Service Continuity Escalation Matrix

Aligned with NIST SP 800-34r1, SP 800-61r3, and FCA Operational Resilience expectations.

Purpose: To define the escalation pathway during a service disruption to ensure timely communication, decision-making, and continuity activation.

Last Updated: [DD/MM/YYYY] Owner: [Business Continuity Manager / CISO] Next Review: [DD/MM/YYYY]

Escalation Levels Overview

Level
Severity
Description
Response Time
Escalation Trigger

Level 1 – Minor

Low

Minor outage or delay, non-critical system affected, workaround available

Within 2 hours

< 1 hour downtime, limited user impact

Level 2 – Moderate

Medium

Disruption to a critical but recoverable system or service

Within 1 hour

RTO < 4 hours, some customer disruption

Level 3 – Major

High

Extended outage of critical services, no workaround, affects multiple users or customers

Immediate (within 30 minutes)

RTO > 4 hours, potential regulatory impact

Level 4 – Crisis

Severe

Threat to life, major data breach, full service loss, regulatory breach risk

Instant

FCA-reportable event, prolonged downtime, reputational damage risk

Escalation Matrix by Role & Responsibility

Escalation Level
Role Notified
Responsible Party
Communication Method
Decision Authority

Level 1

IT Support Lead, Service Manager

Incident Handler

Email / Ticket / Slack

Support Lead

Level 2

IT Ops Manager, Business Owner

Continuity Lead

Phone / Email

Service Continuity Manager

Level 3

Crisis Response Team, Legal, DPO

CTO / CISO

Phone / Crisis Bridge

Crisis Lead / Exec Sponsor

Level 4

CEO, Board, FCA, Customers

CEO / Board Delegate

Live Briefing / Regulator Portal / Press Release

CEO + Board Decision Panel

Contact Escalation Tree

Level 1 → Service Desk → Team Lead Level 2 → Continuity Manager → IT Ops Head → Affected Business Unit Level 3 → CISO/CTO → Legal → Crisis Manager → Crisis Team Level 4 → CEO/Board → External Regulators → Customers → Press Office

Escalation Path Flow (Simplified)

Incident Detected → Classify Impact → Trigger Escalation Level → Notify Relevant Team(s) → Initiate Recovery or Crisis Response → Communicate with Stakeholders → Monitor & Adjust → Close & Review (Post-Incident)

Tools & Channels for Escalation

Channel
Use Case

Slack / MS Teams

Internal triage and team alerts

Email

Stakeholder and external communication

Crisis Bridge (Zoom/Teams)

Live incident coordination

Emergency Call Tree

Non-digital escalation

FCA Reg Portal

Incident reporting (within 72 hrs)

Escalation Decision Criteria

Criteria
Escalation Level

Outage > 30 mins to Tier 1 system

Level 2

Data Loss / Integrity Compromise

Level 3

FCA Threshold Breach

Level 4

Customer Trust Impact

Level 3+

RTO/RPO Failure Likely

Escalate 1 level

PreviousCrisis Communication Plan TemplateNextThird-Party Dependency Mapping Sheet (Template)

Last updated