Microsoft 365 for
UK public sector.
Central government, local authorities, arms-length bodies, and the wider public sector estate. Cyber Essentials Plus aligned, G-Cloud accessible where relevant, Official-Sensitive material handled properly, accessibility built in from the start.
P
What we build for UK public
sector clients.
Public sector procurement is specific in what it expects of suppliers. The technology has to meet the standards; the documentation has to be evidenced; the security baseline has to be in place; the accessibility has to be designed in rather than bolted on. We build to those standards by default.
Cyber Essentials Plus aligned Microsoft estates
CE+ is now the procurement floor for UK public sector technology suppliers and for many public sector internal estates. The Secure-by-Design Pack we deliver is aligned to it: Intune compliance policies, Conditional Access and MFA, audit logging, evidence pack for IASME review.
Citizen and service-user workflows
Power Apps and Power Pages portals for citizen-facing workflows, Power Automate for internal routing. GDS Service Standard considerations designed in: accessibility tested, plain English, alternative routes for non-digital users.
Document and case management
Public sector record discipline exceeds commercial firms. SharePoint configured properly for records management, retention schedules that match the public records duty, sensitivity labels for Government Security Classifications, FOI/EIR-ready audit trail.
Internal collaboration and Teams governance
Teams in a public sector body needs careful governance. Naming conventions for records management. Retention aligned to the public records duty. Guest access controls. Sensitivity labels that travel. The baseline that local government CIOs and SIROs ask for.
The standards and regulators that
shape this work.
Government Security Classifications
Official and Official-Sensitive handled in Microsoft 365. Secret and above needs accredited Microsoft Government Cloud tenants and specialist partners.
GDS Service Standard
User research, accessibility, performance measurement designed into any citizen-facing service we build.
Accessibility (PSBAR 2018 / WCAG 2.2)
WCAG 2.2 AA as the floor; AAA where required. Accessibility statements shipped with every UI.
FOI Act 2000 / EIR 2004
Workflows that support FOI/EIR response within statutory timescales. Document management designed to support, not undermine.
Public Records Act 1958
Retention schedules properly applied; nothing deleted that should not be deleted; nothing kept that should not be kept.
Cyber Essentials Plus / ISO 27001
CE+ is increasingly the procurement floor. ISO 27001 required by many central government departments.
Fixed-price packs that
fit this sector.
The Cloudbliss services that
fit this sector.
Cloudbliss gave us the evidence pack our IG team had been pretending to maintain. The auditor was so impressed they asked who built it.
Things sector leaders
actually ask.
Not yet; this is a 2026 priority. We are preparing the application for the next G-Cloud framework opening. In the meantime, public sector buyers procure us either directly (below the framework thresholds) or as a technical specialist on a larger consultancy's framework slot.
Microsoft 365 supports Official-Sensitive handling when configured properly. Sensitivity labels that travel with the document. Conditional access that restricts where Official-Sensitive can be opened. Encryption that means the document cannot be opened if it leaves the controlled estate. Audit logging. We are explicit that Secret and above needs accredited Microsoft Government Cloud tenants and specialist suppliers.
The records and document management discipline we build is the foundation: content is findable, retention is right, sensitivity is labelled correctly. We can also build Power Automate workflows for the FOI/EIR response process: intake, triage, assignment, drafting, review, response within statutory timescales, redaction tracking.
Every interface we deliver is built to WCAG 2.2 AA as a floor, tested with automated tooling and with manual review, and shipped with an accessibility statement. We work to AAA where required (typically central government services).
We support engagements that require BPSS-cleared staff. For SC or DV requirements, we work with specialist sub-contractors where needed. We are explicit about which clearance levels we can support directly.
With careful governance. The Copilot Readiness Assessment for public sector covers GSC handling, departmental AI use policies, and transparency considerations for any AI-generated content that affects citizens. Do the work properly before the rollout rather than retrospectively.