Business Continuity Management for BandTree
BT BB BC_Bantree BIA Report

[BCM] [BT] [E3] [BIA] [T1] [CBF] [6] Information Systems & Records Management

New call-to-action

The identification of critical business functions within the Information Systems & Records Management domain is foundational to ensuring Bandtree’s operational resilience and continuity.

This chapter outlines the key functions and sub-processes that support the management, protection, and availability of the company’s ICT infrastructure, applications, records, and data.

By clearly defining these functions, Bandtree can establish appropriate recovery priorities, allocate resources efficiently, and implement effective continuity strategies.

Understanding these business functions also facilitates compliance with regulatory requirements and supports the safeguarding of vital corporate information assets essential for ongoing property management operations and organisational governance.

Dr Goh Moh Heng
Business Continuity Management Expert Implementer
New call-to-action
 

Bann_BCM_BIA_BIAQ Part 1 and 2

BIA Questionnaires 

Part 1: Identification of Business Functions

Notes for BCM Institute's Course Participants: This is the template for completing the "Overview of CBFs and Business Unit MBCO."

Template BIA 2-1

CBF 6: Information Systems & Records Management

The identification of critical business functions within the Information Systems & RecordsNew call-to-action Management domain is foundational to ensuring Bandtree Sdn Bhd’s operational resilience and continuity. 

Purpose of Chapter

Bandtree Corporate MBCOThis chapter outlines the key functions and sub-processes that support the management, protection, and availability of the company’s ICT infrastructure, applications, records, and data.

By clearly defining these functions, Bandtree can establish appropriate recovery priorities, allocate resources efficiently, and implement effective continuity strategies.

Understanding these business functions also facilitates compliance with regulatory requirements and supports the safeguarding of vital corporate information assets, which are essential for ongoing property management operations and organisational governance.

Definition of MBCO

The MBCO establishes the minimum acceptable level of activity that must be sustained to prevent serious consequences to the business, its stakeholders, and national operations.

By defining these priorities, Bandtree ensures that critical facilities services can continue, be restored quickly, or be adapted during adverse events to meet both regulatory and operational demands.

Corporate and Business Unit MBCO

Here is a structured table for CBF-6 Information Systems & Records Management of Bandtree, based on the provided sub-processes and about the BCM Institute’s definition of Minimum Business Continuity Objective (MBCO):

Table 1-1: [BIA] [P1] Identification of Business Functions for CBF 6: Information Systems & Records Management
Corporate MBCO

Critical Business Functions (CBF)

CBF Code

Description of CBF

Corporate Minimum Business Continuity Objective (MBCO)

Information Systems & Records Management

CBF-6

The management and maintenance of ICT infrastructure, systems, cybersecurity, records, and user support are essential for ensuring operational continuity and compliance.

Ensure that critical ICT services and records management systems are operational within the agreed-upon Recovery Time Objectives (RTO), maintaining data integrity, security, and accessibility.

 

Table 1-2: [BIA] [P1] Identification of Business Functions for CBF 6: Information Systems & Records Management (Sub-CBF)
Business Unit MBCO

Sub-Critical Business Functions (CBF)

Sub-CBF Code

Description of CBF

Business Unit Minimum Business Continuity Objective (MBCO)

ICT Infrastructure Management

6.1

Oversight and maintenance of hardware, networks, and infrastructure are necessary to support business applications and communication.

Restore critical ICT infrastructure within 24 hours to ensure minimal disruption to business operations.

Property Systems Application Support

6.2

Support and maintenance of property management systems used in corporate operations.

Ensure property management applications are available and functional within 8 hours post-disruption.

Records Retention & Archiving

6.3

Secure and compliant storage, retention, and archiving of corporate and operational records.

Maintain access to vital records within 12 hours, ensuring compliance with legal and regulatory requirements.

Data Backup & Recovery

6.4

Regular data backup and swift recovery mechanisms to prevent data loss and support business continuity.

Ensure data backups are available and recoverable within 4 hours after an incident.

Cybersecurity & Access Control

6.5

Protection of information systems from cyber threats and management of access privileges to ensure data security.

Maintain cybersecurity controls and access management to prevent breaches with zero tolerance for extended downtime.

System Development & Enhancement

6.6

Continuous improvement and updating of ICT systems to meet evolving business needs and technological advancements.

Prioritise system enhancements that impact critical business functions; non-critical updates may follow normal change management timelines.

ICT Vendor Management

6.7

Coordination and management of external ICT service providers and suppliers to ensure service reliability.

Maintain vendor contracts and Service Level Agreements (SLAs) to ensure timely support and recovery within the agreed-upon Mean Business Cycle Objective (MBCO).

User Training & Support

6.8

Provision of training and technical support to end-users for effective utilisation of ICT systems.

Deliver essential user support and training to minimise operational delays during recovery phases.

Compliance & IT Governance

6.9

Ensuring ICT activities comply with regulatory standards, policies, and governance frameworks.

Ensure ongoing compliance with minimal disruption to business processes—immediate attention to critical compliance issues.

Physical Records Handling

6.10

Secure management, storage, and handling of physical records to protect integrity and confidentiality.

Maintain secure access and protection of physical records within 24 hours of disruption.

 

Summing Up ... for Part 1

Accurately identifying and documenting the critical business functions within Information Systems & Records Management enables Bandtree to develop a robust business continuity framework tailored to the unique demands of its ICT environment.

This clarity ensures that recovery efforts focus on the most vital areas, minimising disruption and maintaining service delivery to stakeholders.

Moving forward, continuous review and validation of these business functions will be essential to adapt to evolving technologies, emerging risks, and organisational changes, thereby sustaining Bandtree’s commitment to resilience, security, and operational excellence.

 


New call-to-action

Bann_BCM_BIA_BIAQ Part 1 and 2

BIA Questionnaires 

Part 2: Impact Area Of Business Functions

Notes for BCM Institute's Course Participants: This is the template for completing the "Impact Analysis of CBFs, including financial implications and effect on MBCO."

Template BIA 3

 


CBF 6: Information Systems & Records Management

In today’s rapidly evolving digital landscape, Information Systems and Records Management play a pivotal role in ensuring the seamless operation and governance of organisational activities.

For Bandtree, a government-linked company specialising in corporate property management, the Critical Business Function CBF 6: Information Systems & Records Management is fundamental to maintaining operational efficiency, regulatory compliance, and data integrity.

This chapter focuses on the various impact areas associated with CBF-6, detailing how disruptions or failures in these areas can affect the organisation’s financial health, operational continuity, and overall reputation.

By understanding the specific impact areas, Bandtree can better prioritise risk mitigation, resource allocation, and recovery strategies to safeguard its critical information assets and systems.

Below is a structured table for Critical Business Function CBF 6: Information Systems and Records Management, along with its sub-processes (Sub-CBFs), organised according to the specified headers.

The financial impact and its impact on MBCO (Minimum Business Continuity Objective) are illustrated based on typical risks in this area, following the impact area concepts outlined in the linked BCMPedia content.

Table 2-1: [BIA] [P2] Impact Area Of Business Functions for CBF 6: Information Systems & Records Management

 

      Financial Impact

Sub-CBF

Sub-CBF Code

Impact Area

Monetary Loss (Estimated)

Calculation of Monetary Loss (State Formula for Calculations)

ICT Infrastructure Management

6.1

System Availability

BND 80,000 - 300,000

Loss = (Cost of downtime per hour x Hours of outage) + Repair Cost

Property Systems Application Support

6.2

Service Continuity

BND 50,000 - 200,000

Loss = (Number of impacted users x Average cost per user x Hours of system downtime)

Records Retention & Archiving

6.3

Regulatory Compliance

BND 30,000 - 150,000

Loss = (Penalty Fees + Cost of Legal Actions)

Data Backup & Recovery

6.4

Data Integrity & Availability

BND 100,000 - 600,000

Loss = (Cost to restore data + Loss from data unavailability)

Cybersecurity & Access Control

6.5

Information Security

BND 200,000 - 1,000,000+

Loss = (Cost of breach + Regulatory fines + Reputational damage)

System Development & Enhancement

6.6

Process Improvement

BND 20,000 - 100,000

Loss = (Delay in project delivery x Cost per day)

ICT Vendor Management

6.7

Supplier Reliability

BND 50,000 - 250,000

Loss = (Impact from vendor failure x Downtime)

User Training & Support

6.8

Human Resource Competency

BND 10,000 - 50,000

Loss = (Productivity loss due to lack of skills x Time)

Compliance & IT Governance

6.9

Legal & Regulatory Compliance

BND 50,000 - 300,000

Loss = (Fines + Cost of audits + Remediation costs)

Physical Records Handling

6.10

Physical Asset Security

BND 20,000 - 100,000

Loss = (Cost of lost/damaged records + Recovery costs)

 
Table 2-2: [BIA] [P2] Impact Area Of Business Functions for CBF 6: Information Systems & Records Management

 

Sub-CBF

Sub-CBF Code

Affect MBCO

Impact

Remarks – Description

ICT Infrastructure Management

6.1

Yes

System downtime impacting user productivity

Critical for maintaining the uptime of servers, networks, and hardware

Property Systems Application Support

6.2

Yes

Disruption in property management applications

Impacts access and processing of property-related data and transactions

Records Retention & Archiving

6.3

Yes

Risk of non-compliance fines and legal consequences

Essential for maintaining legally compliant records and archives

Data Backup & Recovery

6.4

No

Prevents data loss, ensures business continuity

Critical to restore operations after data loss or system failures

Cybersecurity & Access Control

6.5

Yes

Potential data breaches, loss of trust and regulatory penalties

Protects sensitive data from unauthorised access and cyber threats

System Development & Enhancement

6.6

No

Delayed enhancements affecting operational efficiency

Improves systems functionality, but delays may slow business improvements

ICT Vendor Management

6.7

Yes

Dependency on vendors is affecting system availability

Ensures third-party services and supplies are reliable

User Training & Support

6.8

No

Lower user proficiency, increased errors

Important for minimising user errors and maximising system use efficiency

Compliance & IT Governance

6.9

Yes

Non-compliance risks and penalties

Maintains adherence to IT policies, standards, and regulations

Physical Records Handling

6.10

Yes

Loss or damage to physical records affecting operations

Safeguards paper records and physical archives

 

Summing Up ... for Part 2

Understanding the impact areas of CBF-6 Information Systems & Records Management is crucial for Bandtree to build a resilient and robust IT infrastructure and processes.

The potential financial losses, operational disruptions, and compliance risks underscore the necessity of proactive management and continuous improvement within this function.

By clearly identifying and assessing these impact areas, Bandtree is better positioned to implement adequate controls, maintain regulatory adherence, and ensure uninterrupted service delivery.

Ultimately, a strong focus on Information Systems and Records Management enhances the company’s ability to sustain its business objectives and supports long-term organisational success in an increasingly technology-driven environment.

 

Implementing Business Continuity Management for Bandtree: A Practical Guide
eBook 3: Starting Your BCM Implementation
MBCO P&S RAR T1 RAR T2 RAR T3 BCS T1  CBF
New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action
CBF 6: Information Systems & Records Management
DP BIAQ T1 BIAQ T2 BIAQ T3 BCS T2 BCS T3 PD
New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action New call-to-action

 

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the  BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].

 

New call-to-action  New call-to-action Register [BL-B-3]*
New call-to-action New call-to-action New call-to-action
FAQ [BL-B-3]

Please feel free to send us a note if you have any questions.

Email to Sales Team [BCM Institute]

 FAQ BL-B-5 BCM-5000
New call-to-action New call-to-action New call-to-action
 
 
 

Your Comments Here:

 

More Posts

New Call-to-action