FAQs

Singapore Business Federation (SBF) has been appointed by SPRING Singapore to front advocacy and adoption of enterprise resilience initiatives in Singapore from 1 April 2015 to 31 March 2017. The Federation will be organising a series of outreach events and workshops, as well as assisting companies in their grant application for SPRING’s Capability Development Grant – Enhancing Quality and Standards for the following enterprise resilience-related standards and implementation:

  • ISO 22301 Societal Security – Business Continuity Management Systems
  • ISO 27001 Information Security Management Systems
  • ISO 28000 Certification on Security Management Systems for Supply Chain
  • SS 584 Specification for Multi-tiered Cloud Computing Security
  • Verifiable Business Continuity Plan (BCP) Initiative

At the national level, a robust and resilient private sector will enhance Singapore’s global reputation collectively as a trusted business hub for reliable and quality service, as well as improve the nation’s preparedness for crises and disruptions.

Singapore enterprises have a critical role in supporting larger companies in the region, as well as fulfilling their customers’ requirements. Being certified in enterprise resilience standards not only enables our companies to elevate their capabilities and reputation to a higher level, but also for them to compete more effectively against international companies.

Yes, they are:

Enterprise Resilience
Standard Description
ISO 22301 Societal Security – Business Continuity Management Systems Business Continuity Management (BCM) is a tool that enables organisations to identify potential threats and provides a framework for your organisation to build up its resilience and capabilities for an effective response.
ISO 27001 - Information Security Management Systems ISO 27001:2013 specifies the requirements forestablishing, implementing, maintaining and continually improving an information security management system in an organisation. It includes requirements for the assessment and handling of information security risks. The requirements are applicable to all organisations, regardless of type, size or nature.
ISO 28000 Security Management Systems for Supply Chain ISO 28000 provides the framework for the identification of security risks and the implementation of processes for continuous security management improvements within the supply chain. It is applicable to organisations of all sizes in both manufacturing and services sectors, and cover the storage and transportation of goods in the supply chain.
SS 584 - Specification for Multi-tiered Cloud Computing Security The standard covers the requirements that cloud service providers shall meet, recognising that individual users may have additional requirements that are specific to them (which would have to be addressed in the agreements or contracts with the cloud service providers). Such additional organisation-specific requirements are not within the scope of this standard.

Note: The list of supported standards is reviewed regularly and will be updated when there are changes

To encourage standard adoption, enterprises need to attain third party certification to the standards specified in Question 3. This is on top of the changes demonstrated by the companies in being more resilient to identified areas that cause extensive impact, be it tangible and intangible losses. The certification process is to ensure the enterprises’ resilience is well-thought through and sufficiently prepared for disruptions and crises.  Companies’ project teams involved would be asked to share their learning points through the certification process with SBF and SPRING Singapore.

All enterprises registered and operating in Singapore and meet the following criteria are eligible to apply:

  • Minimum 30% local shareholding AND
  • Company's group annual sales turnover not more than S$100 million *OR
  • Company's group employment size not more than 200 workers

*Annual sales turnover and employment size will be computed on a group basis (i.e. All levels corporate shareholders holding >50% of total shareholding of the applicant company and any subsequent corporate parents, and subsidiaries all levels down).

As SPRING Singapore needs to ascertain that companies fulfill its definition of small and medium enterprises (SMEs), companies are required to declare the following:

FOR APPLICANTS WITH CORPORATE PARENT/S
  1. Group employment size, and
  2. Group annual sales turnover
FOR APPLICANTS THAT ARE MAJORITY SHAREHOLDERS IN SUBSIDIARIES
  1. Percentage of shares in each subsidiary,
  2. Group employment size, and
  3. Group annual sales turnover

Please click here to do a simple self-test first on your company’s eligibility for support under Capability Development Grant. All applications are subject to SPRING’s approval.

Eligible companies can receive up to 70% funding support for the approved standards adoption project.

Qualifying cost components:

  • Training-related expenses (e.g. internal or lead auditor course certified by the International Register of Certified Auditors (IRCA), where applicable)
    • Internal / Lead Auditor Courses in relation to the standard/s implemented
  • Professional services (Consultancy)
  • Certification costs for ERS projects
    • Certificate issued must be from a third-party certification body whose certificate is accredited by an internationally recognised accreditation body or the Singapore Accreditation Council (SAC).
  • Verification costs for BCP project
    • Verification report must be from a third-party certification body whose certificate is accredited by an internationally recognised accreditation body or the Singapore Accreditation Council (SAC).

Please note that SPRING Singapore will not be accepting CDG application for verifiable BCP after 31 March 2017.

There are no standard fees as every company may differ in its operations and processes. The certification and consultation cost will depend largely on the companies’ business model, structure and processes. You may wish to ask for cost proposals from various consultancy firms.

The verifiable BCP initiative will help enterprises develop their contingency plans for specific and recurring scenarios such as haze-related disruptions, without the need for full ISO 22301 BCM certification. SPRING Singapore will not be accepting CDG application for verifiable BCP after 31 March 2017.

Based on the ISO 22301:2012 framework, BCP refers to a plan for a business to continue operations if it is affected by different levels of disasters or disruptions. The outcomes are as follow:

  • Enable small and medium enterprises (SMEs) develop a basic BCP as a business resilience tool to address specific and recurring scenario/s in Singapore.
  • Encourage companies that have embarked on the BCP initiative, to take up BCM certification in the future; this would also raise the companies’ capabilities in managing BCM project on their own.

About BCM certification project

Business Continuity Management (BCM) is a tool that enables organisations to identify potential threats and provides a framework for your organisation to build up its resilience and capabilities for an effective response. Being certified in enterprise resilience standards (i.e. ISO 22301:2012) not only enables our companies to elevate their capabilities and reputation to a higher level, but also for them to compete more effectively against international companies. A typical BCM project would cover detailed Business Impact Analysis (BIA) and holistic planning and implementation that cut across all departments within an organisation.

As BCP is part of the BCM certification project, it focuses more on addressing specific scenario/s that the company wishes to develop contingency measures for. This may involves key critical functions and not necessary, company-wide implementation depending on the nature of identified risks and potential impact involved. For instance,

Typical BCM Certification Verifiable BCP Project
Broad Risk Assessment during project scoping by company/consultant Identify company’s current state, which demonstrates the company’ intent to develop a BCP. For instance, at least one example of disruption per company before pre-BCP implementation.
Awareness and training workshops for management and staff and/or specialised BCM training for two pax in the company, e.g. lead/internal auditor training for BCM. Specialised BCM training for two pax in the company, e.g. lead/internal auditor training for BCM.
Business impact assessment – includes identifying risks that affect company’s continuity Identify top three potential risks with the greatest impact to the company’s continuity.
Development of business continuity plan Development of a business continuity plan for specific scenario/s.
Table-top exercise (TTX) for specific scenario/s Identified scenario/s to be tested by the company, which could be done in talk-through format.
Refinements to the BCM SOPs/manuals arising from TTX Finalised BCP which is tested out based on scenarios which are critical to the company’s operations
Preparation for audit by external consultant Nil. Consultant can assist companies in this aspect in preparation for verification by CBs.
Third-party audit Third-party verification
Certification Issue of one verification report
Post-project: annual re-surveillance to maintain certified status in the next three years. Nil. Companies are encouraged to test the identified scenario/s every year, to ensure contingency measures are relevant.

Relationship between verifiable BCP and BCM certification projects

As the verifiable BCP takes guidance from the BCM international standard and is considered a scaled-down version of a BCM certification project, it includes more information as compared to a BCP that is part of a BCM certification project. The verifiable BCP that is supported under SPRING Singapore’s Capability Development Grant should contain and not limited to the following components:

  1. Documented information on the following BCM clauses:
    1. Context of organisation
    2. Leadership
    3. Planning
    4. Support
    5. Operation
    6. Performance Evaluation
    7. Improvement

Details on the above seven points are as follow:

  1. Company’s policy on business continuity management which covers the aim of business resilience within its organisation and the critical areas e.g. staff’s well-being, preservation of irreplaceable assets. [Context of organisation; Planning]
  2. People with defined responsibilities, including management, HODs/staff and BCP committee [Leadership; Support]
  3. Documented implementation, such as workflows to handle disruptions and resume operations [Planning; Support; Operation]
  4. Performance assessment and target set, e.g. company’s maximum tolerable downtime should be only 24 hours, with six-hour status reporting to management before optimum operations resume. [Performance Evaluation; Improvement]
  5. Capture, report and monitor continual improvements, arising from annual drill/surprise test, table-top exercise, post BCP-implementation etc.[Improvement]
  6. Any supporting information where applicable to the documented BCP (e.g. other BCM or enterprise resilience standards relevant to the company’s sector) [all seven clauses]

The non-exhaustive list serves to provide some examples for companies to consider:

  • Theft of sensitive information by staff
  • Loss of customer data
  • Food poisoning for companies involved in the food sector, which may include logistics companies as well
  • Negative coverage on social media that went viral
  • Not able to access main building where the office is located
  • Fire outage
  • Breakdown in public infrastructure, e.g. transport, telecommunications
  • Haze at very unhealthy range (PSI 201 and above)
  • Spread of infectious pandemic at DORSCON Alert Yellow (WHO Phase 4) announced by the Health Ministry in Singapore
  • Flooding that results in loss of assets, supply chain disruptions etc
  • Loss of electrical supply

Please note that SPRING Singapore will not be accepting CDG application for verifiable BCP after 31 March 2017.

The project deliverables required for the companies’ grant claims are:

  1. Final Project Report from company, which covers the changes experienced by the company, project’s benefits, identified risks, finalised BCP and future plans.
    • BCP (to be sighted by SPRING or SBF during post-project company visit).
  2. Verification report from SAC/internationally-accredited certification body in BCM

Please note that SPRING Singapore will not be accepting CDG application for verifiable BCP after 31 March 2017.

The primary aim for the verification of BCP is to seek independent auditor’s view on the possible gaps and robustness of the companies’ BCP. It is a way for companies to further strengthen their capabilities. The scope should cover the following:

  • Demonstrate linkage between the BCP’s objective; top three identified potential risks by the company; processes/measures that supports the objective and the company’s learning points arising from the tested scenario/s which the BCP is based on.
  • Illustrate companies’ efforts to close the identified gaps arising from tested scenario.
  • Comparison of before BCP and after BCP implementation, with examples on how companies’ capabilities have been enhanced.
  • List out companies’ next steps to enhance their BCP in the near future, e.g. any plans to be BCM-certified, or more specialised training for their staff.
  • Certification bodies which are internationally-accredited in ISO 22301: 2012 or by accredited by the Singapore Accreditation Council for BCM can conduct this segment.

Please note that SPRING Singapore will not be accepting CDG application for verifiable BCP after 31 March 2017.


APPLICATION PROCESS

STEP 1: PRE-APPLICATION
  • Check your eligibility before you apply.
  • Ensure that your project has not commenced.
  • Prepare the following documents for submission with your application.
  • Latest ACRA Search or Instant Information (≤6 months old*) of your Company and your Corporate Shareholders if applicable.
    • Latest Audited Financial Statements (≤1 year old*) of your Company and Consolidated Financial Statement of your ultimate parent company if applicable.
    • Project Proposal^ (Read the guide , 81KB)
    • Quotations for your project cost items
    • Consultant’s cost proposal if consultancy services are required

*Not required if provided to SPRING in the preceding 12 months and there has been no change.

^ Not required for grant support of $30,000 or less (i.e. total project cost of approximately $45,000 or less). SMEs will only be required to answer about 5 guided questions.

Prepare the following information# based on the last financial year* and the projected 3-year figures from the year after the project is completed. 

QUANTITATIVE IMPACT INDICATORS E.G. TOTAL SALES REVENUE, REMUNERATION JOB CREATION INDICATORS E.G. TOTAL STAFF STRENGTH, NO. OF MANAGERS & PROFESSIONALS

(Read the detailed explanation of the above , 74KB)

# Figures should be representative of the applicant company (not the consolidated group of corporate shareholder) 
* For grant support of $30,000 or less (i.e. total project cost of approximately $45,000 or less), only key indicators based on the last financial year will be required.


STEP 2: APPLICATION

From 16 January 2017 onwards, companies should access the Business Grant Portal to apply for CDG support. Hard copies of CDG application form will not be accepted by SPRING. For more information on the application process, please contact SPRING if you have any queries.


STEP 3: APPROVAL PROCESS
  • SPRING will be in touch with you upon receipt of your application.
    • A meeting would be arranged to better understand your company and the project.
    • You may be required to revise your application if the information submitted is incomplete.
    • Depending on your industry sector and the development area, you may be asked to provide current and projected productivity indicators due to your project (e.g. Time spent on processing, sales per transaction, cost savings, etc).
  • SPRING will assess your application based on your business functions, the project scope and the competency of the service provider/s in improving your business capability. All applications are subject to SPRING’s approval
  • When your application has been approved, you will receive an email notification from SPRING.
  • The Letter of Offer will be mailed to the company.
  • During the Project Implementation period, you should ensure that:
    • Proper project records are maintained; e.g. project scope, timeline, deliverables, progress reports and project sign-offs.
    • Proper financial records are maintained; e.g. invoices and receipts relating to the project.

CLAIM PROCESS

  • Please refer to the Claim Submission Checklist (596KB) and prepare the required documents. 
  • Click here (7KB) for the Project Report template. 
  • First-time grant applicants can also download the GIRO form (442KB).
  • Engage an auditor from SPRING’s Pre-Qualified Panel (292KB) to verify your claim submission, unless expressly exempted by SPRING
  • Contact the Pre-Qualified Panel of auditors for a quotation
  • Appoint an auditor of your choice
  • Send all the claim supporting documents to the auditor (this can be done via the Portal or by Post)
  • Log on to the SPRING Grant Portal and complete the claim submission online. Click here for the SPRING Grant Portal Step-by-Step User Guide.
  • Documents to be sent to the respective parties (can be done by post):
To Auditor To SBF

Claims Form 1a and 1b

Supporting Documents for Cost Items:

  • Salary - CPF statement (any 1 month within the project period per staff) or employment pass/work permit for foreign employees
  • Equipment & Software - Invoices, Delivery Orders, Receipts & Hire-purchase agreement if applicable
  • Other Costs - Invoices & Receipts (airfares, training, materials & consumables, consultancy, mystery audit, IP rights acquistion, IP registration, testing and certification, relocation, audit fee, others)
  • Copy of the certification
  • Final report on company's letterhead


IMPORTANT: Claims must reach SBF within 6 months from the scheduled completion date of the project, or the grant offer shall automatically lapse thereafter.

 

WHAT HAPPENS AFTER I HAVE SUBMITTED MY CLAIMS?

The Auditor you have appointed will verify your claim documents and issue an Audit Report upon completion of the verification.

The auditor may contact you for further clarifications if required

SBF will contact you to verify the completion of the project and the deliverables met based on your Project Report.

  • A site visit or presentation meeting may be arranged for this purpose.
  • You may be asked to revise your Project Report if information is incomplete.

Upon the complete receipt of BOTH the Project Report and the Audit Report, SBF will proceed to process the grant disbursement. The funds will be disbursed within six to eight weeks via GIRO to your designated bank account.

  • You will be notified through an email notification upon approval of the grant disbursement.
  • An email notification will also be sent out by DBS to the email address stated in the GIRO form to confirm the transaction.

Please feel free to contact SPRING if you have any query on grant application and claim submission.