[BCM] [Boost] [E3] [BCS] [T1] Mitigation Strategies and Justification

Threat

Existing Controls

Risk Rating

Risk Level

Risk Treatment (Residual Risk)

Additional Mitigation Strategy

Justification for Selected Mitigation Strategy

Flood / Flash Flood

Flood barriers, offsite backups, emergency SOPs

20

High

Risk Reduction

Relocate flood-prone branches; install real-time flood sensors

Ensures operational continuity by avoiding prolonged physical access issues

Haze

Work-from-home policy, air purifiers

12

Medium

Risk Reduction

Enhance HVAC systems; distribute N95 masks to staff

Minimises health impact and ensures staff productivity during haze events

Fire

Fire alarms, extinguishers, and evacuation drills

15

Medium

Risk Reduction

Implement fire-rated server rooms; conduct quarterly audits

Strengthens defence against facility damage and ensures compliance

Earthquake Tremors

Anchor equipment, secure server racks

8

Low

Risk Acceptance

Conduct a building structural assessment; raise staff awareness

Acceptable due to infrequency,  but with improved resilience planning

Power Outage

Backup generators, UPS

20

High

Risk Reduction

Implement dual power feeds and consider solar backup for critical sites

Reduces downtime and enhances availability for customer services

Bomb Threat / Terrorism

Panic buttons, security cameras

15

Medium

Risk Reduction

Conduct regular drills; collaborate with law enforcement for updates

Prepares staff and reduces panic during incidents

Pandemic / Infectious Disease

WFH setup, staff health monitoring, and vaccines

20

High

Risk Reduction

Establish a pandemic command team; implement a rotating workforce

Protects the workforce and sustains service availability

Labour Strike / Dispute

Grievance channels, HR policies

15

Medium

Risk Reduction

Develop employee engagement programs; cross-train essential staff

Reduces the likelihood of disputes and mitigates manpower impact

Loss of Key Personnel

Succession planning, role documentation

15

Medium

Risk Reduction

Create backup leaders for each critical role; enhance knowledge sharing

Mitigates leadership vacuum and ensures continuity

Loss of Vendor / Supplier

Secondary suppliers, SLA enforcement

12

Medium

Risk Reduction

Build a vendor risk assessment framework; increase local sourcing

Reduces supply chain bottlenecks and delivery issues

Regulatory Breach

Compliance audits, training

10

Medium

Risk Reduction

Implement GRC system; automate compliance tracking

Minimises compliance gaps and regulatory penalties

IT Hardware/Software Failure

Maintenance schedule, redundancy setup

20

High

Risk Reduction

Migrate to a hybrid cloud; establish a DR site

Improves recoverability and system uptime

Telecom/Network Failure

Dual ISP setup, VPNs

20

High

Risk Reduction

Implement 4G/5G fallback connectivity; monitor network health

Ensures continuous online access for digital banking

IT Sabotage / Cyber Attack

Firewalls, employee training, and access controls

20

High

Risk Reduction

Conduct threat hunting, penetration testing, and SOC outsourcing

Defends digital assets and customer trust proactively