Insight: Performance Evaluation of Real Industrial RTO Systems

About the Authors and This Research

This paper was co-authored by M. Câmara, Á. D. Quelhas, and J. Pinto, published in 2016 in the MDPI journal Processes. With 51 total citations—including 1 high-impact citation—the research maintains consistent relevance in the field of industrial process control. Quelhas's prior foundational work (Can J Chem Eng., 2013, 91, 652–668) established the theoretical basis for two-step RTO methodology, and this paper extends that foundation into empirical industrial evaluation. As a constructive note: the authors' h-indices are modest (Câmara: h-index 1; Quelhas: h-index 1, 8 citations), and the study's industrial scope is specific. Nevertheless, it represents one of the few rigorous empirical validations of RTO design choices under real noise conditions—a gap that commercial RTO software vendors have largely ignored.

Core Research Findings: Three Design Failures That Threaten Operational Continuity

The research evaluated real industrial RTO implementations across multiple critical dimensions: steady-state detection method selection, adjustable model parameter choices in model adaptation, and convergence determination of optimization techniques—all tested against real noisy industrial data.

Finding 1: Steady-State Detection Failures Are the Primary Risk Source

Under real industrial noise conditions, incorrect steady-state detection parameters caused the Real-Time Optimiser to trigger optimization calculations on unstable process states, producing systematically incorrect operational recommendations. This "false steady-state" triggering represents a fundamental reliability gap in how commercial RTO software is deployed and validated.

Finding 2: Model Adaptation Without Systematic Parameter Selection Undermines Convergence Reliability

The study found that in the two-step RTO approach, the choice of adjustable parameters in the model adaptation phase—when coupled with Model Predictive Control (MPC)—produced significantly different convergence outcomes depending on selection methodology. Intuitive, experience-based choices showed quantifiably inferior results compared to systematic approaches. The research quantifies that convergence reliability differences across parameter selection strategies reach statistically significant levels, challenging the industry norm of relying on engineer intuition.

Finding 3: The Absence of Performance Evaluation Tools Is a Systemic Gap in Commercial RTO Software

Perhaps most critically for BCM practitioners, the authors identify that commercial RTO software systematically neglects built-in performance evaluation capabilities. Without continuous Real-Time Optimization performance monitoring, organizations cannot confirm whether their RTO systems are genuinely improving process operations—creating a "black box" that is incompatible with ISO 22301's requirements for documented, verifiable recovery capabilities.

Implications for Taiwan BCM Practice Under ISO 22301

For Taiwan's BCM professionals, this research delivers a fundamental message: Operational Technology (OT) system design quality must be integrated into Business Impact Analysis (BIA) and BCP development—not treated as an engineering concern separate from the ISO 22301 management framework.

The timing is particularly relevant. CISA issued two Industrial Control System (ICS) security advisories on December 30, 2025, reinforcing that OT environments face compounding threats: external cybersecurity vulnerabilities and internal design weaknesses can amplify each other's impact in ways that standard BCP scenarios may not adequately model. When an RTO system with flawed steady-state detection logic is simultaneously exposed to an ICS security threat, the failure cascade can exceed any BCP-projected recovery timeline.

For Taiwan enterprises in semiconductor manufacturing, petrochemicals, and precision manufacturing—industries where automated process control is central to operations—the implications are concrete:

• BIA Must Include OT System Design Document Completeness: ISO 22301 Section 8.2.3 requires identification of all resources supporting critical activities. RTO and MPC system design documentation should be treated as a BCM resource—its absence constitutes a business continuity risk factor, not merely an engineering documentation gap.
• RTO/RPO Targets Must Reflect OT System Convergence Uncertainty: The paper's empirical data shows that real RTO convergence times are variable and noise-dependent. Recovery Time Objectives (RTO) for manufacturing systems should be set using stress-test data rather than ideal-scenario assumptions, consistent with ISO 22301's requirement for credible recovery targets.
• BCP Exercises Should Include OT Failure Scenarios: Annual BCM tabletop exercises that never simulate RTO or MPC system anomalies leave a fundamental gap for organizations whose core processes depend on these systems.

A constructive caveat: this research's findings are derived from specific industrial contexts. Taiwan enterprises should adapt—not directly apply—its conclusions, accounting for the distinct characteristics of their industries (semiconductor fab environments differ fundamentally from petrochemical continuous processes). This adaptation work is precisely where professional BCM consulting adds measurable value.

How Winners Consulting Services Co. Ltd. Helps Taiwan Enterprises Integrate OT Risk into ISO 22301 BCM

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) assists Taiwan enterprises in building BCP business continuity plans compliant with ISO 22301, setting RTO/RPO targets, conducting Business Impact Analysis (BIA), and designing crisis management exercises. Based on the insights from this research, we recommend the following concrete actions:

1. Conduct an OT System BIA Inventory Immediately: Identify all critical control systems (RTO, MPC, and similar automated optimization systems) within your organization. Assess whether their design decision documents are complete and current. Quantify the business impact timeline if these systems fail under real noise conditions—use this data to calibrate your RTO/RPO targets under the ISO 22301 BIA framework.
2. Integrate OT Performance Metrics into BCM Monitoring: Drawing on the paper's performance evaluation framework, require your OT engineering teams or vendors to establish quantifiable system health indicators. Integrate these into your ISO 22301 Section 9 continual monitoring mechanism, ensuring RTO system reliability is continuously visible—not a black box.
3. Include OT Failure Scenarios in Annual BCP Exercises: Design at least one annual exercise scenario around OT system failures (e.g., steady-state detection malfunction, model convergence failure), involving both OT engineers and BCM responsible parties. Document exercise findings and update BCP accordingly.

Frequently Asked Questions

How do RTO system steady-state detection failures specifically affect BCP recovery time objectives?

Steady-state detection failures cause RTO systems to trigger optimization on unstable process states, producing incorrect operational recommendations and extending true recovery times beyond planned targets. Câmara et al. (2016) demonstrate that different detection parameter choices produce significantly different system behaviors under real industrial noise data. For ISO 22301 compliance, this means that RTO/RPO targets for manufacturing systems set without OT stress-test data will be systematically overoptimistic. Enterprises should explicitly include OT system convergence uncertainty in their Business Impact Analysis (BIA) and set recovery targets based on worst-case-credible scenarios, not average-case performance.

What is the most commonly overlooked OT compliance gap when Taiwan manufacturers implement ISO 22301?

The most commonly overlooked gap is the failure to include OT/ICS system failure scenarios in Business Impact Analysis (BIA) under ISO 22301 Section 8.2.3. Most Taiwan manufacturers structure their BCP around IT systems (ERP, MES), while leaving process control systems (RTO, MPC, SCADA) without corresponding recovery procedures. CISA's December 30, 2025 ICS security advisories reinforce the urgency of this gap. Enterprises should require OT engineering teams to provide design decision documents as BIA inputs, ensuring the BCP genuinely covers the full spectrum of operational interruption risks, not just the IT layer.

What are the practical steps and timeline for ISO 22301 certification in a manufacturing environment?

ISO 22301 certification for a manufacturing enterprise typically follows four phases over 7 to 12 months. Phase 1 (Months 1–2): Current state diagnostic and gap analysis against ISO 22301 requirements. Phase 2 (Months 2–5): Business Impact Analysis (BIA) including OT system failure scenario identification and RTO/RPO target setting. Phase 3 (Months 5–9): BCP documentation, staff training, and exercise design including OT scenarios. Phase 4 (Months 9–12): Internal audit, management review, and external certification audit preparation. Winners Consulting Services Co. Ltd. adjusts phase weightings based on enterprise scale and industry complexity.

What is the realistic resource investment for integrating OT systems into a BCM framework?

Integrating OT systems into BCM requires incremental investment across three areas: OT system design document compilation and updating (typically 20 to 40 engineer-hours per critical system), OT-specific BCP section development (approximately 15 to 25% additional BCP documentation effort), and annual OT scenario exercise coordination costs. The return on this investment is measurable: accurate OT-based RTO/RPO targets prevent the far costlier outcome of BCP failure during actual disruption events. For Taiwan semiconductor or petrochemical enterprises, a single unplanned OT system interruption event typically costs multiples of the total BCM implementation investment.

Why choose Winners Consulting Services Co. Ltd. for Business Continuity Management (BCM) advisory?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) is Taiwan's specialized ISO 22301 BCM certification advisory firm, with demonstrated cross-industry experience spanning manufacturing, financial services, and technology sectors. Our distinctive strength is the integration of industrial engineering, IT systems knowledge, and BCM framework expertise—ensuring OT environments are never treated as blind spots in your BCP. We provide end-to-end advisory from BIA and RTO/RPO target-setting through exercise design and certification audit preparation, consistently guiding enterprises to ISO 22301 compliance within 7 to 12 months. We continuously monitor academic research and regulatory developments—including CISA ICS advisories—to ensure our advisory reflects the current risk environment facing Taiwan enterprises.

積穗科研株式会社（Winners Consulting Services Co. Ltd.）は、台湾の事業継続管理（BCM）専門機関として、産業用リアルタイム最適化（RTO）システムの設計品質がISO 22301準拠のBCP（事業継続計画）の有効性を直接左右するという重要な洞察を提示します。Câmara、Quelhas、Pinto（2016年）の研究（引用51回、原文：https://doi.org/10.3390/PR4040044）は、実際の工業データ環境下でRTOシステムの設計欠陥が系統的な失敗を引き起こすことを実証し、台湾の製造業企業のBCM実務に具体的な警鐘を鳴らしています。