It focuses on categorising threats by their nature, such as natural disasters, man-made disruptions, personnel shortages, supply chain interruptions, and IT system failures, and documenting the specific treatments and controls in place to address each.
Using the principles of risk management, this chapter evaluates CGC’s existing strategies across four standard risk treatment categories: Risk Avoidance, Risk Reduction, Risk Transference, and Risk Acceptance. The aim is to ensure that the Corporation can sustain critical operations during disruptions and resume normal functioning within acceptable timeframes.
The treatments and controls detailed in this section reflect both current measures and forward-looking plans that strengthen CGC’s operational resilience and business continuity preparedness. This comprehensive risk treatment framework is aligned with best practices, including those defined in ISO 22301 and BCM Institute’s RAR methodology.
Here’s a filled template for Part 2: RAR – Treatment and Control tailored for Credit Guarantee Corporation Malaysia (CGC), based on the threats identified in Part 1: RAR – List of Threats and the BCM Institute RAR framework
|
Threat |
Existing Risk Treatment – Risk Avoidance |
Risk Reduction |
Risk Transference |
Risk Acceptance |
Existing Controls |
Additional (Planned) Controls |
|
Denial of Access – Natural Disaster (e.g. flood, earthquake) |
Partial (site selection/mapping) |
✔️ Hazard-resistant building design; dual‑site operations |
✔️ Insurance coverage for asset losses |
– |
On‑site flood barriers, backup generator, periodic drills, and evacuation plan |
Install permanent dry‑raised assembly area; regular inspection of water‑tight seals |
|
Denial of Access – Man‑made Disaster (e.g. fire, vandalism) |
– |
✔️ Fire alarm/suppression systems; CCTV surveillance |
✔️ Property & third‑party liability insurance |
– |
Fire extinguishers, automatic sprinklers, security patrols, and maintenance checks |
Conduct quarterly fire drills; upgrade CCTV with AI detection |
|
Unavailability of People (e.g. pandemic, labour strike) |
– |
✔️ Remote work capacity; cross‑trained staff; flexible scheduling |
✔️ Outsourced back‑office support contracts |
– |
VPN access, HR succession planning, pandemic hygiene protocols |
Formalize staff rotation plans; establish standby contract with temp agency |
|
Disruption to the Supply Chain (e.g. vendor failure, transport delay) |
✔️ Multi-sourced critical supplies |
✔️ Inventory buffers; vendor performance tracking |
✔️ Supply‑chain insurance, where feasible |
– |
Approved vendor lists, regular audits, KPI monitoring, and contractual SLAs |
Develop alternative local supplier network; annual stress tests of vendor chain |
|
Equipment & IT‑Related Disruption (e.g. server crash, hardware failure) |
– |
✔️ Scheduled maintenance; hardware redundancy; patching |
✔️ IT outage insurance (cyber, hardware) |
– |
Dual‑site data replication, UPS, backup tapes, and change management policies |
Deploy cloud‑based failover; monthly disaster‑recovery drills; annual penetration tests |
In summary, CGC has adopted a multi-faceted and proactive approach to risk treatment, ensuring that business continuity measures are embedded across operational, technological, and strategic layers. The treatments and controls outlined in this chapter form the foundation of a resilient organisation, capable of withstanding and recovering from a broad spectrum of threats.
While many effective measures are already in place, ranging from backup infrastructure to vendor diversification, several additional controls have been identified for future implementation. These will further enhance CGC’s ability to mitigate risks and uphold service delivery under adverse conditions.
Continued review, testing, and refinement of these risk treatments are critical to ensuring their relevance and effectiveness. Moving forward, CGC remains committed to strengthening its risk posture through continuous improvement and a strong culture of resilience.
Resilience Redefined: Implementing BCM at Credit Guarantee Corporation Malaysia |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 1: Risk Assessment and Guarantee Issuance | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||