[BCM] [GRA] [E3] [BIA] [PS] Key Product and Services

Introduction

Mapping Key Products and Services to Stakeholders

Priority Services During a Major Disruption

Key Considerations for ISO 22301 Compliance

More Information About Business Continuity Management Courses

A key requirement of ISO 22301 is the identification of the organisation's products and services that must continue to be delivered during an incident, emergency, or disaster. These products and services represent the outcomes that support the organisation's mission, stakeholders, statutory responsibilities, and strategic objectives.

For GRA, the continuity of regulatory services is essential to maintaining public confidence, safeguarding Singapore's gambling environment, ensuring compliance by regulated entities, protecting vulnerable individuals from gambling-related harm, and supporting the Government's broader regulatory and public policy objectives.

The identification of key products and services provides the foundation for the Business Impact Analysis (BIA), recovery prioritisation, continuity strategy development, and recovery planning activities within the Business Continuity Management System (BCMS).

Table C3: Key Products and Services

CBF Code	Critical Business Function	Key Products and Services Delivered During a Disruption
1	Gambling Licensing and Approval	Processing of licence applications, permit approvals, licence renewals, regulatory authorisations, and licensing decisions
2	Regulatory Oversight and Supervision	Continuous oversight of licensed gambling operators, regulatory supervision activities, and compliance reviews
3	Compliance Monitoring and Inspection	Regulatory inspections, compliance assessments, audit reviews, operator monitoring, and enforcement referrals
4	Enforcement and Investigation	Investigation of regulatory breaches, enforcement actions, prosecution support, evidence management, and case handling
5	Responsible Gambling and Harm Prevention	Responsible gambling policies, exclusion programmes support, public protection initiatives, and stakeholder engagement on gambling harm prevention
6	Regulatory Intelligence and Risk Assessment	Intelligence gathering, risk analysis, threat monitoring, suspicious activity assessments, and regulatory risk reporting
7	Incident and Crisis Management	Incident response coordination, regulatory crisis management, emergency decision-making, and stakeholder notifications
8	Stakeholder Communication and Public Affairs	Public announcements, media responses, stakeholder advisories, operator communications, and government communications
9	Legal and Regulatory Advisory	Legal opinions, regulatory interpretations, legislative guidance, enforcement support, and policy advisory services
10	Policy Development and Regulatory Framework Management	Development of regulatory policies, legislative recommendations, regulatory reviews, and governance framework updates
11	Information and Case Management Systems	Access to regulatory records, licensing databases, investigation case management systems, and information retrieval services
12	Cybersecurity and Information Protection	Cybersecurity monitoring, information security management, incident response, data protection, and security assurance services
13	ICT Infrastructure and Technology Services	Network services, application support, user support services, data centre operations, cloud services, and technology recovery services
14	Human Resource Management	Workforce administration, employee communications, staffing support, payroll coordination, and employee welfare services
15	Finance, Procurement, and Vendor Management	Financial management, payments processing, procurement activities, contract administration, and supplier coordination
16	Third-Party and Service Provider Oversight	Vendor performance monitoring, third-party risk management, supplier engagement, and outsourced service governance
17	Records and Information Management	Records administration, document management, information retention, records retrieval, and regulatory documentation support
18	Business Continuity and Organisational Resilience Management	BCM programme management, continuity coordination, resilience reporting, recovery planning, and exercise management
19	Inter-Agency Coordination and Government Liaison	Coordination with government agencies, law enforcement collaboration, regulatory engagement, and national response support
20	Executive Leadership and Governance	Strategic leadership, executive decision-making, governance oversight, resource allocation, and organisational direction

Stakeholder Group	Products and Services
Gambling Operators	Licensing, compliance guidance, regulatory supervision, inspections, enforcement notifications
Government Agencies	Regulatory reporting, intelligence sharing, incident coordination, policy support
Law Enforcement Agencies	Investigation support, intelligence exchange, enforcement coordination
Public and Community	Responsible gambling initiatives, public communications, regulatory assurance
Employees	Human resource support, technology services, workplace communications
Service Providers	Contract management, vendor coordination, performance oversight
Senior Management	Governance reporting, risk reporting, resilience reporting, strategic advisory services

During a major incident, emergency, or disaster, GRA should prioritise the continuation or rapid recovery of the following services:

Priority Level	Critical Service
Priority 1	Regulatory Oversight and Supervision
Priority 1	Enforcement and Investigation
Priority 1	Incident and Crisis Management
Priority 1	Regulatory Intelligence and Risk Assessment
Priority 1	Cybersecurity and Information Protection
Priority 1	ICT Infrastructure and Technology Services
Priority 2	Gambling Licensing and Approval
Priority 2	Compliance Monitoring and Inspection
Priority 2	Stakeholder Communication and Public Affairs
Priority 2	Inter-Agency Coordination and Government Liaison
Priority 3	Legal and Regulatory Advisory
Priority 3	Records and Information Management
Priority 3	Finance, Procurement, and Vendor Management
Priority 3	Human Resource Management

This prioritisation guides the Business Impact Analysis and continuity planning processes.

When identifying products and services, GRA should ensure that:

Services are aligned with statutory and regulatory responsibilities.
Critical stakeholder expectations are understood.
Recovery priorities are clearly established.
Dependencies supporting service delivery are identified.
Recovery objectives are defined.
Continuity strategies support the continued delivery of essential services.

The identified products and services should be reviewed periodically to ensure alignment with changes in legislation, regulatory responsibilities, technology environments, and organisational priorities.

The identification of key products and services is a fundamental requirement of ISO 22301 and serves as the foundation for Business Continuity Management planning. For the Gambling Regulatory Authority (GRA), these products and services represent the critical outcomes that support regulatory oversight, compliance enforcement, responsible gambling initiatives, stakeholder confidence, and public trust.

By clearly identifying the services that must continue during disruptions, GRA can establish meaningful recovery priorities, allocate resources effectively, and develop continuity strategies that support its mission and statutory obligations. The products and services identified in this chapter will serve as critical inputs into the subsequent Business Impact Analysis phase, where recovery priorities, dependencies, and recovery objectives will be further analysed to strengthen organisational resilience and regulatory excellence.

eBook 3: Starting Your BCM Implementation

RAR T1

RAR T2

RAR T3

BCS T1

To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].