LOADING…
E2E RiskPLATFORM
Platform  /  Datasheets  /  Sovereign Supplier Assurance
UK public sector & CNI

Your tenant.Your keys. Your data.

Deployed into your Azure tenant, under your subscription. UK-South by default, customer-managed keys, egress to vetted endpoints only. Built for sovereign deployment - not retrofitted.

All datasheets
13 CNI sectors100% UK residency256-bit customer keys
0

US CLOUD Act exposure. US-hosted multi-tenant SaaS cannot lawfully hold OFFICIAL-SENSITIVE supply-chain data - data residency, customer-managed keys and audit-host obligations put most TPRM platforms out of scope. This was built sovereign from day one.

The challenge

Off-the-shelf SaaS is not OFFICIAL-SENSITIVE.

The problem
Off-the-shelf SaaS is not OFFICIAL-SENSITIVE.

US-hosted multi-tenant SaaS cannot lawfully hold OFFICIAL-SENSITIVE supply-chain data. Data residency, customer-managed keys and audit-host obligations put most TPRM platforms out of scope.

The approach
Sovereign by design.

Deployed into your Azure tenant, under your subscription. UK-South by default. Customer-managed Key Vault keys. Egress to vetted endpoints only. Auditable on request.

Why E2E Risk

Why teams choose us.

Customer-tenant deployment

Single-tenant in YOUR Azure subscription - never shared infrastructure.

Customer-managed keys

Encryption keys stay in your Key Vault. We never see them. Rotate at will.

UK data residency

Default UK-South. No US CLOUD Act exposure. No transatlantic transfer.

Air-gap capable

Signed corpus bundles for nuclear, classified or zero-egress deployments.

HMG / NCSC alignment

Built against CAF v3.2. Crown Marketplace ready. G-Cloud listed.

At a glance

The numbers that matter.

13
CNI sectors covered
100%
UK data residency
0
US CLOUD Act exposure
256-bit
customer-managed keys
How it works

Five steps, evidence underneath.

01
Classify
Confirm OFFICIAL / OFFICIAL-SENSITIVE + scope
02
Provision
Deploy to your Azure subscription, CMKs configured
03
Assess
NCSC CAF v3.2 against your supplier base
04
Operate
Continuous posture monitoring in your tenant only
05
Audit
NCSC-cleared review + customer-led external audit
Framework alignment

Mapped at the control level.

NCSC CAF v3.2Mandatory for OES + CNI + gov tier. Outcome-based scoring.
Government SecurityOFFICIAL / OFFICIAL-SENSITIVE handling caveats
ISO 27001:2022Required for HMG suppliers handling sensitive data
Cyber Essentials +Mandatory for HMG contracts above £100k
NIS Regulations 2018Operators of essential services obligations
UK GDPR / DPA 2018Data-processor obligations within the UK boundary only
Deployment

Run it your way.

OFFICIAL - managed SaaS

UK-South hosted, multi-tenant. For OFFICIAL only.

OFFICIAL-SENSITIVE - your Azure

Deployed to YOUR Azure tenant, CMKs. Recommended default.

CLASSIFIED - air-gapped

No network egress. Signed corpus bundles on schedule.

Next step

Book a sovereignty review.

We’ll walk OFFICIAL-SENSITIVE handling against your specific deployment.

All datasheets