1. Home
  2. Trust Centre
  3. Business Continuity & Disaster Recovery Statement
Searching...

Business Continuity & Disaster Recovery Statement

Read Time: 4 minutes Tags:
Article Contents
Business Continuity & Disaster Recovery Statement

Business Continuity & Disaster Recovery Statement

At Hixon Group Limited we recognise that disruption is an inherent risk to modern service delivery. This statement outlines our structured approach to business continuity and disaster recovery, demonstrating how resilience is embedded into our operations to protect services, clients, and critical dependencies.

Statement Purpose

This statement sets out how we approach business continuity and service resilience, providing clients and partners with confidence that critical services are protected, recoverable, and actively managed.

It demonstrates that continuity arrangements are structured, regularly tested, and aligned to recognised best practice, while intentionally remaining high level to avoid disclosure of sensitive operational or security information.

Our Commitment

We will always ensure to maintain a fully documented disaster recovery & business continuity plan designed to ensure the continued delivery of managed IT services, cybersecurity and cloud platform management & monitoring during disruptive events.

Our disaster recovery plan is reviewed regularly and tested to ensure it remains effective and aligned to business operations.

Statement Scope

Our business continuity and disaster recovery arrangements cover:

  • Managed IT support services
  • Cybersecurity and incident response services
  • Cloud and Microsoft 365 management
  • Internal systems required to support client operations
  • Key third party suppliers that underpin service delivery

Together, this scope ensures continuity arrangements address the people, systems, services, and suppliers critical to ongoing client operations.

Core Principles

Our approach to business continuity and disaster recovery is guided by clear principles that prioritise client impact, risk control, and effective decision making during disruption.

  • Client service continuity is prioritised, with recovery actions focused on maintaining or restoring critical services as quickly as possible.
  • Risks to service delivery are identified, assessed, and actively managed through preventative and recovery controls.
  • Reliance on single systems, locations, or individuals is minimised to reduce single points of failure.
  • Clear authority, responsibility, and escalation paths are defined to support timely and decisive response.
  • Incidents, near misses, and disruptions are documented, reviewed, and used to strengthen future resilience.

Together, these principles ensure continuity arrangements are practical, accountable, and focused on protecting client outcomes.

Business Resilience

Resilience is built into our people, systems, and supplier relationships to ensure continued operation during disruption and rapid recovery following an incident.

Workforce Resilience

  • Staff are equipped to operate securely and effectively from any location, enabling sustained service delivery during localised or widespread disruption.
  • Operational capability is not dependent on a single physical site.
  • Clear delegation of authority and role coverage is defined to maintain decision making and service continuity in the event of staff unavailability.

Systems and Data Protection

  • A cloud first architecture is used, leveraging resilient, scalable platforms designed for high availability.
  • Backups are performed regularly and recovery processes are tested to validate data integrity and restoration capability.
  • Access to systems and credentials is tightly controlled in line with role based permissions and least privilege principles.

Supplier and Platform Resilience

  • Critical suppliers and platforms are identified, documented, and subject to ongoing review.
  • Supplier dependency and concentration risks are assessed as part of the organisation’s formal risk management process.
  • Contingency arrangements are in place to mitigate the impact of supplier or platform outages.

Together, these measures ensure people, systems, and suppliers can continue to operate through disruption and recover quickly from incidents.

Incident Management

We operate a clearly defined and documented set of incident management procedures designed to ensure incidents are identified promptly, managed decisively, and resolved with minimal impact to clients and service delivery.

Incident response arrangements cover a range of credible disruption scenarios, including but not limited to:

  • Cyber security incidents, including data compromise, service degradation, and malicious activity.
  • Platform or infrastructure outages affecting cloud, connectivity, or core service components.
  • Loss or unavailability of key personnel, including escalation and role substitution arrangements.
  • Third party or supplier service disruption that impacts client services or operational capability.

During incidents, clear command, escalation, and decision making structures are applied to coordinate response and recovery activities.

We are committed to ensuring clients are kept informed through timely, accurate, and proportionate communications, focused on service impact, recovery progress, and next steps.

Testing & Review

To ensure resilience arrangements remain effective, current, and aligned to real world risks, business continuity and disaster recovery capabilities are subject to structured testing and formal review.

  • Business continuity arrangements are reviewed at least annually, and additionally following significant organisational, technical, or threat landscape changes.
  • Tabletop exercises are conducted to validate decision making, roles, communications, and recovery readiness under realistic disruption scenarios.
  • Outcomes, lessons learned, and improvement actions are formally documented, assigned ownership, and tracked through to completion to drive continuous improvement.

Regular testing and review of our procedures ensure resilience arrangements remain relevant, effective, and continually improved.

Operational Standards

Our continuity and resilience arrangements are aligned with recognised industry standards and external expectations to ensure they are proportionate, effective, and independently defensible.

  • Alignment with established information security and resilience frameworks, including ISO 27001, Cyber Essentials, and National Cyber Security Centre guidance.
  • Integration of supplier and third party due diligence expectations to address dependency and supply chain risk.
  • Consideration of insurer resilience and business interruption assessment criteria to inform continuity planning and support effective claims engagement.

Together, these standards provide an external benchmark for the design, operation, and ongoing improvement of our resilience arrangements.

Further Information

For further information please contact us:

Email: support@hixongroup.com

Telephone: 01782 365124

Change Log

This section records material updates to this statement.

  • 23/01/2025 – Original document published.
  • 03/01/2026 – Document reviewed and updated to reflect enhancements to internal testing and review processes.

Published February 8, 2026, by Jonathan Lawton.

Article written by

Jonathan Lawton

Jonathan is an experienced IT professional and the Founder / CEO of Hixon Group.

Was this article helpful?

Please take a moment to let us know if you found this article helpful.

Yes No
Still need help or advice?
Can't find the answer you're looking for? Don't worry we're here to help!
Contact Us