[CM] [SIT] [E1] [C6] Assessing Risks and Threats

Chapter 6

What are the Types of Threats to Business Continuity Management for the Singapore Institute of Technology?

Introduction

The Singapore Institute of Technology (SIT), as an applied learning university, relies heavily on uninterrupted delivery of teaching, research, and administrative services.

In alignment with ISO 22301 (Business Continuity Management Systems) and Singapore’s Business Continuity Management (BCM) expectations, SIT must systematically identify, assess, and manage threats that could disrupt its critical functions.

ISO 22301 emphasizes that organisations must identify risks, prepare for disruptive incidents, and ensure continuity and recovery of operations .

In the context of a Singapore university, BCM focuses on maintaining education delivery, digital services, and stakeholder confidence during disruptions .

This chapter outlines the key categories of threats to SIT’s BCM, aligned with ISO 22301 principles and Singapore’s risk landscape.

1. Technological Threats

Technological threats are among the most critical for SIT due to its reliance on digital platforms, smart campus infrastructure, and online learning systems.

Key Threats

• Cyberattacks (e.g., ransomware, data breaches)
• Learning Management System (LMS) failure
• Network outages or ISP disruptions
• Data centre or cloud service failure
• Failure of smart campus systems (IoT, access control, labs)

Impact on SIT

• Disruption to online classes and assessments
• Compromise of sensitive student and research data
• Inability to access academic systems or administrative platforms

Singapore universities must prioritise cyber resilience and digital continuity, especially with the increasing dependence on online learning environments .

2. Operational and Process Failures

These threats arise from breakdowns in internal processes, governance, or operational controls.

Key Threats

• Ineffective academic scheduling systems
• Breakdown in examination or grading processes
• Failure in student services (enrolment, finance, records)
• Poorly defined crisis communication protocols

Impact on SIT

• Disruption to academic progression
• Loss of stakeholder trust (students, faculty, regulators)
• Reputational damage

ISO 22301 highlights that BCM must address people, processes, and governance structures, not just technology .

3. Human Resource and Workforce Disruptions

SIT’s ability to operate depends on the availability and capability of its staff, faculty, and support personnel.

Key Threats

• Pandemic or widespread illness (e.g., COVID-19-type events)
• Loss of key personnel or subject matter experts
• Labour shortages or industrial actions
• Inadequate training in crisis response

Impact on SIT

• Suspension of teaching and research activities
• Reduced operational capacity
• Inability to execute continuity plans effectively

ISO 22301 requires organisations to ensure competence, awareness, and availability of personnel as part of BCM readiness.

4. Physical and Infrastructure Threats

These threats affect SIT’s campuses, facilities, and physical assets.

Key Threats

• Fire, flood, or structural damage to campus buildings
• Power outages affecting classrooms, labs, and IT systems
• Failure of critical utilities (water, HVAC, electricity)
• Access restrictions (e.g., campus lockdowns)

Impact on SIT

• Inability to conduct physical classes or lab work
• Disruption to research activities and equipment
• Safety risks to students and staff

BCM planning must include alternate sites, facility recovery strategies, and safety protocols.

5. Third-Party and Supply Chain Disruptions

SIT relies on a network of vendors and partners for essential services.

Key Threats

• Failure of IT vendors or cloud service providers
• Disruptions in outsourced services (security, facilities, catering)
• Dependency on edtech platforms and digital tools
• Supply chain issues affecting lab equipment or teaching materials

Impact on SIT

• Interruption of critical services beyond SIT’s direct control
• Delays in academic delivery and operations

Modern BCM frameworks emphasize third-party risk management due to increasing interdependencies .

6. Regulatory and Compliance Risks

As a Singapore-based institution, SIT must comply with national regulations and policies.

Key Threats

• Non-compliance with Ministry of Education (MOE) guidelines
• Breach of data protection laws (e.g., PDPA)
• Failure to meet accreditation or academic standards

Impact on SIT

• Legal penalties and sanctions
• Loss of accreditation or funding
• Damage to institutional credibility

ISO 22301 reinforces the need to align BCM with legal, regulatory, and stakeholder expectations.

7. Reputational and Communication Threats

Reputation is critical for SIT in attracting students, faculty, and industry partners.

Key Threats

• Poor crisis communication during disruptions
• Misinformation or rumours spreading online
• Negative publicity from incidents (e.g., data breaches, campus incidents)

Impact on SIT

• Loss of trust among students and stakeholders
• Reduced enrolment and partnerships
• Long-term brand damage

Effective BCM includes clear communication strategies and stakeholder engagement to mitigate reputational harm .

8. External Environmental and National-Level Threats

These threats originate from the broader environment and national context.

Key Threats

• Pandemics and public health emergencies
• National cybersecurity incidents
• Geopolitical tensions affecting international students
• Transportation disruptions impacting campus access

Impact on SIT

• Disruption to campus operations and student mobility
• Need for rapid transition to remote learning
• Increased operational uncertainty

Singapore’s BCM approach emphasises coordination with government agencies to ensure a unified response during national crises .

For the Singapore Institute of Technology, threats to business continuity span technology, people, processes, infrastructure, and external dependencies. In line with ISO 22301, SIT must adopt a holistic and proactive BCM approach that:

• Identifies and prioritises critical business functions
• Assesses a wide spectrum of threats
• Implements robust mitigation and recovery strategies
• Ensures continuous improvement through the PDCA cycle

By systematically addressing these threat categories, SIT can enhance its resilience, safeguard its academic mission, and ensure the uninterrupted delivery of education—even in the face of complex and evolving disruptions.