This document provides an overview of business continuity management (BCM) at SingHealth, Singapore's largest public healthcare cluster. It discusses the importance of BCM in healthcare, SingHealth's BCM framework, key components like risk assessment and business impact analysis, and challenges in implementing an effective BCM system across multiple hospitals and institutions. The framework aims to ensure critical healthcare functions can continue and sensitive patient data is protected in the event of disruptions like fires, power outages or disease outbreaks. Regular testing of continuity plans is important for staff preparedness during emergencies.
Third-Party Risk Management: Implementing a StrategyNICSA
Two Part Series: Part I of II
Third-Party Risk Management: Implementing a Strategy
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Third-Party Risk Management: Implementing a StrategyNICSA
Two Part Series: Part I of II
Third-Party Risk Management: Implementing a Strategy
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
Many organizations have adopted the ISO 22301 standard for their business continuity management systems. Recently, ISO has released the new ISO 22317 Standard for Business Impact Analysis. In this webinar, learn about several different strategies to build an effective BIA that will help you advance your business continuity strategies.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded webinar published on YouTube: https://youtu.be/19r2u3zJp1o
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Presenter:
Ali Bin Mohammed AlMuwaijei
Chief Risk Manager, Municipality & Planning Dept-Ajman
Risk and Business Continuity Management
Enterprise Risk Management
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Tips to engage stakeholders in 7 day servicesNHS England
NHS England’s Sustainable Improvement team are hosting a series of free sharing and learning webinars to support organisations implement seven day services (7DS).
The next in the series focuses on stakeholder engagement, as feedback from the service has indicated that good stakeholder engagement is a key factor in successfully implementing 7DS.
This webinar will showcase practical tried and tested approaches supported by Trust examples. There will be opportunities for peer to peer connections, learning and for participants to share their own practice.
During this session you will hear about examples from:
University Hospital Southampton NHS Foundation Trust: Whole System: Engaging commissioners, clinicians and Patients for 7DS with Dr Juliane Kause, Care Group Lead Emergency Care, Lead Consultant Out of Hours Care and Seven Day Services.
Oxford University Hospitals NHS Foundation Trust: Spreading the word and resources to help clinicians: Portal for Oxford 7DS Guide with Belinda Boulton, Director of Transformation and Ruth McNamara, Integrated Care Projects Lead.
Maidstone and Tunbridge Wells NHS Trust: Getting it right from the start: engaging internal stakeholders for 7DS clinical leadership and planning with Lynne Sheridan, Head of Delivery Development
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
Many organizations have adopted the ISO 22301 standard for their business continuity management systems. Recently, ISO has released the new ISO 22317 Standard for Business Impact Analysis. In this webinar, learn about several different strategies to build an effective BIA that will help you advance your business continuity strategies.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded webinar published on YouTube: https://youtu.be/19r2u3zJp1o
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Presenter:
Ali Bin Mohammed AlMuwaijei
Chief Risk Manager, Municipality & Planning Dept-Ajman
Risk and Business Continuity Management
Enterprise Risk Management
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Tips to engage stakeholders in 7 day servicesNHS England
NHS England’s Sustainable Improvement team are hosting a series of free sharing and learning webinars to support organisations implement seven day services (7DS).
The next in the series focuses on stakeholder engagement, as feedback from the service has indicated that good stakeholder engagement is a key factor in successfully implementing 7DS.
This webinar will showcase practical tried and tested approaches supported by Trust examples. There will be opportunities for peer to peer connections, learning and for participants to share their own practice.
During this session you will hear about examples from:
University Hospital Southampton NHS Foundation Trust: Whole System: Engaging commissioners, clinicians and Patients for 7DS with Dr Juliane Kause, Care Group Lead Emergency Care, Lead Consultant Out of Hours Care and Seven Day Services.
Oxford University Hospitals NHS Foundation Trust: Spreading the word and resources to help clinicians: Portal for Oxford 7DS Guide with Belinda Boulton, Director of Transformation and Ruth McNamara, Integrated Care Projects Lead.
Maidstone and Tunbridge Wells NHS Trust: Getting it right from the start: engaging internal stakeholders for 7DS clinical leadership and planning with Lynne Sheridan, Head of Delivery Development
With unprecedented change on the horizon, healthcare organizations are looking to redefine their workflows to focus on quality and efficiency.
Through utilizing SIMUL8 and Lean Six Sigma principles, ECG Management Consultants, Inc. has been able to help clinics and health systems to deliver on the new value proposition in the post-reform era.
Webinar: Thriving in the New Healthcare Environment: 3 Key StrategiesModern Healthcare
www.modernhealthcare.com/article/20140512/SPONSORED/305129926/webinar-thriving-in-the-new-healthcare-environment-3-key-strategies
Many CEOs are looking to make cost and revenue improvements between 20 and 40 percent. Attend this webinar to hear success strategies from two leading CEOs.
Sameer Badlani, MD, FACP
Chief Medical Information Officer
Assistant Professor, Section of Hospital Medicine
The University of Chicago Medicine and Biological Sciences
iHT2 case studies and presentations illustrate challenges, successes and various factors in the outcomes of numerous types of health IT implementations. They are interactive and dynamic sessions providing opportunity for dialogue, debate and exchanging ideas and best practices. This session will be presented by a thought leader in the provider, payer or government space.
Transformation care together - presentationWirralCT
For the NHS to continue to meet patients’ changing needs in the 21st century and remain clinically and financially viable there must be a collective effort across the organisation to tackle variation in quality and outcomes at pace. To ensure trust clinical services develop in a way that supports this vision the trust has introduced a major transformation programme ‘Transforming Care Together’.
Continuous Daily Improvement by Front-line Nurses Drives Quality OutcomesiCareQuality.us
Continuous Daily Improvement (CDI) is the cornerstone for delivering high quality and affordable healthcare. In this paper, we advocate an approach that will allow a typical healthcare worker to convert 10 to 15 minute blocks of their unstructured time (that often totals to about 30% of their total time) to structured work that can be applied to CI activities. The result of this effort can be measured through improved clinical outcomes, personal growth and total cost of care while holding the cost of healthcare operations constant.
Presentation given by Belinda Boulton and Tracy
Hughes, Oxford University
Hospitals NHS Trust. Reading 'Improving access to seven day services' event on 11th March 2015
Certified Crisis Management Professional Programme Brochure BCM Institute
Crisis Management (CM) is no longer only for those assigned to the task; it is for each and every person. Every experience of a disaster has shown how ordinary people have to rise to the challenges of a crisis, from securing the site of the incident and appraising the ground, to handling the media’s demands. The simplified version of the programme can be found here.
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...BCM Institute
Dr Goh shares his presentation on Building Your Organization Business Continuity Management Competency during the recent World Continuity Congress Malaysia 9 September 2014
Recent civil unrest in Thailand has attracted the attention of the global community. Kun Bhakorn will share his experiences with the recent civil unrest in Bangkok, Thailand and how financial institutions like Bangkok Bank are coping with resulting disruptions.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
3. 3
• Introduction
• About SingHealth
• Healthcare BCM Threats
• Importance of BCM in Healthcare
• SingHealth Cluster BCM Framework
• Key Challenges in implementing BCM
Scope
4. 4
Vision
Defining Tomorrow’s Medicine
Mission
Care to Heal
Educate to Empower
Innovate to Advance
Our Triple Mission puts us on course to be the
Leader in Academic Medicine
Our Shared Vision and Mission
About SingHealth
5. 5
Our Common Purpose is
something each one of us
can own as our personal
mission in our everyday
work.
Our roles may be different
but all of us within the
SingHealth family contribute
to making possible the
promise of providing
excellent care to patients.
21,962 staff*
One Commitment
* Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015
Our Common Purpose
7. 8
Our Full Continuum of Care – 42 Specialties
Secondary,
Tertiary,
Quaternary Care
FMC
CHC
GP
Network
Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015
Each Year……
• 163,225
Inpatient Admissions
• 755,489
Patient Days
• 4.6 days
ALOS
• 72,603
Inpatient Surgeries
• 113,991
Day Surgeries
• 1.9 million
Specialist Outpatient Clinic
Attendances
• 318,953
A & E Attendances
• 1.78 million
Polyclinic Attendances
• 223,617
Dental Attendances
Secondary,
Tertiary,
Quaternary
Care
Primary
Care
Continuing
Care
8. 9
SingHealth SGH Campus
Singapore General Hospital
National Heart
Centre
Singapore
National Cancer
Centre
Singapore
Singapore
National Eye
Centre
National
Dental Centre
Singapore
National
Neuroscience
Institute (SGH
Campus)
*Beds in service comprising 1,597 for SGH & 185 for NHCS
Largest Concentration of Medical Services & Facilities
Beds: 1,782*
Admissions: 88,083*
Doctors: 1,446
Dentists: 101
Nurses: 6,050
SOC visits: 1,232,604
Surgeries: 138,852
Staff Strength: 12,508
9. 10
Types of Threats
• Natural
– Heavy Rain
– Floods
– Fire
– Haze
• Man-made
– Terrorist Attacks
– Power Outages
– Cyber Attacks
• Healthcare
– Diseases
– Infections
BCM Threats
10. 11
• A fire on level 2 of the Sultanah Aminah Hospital (Johor Baru’s largest hospital ICU)
started at around 8.55am on Tuesday (25 Oct 2016), resulting in death of 6 patients
and 11 people injured
• Cause: burnt capacitor in one of the ceiling lights and flammable materials placed
under the lighting, causing the fire to spread quickly
• Another fire broke out the following day on the level below the ICU
• Follow Up: a special squad from the Health Ministry to review the safety and crisis
management procedures in all of Malaysia’s 145 public hospitals
• In Singapore, MOH also called for a review of fire emergency plans in our hospitals
and institutions
Fire at Johor Baru Hospital
11. 13
• For healthcare service providers, outbreak of infectious diseases is one of
our main and imminent threats.
• However, treating infection outbreaks in the community is not BCM but a
business function.
• Examples:
• Pandemics such as SARS (2003) and H1N1 (2009) have presented
valuable experience for formulating BC plans.
Healthcare BCM Threats
12. 14
• Business Continuity is not only about recovering critical
functions from a disaster but also ensuring that critical functions
continue promptly in the event of a disruption
• It is the capability of the organization to continue delivery of
products or services at acceptable predefined levels following a
disruptive incident
• Aims to safeguard the interests of an organization and its key
stakeholders by protecting its critical business functions against
predetermined disruptions
Importance of BCM
13. 15
• Saves Lives – may include evacuation from wards during a fire incident or
the prevention of spread of diseases by patients
• Retrieval of Patient Records – having an effective Business Continuity
Plan (BCP) ensures that medical professionals would have patients’ critical
data restored, allowing them to continue to provide vital care to the patients
• Protects Sensitive Data – patient’s electronic data is often accessed from
multiple sources, and while secured, information can still be at risk when a
disaster strikes. In the event of a disaster, BCP addressing this can let
organisations to continue to access clean and uncompromised data
• Maintains Efficiency – loss or corruption of data can be extremely costly
especially when recovery of system failure or data takes days or weeks.
Employees will not be able to preform their jobs efficiently which will impact
operating costs. Having a BCP will reduce the downtime and maintain
operational efficiency after a disaster
Importance of BCM in Healthcare
14. 16
Chairman
Coordinator
Organisation Structure of Cluster BCM Workgroup
Senior Management
(CEO, DY CEO & CMB)
Chairman BCM Manager
(COO)
Department BCM
Coordinators
Damage
Assessment Team
(DAT)
Alt BCM Manager
(COO, Ambulatory)
BCM Secretariat
(PRD)
Division HODs
BCMSteeringCommittee
A typical Hospital and Institution BCM structure
Role/Functions of Cluster BCM Framework
• Coordination – to coordinate BCM
related activities eg. Cross-Institution
Internal Audit
• Standardisation – to commonalise Risk
Assessment rating and threats as most
intuition’s admin office and Call-center
share the same building
SingHealth Cluster BCM Framework
15. 17
• SingHealth HQ and most institutions are BCM-certified under the ISO 22301:2012
Standard since 2015
• Previously on TR19 and SS:540 Standards
• In 2016, seven institutions underwent the ISO 22301:2012 External Surveillance
Audits for BCM with no major finding
Defined BCMS Policy and
Scope
Established Minimum
Business Continuity
Objectives (MBCOs) for
SingHealth HQ
Formed SingHealth HQ
BCM Steering Committee
and Cluster BCM
Workgroup
Identified SingHealth HQ
depts with Critical
Business Functions
(CBFs)
Depts’ business
objectives to be in line
with MBCOs
eg. Managing external
relationships
Providing corporate services
supporting cluster’s operations.
eg. External communications
(media relations and social
media management)
Execute procurement for
unplanned critical bulk items
requested by institutions
SingHealth HQ BCM Framework
16. 18
• The 6 key components in the BCMS standard
Risk
Assessment
(RA)
Business
Impact
Analysis (BIA)
Business
Continuity
Strategies
Business
Continuity
Plan (BCP)
Test and
Exercise
Programme
Management
SingHealth HQ BCM Framework
17. 19
• SingHealth HQ’s framework alignment to ISO 22301 Standard
Conduct Risk
Assessments
(RA) and
Business
Impact
Analysis (BIA)
Formulate
Business
Continuity
Strategies;
Develop
Business
Continuity
Plans (BCP)
Validate BCPs
through Tests
and Exercises
Programme
Management
and Audits
Continual
Improvement
SingHealth HQ BCM Framework
18. 20
• SingHealth HQ BCM Response Teams
Crisis Management Team
(comprises of Senior Management)
Led by: Crisis Declaration Officer
Emergency
Response Team
Damage
Assessment Team
(DAT)
Emergency Ops
Centre (EOC) Set-
up Team
Recovery Team
(comprises of BCM reps
from affected department)
SingHealth HQ BCM
Steering Committee
SingHealth HQ BCM Framework
19. 21
• Process of Risk Identification, Risk Analysis and Risk Evaluation
• Covers the following categories:
- Policies
- Processes
- People
- Infrastructure
- Risk associated to individual BU
External ThreatsInternal Threats
Loss of Staff/Absenteesm
Business Processes
Office facilities & premises
Communication networks
Applications/Data/Cyber-attacks
Power failure/outage
Public infrastructure
Political, Social-economic, Economic
climate
Natural eg. heavy rain, flood, fire
Man-made
Evaluate
Analyse
Identify
disruptive
incidents
• What may happen
and why?
• Consequences?
• Likelihood
• How to mitigate
consequences or
reduce likelihood?
Risk Assessment (RA)
20. 22
Purpose
• Seek to understand the organisation’s Critical Business Functions
(CBFs), the priority of each and the timeframes for resumption
• Obtain the resource information (Minimum Operating Requirement)
from which an appropriate recovery strategy can be
determined/recommended
How will the organisation be affected?
Disruptions
from
uncontrolled
events
• Adverse effects on staff or
public well being?
• Consequences of
breaching regulatory
requirements?
• Damage to reputation?
• Reduced financial
viability?
• Deterioration of public or
service quality?
• Environmental damage?
Business Impact Analysis (BIA)
21. 23
• SingHealth HQ Depts assigned minimally required staff to alternate
sites for key functions while others to work from home
• Minimum Operating Requirements eg. laptops, computer software
programmes, office support, have to be listed
• Various strategies to adopt for denial of
access >24 hours:
- Activity relocation
- Resource relocation
- Resource re-allocation
- Alternate processes and spare capacity
- Resource and skills replacement
- Temporary work-round
RA
BIA
Strategy
Business Continuity Strategy
22. 24
BCP
Strategy
BIA
RA
Recovery Objectives
from BIA
BC Procedures to manage a
disruptive incident and
continue its activities
• For documentation purposes, a typical BC Plan includes:
- Emergency Response
- Emergency Evacuation
Procedures
- Critical Items List
- Incident Escalation
- Emergency Operations Centre
(EOC)
- Qualification Factors for EOC
- Recovery and Resumption of
CBF
- Restore and Return to Normal
- People
- Crisis Communication
- Contact List
- BC Plan Distribution
Business Continuity Plan (BCP)
23. 25
• Validate BCPs through Tests and Exercises
Call-Tree Exercise
Conduct Annual Call-Tree
exercises to validate staff
contractibility and response time
Table-Top Exercise (TTX)
Conduct Table-Top Exercises for
departments to validate their
BCPs
Simulation Exercise
Conduct Simulation Exercises at
alternate sites to validate activity
and resource relocation
Validation of BCPs
24. 26
Ensure BCMS is aligned with
Management’s expectations and
ISO 22301 Requirements
Monitoring, Measurement, Analysis and Evaluation
Management Review
Top management
shall review the
organisation’s BCMS
Audit
Internal audits at
planned intervals
Programme Management
25. 27
Continue to maintain Operations and
Administration Support to the hospital and
institutions eg. IT, HR and Finance, etc.
Provide manpower support to Hospital
Decontamination Station in the event of
civil emergencies with mass causalities
Continue to maintain Internal and External
Communications as well as provide Legal
Support to hospitals and institutions
SingHealth HQ’s Support to Hospitals and
Institutions
26. 28
1. Alignment of BCM Framework across cluster
Challenge : Different BCM scopes across SingHealth cluster.
Response : Through the cluster BCM Workgroup, the hospitals and
institutions BCM representatives meets every quarter to share best
practices and commonalise Risk Assessment rating and threats.
Chairman
Coordinator
Cluster BCM Workgroup
Key Challenges in implementing BCM
27. 29
2. Ensure robust IT support across cluster
Challenge: Inadequate IT support by IHiS (due to other priorities)
Response: Raise the level of IT support by ensuring redundancies,
providing multiple servers at alternate sites, ensuing fast data back up
and recovery response by IHiS.
3. Staff response during activation of BCP
Challenge: Staff’s unfamiliarity during crisis situations
Response : Encourage maximum participation during test and
exercises eg. fire drills, Call-Tree Exercise, Table-Top and Simulation
Exercise
Key Challenges in implementing BCM
28. 30
• While having a framework is important, the key lies in the
staff knowing what to do when BCP is activated
• Requires buy-in and active participation by both
management and staff in test and exercises
Conclusion