Your technology recovery objectives are only credible if you have tested them. Have you?

FourthLine designs ICT service continuity frameworks, disaster recovery plans, and RTO/RPO validation programmes aligned to your IBS impact tolerances and to PRA SS2/21 and DORA requirements. We map your technology dependencies, identify the gaps between your recovery assumptions and your recovery capability, and build the tested evidence your regulator expects.

Book a Scoping Call with Kieran
Download our Solution Overview

THE PROBLEM THIS SOLVES

Most firms have disaster recovery plans. The gap is rarely the plan itself, it is the evidence that the plan works. Impact tolerances set in the Op Res programme assume that technology recovery is possible within the defined timeframe. Without structured ICT service continuity planning and tested RTOs and RPOs, that assumption is unvalidated.

PRA SS2/21 requires firms to demonstrate that ICT systems supporting Important Business Services can be recovered within impact tolerance. Most mid-tier firms cannot currently demonstrate this without external support.

WHAT WE DELIVER

  • IBS-to-ICT dependency mapping (systems, platforms, cloud environments, third parties)
  • ICT risk and threat assessment
  • RTO and RPO definition and validation against IBS impact tolerances
  • ICT service continuity framework and policy
  • Disaster recovery plan development per critical system
  • Recovery testing programme design and execution
  • Preventative controls review and architecture resilience by design
  • Crisis and incident management alignment to technology recovery
  • Board-ready ICT resilience evidence pack
  • Rapid Prototyping in HubSpot

Programme Structure: Typically sequenced post-BCM programme

Start: ICT Diagnostic Assessment | £15k–£25k

Full framework programme: From £75k

Recovery testing programme: Scoped separately

Fee basis: Fixed fee throughout

Delivered by: Senior Certified Industry aligned Technology Resilience practitioners 

HOW THIS CONNECTS TO THE WIDER PROGRAMME

ICT resilience work begins where your Op Res & BCM programme ends.

The IBS-to-technology dependency mapping done in the BCM programme provides the foundation for ICT service continuity planning ensuring your DR plans are anchored to the business services that cannot fail, not just the systems IT has always prioritised. 

1

Operational Resilience & BCM

2

Third Party Risk Management

3

Cyber Resilience

4

Annual Resilience Retainer

Embedded resilience capability with continuous regulatory intelligence and supervisory readiness 

WHY FOURTHLINE FOR THIS PRODUCT

delivery

Senior delivery

Not senior oversight. The practitioner you meet in scoping is the practitioner who delivers. No hand-off to junior resource after the sale.

regulatory

Through the lens of Important Business Services

We approach ICT resilience from the operational resilience regulatory framework outward not from the IT asset register inward. Every RTO and RPO we define is validated against the impact tolerances your regulator has already scrutinised. That is the connection most DR programmes miss.

orange-icon-3

Fixed Fee Certainty

All programmes are fixed fee. The scope we agree is what we deliver. No open-ended day rate billing, no scope creep, no surprise invoices 

We had an internal team and an existing framework, but we were not confident the evidence would hold up in a supervisory review. The Diagnostic Assessment gave us a precise, prioritised view of where the gaps were. No generic recommendations, no filler. The remediation roadmap went straight to the board and was approved without revision. 

Head of Risk, Wealth Manager
View Case study