[BCM] [SY] [E2] [C8] Program Management

Chapter 8

As Part of the BCM Planning Methodology for Synapxe

Purpose of This Chapter

This phase defines the governance structure, assigns roles and responsibilities, establishes policies, and integrates BCM into the organisation's strategic and operational fabric.

Ensuring Continuity in HealthTech: Implementing BCM for Synapxe

The Program Management Phase is the cornerstone of an effective Business Continuity Management (BCM) strategy, laying the foundation for sustainable resilience across Synapxe's complex healthcare technology ecosystem.

As Singapore's national Health Tech agency, Synapxe (formerly IHiS) plays a critical role in enabling public healthcare institutions to deliver continuous care through robust, integrated, and secure digital systems.

Any disruption to these systems can impact clinical operations, patient safety, and national health responses. Therefore, BCM must be managed with an enterprise-level mindset, tailored to Synapxe’s unique operational, technological, and regulatory requirements.

Establishing BCM Governance and Leadership

Synapxe must set up a BCM Steering Committee led by executive leadership, including representatives from:

• Cybersecurity and Infrastructure
• Clinical Informatics
• Enterprise Architecture
• Application Support
• Corporate Risk and Compliance

This governance structure ensures top-down support and cross-functional coordination, which is vital given the interdependencies among systems like the National Electronic Health Record (NEHR), HealthHub, and critical backend infrastructure.

Key Deliverables:

• BCM policy endorsement by executive leadership
• Appointment of a BCM Program Manager
• Defined roles and responsibilities for stakeholders at various levels (enterprise, cluster, system)

Defining the BCM Scope and Objectives

Synapxe must identify and define the scope of its BCM program by mapping the criticality of services to national healthcare delivery. This includes:

• Prioritising systems based on impact to patient safety, regulatory compliance, and operational continuity
• Identifying essential services such as Electronic Medical Records (EMRs), pharmacy systems, diagnostic interfaces, and citizen-facing portals

Key Objectives:

• Ensure recovery capabilities for Tier 1 and Tier 2 applications within Recovery Time Objectives (RTOs)
• Align BCM efforts with the Ministry of Health (MOH) directives and CSA (Cyber Security Agency of Singapore) requirements.

Developing the BCM Policy and Framework

The BCM Policy for Synapxe must reflect its public service obligations, risk appetite, and compliance requirements. It should define:

• BCM lifecycle and integration with project management and change control processes
• Escalation protocols and crisis management governance
• Compliance with international standards (e.g., ISO 22301), adapted to Synapxe’s local context

Framework Components:

• Risk Management and Business Impact Analysis (BIA)
• Recovery Strategies (including High Availability, DR, and manual workarounds)
• Incident Response and Crisis Communications

Establishing Resource and Budget Requirements

Effective program management includes allocating sufficient budget, skilled personnel, and technological resources to implement, maintain, and audit the BCM program.

Synapxe must:

• Assign BCM Coordinators in each business unit and technical domain
• Secure funding for regular testing, DR site maintenance, and third-party risk assessments
• Ensure vendor contracts include service continuity clauses and SLA enforcement

 Integrating BCM with Enterprise Risk and IT Strategy

Synapxe’s BCM must not operate in isolation. The program should be aligned with:

• Enterprise Risk Management (ERM): BCM risks should be tracked as part of Synapxe’s overall risk register
• IT Service Management (ITSM): Incident response and recovery procedures must be embedded into ITIL-based processes
• Project and System Lifecycle: BCM requirements must be defined at the design phase of new systems and upgrades

Establishing Metrics, Monitoring, and Continuous Improvement

Synapxe’s program management phase should incorporate Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to monitor BCM effectiveness. These include:

• BCM maturity level (assessed annually)
• Recovery performance against agreed RTOs/RPOs
• Frequency and outcomes of DR drills and tabletop exercises

The BCM program must also be reviewed annually, with lessons learned from real incidents and exercises feeding into ongoing program refinement.

Summing Up ...

In the fast-paced and high-stakes environment of healthcare, Synapxe’s role as a digital enabler demands a resilient and proactive approach to continuity planning.

The Program Management Phase of the BCM methodology ensures that leadership commitment, governance, funding, and strategic alignment are in place to build and sustain a robust business continuity culture.

By integrating BCM into its digital transformation roadmap, Synapxe safeguards its own operations and reinforces national health resilience in the face of disruptions, ensuring care is never compromised.

Ensuring Continuity in HealthTech: Implementing BCM for Synapxe
BCM Planning Methodology

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the  BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].

	Please feel free to send us a note if you have any questions.