AlphaThis is a new service – your feedback will help us to improve it.

  1. Home
  2. Documentation
  3. OCTO Strategic Documentation
  4. Service Levels for MoJ Applications

Service Levels for MoJ Applications

Service Levels for MoJ Applications

This model provides five levels of business criticality with aligned RTO, RPO, and continuity expectations to guide consistent architectural design. It applies across the full spectrum of applications from highly critical citizen-facing services to low-importance utilities.

It is based on industry standards including ISO 22301, ISO 22313, NIST SP 800-34, and ServiceNow recovery tier guidance.

Summary

Level Description Typical RTO Typical RPO Architectural Expectation
1 — Mission Critical Immediate harm if unavailable Minutes Near-zero Multi-region active-active; continuous replication
2 — Business Critical Material operational disruption 4–8 hours <1 hour Warm standby; rapid failover
3 — Operational Workarounds available <24 hours <24 hours Cold/warm DR; daily backups
4 — Administrative Low operational impact 1–3 days 1–2 days Standard backup and restore
5 — Non-Critical Minimal impact Days–weeks 2+ days Fix-on-failure

Level 1 — Mission Critical

Systems whose loss results in immediate and unacceptable harm to life, liberty, security, financial obligations, or statutory duties. These systems typically underpin core operational services where no downtime and no data loss are acceptable.

Parameter Value
RTO 0–15 minutes
RPO Zero or near-zero

Continuity and DR expectations

  • Active-active architectures, multi-region failover or hot-standby
  • Automated failover, continuous monitoring, and tested DR drills
  • Regular resilience testing including cyber-attack and infrastructure-level scenarios
  • Must align with a very short Maximum Tolerable Period of Disruption (MTPD)

Level 2 — Business Critical

Systems supporting essential services where downtime produces material operational, financial or reputational impact, but not immediate organisational failure.

Parameter Value
RTO 4–8 hours
RPO 15 minutes to 1 hour

Continuity and DR expectations

  • Warm standby, high-availability clustering, and replicated storage
  • Daily or sub-hourly backups; asynchronous replication acceptable
  • Annual DR exercises; scenario testing recommended
  • Clear manual fallback processes to maintain partial operations

Level 3 — Operational

Systems supporting day-to-day operations. Temporary outages are tolerable and well-defined workarounds exist.

Parameter Value
RTO <24 hours
RPO 4–24 hours

Continuity and DR expectations

  • Daily backups; restore from secondary region or cold standby environment
  • Documented manual operating procedures
  • DR testing biannual or annual depending on change velocity

Level 4 — Administrative / Supporting

Internal productivity, administration, and support systems where downtime produces inconvenience but limited operational consequence.

Parameter Value
RTO 24–72 hours
RPO 24–48 hours

Continuity and DR expectations

  • Standard backup regimes; recovery from snapshots or cold standby
  • Manual workaround acceptable for several days
  • Periodic review to ensure the system does not become more business-relevant over time

Level 5 — Non-Critical / Low-Impact

Systems with purely convenience-based, informational or peripheral use. Failure does not materially impact organisational outcomes (e.g. internal dashboards with no operational effect).

Parameter Value
RTO 72 hours to weeks
RPO 48 hours or more

Continuity and DR expectations

  • Backups at standard intervals
  • Fix-on-failure; no immediate failover required
  • Minimal DR testing; restore as part of BAU backlog

Cross-cutting expectations

Business continuity

  • Must link to ISO 22301 Business Impact Analysis (BIA) outputs including MTPD, RTO, RPO, and MBCO
  • Each service must define dependencies, upstream/downstream integrations, and manual fallback capability

Disaster recovery

  • Recovery strategies must be justified against cost and risk
  • DR parameters (RTO, RPO, WRT, MTD) should be documented following the NIST SP 800-34 recommended structure

Continuity testing

  • Regular exercises required across all levels, scaling from full failover for Level 1 to table-top for Level 5
  • Plans must be validated regularly to remain effective as systems and priorities change

Architecture alignment

  • Design patterns (HA, DR, geo-redundancy, backup frequency) must be driven by the chosen criticality level
  • Lower RTO → more automation, multi-site redundancy and monitoring
  • Higher RTO → simpler backup/restore approaches
Last reviewed: 28 May 2026Review status: ✓ Up to dateSource: View source on GitHub

Was this page useful?