Part 2: RAR – Treatment and Control
Children’s Aid Society
![[BCM] [CAS] [E3] [RAR] [T2] Treatment and Control](https://no-cache.hubspot.com/cta/default/3893111/c473b049-9760-46db-860e-fbc12161e396.png)
Risk Assessment and Review (RAR) is a fundamental component of the Children’s Aid Society’s Business Continuity Management (BCM) framework.
Following the identification of threats in Part 1, this section focuses on the treatment and control measures that the organisation has in place, as well as additional measures planned to strengthen resilience. Risk treatment strategies include four main approaches: risk avoidance, risk reduction, risk transference, and risk acceptance.
Each threat category is assessed to determine the most appropriate treatment, supported by existing controls and complemented by planned improvements. The objective is to ensure that the Society can sustain critical residential care operations and other essential services, even in the face of disruptive incidents.
Table: Risk Treatment and Control
|
Threat |
Existing Risk Treatment - Risk Avoidance |
Existing Risk Treatment - Risk Reduction |
Existing Risk Treatment - Risk Transference |
Existing Risk Treatment - Risk Acceptance |
Existing Controls |
Additional (Planned) Controls |
|
Denial of Access – Natural Disaster (e.g., Flood, Fire, Severe Storms) |
Selection of facility locations in areas with low flood and fire risks |
Regular maintenance of drainage, fire detection and suppression systems; emergency drills |
Property insurance coverage; fire insurance |
Accept residual risk of minor disruptions |
Fire alarms, sprinklers, evacuation procedures, and emergency shelter tie-ups |
Explore relocation arrangements with partner organisations; enhance flood barriers; implement early warning systems |
|
Denial of Access – Man-made Disaster (e.g., Civil Unrest, Terrorist Attack) |
Avoid hosting events in high-risk locations |
Security protocols, staff training, and controlled access to premises |
Insurance covering damage from man-made events |
Accept residual risk due to low likelihood |
Security cameras, access control systems, liaison with local police |
Strengthen physical security barriers; establish mutual aid agreements for temporary relocation |
|
Unavailability of People (e.g., Pandemic, Staff Illness, Mass Resignation) |
Avoid dependency on single individuals for critical functions |
Cross-training, remote work capability, and health and safety protocols |
Group insurance and medical coverage |
Accept residual risk of short-term manpower shortages |
Staff succession planning, HR policies for leave and health management |
Expand volunteer support pool; formalise remote learning/working arrangements; develop pandemic response plan |
|
Disruption to the Supply Chain (e.g., Food, Utilities, Medical Supplies) |
Diversify suppliers to avoid over-dependence |
Maintain a buffer stock of essential items; regular supplier audits |
Supplier contracts with service level agreements (SLA) and penalties |
Accept low-level risk for non-essential supplies |
Inventory management system, standing arrangements with preferred vendors |
Establish alternative supply chain partners; regional supplier collaboration; long-term framework agreements |
|
Equipment and IT-Related Disruption (e.g., Server Crash, Network Failure, Power Outage) |
Avoid outdated and unsupported systems |
Regular system maintenance, data backup, power surge protection, and redundancy |
IT insurance and extended warranty contracts |
Accept risk of short outages |
Cloud-based data storage, backup power generators, and IT support contracts |
Develop secondary data centre or cloud failover system; upgrade cybersecurity measures |
Notes to Populate the Table
- Threat: Use the exact wording from your "Part 1: RAR – List of Threats."
- Existing Risk Treatment (Avoidance / Reduction / Transference / Acceptance): Mark each treatment that’s already being applied (e.g., you might denote with "Yes" or brief notes).
- Existing Controls: Describe what’s already implemented (like systems, protocols, physical controls).
- Additional (Planned) Controls: Propose enhancements or future controls that would further mitigate the threat, aligning with strategic goals.
Summing Up ...
The treatment and control strategies outlined above reflect the Children’s Aid Society’s commitment to safeguarding its critical services against potential threats. While existing measures provide a robust foundation for continuity, continuous improvement through planned controls ensures that emerging risks are addressed proactively.
By balancing avoidance, reduction, transference, and acceptance, the Society builds resilience into its operations while ensuring that the welfare of its beneficiaries remains uncompromised.
This structured approach to risk treatment positions the organisation to respond effectively to crises, minimise operational disruptions, and maintain trust with stakeholders.
Resilience in Service: BCM Implementation for Children’s Aid Society |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
![[BCM] [CAS] [E3] [BIA] MBCO Corporate MBCO](https://no-cache.hubspot.com/cta/default/3893111/93306344-bba6-4089-b2ae-a487053068c4.png) |
![[BCM] [CAS] [BIA] [P&S] Key Product and Services](https://no-cache.hubspot.com/cta/default/3893111/ba1d7583-f7f8-4619-9209-6095fd604e76.png) |
![[BCM] [CAS] [E3] [RAR] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/0826e05c-6abf-4ca8-9a35-dd40c5c365e3.png) |
|
![[BCM] [CAS] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/b70bdc07-1651-4d3c-9457-ecb7667a23da.png) |
![[BCM] [CAS] [E3] [BCS] [T1] Mitigation Strategies and Justification](https://no-cache.hubspot.com/cta/default/3893111/70e9df63-2604-44c4-8359-4a358c79223a.png) |
![[BCM] [CAS] [E1] [C10] Identifying Critical Business Functions](https://no-cache.hubspot.com/cta/default/3893111/7ba5f08c-6508-4142-8bb7-4a294958c6bc.png) |
| CBF 1: Residential Care Operations |
||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
![[BCM] [CAS] [E3] [BIA] [DP] [CBF] [1] Residential Care Operations](https://no-cache.hubspot.com/cta/default/3893111/e5b66190-4474-4b27-880f-7dd700d05c42.png) |
![[BCM] [CAS] [E3] [BIA] [T1] [CBF] [1] Residential Care Operations](https://no-cache.hubspot.com/cta/default/3893111/bbfbcb47-d5be-4b0a-b20f-e778bc6365ff.png) |
![[BCM] [CAS] [E3] [BIA] [T2] [CBF] [1] Residential Care Operations](https://no-cache.hubspot.com/cta/default/3893111/d097b655-120f-4b1c-9ca0-1a6778ad97d4.png) |
![[BCM] [CAS] [E3] [BIA] [T3] [CBF] [1] Residential Care Operations](https://no-cache.hubspot.com/cta/default/3893111/044aa852-ae20-4598-9b62-bae322879b2a.png) |
![[BCM] [CAS] [E3] [BCS] [T2] [CBF] [1] Recovery Strategies](https://no-cache.hubspot.com/cta/default/3893111/9f2b3772-46b2-4e43-8144-354e90a30aca.png) |
![[BCM] [CAS] [E3] [BCS] [T3] [CBF] [1] Minimum Resources Required during a Disaster](https://no-cache.hubspot.com/cta/default/3893111/c8f45e1b-02a4-43fa-93da-6c87e74f2c07.png) |
![[BCM] [CAS] [E3] [PD] [CBF] [1] Residential Care Operations](https://no-cache.hubspot.com/cta/default/3893111/140e9d80-a13f-4ad8-9091-0fc8c6ce5a2a.png) |
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
