[CM] [SIT] [E1] [PF] Crisis Management Policy

Note from Author:

Based on the content of the existing SIT Crisis Management and Institutional Business Continuity Plan, the following document would be appropriate as a Level 1 Governance Document (Policy) sitting above the current operational plan.

The existing CM-IBCP would then become a supporting implementation document. 

SINGAPORE INSTITUTE OF TECHNOLOGY (SIT)

CRISIS MANAGEMENT POLICY

Document Classification: Internal

Policy Owner: Planning, Risk and Safety Division (PRS)

Approved By: Enterprise Risk Management Steering Committee (ERMSC)

Policy Sponsor: President, Singapore Institute of Technology

Effective Date: [To be inserted]

Review Cycle: Every three years or following a major crisis event

1. POLICY STATEMENT

Singapore Institute of Technology (SIT) is committed to maintaining an effective and coordinated Crisis Management capability to protect the safety and well-being of students, staff, faculty, visitors, and stakeholders; preserve institutional reputation and public confidence; maintain continuity of critical operations; and support the achievement of SIT's strategic objectives during periods of significant disruption.

SIT shall establish, maintain, exercise, and continually improve a Crisis Management Programme that enables the institution to anticipate, prepare for, respond to, recover from, and learn from crises and major disruptions.

2. PURPOSE

The purpose of this Policy is to:

1. Establish the principles and governance for crisis management across SIT.

2. Define accountability for crisis preparedness, response, recovery, and continual improvement.

3. Ensure a consistent and coordinated approach to managing crises that may affect SIT’s people, operations, facilities, technology, reputation, or strategic objectives.

4. Support the resilience of SIT’s teaching, learning, research, and corporate functions.

5. Align crisis management activities with SIT’s Enterprise Risk Management, Emergency Preparedness, Business Continuity Management, Information Security, and Operational Resilience initiatives.

3. SCOPE

This Policy applies to:

• All SIT divisions, schools, institutes, centres, and departments.
• All employees, faculty members, and contract staff.
• Students participating in SIT activities.
• Third parties performing critical services on behalf of SIT.
• SIT-operated campuses, facilities, and approved off-site activities.

This Policy applies to crises that may impact SIT locally, nationally, or internationally.

4. OBJECTIVES

SIT’s Crisis Management Programme shall seek to:

1. Protect life, safety, and well-being.
2. Preserve institutional reputation and stakeholder confidence.
3. Maintain continuity of critical teaching, learning, research, and corporate functions.
4. Ensure timely and informed decision-making during crises.
5. Meet legal, regulatory, and governmental obligations.
6. Minimise operational, financial, and reputational impacts.
7. Restore normal operations in a controlled and efficient manner.
8. Promote organisational learning and resilience.

5. CRISIS MANAGEMENT PRINCIPLES

All crisis management activities within SIT shall be guided by the following principles:

Safety First

The protection of people shall be the primary consideration in all crisis decisions.

Leadership and Accountability

Crisis decisions shall be made by designated leaders with clearly defined authority and accountability.

Timely Decision-Making

Decisions shall be made based on the best available information and within appropriate timeframes.

Transparency and Communication

SIT shall communicate promptly, accurately, and appropriately with stakeholders during a crisis.

Collaboration

Crisis response shall involve coordinated efforts across divisions and external stakeholders.

Preparedness

SIT shall maintain readiness through planning, training, exercises, and continual improvement.

Continuous Learning

Lessons learned from exercises, incidents, and crises shall be incorporated into future improvements.

6. CRISIS MANAGEMENT GOVERNANCE

Enterprise Risk Management Steering Committee (ERMSC)

The ERMSC shall:

• Provide strategic oversight of the Crisis Management Programme.
• Approve crisis management policies and frameworks.
• Review major crisis management issues and programme performance.
• Monitor organisational resilience capabilities.

Business Continuity and Crisis Management Committee (BCCMC)

The BCCMC shall:

• Oversee implementation of the Crisis Management Programme.
• Monitor preparedness and resilience capabilities.
• Review exercise results and lessons learned.
• Recommend improvements to crisis management arrangements.

Planning, Risk and Safety Division (PRS)

PRS shall:

• Maintain the Crisis Management Programme.
• Develop and review supporting plans and procedures.
• Coordinate crisis exercises and training.
• Monitor crisis preparedness across SIT.
• Support crisis activation and recovery activities.

7. CRISIS MANAGEMENT STRUCTURE

SIT shall maintain a formal Crisis Management Structure consisting of:

• Crisis Management Leadership (CML)
• Crisis Commander
• Crisis Secretariat
• Lead Division
• Supporting Divisions
• Incident Commanders

The detailed composition, responsibilities, activation procedures, and operational arrangements shall be defined in supporting Crisis Management Plans and Procedures.

8. CRISIS MANAGEMENT LIFECYCLE

SIT shall manage crises through the following lifecycle:

Anticipate

Identify emerging threats, risks, vulnerabilities, and opportunities.

Prepare

Develop plans, procedures, training, exercises, and response capabilities.

Respond

Activate crisis management arrangements and coordinate institutional response activities.

Recover

Restore critical operations and transition to normal operations.

Learn

Conduct post-incident reviews and implement improvement actions.

9. CRISIS COMMUNICATIONS

SIT shall maintain a Crisis Communications capability to:

• Provide timely information to stakeholders.
• Protect institutional reputation.
• Support decision-making.
• Counter misinformation.
• Meet regulatory and government reporting obligations.

All public communications during a crisis shall be coordinated through authorised communication channels.

10. TRAINING AND EXERCISING

SIT shall maintain an annual Crisis Management training and exercising programme.

The programme shall include:

• Crisis leadership training.
• Crisis management team training.
• Tabletop exercises.
• Functional exercises.
• Simulation exercises.
• After-action reviews.

Exercise outcomes shall be reviewed, and improvement actions tracked to completion.

11. INTEGRATION WITH BUSINESS CONTINUITY

The Crisis Management Programme shall operate in conjunction with:

• Emergency Preparedness Framework
• Institutional Business Continuity Plans
• Division Business Continuity Plans
• IT Disaster Recovery Plans
• Incident Response Plans
• Crisis Communications Playbook
• Enterprise Risk Management Framework

12. COMPLIANCE

All divisions shall comply with this Policy and supporting crisis management requirements.

Divisions shall:

• Maintain relevant crisis and continuity arrangements.
• Participate in exercises and training.
• Support crisis preparedness initiatives.
• Implement corrective actions arising from reviews.

13. PERFORMANCE MONITORING

The effectiveness of the Crisis Management Programme shall be monitored through:

• Exercise performance results.
• Incident and crisis reviews.
• Audit findings.
• Management reviews.
• Corrective action closure rates.
• Resilience maturity assessments.

14. POLICY REVIEW

This Policy shall be reviewed:

• At least once every three years;
• Following any major crisis event;
• Following significant organisational changes;
• Following changes in regulatory or governmental requirements.

15. RELATED DOCUMENTS

• Enterprise Risk Management Policy
• Emergency Preparedness Framework
• Crisis Management Framework
• Crisis Management and Institutional Business Continuity Plan
• Institutional Business Continuity Framework
• IT Disaster Recovery Framework
• Crisis Communications Playbook

16. APPROVAL

This Policy is approved by the Enterprise Risk Management Steering Committee and endorsed by the President of Singapore Institute of Technology.

All SIT divisions shall comply with the requirements set out in this Policy.

Note from Author:

A Crisis Management Framework should sit between the Crisis Management Policy and the Crisis Management and Institutional Business Continuity Plan (CM-IBCP).

Based on the existing SIT document, the framework should define the governance model, crisis management methodology, lifecycle, capability requirements, and integration with business continuity and emergency preparedness.

The current CM-IBCP would then become one of the supporting operational plans under the framework.