Setting impact tolerances: how long can a football club survive disruption before real harm occurs?

Ask a club how quickly it would recover from a serious system failure and the honest answer is usually "as fast as possible." That is not an impact tolerance. It is a hope. The discipline that financial services firms were forced to adopt under the FCA's operational resilience framework requires something much harder: a specific, defensible, board-approved limit for how much disruption each critical service can absorb before the harm becomes unacceptable. This article explains how a football club sets one properly, using the club's own most time-critical services as the test case.

This article is the third in our series on Operational Resilience for Football clubs. You can find other articles in this series here.

Lagom Article Header CTA
Lagom Sports Compliance

This article is brought to you by Lagom Sports Compliance -- the leading governance, risk, compliance and anti-financial crime consultancy built exclusively for professional football. We help clubs, agents and leagues navigate the IFR, UEFA licensing and EU AML obligations with proportionate, practitioner-led support.

Want to talk through what this means for your club?

Why "as fast as possible" is not an answer

Of the four disciplines that make up an operational resilience programme -- identifying important business services, mapping their dependencies, setting tolerances for disruption, and testing against realistic scenarios -- the impact tolerance is the one most likely to be skipped or answered vaguely, because it forces the organisation to commit to a specific number rather than a general intention.

"We would aim to restore the service as quickly as possible" sounds responsible. It is, in the resilience sense, meaningless. It commits to nothing, it cannot be tested against, and it gives no one in the organisation a clear signal for when a disruption has crossed from manageable into serious. An impact tolerance is different in kind, not just in specificity: it is a board-approved statement that says, in effect, if this service is unavailable for longer than X, the harm becomes unacceptable, and we have decided that in advance. That is a genuinely uncomfortable thing for a board to commit to, which is precisely why most organisations, football clubs very much included, have never done it.

What a defensible impact tolerance actually contains

A properly set impact tolerance has three characteristics that a vague aspiration does not. It is specific -- expressed as a concrete metric, most often time, but sometimes volume or another measurable threshold. It is justified -- the club can explain, with evidence, why that particular limit was chosen rather than a stricter or looser one. And it is owned -- approved at board level by someone with the authority and the accountability to have made that judgement, rather than arrived at informally by whoever happens to run the affected department.

The justification requirement is where most attempts at this exercise fall down. It is not enough to assert a number. The club needs to be able to show the reasoning: what specifically happens at the point the tolerance is breached, who is harmed, and why that harm becomes materially worse, or irreversible, beyond that specific point. This is easier to do with genuine operational and legal detail in hand than in the abstract -- which is why the three worked examples below are built from real external constraints, not invented ones.

Impact Tolerance Definition Callout

An impact tolerance is not a target for how quickly the club would like to recover. It is a line the club has decided, in advance and with evidence, that it cannot afford to cross.

Worked example one: matchday ticketing and access control

Consider a club setting an impact tolerance for its ticketing and access-control systems on a matchday. The relevant operational fact, standard across Premier League grounds, is that turnstiles and stadium gates open ninety minutes before kick-off, giving supporters a defined window to enter, be searched, and reach their seats in a controlled and orderly way.

That ninety-minute window is not an arbitrary courtesy. It exists because safe crowd management at scale requires a controlled flow of entry over time; compress that window and the same number of people are being processed through the same physical infrastructure in less time, which is precisely the kind of pressure that safety and crowd-management planning is designed to avoid. A club setting an impact tolerance for this service therefore has a genuine, evidenced basis for its judgement: an access-control outage that resolves within the first thirty minutes of the gates-open window is a serious operational incident, but the remaining hour still allows for a broadly normal, controlled entry process. An outage that is not resolved within roughly forty-five minutes of that window -- leaving less than three-quarters of an hour of degraded entry capacity before kick-off -- crosses from a serious incident into a genuine safety and regulatory concern, because the club can no longer be confident of processing its expected attendance through the remaining time without the kind of crowd build-up that safety certification is specifically designed to prevent.

The impact tolerance in this example, then, is not "restore ticketing as fast as possible." It is something closer to: access-control functionality must be restored, or a fully resourced manual entry process must be operational, within 45 minutes of an outage occurring during the gates-open window, or the club's safety officer must be in a position to advise on delaying kick-off. That is specific, it is time-bound, and the club can explain exactly why 45 minutes rather than 60 or 30 -- because it is derived from the actual structure of the ninety-minute entry window the club already operates within. 

Worked example two: player registration during a transfer deadline

The second example is the sharpest illustration of why impact tolerances have to be genuinely realistic rather than aspirational, because the external deadline here does not move for anyone. Premier League transfer deadlines are fixed, and the process that follows them is unforgiving of assumption. Clubs are only permitted to submit a deal sheet, the mechanism that grants extra time to complete paperwork, within a strictly defined window immediately before the deadline itself, and once submitted correctly, they receive a fixed two-hour grace period to complete the full registration. There is no further extension beyond that. International transfers carry an additional, entirely separate constraint: they must also clear FIFA's Transfer Matching System before midnight, regardless of the club's own domestic deadline.

This means the club's internal systems for preparing and submitting registration paperwork, the systems this article's method would identify as an important business service in their own right, have an impact tolerance that is not really a club decision at all. It is set almost entirely by the external process. If a club's registration system fails at any point after the window in which a deal sheet can still be validly submitted, there is, in practical terms, no tolerance left: the transfer either completes before the fixed deadline or it does not happen in that window at all, full stop.

The genuinely useful impact tolerance for a club to set here, therefore, is not framed around the moment of deadline itself, by then it is too late for a tolerance to mean anything, but around the internal preparation window that precedes it. A defensible tolerance looks like: registration paperwork preparation systems must be fully operational, with no unresolved technical issue, no later than two hours before the deadline (to allow the deal sheet mechanism to be used as a safety net) and no later than the point a deal sheet, once submitted, would leave insufficient time to complete the full paperwork within its two-hour grace period. A club that has not mapped its own internal systems against this external, fixed, non-negotiable process has not set an impact tolerance for this service. It has simply hoped the systems hold up on the day.

Worked example three: payroll for players and staff

The third example illustrates a different kind of tolerance: one where the legal position sets a hard floor, but real-world practice creates a meaningful window for genuine recovery before that floor becomes a serious problem. Under the Employment Rights Act 1996, a payment made even a single day later than the date specified in an employment contract is, technically, an unlawful deduction of wages the moment it happens. In that narrow legal sense, there is effectively no tolerance at all, the breach occurs immediately.

But the practical risk profile is more nuanced than that technical position suggests, and a genuinely useful impact tolerance has to reflect both. Employment law commentary is consistent on this point: a payment that is corrected within a few days, where the employer communicates proactively and the delay does not recur, is generally treated as a low-risk, remediable breach rather than one likely to escalate to a tribunal claim or support a constructive dismissal argument. The risk profile changes materially, however, once delay becomes repeated or prolonged, because at that point the employee can reasonably argue that the implied term of mutual trust and confidence, the foundation of the employment relationship itself, has been broken.

A defensible impact tolerance for payroll, then, has to hold two things in view simultaneously: the fact that any delay is technically a breach from the first missed day, and the fact that the genuinely serious escalation risk begins once a delay is not resolved within a small number of days, or once any delay becomes a pattern rather than a one-off. A club's board might reasonably set the tolerance as: any payroll delay must be identified, communicated to affected players and staff, and resolved within 2 business days of the scheduled payment date; any second occurrence within a rolling twelve-month period triggers a full review of payroll system resilience, regardless of how quickly it was resolved. That tolerance does not pretend the first day of delay is harmless. It commits the club to a specific, evidenced standard for how quickly a breach must be cured, and it treats repetition, not just duration, as the point at which the harm becomes serious.

What Three Examples Have In Common Box

What the three examples have in common

None of the three tolerances above were arrived at by asking ‘how fast could we plausibly fix this?’ All three were built by working backwards from a real, external, evidenced constraint -- the physical structure of a stadium\'s entry process, the fixed and unforgiving mechanics of a transfer deadline, and the specific point at which UK employment law risk escalates from technical breach to serious exposure.

That is the method, and it is transferable to any important business service a club identifies: find the genuine external constraint or threshold the service operates against, and set the tolerance at the point just before that constraint turns disruption into intolerable harm. A tolerance that is not traceable to a real external fact is not a tolerance. It is a guess with a number attached.

Who should set the tolerance, and how often it should be reviewed

Impact tolerances are a governance judgement, not a technical one, and they should be approved at board level for exactly the reason the worked examples above illustrate: setting one properly requires weighing safety, legal, financial and reputational consequences against each other, which is a board-level responsibility even when the underlying service sits within an operations or IT function day to day.

Each tolerance should also be reviewed at least annually, and immediately after any material change to the underlying constraint it was built around. A change to stadium safety certification, a change to the transfer deadline process, or a change to a club's payroll provider are all events that should trigger a fresh look at whether the tolerance set previously is still the right one -- because a tolerance built on a stale assumption is no more defensible than one that was never properly evidenced in the first place.

The next article in this series addresses the discipline that follows naturally from having set genuine tolerances: mapping the specific people, systems, facilities and third parties each important business service actually depends on -- because a tolerance cannot be tested, and cannot ultimately be met, without knowing precisely what stands behind the service when something goes wrong.

Setting a genuine impact tolerance requires the board to make a judgement it cannot make well without the full picture in front of it.

Lagom Sports Compliance works with football clubs across governance, risk, compliance and operational resilience. If your club has not yet set defensible, board-approved impact tolerances for its most critical services, we would welcome a conversation about what that process looks like for your club.

Lagom Article Header CTA
Lagom Sports Compliance

This article is brought to you by Lagom Sports Compliance -- the leading governance, risk, compliance and anti-financial crime consultancy built exclusively for professional football. We help clubs, agents and leagues navigate the IFR, UEFA licensing and EU AML obligations with proportionate, practitioner-led support.

Want to talk through what this means for your club?

Frequently asked questions: impact tolerances for football clubs

Previous
Previous

What section 34 means for football club owners

Next
Next

Free webinar: Independent Football Regulator Licensing - What Clubs Must Build Before Applying