About the Authors and the Research

This paper was co-authored by T. Alamo, A. Ferramosca, and A. González, affiliated with leading engineering research institutions in Spain and Argentina. A. Ferramosca holds an h-index of 24 with over 2,242 cumulative citations, placing him among the influential voices in process control research. T. Alamo contributes a steady body of work in control theory. Since its 2014 publication in the Journal of Process Control, the paper has accumulated 34 citations, including 1 high-impact citation, confirming that its core arguments continue to shape the field.

Winners Consulting Services Co. Ltd. selected this paper not for its mathematical formulations, but for the strategic engineering logic it embeds: the structural danger of allowing optimization layers to operate with inconsistent models and misaligned time horizons. This logic translates directly into actionable BCM design principles for Taiwan enterprises operating under ISO 22301 requirements.

The Core Engineering Problem: When Targets Cannot Be Reached

In traditional process control architectures, a Real-Time Optimizer (RTO) sits above a Model Predictive Controller (MPC). The RTO calculates economically optimal setpoints and passes them down to the MPC for execution. The structural problem, which the paper identifies and addresses, is that the RTO and MPC use different mathematical models and operate at different time scales. As a result, the setpoints passed from the RTO to the MPC may be physically unreachable or mutually contradictory under real dynamic conditions. The system appears to be optimizing, but in practice it is either oscillating or failing to converge.

The research team's solution is to integrate the RTO structure directly into the MPC dynamic control layer — creating a single-layer architecture — and to use a gradient-based approximation to manage the computational complexity of this integration. The result is a system that achieves near-optimal performance at significantly lower computational cost, while eliminating the structural inconsistency that causes failure in two-layer designs.

Finding 1: Two-Layer Separation Creates Structural Unreachability

The paper demonstrates that when an RTO uses a steady-state model to compute targets, but the MPC must operate in dynamic real-world conditions, the targets handed down may not correspond to any achievable state of the actual system. This "nominal optimality but practical unreachability" is a silent failure mode — it does not announce itself until the system is under stress. The BCM parallel is precise: when a board-level Recovery Time Objective (RTO) of 4 hours is set without cross-validation against the IT infrastructure's actual restore capability, the BCP contains a structurally unreachable target. During a real disruption, this gap does not just cause delay — it causes decision paralysis and plan abandonment.

Finding 2: Gradient Approximation Enables Low-Cost Integration

The mathematical contribution of the paper is the gradient-based approximation strategy, which makes the single-layer formulation computationally tractable for real industrial applications. The engineering philosophy here is notable: a well-designed approximate solution that actually executes outperforms a theoretically perfect solution that cannot be implemented within operational constraints. For BCM practitioners, this principle argues for designing real-time optimization into recovery procedures — prioritizing executable plans with built-in resource constraints over comprehensive but untested documentation. Robust stability in both engineering and BCM means the system holds together when conditions deviate from the model assumptions.

Three Implications for ISO 22301 Business Continuity Management in Taiwan

The structural insights from Alamo et al.'s research translate into three actionable implications for Taiwan enterprises building or auditing their BCM frameworks under ISO 22301. Each implication addresses a specific failure pattern observed in enterprise BCP design.

Implication 1: RTO and RPO Targets Must Be Operationally Verified, Not Just Declared

ISO 22301 Clause 8.2.2 requires organizations to determine Recovery Time Objectives and Recovery Point Objectives through Business Impact Analysis (BIA). However, the standard's intent is that these targets reflect operationally verified capability, not aspirational declarations. Taiwan enterprises frequently set RTO targets in top-down management workshops without cross-checking against IT recovery tests, staffing availability, or supply chain lead times. The engineering principle from this paper demands that every declared RTO be tested against actual system dynamics. Practically, this means each RTO target in the BCP should have a corresponding test result that confirms its achievability within current resource constraints.

Implication 2: Integrated BCM Architecture Outperforms Siloed Plans

The paper's central argument — that single-layer integration outperforms two-layer separation — maps directly onto BCM architecture. Many Taiwan enterprises maintain separate IT Disaster Recovery Plans and Business Unit Contingency Plans that are never genuinely synchronized. When a real disruption occurs, the IT team pursues its own recovery sequence while business units operate on different assumptions about when systems will be available. ISO 22301 Clause 8.4 requires that business continuity plans and procedures be coordinated and consistent. CISA's January 14, 2026 publication of OT Secure Connectivity Principles reinforces this integration imperative, noting that OT and IT security mechanisms must be incorporated into a unified risk management framework.

Implication 3: Proportional Resource Allocation Through Multi-Objective Optimization

The gradient approximation strategy reflects a resource-allocation principle that is directly applicable to BCM: concentrate protection resources on the highest-impact business functions, rather than applying equal investment across all activities. ISO 22301 does not require every business function to receive the same level of continuity protection — it requires protection proportional to impact. Taiwan SMEs frequently struggle with BCM implementation because they approach it as an all-or-nothing commitment. A properly tiered BCP, with three priority levels defined by BIA output, allows organizations to achieve meaningful ISO 22301 compliance within realistic budget constraints.

How Winners Consulting Services Co. Ltd. Supports Taiwan Enterprises

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) provides end-to-end support for ISO 22301 BCM framework design, including BIA execution, RTO/RPO target verification, integrated BCP development, and exercise program management. The following action steps are derived directly from this paper's engineering findings and are designed for a 7 to 12-month implementation cycle.

1. Months 1–2: RTO Feasibility Audit. Inventory all existing RTO and RPO targets across business functions. Map each target against documented IT recovery capability, staffing assumptions, and supply chain dependencies. Produce a gap register identifying structurally unreachable targets for priority remediation.
2. Months 3–7: Integrated BCP Framework Design. Align IT Disaster Recovery Plans and Business Unit Contingency Plans within a single ISO 22301-compliant framework. Establish cross-departmental coordination protocols that eliminate parallel, inconsistent recovery sequences. Ensure all recovery objectives are expressed in the same units and validated against the same baseline assumptions.
3. Months 8–12: Tiered Exercise Program and Certification Preparation. Design and execute tabletop exercises for Tier 1 critical functions, followed by full simulation tests for systems with the shortest RTO targets. Document test results, identify residual gaps, and initiate ISO 22301 audit preparation based on verified, evidence-backed BCP performance data.

Frequently Asked Questions

Our IT department says our declared RTO of 4 hours is not achievable with current infrastructure. How should we address this?

This is the most consequential BCM finding to act on immediately. When declared RTO targets exceed actual recovery capability, the BCP contains a structural failure point that will manifest during a real disruption. The corrective path has three steps: first, conduct a formal RTO Feasibility Assessment by testing current recovery procedures against the declared target under realistic conditions; second, document the verified recovery time as a baseline; third, make a deliberate business decision — either invest in infrastructure or process changes to meet the original target, or revise the RTO to a verified achievable figure and update the BCP accordingly. ISO 22301 requires that RTO targets reflect genuine organizational capability, not aspirational benchmarks. This process should be completed within 60 days of identifying the gap.

What are the most common compliance challenges Taiwan enterprises face when implementing ISO 22301?

Three structural challenges appear consistently. First, BIA data quality: many organizations treat Business Impact Analysis as a compliance checkbox rather than a rigorous quantification exercise, resulting in RTO and RPO targets that lack evidentiary support. Second, exercise frequency: ISO 22301 Clause 8.5 requires regular testing and exercises, but many Taiwan enterprises conduct exercises biennially at best, meaning BCP assumptions are never validated against current conditions. Third, cross-departmental integration: IT recovery plans and business unit continuity procedures are maintained independently, creating coordination failures when a real disruption requires synchronized response. Each of these challenges is a framework design issue that requires structured remediation, not simply more documentation.

What does ISO 22301 actually require, and how long does certification take?

ISO 22301 requires a documented Business Continuity Management System (BCMS) covering: organizational context and leadership commitment (Clauses 4–6); Business Impact Analysis and risk assessment (Clause 8.2); business continuity strategy selection (Clause 8.3); Business Continuity Plan development (Clause 8.4); exercise and testing programs (Clause 8.5); and performance evaluation through internal audit and management review (Clause 9). For a Taiwan enterprise starting from a low BCM maturity baseline, the full implementation and certification cycle typically requires 12 months: 3 months for BIA and gap analysis, 5 months for framework design and BCP documentation, and 4 months for exercises, internal audit, and certification audit preparation. Organizations with existing ISO 27001 or ISO 9001 management systems can often compress this to 9 months.

What investment is required to implement ISO 22301, and how should we quantify the return?

Implementation investment varies by organizational size and existing BCM maturity. The most practical framing for management approval is to compare implementation cost against the direct financial impact of a 24-hour disruption to the organization's most critical business function — quantified through the BIA process. For most Taiwan manufacturing or technology companies, the cost of a single day of unplanned downtime in a critical operation exceeds annual BCM program investment. Additional quantifiable benefits include: improved customer contract terms (particularly in financial services, semiconductor supply chains, and government procurement, where BCM certification is increasingly a qualification requirement), reduced cyber insurance premiums for certified organizations, and measurable reduction in mean recovery time — typically 30% to 50% improvement following the first year of structured BCM exercise programs.

Why should Taiwan enterprises work with Winners Consulting Services Co. Ltd. on BCM?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) combines ISO 22301 implementation expertise with cross-domain analytical capability — including the kind of engineering-informed BCM framework analysis demonstrated in this article. Our approach prioritizes operational verifiability: every RTO target, BCP procedure, and recovery strategy we help design is tested against real organizational constraints before being documented. We provide a complimentary initial diagnostic that delivers a concrete gap register and prioritized improvement roadmap at no obligation, giving enterprise leaders an evidence-based foundation for internal investment decisions. Our structured 7 to 12-month implementation program is calibrated to Taiwan enterprise realities — including regulatory environment, supply chain dependencies, and resource constraints typical of the domestic market.

勾配ベースRTO+MPC統合アーキテクチャが示す台湾企業BCM・ISO 22301フレームワーク設計の要諦

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、2014年に発表され34回引用された過程制御分野の学術研究が、台湾企業の事業継続管理（BCM）フレームワーク設計に対して直接適用可能な工学的洞察を提供していることを確認した。研究の核心命題は「上位最適化目標と下位実行制御の間に構造的不整合が生じると、システムはストレス下で必ず失敗する」というものであり、これはISO 22301が要求するRTO・RPO目標設定の検証可能性と完全に対応している。