plans in Clause 8.5 of ISO 22301.

Frequently Asked Questions

What is the practical connection between the RTO/MPC integration study in a refinery and a Taiwanese company's Business Continuity Plan (BCP)?

The core logical structures of both are highly consistent. The study by Prada et al. shows that in a complex industrial network of 18 plants, effective system control requires the hierarchical integration of a "strategic optimization layer (RTO)" and a "tactical execution layer (MPC)," with underlying data quality being a prerequisite for the entire system's effectiveness. This directly maps to the ISO 22301 BCM framework: the quality of BIA data determines the credibility of RTO/RPO objectives, while the hierarchical design of crisis management strategy and BCP execution procedures determines the organization's actual response effectiveness during a disruption. Applying this thinking to BCM system design can significantly enhance the practical executability of a BCP for Taiwanese companies, moving beyond mere documentary compliance.

What are the most common compliance challenges for Taiwanese companies when implementing ISO 22301?

Based on the experience of Winners Consulting Services, Taiwanese companies often face three main challenges when implementing ISO 22301. First, the Business Impact Analysis (BIA) becomes a mere formality, with RTO/RPO objectives lacking support from actual operational data, rendering the BCP non-executable. Second, there is confusion between the crisis management and business recovery execution levels, where the crisis management processes required by Clause 8.4 of ISO 22301 are not effectively linked with the business continuity procedures in Clause 8.5. Third, the documentation system is disconnected from actual operations, especially when BCPs are not updated synchronously with organizational restructuring or system upgrades. The common root of these three problems is the lack of capability to design a systematic architecture that translates ISO 22301 requirements into the organization's daily processes.

What are the core requirements for ISO 22301 certification, and how long does it typically take for a Taiwanese company to implement it?

The core requirements of ISO 22301 cover six main pillars: Context of the Organization (Clause 4), Leadership (Clause 5), Business Impact Analysis and Risk Assessment (Clauses 8.2-8.3), Business Continuity Strategy and Solutions (Clauses 8.4-8.5), Exercising and Testing (Clause 8.6), and Continual Improvement (Clause 10). For a medium-sized manufacturing or service company in Taiwan, the process from initiating a BCM diagnostic to completing a third-party certification audit typically takes 7 to 12 months. Within this timeframe, completing the BIA usually takes 6 to 8 weeks, establishing BCP documentation takes 8 to 12 weeks, and conducting the first full-scale exercise, making revisions, and performing a pre-certification internal audit takes about 4 to 6 weeks. Winners Consulting Services provides end-to-end support to ensure the timeline is manageable.

What resources are required to implement an ISO 22301 BCM system, and how can the expected benefits be evaluated?

The resources required for ISO 22301 implementation vary depending on the company's size and the maturity of its existing mechanisms. For a medium-sized Taiwanese enterprise (100-500 employees), initial implementation typically requires the dedication of one to two internal project managers. The benefits should be evaluated across three dimensions. First, a reduction in financial impact from risks; an effective BCP can reduce the financial impact of a business disruption by 30% to 50% (varying by industry). Second, enhanced trust from customers and the supply chain; ISO 22301 certification is increasingly a procurement requirement for Taiwanese companies exporting to Japanese, European, and American markets. Third, optimized insurance premiums, as some insurers offer more favorable business interruption insurance terms to ISO 22301 certified companies. It is advisable to complete a free diagnostic before starting to establish a basis for ROI assessment.

Why choose Winners Consulting Services for Business Continuity Management (BCM) matters?

Winners Consulting Services Co., Ltd. specializes in helping Taiwanese companies establish ISO 22301-compliant BCM systems and offers several distinct advantages. First, we deeply integrate academic research insights with local Taiwanese practices, translating the latest international research findings (such as the hierarchical decision-making architecture revealed in this paper) into directly applicable BCM design solutions for local enterprises. Second, we provide end-to-end services, from strengthening BIA data quality and setting RTO/RPO objectives to establishing BCP documentation and conducting crisis management drills, ensuring every step meets ISO 22301 standards. Third, we have cross-industry consulting experience, covering manufacturing, finance, healthcare, and critical infrastructure. Fourth, we offer a free mechanism diagnostic as a starting point, allowing companies to clearly understand their current gaps and improvement paths before committing resources, thereby reducing implementation risks.