BCS P1: Mitigation Strategies and Justification for Bandtree
This section, BCS Part 1: Mitigation Strategies and Justification, presents a comprehensive assessment of identified threats affecting Bandtree’s operations and assets.
It outlines the existing control measures, evaluates residual risks, and proposes additional mitigation strategies based on industry best practices and organisational context.
Each mitigation strategy is supported by a clear justification to ensure alignment with the company's business continuity principles and operational priorities.
This is a structured Mitigation Strategies table for Bandtree, incorporating the BCM Institute's guidance note for “Part 1: Mitigation Strategies” and contextualising for property management:
|
Threat |
Existing Controls |
Risk Rating |
Risk Level |
Risk Treatment (Residual Risk) |
Additional Mitigation Strategy |
Justification for Selected Mitigation Strategy |
|
Fire outbreak in managed buildings |
Fire extinguishers, fire alarms, evacuation plans, and fire drills |
High (e.g., 16) |
High |
Risk Reduction |
Install automatic fire suppression (sprinklers), heat detectors, and integrate with 24/7 monitoring. |
Automatic systems significantly reduce fire spread, lower damage and loss of life—cost vs benefit supports reduction. |
|
Theft/ vandalism of assets |
CCTV, security guards, and access card entry |
Medium-High (e.g., 12) |
High |
Risk Reduction / Transfer |
Enhance perimeter fencing, install intruder detection sensors, and outsource advanced security services. |
Physical barriers, combined with technology and expert services, raise deterrence, facilitate faster crime detection, and share risk through outsourcing. |
|
ICT system outage |
Basic IT infrastructure, some redundancies, backup power |
Medium-High (e.g., 12) |
High |
Risk Reduction / Transfer |
Implement fully redundant systems, establish an SLA with an external IT provider, and purchase technology insurance. |
Redundancy minimises downtime; outsourcing and insurance help transfer residual risk. |
|
Natural disaster (flooding, storms) |
Elevated building design, emergency SOPs |
Medium (e.g., 9) |
Medium |
Risk Reduction / Avoidance |
Move critical servers to an off-site or cloud backup location; install flood sensors and backup generators. |
Off-site/cloud backup ensures data resilience; generators and sensors reduce downtime and damage. |
|
Regulatory non‑compliance (building codes, safety) |
Periodic internal audits, staff awareness |
Medium (e.g., 9) |
Medium |
Risk Reduction |
Contract third-party compliance audits annually; conduct recurring training sessions. |
External audits increase objectivity; training ensures staff maintain up‑to‑date compliance awareness. |
|
Workplace accidents/ injuries |
Basic PPE, incident reporting, and safety induction |
Medium (e.g., 9) |
Medium |
Risk Reduction |
Regular safety drills, hire a certified safety officer, and periodic refresher training. |
Professional safety oversight and training reduce the likelihood of accidents, making prevention a cost-effective measure. |
Effective risk mitigation is not solely about implementing controls—it is about selecting the right strategies, tailored to the organisation’s context, risk appetite, and operational dynamics.
This chapter has identified and analysed key threats faced by Bandtree and proposed targeted mitigation strategies to address them.
By leveraging both preventive and corrective measures—including technological upgrades, physical safeguards, outsourcing, and policy improvements—Bandtree can reduce the likelihood and impact of operational disruptions.
The justifications provided ensure that every proposed strategy is not only practical and cost-effective but also aligned with the organisation's strategic goals.
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||