The Art of CTO STAMP Framework assesses operational resilience across five dimensions — Services, Tolerances, Architecture, Monitoring, and Proof — aligned to FCA and DORA regulatory requirements.
Frequently Asked Questions
What is the STAMP operational resilience framework?
STAMP stands for Services, Tolerances, Architecture, Monitoring, and Proof — five dimensions for assessing operational resilience. It helps organizations identify their important business services, set impact tolerances for disruption, ensure their architecture supports those tolerances, implement monitoring to detect breaches, and gather evidence to prove resilience to regulators. The framework aligns with both FCA (UK) and DORA (EU) regulatory requirements.
What are impact tolerances in operational resilience?
Impact tolerances define the maximum acceptable level of disruption to an important business service, measured in terms like downtime duration, transaction volume affected, or data loss. For example, a payment processing service might have an impact tolerance of "no more than 4 hours of complete outage." Regulators expect organizations to set these tolerances based on consumer harm analysis, then test and prove they can stay within them under severe but plausible scenarios.