CIaaS Limited · Independent UK consultancy

Cyber security and identity, engineered.

CIaaS is an independent UK consultancy for Microsoft 365, Azure and identity, led by a CISSP with more than 30 years in the field. We advise, we implement – and when the right tool doesn’t exist, we build it. Five products so far.

Start a conversation See what we build

CISSP-led 30+ years’ experience Microsoft 365 & Azure Registered in England & Wales

What we build

Software we ship, not just slides.

Every CIaaS product began as a problem a real organisation actually had. We design, build and run them ourselves, on UK Azure infrastructure, to the same standards we recommend to clients.

Identity governance · Source-available

Account Factory

Self-service identity lifecycle for everyone HR never sees.

Joiner, mover and leaver workflows for volunteers, contractors and trustees – the populations HR systems never provision. Self-hosted in your own Azure tenant, with full audit trails, no per-seat fees and no vendor control plane.

accountfactory.org

Frontline workforce · Microsoft Teams

StaffID®

The whole operation, in their pocket.

StaffID turns the Microsoft Teams app your people already carry into a complete frontline hub – rosters, tasks, training, messaging and attendance – with no separate app to install and no in-house IT team required.

staffid.net

Smart waste · Councils

BinSense

Every bin, online. Every saving, measured.

Sensor-led waste monitoring and route optimisation for councils and operators, built on LoRaWAN.

binsense.co.uk

Messaging governance · Charities & care

Chat

WhatsApp, on the record.

Bring the WhatsApp conversations your organisation already relies on under proper governance and audit.

chat.org.uk

Network operations · NOC-as-a-service

Secure

Every alert, understood.

AI network management with a human NOC behind it – alert storms compressed into incidents that make sense.

secure.org.uk

What we do

A full security practice, end to end.

From board-level governance to hands-on engineering, delivered as fixed-scope engagements with written, runnable outputs – not traffic-light decks.

Security strategy & governance

Security aligned to what the organisation is actually trying to do – governance, risk appetite and a roadmap the board can own.

Risk & supply chain

Internal and third-party risk, assessed and prioritised – including the suppliers who quietly hold your data.

Technical architecture

Defence-in-depth design for cloud, hybrid and on-premises estates – built to be operated, not admired.

Incident detection & response

Prepare, detect, contain, recover – with procedures your team has actually rehearsed before the bad day.

Compliance & accreditation

Pragmatic support for Cyber Essentials, ISO 27001, UK GDPR, PCI DSS and NIST CSF 2.0 – evidence first, paperwork second.

Awareness & training

Training that fits the audience, from trustees to frontline teams – not generic e-learning nobody finishes.

Vulnerability & threat management

Continuous scanning with threat-led prioritisation, so the list gets shorter instead of longer.

Zero Trust & identity

Identity is the new perimeter. Zero Trust architecture, IAM, least privilege and MFA – the discipline behind Account Factory.

How we work

Advice that has to survive contact with production.

01 / Assess

Fixed-scope reviews

Short, fixed-price assessments of your Microsoft 365, Azure, identity or network estate. You get findings an engineer can act on the same week – with the evidence behind every one.

02 / Engineer

Implementation, not hand-waving

We implement what we recommend, or work alongside your team while they do – in your tenant, with your accounts, under your change control. Nothing leaves your environment.

03 / Run

Keep it running

Where something needs to keep running – network monitoring, identity lifecycle, frontline operations – our products take over, without lock-in: you can walk away with everything still working.

About CIaaS

Independent, hands-on, accountable.

CIaaS – Compliant Infrastructure as a Service – is an independent consultancy led by Terry Sullivan, a CISSP-certified security specialist with more than 30 years across IT and cyber security.

The practice works where security decisions actually land: Microsoft 365 tenants, Azure subscriptions, identity platforms and the networks underneath them. Engagements are deliberately small, senior and fixed in scope – you work with the person who does the work.

The products came later, each one built because a client needed something that did not exist: governed identity lifecycle for volunteers, a frontline hub inside Teams, auditable WhatsApp, bins that report their own fill levels, and a NOC that explains itself. They are all run from the UK, by us.

CISSP-certified

30+ years’ experience

UK registered company

Contact

Tell us what you’re trying to fix.

A security worry, an identity project, or one of our products – either way, your message goes straight to a person who can help.

Email

info@ciaas.com

Company

CIaaS Limited
Registered in England & Wales
Company No. 14519311

Product enquiries

Account Factory – accountfactory.org
StaffID – staffid.net

Send us a message

We reply within one working day.

Name

Organisation

Enquiry type

Message

No marketing list, no cookies – see our privacy notice.

This form needs JavaScript – email info@ciaas.com instead.

Message sent

Thanks – we’ll come back to you within one working day.