CIaaS Limited · Independent UK consultancy

Cyber security and identity, engineered.

CIaaS is an independent UK consultancy for Microsoft 365, Azure and identity, led by a CISSP with more than 30 years in the field. We advise, we implement – and when the right tool doesn’t exist, we build it. Six products so far.

CISSP-led 30+ years’ experience Microsoft 365 & Azure Registered in England & Wales

What we build

Software we ship, not just slides.

Every CIaaS product began as a problem a real organisation actually had. We design, build and run them ourselves, on UK Azure infrastructure, to the same standards we recommend to clients.

Messaging governance · Charities, care & schools

ComplyChat

Every work chat, on the record.

ComplyChat gives your people and the people you serve a familiar messaging experience they already know. Everything is captured, retained and fully auditable in your own Microsoft 365, so safeguarding, subject access and compliance hold up.

chat.org.uk

Frontline workforce · Microsoft Teams

StaffID®

The whole operation, in their pocket.

StaffID turns the Microsoft Teams app your people already carry into a complete frontline hub – rosters, tasks, an LMS, messaging and attendance – with no separate app to install and no in-house IT team required.

staffid.net

Facilities management · Cleaning & security

i-Site

Your client sees what you see, in real time.

One real-time dashboard that cleaning and security contractors share with their building-owner clients.

i-site.co.uk

Smart waste · Councils

BinSense

Every bin, online. Every saving, measured.

Sensor-led waste monitoring and route optimisation for councils and operators, built on LoRaWAN.

binsense.co.uk

Identity governance · Source-available

Account Factory

Self-service Joiner, Mover, Leaver for everyone HR never sees.

Joiner, mover and leaver workflows for the volunteers, contractors and trustees HR systems never provision.

accountfactory.org

Compliance as code · Microsoft 365 & Azure

Secure Compliance

Write a control once. Prove it always.

Implement a control once, satisfy many frameworks, and evidence it continuously from your live tenant.

secure.org.uk

What we do

A full security practice, end to end.

From board-level governance to hands-on engineering, delivered as fixed-scope engagements with written, runnable outputs – not traffic-light decks.

Security strategy & governance

Security aligned to what the organisation is actually trying to do – governance, risk appetite and a roadmap the board can own.

Risk & supply chain

Internal and third-party risk, assessed and prioritised – including the suppliers who quietly hold your data.

Technical architecture

Defence-in-depth design for cloud, hybrid and on-premises estates – built to be operated, not admired.

Incident detection & response

Prepare, detect, contain, recover – with procedures your team has actually rehearsed before the bad day.

Compliance & accreditation

Pragmatic support for Cyber Essentials, ISO 27001, UK GDPR, PCI DSS and NIST CSF 2.0 – evidence first, paperwork second.

Awareness & training

Training that fits the audience, from trustees to frontline teams – not generic e-learning nobody finishes.

Vulnerability & threat management

Continuous scanning with threat-led prioritisation, so the list gets shorter instead of longer.

Zero Trust & identity

Identity is the new perimeter. Zero Trust architecture, IAM, least privilege and MFA – the discipline behind Account Factory.

How we work

Advice that has to survive contact with production.

01 / Assess

Fixed-scope reviews

Short, fixed-price assessments of your Microsoft 365, Azure, identity or network estate. You get findings an engineer can act on the same week – with the evidence behind every one.

02 / Engineer

Implementation, not hand-waving

We implement what we recommend, or work alongside your team while they do – in your tenant, with your accounts, under your change control. Nothing leaves your environment.

03 / Run

Keep it running

Where something needs to keep running – continuous compliance, identity lifecycle, frontline operations – our products take over, without lock-in: you can walk away with everything still working.

About CIaaS

Independent, hands-on, accountable.

CIaaS – Compliant Infrastructure as a Service – is an independent consultancy led by Terry Sullivan, a CISSP-certified security specialist with more than 30 years across IT and cyber security.

The practice works where security decisions actually land: Microsoft 365 tenants, Azure subscriptions, identity platforms and the networks underneath them. Engagements are deliberately small, senior and fixed in scope – you work with the person who does the work.

The products came later, each one built because a client needed something that did not exist: governed identity lifecycle for volunteers, a frontline hub inside Teams, auditable WhatsApp, a shared real-time dashboard for contractors and their clients, bins that report their own fill levels, and compliance that proves itself. They are all run from the UK, by us.

CISSP-certified
30+ years’ experience
UK registered company

Contact

Tell us what you’re trying to fix.

A security worry, an identity project, or one of our products – whichever it is, your message goes straight to a person who can help.

Company

CIaaS Limited
Registered in England & Wales
Company No. 14519311

Product enquiries

Account Factory – accountfactory.org
StaffID – staffid.net
i-Site – i-site.co.uk
BinSense – binsense.co.uk
ComplyChat – chat.org.uk
Secure Compliance – secure.org.uk

Send us a message

We reply within one working day.

No marketing list, no cookies – see our privacy notice.

Message sent

Thanks – we’ll come back to you within one working day.