One-Layer MPC+RTO Integration: BCM Implications for ISO 22301 in Taiwan

Winners Consulting Services Co., Ltd. has identified a 2017 industrial control study published in *Computers & Chemical Engineering* that reveals a core proposition with significant implications for Business Continuity Management (BCM) in Taiwan: when conflicts between the control layer and the optimization layer are eliminated, the overall system's stability and response capability are markedly enhanced. This "single-layer, gradient-based MPC+RTO" architecture, validated on a propylene distillation column, perfectly mirrors the core pain point many Taiwanese enterprises face when establishing their Business Continuity Plans (BCPs)—the inability to effectively meet RTO targets due to a disconnection between the IT control system and the operational decision-making layer.

About the Authors and This Study

This paper was co-authored by three control engineering scholars. One of the key contributors, A. Ferramosca, has a particularly notable academic impact, with an h-index of 24 and 2,242 total citations, demonstrating deep academic expertise and industry recognition in the field of Model Predictive Control (MPC). Although another author, A. I. Hinojosa, has an h-index of 2, this paper represents their solid empirical research in industrial distillation control applications. A. González provided crucial methodological support in optimization modeling for the process industry.

Published in 2017, this paper has been cited 11 times as of this writing. While the citation count is moderate, its practical utility and methodological rigor in the field of chemical process control have been positively received by peers, especially considering its focus on high-fidelity simulation experiments for specific industrial equipment (a propylene/propane separation column). The study utilized SimSci Dynsim® for rigorous dynamic simulation and SimSci ROMeo® for its real-time optimizer, ensuring the simulation results closely reflect industrial reality.

The Single-Layer MPC+RTO Architecture: Industrial Proof of Eliminating Control Layer Conflicts

The core contribution of this paper is the proposal and validation of a single-layer, gradient-based architecture that integrates Model Predictive Control (MPC) and Real-Time Optimization (RTO) into a single control layer, effectively eliminating the design conflicts inherent in traditional two-layer control structures.

Key Finding 1: The structural conflict in two-layer architectures is a hidden risk in industrial systems.

Traditional industrial control systems often employ a two-layer architecture where the "upper-layer RTO determines the optimal operating point, and the lower-layer MPC performs tracking." However, inconsistencies often exist between these two layers in terms of time scales, objective functions, and model assumptions. This leads to conflicting optimization commands when the system is subjected to disturbances, causing system oscillations or even deviation from the optimal operating point. The paper clearly states that this structural conflict is a real phenomenon in industrial distillation systems, not just a theoretical assumption.

Key Finding 2: The single-layer gradient-based method is equivalent or superior to the traditional two-layer architecture in stability and disturbance rejection.

Through rigorous simulation of a propylene distillation column using SimSci Dynsim®, the study compared the "single-layer, gradient-based MPC+RTO" with the "traditional two-layer architecture" across three dimensions: performance, stability, and disturbance rejection. The results showed that, for this specific system, the new method's overall performance was equivalent or superior to the traditional method. This implies that simplifying the architecture does not sacrifice control quality and may even enhance system resilience by reducing inter-layer conflicts. Notably, the authors demonstrated rigorous academic attitude by cautiously defining the scope of their conclusions as being "for this specific system."

Key Finding 3: Integrating the economic function's gradient is the key mechanism for architectural integration.

The paper's methodological innovation lies in using the sensitivity analysis tool of the real-time optimizer (SimSci ROMeo®) to directly obtain the gradient of the economic objective function and integrate it into the MPC's control law. This design allows a single controller to continuously converge toward the optimal economic target while tracking setpoints, without relying on periodic command updates from an upper-layer RTO.

Core Implications for Enterprise Business Continuity Management (BCM) Practices

The most direct implication of this paper for enterprises is not in the chemical processes themselves, but in the cross-domain principle that "the degree of integration between the control and decision-making layers determines the system's level of resilience when facing impacts." For companies that are establishing or optimizing their ISO 22301 Business Continuity Management (BCM) framework, this industrial engineering-based conclusion holds high structural analogy value.

Many enterprises, when creating their BCPs, face a problem highly similar to the "two-layer conflict" revealed in the paper: technical recovery objectives (RTO/RPO) and business-level continuity decisions often operate in silos. The technical team sets system recovery time objectives, but the business units' actual tolerance levels and priorities are not fully integrated into the control mechanism. As a result, when a real disruption occurs, the response commands from the technical and business layers conflict, causing recovery efficiency to fall far below expectations.

The ISO 22301 standard requires companies to establish an integrated Business Impact Analysis (BIA) mechanism and ensure that RTO/RPO targets are driven by business needs rather than purely technical judgment. The principle validated in this paper—that "single-layer integration is superior to two-layer separation"—provides the most persuasive engineering-based evidence for this ISO requirement. When a BCM system can integrate the business decision-making layer and the technical execution layer into a single framework, rather than maintaining a disconnected two-layer structure, the system's stability and recovery capability during a disturbance will be significantly enhanced.

Furthermore, the risk-tiered control logic used in the paper—setting corresponding control responses for different disturbance scenarios—also echoes ISO 22301's requirement for "multi-scenario BCP design." Companies should not design recovery processes for a single worst-case scenario but should establish tiered response mechanisms capable of addressing different risk levels.

How Winners Consulting Services Helps Enterprises Integrate BCM Control and Business Decision Layers

Winners Consulting Services Co., Ltd. assists enterprises in establishing BCPs, setting RTO/RPO targets, conducting Business Impact Analysis (BIA), and performing crisis management exercises in accordance with the ISO 22301 standard. Our core methodology focuses on eliminating decision-making conflicts between the business and technical layers.

1. Driving Single-Layer, Integrated RTO/RPO Targets with BIA Data: Referencing the paper's design logic of "integrating the economic objective function's gradient into the control law," Winners Consulting Services simultaneously collects data on Maximum Tolerable Period of Disruption (MTPD) and IT system recovery capabilities during the BIA phase. This ensures that RTO/RPO targets are a product of integrated business and technical analysis from the outset, rather than a retrofitted two-layer structure.
2. Establishing a Single, Integrated BCM Framework Aligned with ISO 22301 to Eliminate Control Layer Conflicts: To address the common problem of "IT BCP and Business BCP operating independently," we design a cross-departmental, integrated BCM framework. This ensures that technical recovery procedures and business response decisions operate in concert within the same framework, preventing conflicting commands.
3. Simulating Multi-Scenario Disruptions to Validate the BCM System's Resilience: Drawing from the paper's systematic validation of "disturbance rejection performance," Winners Consulting Services plans tabletop exercises and full-scale drills covering multiple scenarios, such as major power outages, cybersecurity incidents, and supply chain disruptions. We use actual test data (not assumptions) to confirm the BCM system's effectiveness and identify potential inter-layer conflict points.

Frequently Asked Questions

How does the MPC and RTO integration principle from industrial control systems specifically help in designing an enterprise BCM framework?

The core benefit is providing engineering-based evidence that "integration is superior to stratification." This paper's rigorous SimSci Dynsim® simulation proves that a single-layer MPC+RTO architecture is equivalent or superior to a traditional two-layer structure in stability and disturbance rejection. Applied to ISO 22301 BCM framework design, this principle addresses the common issue where an enterprise's IT recovery layer (IT BCP) and its business response layer (Business BCP) operate separately, leading to conflicting commands during a real disruption. The paper's gradient integration method suggests that businesses should establish unified objectives for business needs and technical capabilities during the BIA phase, rather than trying to coordinate two separate systems after the fact.

What are the most common compliance challenges that create "two-layer conflicts" in BCM frameworks when enterprises implement ISO 22301?

The most common problem is having the BCP led by the IT department with insufficient involvement from business units, causing RTO targets to be disconnected from actual business tolerance. ISO 22301 Clause 8.2 explicitly requires the Business Impact Analysis (BIA) to be centered on business processes, with RTO/RPO targets driven by the Maximum Tolerable Period of Disruption (MTPD). A frequent scenario in many companies is the IT department setting a four-hour RTO, while the business unit's actual tolerance might be two hours or even 24 hours. If this gap is not identified and addressed early in the implementation, the BCM system may be compliant on paper but ineffective in practice. It is crucial to conduct cross-departmental BIA workshops before certification to align MTPD and RTO/RPO targets.

What are the implementation steps and timeline for ISO 22301 certification?

Establishing an ISO 22301-compliant BCM system from scratch typically takes 7 to 12 months. The process is divided into four phases: Phase 1 (1-2 months) involves a current state diagnosis and gap analysis. Phase 2 (2-3 months) focuses on conducting the BIA and risk assessment to set RTO/RPO targets. Phase 3 (2-4 months) is for designing BCP documentation, crisis management procedures, and communication plans. Phase 4 (1-2 months) includes conducting exercises and tests, followed by the third-party certification audit. If an organization already has a foundational management system like ISO 27001, the timeline can be shortened to 6-9 months. Key influencing factors include senior management support, business process complexity, and cross-departmental collaboration efficiency.

How can the costs and expected benefits of implementing an ISO 22301 BCM system be realistically evaluated?

The most direct return on investment is a 30% to 50% reduction in the average recovery time from major disruptions and the ability to demonstrate quantifiable business resilience in client contracts and supply chain audits. Implementation costs include external consulting fees, internal human resource allocation (approximately 20-40 person-hours per month for cross-departmental collaboration), and annual maintenance fees for exercises, reviews, and recertification. From a risk management perspective, ISO 22301 certification helps minimize customer churn and reputational damage after a security incident or natural disaster, intangible losses that often far exceed the direct cost of BCM implementation. We recommend using the financial impact of critical business disruptions (calculated per hour) identified in the BIA as a baseline for ROI calculation, with investment typically recovered within 2-3 years.

Why choose Winners Consulting Services for Business Continuity Management (BCM) initiatives?

Winners Consulting Services Co., Ltd.'s core advantage lies in our dual capability of combining academic research insights with practical industry implementation. We continuously track leading international academic papers, like this MPC+RTO study, and translate cross-domain methodological principles into actionable ISO 22301 implementation frameworks for enterprises. We guide companies through the entire BCM lifecycle—from BIA and RTO/RPO setting to BCP documentation and exercise validation—within 7 to 12 months. Our goal is to ensure your BCM system is not just a set of certified documents but a robust mechanism that functions effectively during a real disruption. We offer a complimentary BCM health check to help you identify current gaps and prioritize improvements before starting a full-scale project.