Back to Quest Board
🌪️

The Great Storm of the Iron Citadel

Major Infrastructure Outage & BCP Activation Following Cascading Power and Flood Failure
P1 — Critical

A catastrophic storm descends upon the Iron Citadel — your primary data centre — severing power and breaching flood defences. As the waters rise, critical systems fall silent one by one. The realm's core banking platforms, trading engines, and SWIFT gateways are plunged into darkness. The War Council must invoke the ancient rites of Business Continuity to restore order from chaos, activating the secondary fortress before dawn breaks on the markets.

60 minutes
DC 14
4 Injects
4–12 Players

Compliance Frameworks

PRA SS1/21 Operational Resilience FCA PS21/3 ISO 22301 BCMS DORA Art.11

🛡️ Roles & Party Members

War Chief Required
Incident Commander

Leads the crisis response, chairs the Crisis Management Team, authorises BCP activation and failover decisions

Arcane Engineer Required
IT Operations Lead

Provides technical context on infrastructure status, manages failover execution, monitors system recovery and data integrity

Keeper of the Continuity Scrolls Required
BCP Manager

Owns the Business Continuity Plan, coordinates activation of disaster recovery procedures, tracks RTO and RPO adherence

Warden of the Iron Citadel Required
Facilities Manager

Reports on physical site conditions, manages building systems, coordinates with utilities and emergency services on-site

Town Crier Optional
Communications Lead

Manages internal and external communications, drafts holding statements for clients and regulators, coordinates media response

High Council Elder Optional
Senior Management

Provides executive decision authority, approves regulatory notifications and client communications, manages board expectations

Herald of the Realm Optional
Client Relations Lead

Manages UHNW client communication strategy, coordinates relationship manager responses, assesses client impact and reputational risk

⚡ Inject Timeline

1
The Lights Go Dark — Initial Outage Detection
T+0 Minutes

It is 02:17 UTC on a Thursday morning. The Network Operations Centre (NOC) receives a cascade of critical alerts: the primary data centre — codenamed Iron Citadel — has suffered a complete mains p...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
2
Invoking the Ancient Rites — BCP Activation and Failover
T+20 Minutes

The War Chief has formally declared a Major Incident and activated the Business Continuity Plan. The Crisis Management Team is assembling via a mobile conference bridge — the only communication chan...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
3
The Long Siege — Extended Outage Management
T+40 Minutes

Six hours have elapsed since the initial power failure. The primary data centre remains offline and inaccessible — the facilities team reports that floodwater has risen to 30 centimetres in the grou...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
4
Dawn After the Storm — Recovery and Lessons Learned
T+60 Minutes

It is now 72 hours after the initial power failure. The primary data centre remains offline and the structural assessment has confirmed significant water damage to ground-floor infrastructure: 34 serv...

6 Discussion Prompts 1 Dice Events 4 Possible Complications

📋 Debrief Questions

Post-Siege War Council — Lessons from the Storm
  1. Was the Business Continuity Plan activated promptly and effectively? Were roles, responsibilities, and escalation paths clearly understood by all participants?
  2. Were the documented RTO and RPO targets achievable in practice, and did the actual recovery times expose gaps between documented plans and operational reality?
  3. How effective was the alternate site (Shadow Keep / DR site) in sustaining critical business services? Were the known deficiencies on the risk register a contributing factor to recovery delays?
  4. Were internal and external communications — to staff, clients, regulators, correspondent banks, and media — timely, accurate, and appropriately coordinated?
  5. Were all regulatory notification obligations — PRA, FCA, Bank of England, and SWIFT — identified and met within required timelines? Was the content of notifications appropriate?
  6. What systemic improvements to operational resilience — including DR testing frequency, infrastructure redundancy, third-party supply chain management, and impact tolerance calibration — should be prioritised in the remediation programme?
  7. How should the organisation address the cultural and governance factors that allowed known DR deficiencies to remain on the risk register without remediation for over a year?