[BCM] [MOM] [E2] [C1] Business Continuity Management Planning Methodology

 Ministry of Manpower

 

Introduction

The Ministry of Manpower (MOM) plays a critical role in safeguarding Singapore’s workforce ecosystem,  administering employment legislation, managing work pass systems, ensuring workplace safety and health (WSH), and supporting national manpower policies.

Any prolonged disruption to MOM’s operations could have significant regulatory, economic, and social consequences, including impacts on employers, employees, foreign workforce management, and national resilience.

In alignment with ISO 22301: Business Continuity Management Systems (BCMS), this chapter sets out a structured Business Continuity Management (BCM) Planning Methodology tailored for MOM.

The methodology adopts a seven-phase lifecycle approach, ensuring BCM is systematically planned, implemented, tested, maintained, and continuously improved, while remaining aligned with MOM’s statutory responsibilities and Whole-of-Government (WOG) resilience expectations.

Overview of the BCM Planning Methodology

The BCM planning methodology for MOM comprises the following seven interrelated phases:

1. Project Management (PM)
2. Risk Analysis and Review (RAR)
3. Business Impact Analysis (BIA)
4. Business Continuity Strategy (BCS)
5. Plan Development (PD)
6. Testing and Exercising (TE)
7. Program Management (PgM)

Each phase is designed to meet ISO 22301 requirements while addressing MOM’s unique operational context, regulatory obligations, and interdependencies with other government agencies.

Phase 1: Project Management (PM)

Objective

To establish governance, scope, roles, resources, and timelines for the BCM programme across MOM.

Approach

• Establish a BCM Steering Committee chaired by senior management to provide direction and oversight.
• Appoint a BCM Programme Owner and BCM Coordinators within each MOM division (e.g. Manpower Policy, Work Pass Division, Occupational Safety and Health Division).
• Define the BCM scope to include critical regulatory, enforcement, and service-delivery functions, as well as digital services used by employers and workers.
• Develop a BCM project plan aligned with MOM’s internal governance frameworks and WOG directives.

MOM-Specific Requirement

BCM governance must align with Whole-of-Government crisis management structures, ensuring clear escalation and coordination with the Ministry of Home Affairs (MHA), Ministry of Health (MOH), and Smart Nation and Digital Government Group (SNDGG) during national emergencies.

Phase 2: Risk Analysis and Review (RAR)

Objective

To identify and assess risks that could disrupt MOM’s ability to perform its statutory and operational functions.

Approach

• Identify internal and external threats, such as cyberattacks on work pass systems, pandemics, building access restrictions, data centre outages, and manpower shortages.
• Assess risks in terms of likelihood and impact on MOM’s people, processes, technology, and reputation.
• Consider cross-agency and national risks, including supply chain disruptions that affect foreign labour inflows.

MOM-Specific Requirement

Risk analysis must explicitly address cyber and digital service risks, particularly those affecting national systems such as EP Online, WP Online, and Workplace Safety reporting platforms, which are critical to Singapore’s labour market stability.

Phase 3: Business Impact Analysis (BIA)

Objective

To evaluate the impact of disruptions on MOM’s critical business functions and determine recovery priorities.

Approach

• Identify Critical Business Functions (CBFs) such as work pass issuance, enforcement of employment legislation, WSH incident response, and public advisory services.
• Assess impacts across financial, legal, operational, reputational, and public confidence dimensions.
• Define Maximum Tolerable Period of Disruption (MTPD), Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs).

MOM-Specific Requirement

The BIA must prioritise functions that have direct regulatory and public safety implications, such as workplace fatality investigations and work pass renewals, where delays could lead to legal non-compliance or national workforce instability.

Phase 4: Business Continuity Strategy (BCS)

Objective

To determine appropriate strategies to maintain or restore critical MOM functions within acceptable timeframes.

Approach

• Identify people, premises, technology, and supplier strategies, including remote work arrangements and alternative service-delivery models.
• Define IT resilience strategies in coordination with GovTech and central government data centre providers.
• Ensure strategies are cost-effective and aligned with MOM’s risk appetite.

MOM-Specific Requirement

Business continuity strategies must support secure remote access for authorised officers, enabling regulatory and enforcement functions to continue during national emergencies without compromising data protection or government security policies.

Phase 5: Plan Development (PD)

Objective

To document actionable and structured Business Continuity Plans (BCPs) that guide response and recovery.

Approach

• Develop corporate-level, division-level, and function-level BCPs.
• Include clear activation criteria, roles and responsibilities, communication protocols, and step-by-step recovery procedures.
• Ensure alignment with MOM’s crisis communication and public information policies.

MOM-Specific Requirement

BCPs must incorporate public and stakeholder communication protocols to ensure timely, accurate updates to employers, workers, and partner agencies during disruptions, in line with Government Communications Group (GCC) guidelines.

Phase 6: Testing and Exercising (TE)

Objective

To validate the effectiveness and readiness of MOM’s BCM arrangements.

Approach

• Conduct regular tabletop exercises, simulation drills, and system recovery tests.
• Test cross-agency coordination and escalation procedures.
• Document lessons learnt and improvement actions.

MOM-Specific Requirement

At least one BCM exercise per cycle must involve a Whole-of-Government or inter-ministerial scenario, such as a pandemic resurgence or a national cyber incident affecting multiple public-sector systems.

Phase 7: Program Management (PgM)

Objective

To ensure BCM remains effective, current, and continuously improved.

Approach

• Integrate BCM into MOM’s governance, risk management, and audit frameworks.
• Perform periodic reviews, management reporting, and internal audits in line with ISO 22301.
• Update BIA, risk assessments, and BCPs following organisational or policy changes.

MOM-Specific Requirement

BCM performance and readiness must be reported to senior management and relevant central agencies, and reviewed following major policy shifts, organisational restructuring, or significant national incidents.

 

This seven-phase BCM planning methodology provides MOM with a structured, standards-aligned, and ministry-specific approach to building resilience.

By embedding ISO 22301 principles into MOM’s governance and operational culture, the ministry can ensure continuity of critical manpower services, uphold regulatory obligations, and contribute effectively to Singapore’s national resilience—regardless of the nature or scale of disruption.