Evidence of Practical System Resilience Measures

Effective Date: 5 Jan 2026

AIC Professional Services UK Ltd has implemented a set of proportionate but effective technical and organisational controls to address the cyber-attack and system failure risks identified in its resilience risk assessment. These measures directly support the required resilience levels assigned to each system.

Cloud Services & Data Resilience

All company email, collaboration, and document storage is provided through Microsoft 365, selected for its built-in availability, redundancy, and security controls.

To mitigate the risk of data loss, accidental deletion, ransomware, or provider-level failure:

  • A separate, automated backup service is used to back up all Microsoft 365 data, including email and file storage.

  • Backups are performed on a scheduled basis and retained independently of Microsoft 365.

  • Backup data is protected using encryption and access controls.

This directly addresses:

  • Data loss risk

  • Ransomware impact risk

  • Cloud service dependency risk

Identity & Access Protection

To mitigate the risk of credential compromise and unauthorised access:

  • All user access to Microsoft 365 and critical systems is protected using multi-factor authentication (MFA).

  • Strong, unique passwords are enforced.

  • Access is granted on a least-privilege basis and reviewed periodically.

This directly addresses:

  • Phishing and credential compromise risk

  • Unauthorised access risk

Endpoint & Device Security

All end-user devices used for business purposes are:

  • Protected by built-in operating system security controls

  • Configured to receive automatic security updates

  • Protected by device authentication and disk encryption where supported

  • Capable of remote lock or wipe if a device is lost or stolen

This directly addresses:

  • Device loss or theft risk

  • Malware and endpoint compromise risk

Availability & Service Continuity

To ensure continuity of operations during outages or failures:

  • Cloud-hosted services are used to avoid reliance on single physical locations

  • Data and services can be accessed securely from alternative devices if required

  • Website hosting is provided via a managed hosting platform with built-in availability controls

This directly addresses:

  • Local system failure risk

  • Single-point-of-failure risk

Monitoring, Recovery & Incident Handling

  • System access and activity are logged through cloud service provider tooling

  • Incidents or suspected security events are investigated promptly

  • Backup and recovery capability provides a defined recovery path in the event of data loss or compromise

This directly addresses:

  • Delayed detection risk

  • Extended recovery time risk

The above controls demonstrate that AIC Professional Services UK Ltd has taken practical, implemented actions—not just documented intentions—to build resilience into its systems. These actions are directly aligned with the resilience requirements identified in the company’s cyber-attack and system failure risk assessment and are appropriate for the size, complexity, and risk profile of the organisation.

Let’s Shape the Future of Industry Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.

Let’s Shape the Future of Industry Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.

Let’s Shape the Future of Industry Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.