[BCM] [TAL] [E3] [RAR] [T2] Treatment and Control

Part 2: RAR – Treatment and Control

Following the identification of potential threats in the previous chapter, this section focuses on the Risk Treatment and Control strategies adopted by Tripartite Alliance Limited (TAL).

As part of the Risk Analysis and Review (RAR) phase in the Business Continuity Management (BCM) process, it is critical not only to understand what can go wrong but also how TAL is currently managing these risks, and what additional measures may be required.

This chapter presents a structured table that maps each specific threat—previously categorised under natural disasters, man-made events, people-related risks, supply chain disruptions, and IT failures—to the four standard risk treatment approaches:

Risk Avoidance – Eliminating the threat by discontinuing or modifying the activity
Risk Reduction – Minimising the likelihood or impact of the threat through controls
Risk Transference – Shifting the risk to third parties (e.g., through insurance or outsourcing)
Risk Acceptance – Acknowledging the risk and preparing to manage its impact

The table also details existing controls that TAL has implemented to address each threat and highlights additional or planned controls to strengthen its risk posture.

These treatments are aligned with BCM best practices and tailored to TAL’s operational environment and public service mandate.

By identifying both current and proposed controls, TAL ensures that risks are managed proactively and effectively, thereby enhancing resilience across all functional and operational areas.

Below is Part 2: RAR – Treatment and Control table for Tripartite Alliance Limited (TAL).

This table maps each specific threat identified in Part 1 with corresponding risk treatments, Avoidance, Reduction, Transference, and Acceptance, alongside existing controls and planned (additional) controls, based on best practices from BCMpedia.

Table: RAR - Treatment and Control (Tripartite Alliance Limited)

Threat	Existing Risk Treatment - Risk Avoidance	Existing Risk Treatment - Risk Reduction	Existing Risk Treatment - Risk Transference	Existing Risk Treatment - Risk Acceptance	Existing Controls	Additional (Planned) Controls
Flood	Not located in known flood-prone zones	Elevation of IT infrastructure; business premises chosen with flood history in mind	Office insurance covering flood damage	Accept low-probability, low-impact flash flooding risks	Building-level drainage and waterproofing; office location selected above the ground floor	Periodic review of PUB flood-prone zones; install water barriers at entry points
Haze / Air Pollution	None	Flexible work arrangements, air purifiers installed in the office	Group insurance for staff health	Tolerable seasonal occurrence	Remote work policies during haze periods; N95 mask stockpile	Implement real-time haze monitoring system; staff haze health advisory SOP
Lightning & Thunderstorm	Not operating during high-risk outdoor activity	Surge protectors, UPS for critical equipment	Equipment warranty and support contracts	Low-risk, short-term disruption tolerated	Lightning rods, grounding systems on premises	Conduct power supply reliability audit
Civil Unrest / Riot	Avoid scheduling events in unrest-prone periods	Close coordination with the police and MOM security	Business interruption insurance	Rare event accepted with contingency plans	Staff safety SOPs; evacuation procedures	Crisis communication plan and remote work readiness
Terrorist Threat	TAL is not classified as a high-profile target	Secure access control, security briefings	National risk pooling (via government-led security insurance)	Low probability accepted	Visitor management, security CCTVs, and building entry checks	Regular terrorism response exercises with SCDF & SPF
Fire / Gas Leak Nearby	Avoid co-locating with high-risk facilities	Regular fire drills, smoke detectors, and ventilation control	Fire insurance	Controlled via preventive maintenance	SCDF-compliant fire safety system, emergency exit signage	Quarterly fire safety audits; coordination with building management
Pandemic / Disease Outbreak	Not avoidable	Hybrid work arrangements, vaccination drives	Group health insurance	Tolerated as part of ongoing health management	COVID-19 safe management measures; HR health monitoring	Update infectious disease policy; remote readiness testing
Public Transport Disruption	None	Staggered reporting hours, transport allowances	NA	Delay tolerated if short-term	Flexible start times, location-aware commute planning	Encourage hybrid or remote work policies during disruptions
Labour Shortage	Avoid over-reliance on a single resource type	Staff cross-training, internship and talent pipeline	Outsourcing of non-core services	Acceptable if mitigated via planning	Workforce planning; skills development programmes	Automation and AI tools for critical functions
IT Vendor Failure	Vendor selection with redundancy	Multi-vendor engagement, SLA-based performance metrics	Outsourcing with penalty clauses	Low-impact systems may tolerate brief downtime	Regular vendor assessments, performance reviews	Include alternative vendor activation clauses
Facilities Mgmt Breakdown	Critical tasks not assigned to one vendor	Preventive maintenance contracts	Outsourcing with response-time clauses	Short-term inconvenience tolerated	Daily facility inspection routines, response hotlines	Backup vendors for urgent response
Training/Comms Vendor Delay	Avoid high dependency on a single vendor	Vetting of partners, backup facilitators	Contracts with cancellation clauses	Accept minor schedule shifts	Partner review processes, redundancy in the vendor pool	Framework agreement with 2nd-tier vendors
Power Failure	Power source secured through the building owner	UPS systems for essential workstations and servers	Equipment insurance	Short disruptions tolerated	Surge protectors and backup generators for critical zones	SLA with landlord to ensure rapid power restoration
Network Failure	Dual ISP is not currently implemented	Cloud-based services with offline sync capability	Support contracts with IT service providers	Limited downtime accepted for non-critical work	Network monitoring system, backup routers	Explore dual internet providers; internal comms backup (e.g. mobile alerts)
Cyberattack / Ransomware	Not applicable	Antivirus, endpoint protection, firewall monitoring	Cybersecurity insurance	Some residual risk accepted	IT security policies; employee phishing simulations	Implement zero-trust architecture; ISO 27001 alignment
Hardware Failure	Minimise the use of ageing equipment	Preventive maintenance, asset lifecycle tracking	Vendor warranty and support	Accepted for non-essential equipment	IT asset register, hot-swap devices available	Expansion of IT self-help support guides and remote diagnostics

Summing Up ...

The treatment and control of risks is a cornerstone of effective business continuity planning.

Through this structured analysis, Tripartite Alliance has demonstrated a comprehensive understanding of its operational risk landscape and the readiness of its existing infrastructure, systems, and people to manage potential disruptions.

By mapping each identified threat to appropriate risk treatments and controls, this chapter serves as a practical reference for continuous improvement.

It enables TAL to assess current risk mitigation effectiveness, prioritise investment in additional controls, and ensure accountability across departments and vendors.

Ultimately, this risk treatment and control framework supports TAL’s overarching goal of maintaining operational continuity, safeguarding critical services such as employment dispute resolution and outreach, and upholding public trust in the tripartite partnership framework in Singapore.

Resilient Partnership: Implementing BCM at Tripartite Alliance
eBook 3: Starting Your BCM Implementation
MBCO	P&S	RAR T1	RAR T2	RAR T3	BCS T1	TOC

CBF 1: Dispute Management and Advisory Services (via TADM)
DP	BIAQ T1	BIAQ T2	BIAQ T3	BCS T2	BCS T3	PD

CBF 2: Promotion of Fair and Progressive Employment Practices (via TAFEP)
DP	BIAQ T1	BIAQ T2	BIAQ T3	BCS T2	BCS T3	PD

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].



	Please feel free to send us a note if you have any questions.

Resilient Partnership: Implementing Business Continuity Management at Tripartite Alliance

[BCM] [TAL] [E3] [RAR] [T2] Treatment and Control

Business Continuity Management Certified Planner-Specialist-Expert

Part 2: RAR – Treatment and Control

Table: RAR - Treatment and Control (Tripartite Alliance Limited)

Summing Up ...

More Information About Business Continuity Management Courses

Your Comments Here:

More Posts

Resilient Partnership: Implementing Business Continuity Management at Tripartite Alliance

[BCM] [TAL] [E3] [RAR] [T2] Treatment and Control

Business Continuity Management Certified Planner-Specialist-Expert

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, 'a55ed1d3-4c45-403e-b3e3-0123c0750e1f', {"useNewLoader":"true","region":"na1"});

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '121caffe-2e46-49cd-9bc5-976ed1c4cca9', {"useNewLoader":"true","region":"na1"});

Part 2: RAR – Treatment and Control

Table: RAR - Treatment and Control (Tripartite Alliance Limited)

Summing Up ...

More Information About Business Continuity Management Courses

Your Comments Here:

More Posts