[BCM] [TAL] [E3] [BCS] [T1] Mitigation Strategies and Justification

[Business Continuity Strategy] [Template 1]

Bann_BCM_BCS_Mitigation Strategies and Justification

Introduction to Mitigation Strategies and Justification

As part of the Risk Analysis and Review (RAR) process within the Business Continuity Management (BCM) framework, this chapter outlines the Mitigation Strategies designed to manage and reduce the risks identified in earlier stages.

While previous chapters assessed threats, their likelihood, and impact on key areas of operations, this chapter focuses on how Tripartite Alliance Limited (TAL) can proactively address those threats through a combination of existing and additional controls.

Each threat is analysed in terms of its current risk rating and level, and matched with an appropriate risk treatment strategy, which could involve:

Risk Avoidance – eliminating the source of the risk
Risk Reduction – implementing controls to lower the likelihood or impact
Risk Transference – shifting the risk to third parties
Risk Acceptance – acknowledging the risk with contingency measures in place

The table in this chapter maps each threat to its existing controls, evaluates the residual risk, and proposes additional mitigation strategies.

A justification for each mitigation decision is also included to support clear and defensible planning decisions. This structured approach enables TAL to align risk treatment with organisational priorities and resource availability, ensuring that critical services can continue with minimal disruption.

Below is a comprehensive table for Tripartite Alliance Limited (TAL) outlining the Mitigation Strategies for each identified threat from Part 1: RAR – List of Threats.

This follows the structure and principles described in BCMPedia’s Mitigation Strategies.

Table: Mitigation Strategies for Tripartite Alliance Limited (TAL)

Threat	Existing Controls	Risk Rating	Risk Level	Risk Treatment (Residual Risk)	Additional Mitigation Strategy	Justification for Selected Mitigation Strategy
Flood	Elevated floor placement, drainage systems, and insurance	12	High	Risk Reduction	Install water barriers, conduct flood drills	To ensure business access and prevent downtime due to localised flash floods
Haze / Air Pollution	Remote work, N95 mask stockpile, air purifiers	12	High	Risk Reduction	Real-time haze alert system, haze-specific WFH SOP	To protect staff health and ensure continuity during poor air quality episodes
Lightning & Thunderstorm	Lightning protection systems, surge protectors, UPS	12	High	Risk Reduction	Include lightning audits and equipment testing	To reduce downtime from power surges or damage caused by severe thunderstorms
Civil Unrest / Riot	Emergency evacuation plans, security coordination	8	Medium	Risk Acceptance	Expand crisis communication protocols	Risk is low, but communication is essential for safety and service coordination
Terrorist Threat	CCTV, access control, visitor logging	5	Medium	Risk Acceptance	Conduct periodic security exercises with SPF and SCDF	Though unlikely, response readiness is crucial due to potentially severe consequences
Fire / Gas Leak Nearby	Fire alarms, SCDF-compliant systems, and evacuation drills	8	Medium	Risk Reduction	Strengthen coordination with building management	Enhances response and reduces dependency on external systems during emergencies
Pandemic / Disease Outbreak	Remote work, health checks, safe distancing protocols	15	High	Risk Reduction	Update the infectious disease response SOP, ensure IT readiness for full remote	To ensure continuity of services while protecting health and safety during long disruptions
Public Transport Disruption	Flexible hours, WFH options	12	High	Risk Acceptance	Promote staggered shifts and monitor major MRT disruptions	Occurs infrequently but can be mitigated with flexibility in work arrangements
Labour Shortage	Staff training, resource planning	12	High	Risk Reduction	Develop internal succession plans, engage more interns	Ensures the availability of critical skillsets during a resource crunch
IT Vendor Failure	SLA with vendors, alternate support options	12	High	Risk Reduction	Identify backup vendors, integrate switchover protocol	Prevents a single point of failure in IT support and systems
Facilities Mgmt Breakdown	Routine checks, vendor SLAs	9	Medium	Risk Reduction	Establish emergency facility vendor contacts	Ensures swift recovery of basic facility functions like access, utilities
Training/Comms Vendor Delay	Vendor review process, multiple facilitators	9	Medium	Risk Acceptance	Pre-identify second-tier training vendors	To ensure public outreach, training events, and campaigns proceed with minimal disruption
Power Failure	UPS for critical systems, backup generators	12	High	Risk Reduction	Implement critical system power restoration SOP	Reduces impact on case management and internal systems
Network Failure	Network monitoring, single ISP setup	16	Extreme	Risk Reduction	Implement dual-ISP connectivity	Prevents major disruptions in online services and communications
Cyberattack / Ransomware	Endpoint protection, cybersecurity policy, and backups	15	High	Risk Reduction	Implement zero-trust architecture, conduct annual audits	Protects sensitive case data and ensures system integrity
Hardware Failure	Asset inventory, IT refresh cycle	9	Medium	Risk Acceptance	Maintain a pool of standby workstations/laptops	Ensures that operations resume quickly without waiting for new equipment

Summing Up ...

The mitigation strategies presented in this chapter form a practical and forward-looking plan for enhancing the resilience of Tripartite Alliance Limited (TAL).

By identifying gaps in current controls and recommending additional actions, TAL strengthens its preparedness against a wide range of operational threats, including natural disasters, IT disruptions, people-related risks, and vendor dependencies.

The selected risk treatments—whether through reduction, acceptance, or transference—are tailored to the organisation’s mission, structure, and operating environment.

Importantly, the justification provided for each mitigation decision ensures transparency and strategic alignment with TAL’s broader objectives in promoting fair and progressive employment practices in Singapore.

Moving forward, these mitigation strategies will guide the development of response plans, recovery procedures, and continuity testing to validate TAL’s readiness. With these foundations in place, TAL is well-positioned to manage disruption effectively and maintain trust with its stakeholders during times of crisis.

Resilient Partnership: Implementing BCM at Tripartite Alliance
eBook 3: Starting Your BCM Implementation
MBCO	P&S	RAR T1	RAR T2	RAR T3	BCS T1	TOC

CBF 1: Dispute Management and Advisory Services (via TADM)
DP	BIAQ T1	BIAQ T2	BIAQ T3	BCS T2	BCS T3	PD

CBF 2: Promotion of Fair and Progressive Employment Practices (via TAFEP)
DP	BIAQ T1	BIAQ T2	BIAQ T3	BCS T2	BCS T3	PD

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].