[Business Continuity Strategy] [Template 1]
CBF-1 Air Navigation Services
Key Business Processes and Sub-CBF for CBF-9 IT & Cyber Resilience
With Singapore's position as a global aviation hub, any disruption to CAAS’s IT infrastructure or a cyber threat could result in significant operational, reputational, and regulatory consequences.
CBF-9, IT & Cyber Resilience, is one of CAAS’s most critical business functions. This function supports all aviation safety, air navigation, regulatory compliance, and enterprise-wide systems.
The objective of this chapter is to map out the detailed business processes (Sub-CBFs) that underpin CBF-9. These processes are essential for maintaining the resilience of IT systems and ensuring robust cyber defences.
Through this breakdown, CAAS can effectively assess the risks associated with IT and cybersecurity disruptions, determine recovery priorities, and develop appropriate mitigation strategies in alignment with national and international aviation regulatory requirements.
Table: Key Business Processes and Sub-CBF for CBF-1 Air Navigation Services
|
Sub-CBF Code |
Sub-CBF |
Description |
Example in CAAS Context |
|
9.1 |
Air Traffic Management (ATM) Systems Resilience |
Ensures the availability, integrity, and performance of ATM-related IT systems. |
Maintenance and failover capability of the LEMATAR (Long-range En-route ATC Radar) and ATC communication systems. |
|
9.2 |
Cybersecurity Monitoring & Threat Response |
Real-time monitoring, detection, and response to cyber threats across CAAS’s digital infrastructure. |
Cyber Defence Operations Centre (CDOC) detects threats on the MyICA–CAAS Portal Interface. |
|
9.3 |
Critical System Backup & Data Recovery |
Periodic backup of essential data and IT systems to enable rapid restoration. |
Scheduled backups of flight data records and air navigation charge systems. |
|
9.4 |
Enterprise IT Infrastructure Continuity |
Maintaining the operability of enterprise systems like HR, finance, and internal portals. |
Continuity of SAP-based systems for procurement and personnel management. |
|
9.5 |
Digital Aviation Services Platform (DASP) Resilience |
Supports digital services including drone registration, flight approvals, and stakeholder APIs. |
Ensuring 24/7 uptime of the UAS (Unmanned Aircraft Systems) portal. |
|
9.6 |
Cloud and Third-Party Service Continuity |
Ensuring resilience in systems hosted externally or provided by third-party vendors. |
SLA enforcement with GovTech Singapore for cloud hosting services. |
|
9.7 |
IT Governance & Compliance Management |
Policy enforcement, audits, and incident documentation to comply with cybersecurity standards. |
Annual audit aligned with CSA’s Cybersecurity Code of Practice (CCoP) for critical infrastructure. |
|
9.8 |
Disaster Recovery Planning and Testing |
Formal DR planning and periodic testing of recovery capabilities. |
Quarterly DR simulation for Airport Operations Systems (AOS) and database clusters. |
Summing Up ...
As aviation continues to digitalise, the dependency of CAAS on resilient IT infrastructure and proactive cyber defence capabilities has never been more pronounced. The detailed Sub-CBFs within CBF-9 provide a granular view of the operational priorities necessary to protect core aviation functions and public trust.
By identifying and documenting these critical sub-processes, CAAS is not only aligning with its business continuity management framework but also reinforcing its commitment to national resilience, regulatory compliance, and uninterrupted service delivery in the face of cyber or IT-related threats.
The mapping of these detailed processes serves as the foundation for assessing potential vulnerabilities, prioritising investments in cyber resilience, and integrating IT recovery into the broader CAAS crisis and continuity management plans.
![[BCM] [CAAS] [E3] [RAR] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/638600be-d908-40a0-9168-d5cc6eef1926.png)
![[BCM] [CAAS] [E3] [RAR] [T2] Treatment and Control](https://no-cache.hubspot.com/cta/default/3893111/0df84fd2-d151-43eb-bd67-e8de11e820a7.png)
![[BCM] [CAAS] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/00fedd72-3ce2-4a52-8aee-e18e5bac5d56.png)
![[BCM] [CAAS] [E3] [BCS] [T1] Mitigation Strategies and Justification](https://no-cache.hubspot.com/cta/default/3893111/17350a9e-771a-404d-9740-5c8d3a9d509d.png)
![[BCM] [CAAS] [E3] [BIA] [T1] [CBF] [9] IT & Cyber Resilience](https://no-cache.hubspot.com/cta/default/3893111/205c35be-6bb6-45c3-8d47-81ef80651678.png)
![[BCM] [CAAS] [E3] [BIA] [T2] [CBF] [9] IT & Cyber Resilience](https://no-cache.hubspot.com/cta/default/3893111/49fa98f3-188b-41d3-9245-869918317926.png)
![BCM] [CAAS] [E3] [BIA] [T3] [CBF] [9] IT & Cyber Resilience](https://no-cache.hubspot.com/cta/default/3893111/bb87c891-2812-43e5-aadb-9f4f97254055.png)
![[BCM] [CAAS] [E3] [BCS] [T2] [CBF] [9] Recovery Strategies](https://no-cache.hubspot.com/cta/default/3893111/d7b8a6d3-33f9-40b6-9619-4c9f7e050850.png)
![[BCM] [CAAS] [E3] [BCS] [T3] [CBF] [9] Minimum Resources Required during a Disaster](https://no-cache.hubspot.com/cta/default/3893111/de745a68-c821-4b0f-baa4-4785f18ddfa0.png)
![[BCM] [CAAS] [E3] [PD] [CBF] [9] IT & Cyber Resilience](https://no-cache.hubspot.com/cta/default/3893111/be43aeec-6049-442e-889c-043930b32b3d.png)
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
