AI Consultancy — the flagship
Make AI useful.
Keep it safe.
A working path from “everyone's talking about AI” to tools your team uses every day, governed properly. Built and run by the people who already look after SME security — without the hype or the fear.
The journey
Five stages, tools last
The order is the whole method. Most failed AI projects bought the tools first; the groundwork is what makes them work when they arrive.
- 1
Assess
Know where you stand
The AI Readiness Assessment: your data, your permissions, the AI tools staff already use unofficially, and your best opportunities, mapped in about two weeks.
See the assessment - 2
Secure
Fix the foundations
Permissions tightened, data tidied, a working AI usage policy in place. The same discipline Cyber Essentials expects — applied to AI.
- 3
Deploy
Roll out what earns its keep
Microsoft 365 Copilot, automation and custom AI agents — started where the payback is clearest, not everywhere at once.
- 4
Train
Bring your people with you
Role-specific training pitched at normal people, so the tools get used well — and staff stop pasting company data into random websites.
- 5
Manage
Keep it governed
Usage reviewed, policy kept current as the tools change, new capabilities assessed before they reach your data.
Why us
AI fails where security is loose. We fix that first.
What makes AI risky in an SME isn't the models. It's ungoverned data, loose permissions and tools nobody signed off — security problems, and fixing them is our day job.
AI inherits your permissions
Copilot can see whatever the person using it can see. If ten-year-old HR folders are open to everyone, AI makes that discoverable in seconds. We tighten access first.
Shadow AI is already in the building
Staff are already using AI tools nobody signed off, pasting real work into them today. Sanctioned tools plus clear rules beat quiet bans every time.
Governance is a habit you already need
Knowing where data lives and who can reach it is the same discipline Cyber Essentials and UK GDPR expect. AI just raises the stakes for skipping it.
What “governed” means here
- You can name every AI tool touching company data
- Each tool is on a business tier that doesn't train on your data
- Permissions reviewed, so AI can't surface what people shouldn't see
- A one-page AI usage policy your staff have actually read
- UK GDPR records and privacy notices updated to match
- Someone accountable for reviewing it as the tools change
AI services
The six AI services, in the order they should happen
Take the journey end-to-end or pick the piece you're missing — every engagement starts by understanding what you already have.
AI Readiness Assessment
The fixed-fee starting point: a two-week review with a prioritised roadmap at the end. See the assessment →
Secure adoption & governance
An audit of the AI already in use, a plan to get your data tidy enough for it, UK GDPR alignment and a working AI usage policy (free starter here). Rules agreed before tools.
Microsoft 365 Copilot deployment
Permissions locked down first, licences targeted at the roles with real payback, prompts and workflows set up for your teams.
Automation & custom AI agents
The repetitive work — quoting, triage, reporting, data entry — automated with AI agents built around your systems, tested like software.
Staff training & adoption
Short, practical sessions per team: what to use AI for, what never to paste into it, and the habits that make it stick.
Managed AI governance
Ongoing oversight as models and features change monthly: usage reports, policy updates and a straight answer to “should we use this?”
FAQ
The questions every sensible owner asks
Shadow AI, GDPR, Copilot licences — answered before you have to ask.
Our team is already using ChatGPT without permission. Is that bad?
It's normal — and it's exactly why the Secure step exists. People reach for helpful tools; the risk is company data going somewhere ungoverned. We audit what's actually in use (without a witch-hunt), then give people sanctioned tools and clear rules, which works far better than a ban.
Will our data be used to train AI models?
Not if it's set up properly. Business-grade services — Microsoft 365 Copilot among them — contractually don't train on your data; many free consumer tools do. Knowing which is which, and configuring the right ones, is a core part of the governance work.
Where does UK GDPR fit into this?
Anywhere personal data meets an AI tool. That means knowing what data each tool can reach, having a lawful basis, updating your records and privacy notices, and being able to answer 'where did this output come from?'. We build this into the setup rather than bolting it on after a complaint.
Do we need to be a technical company to benefit?
No. The work is built for ordinary businesses — accountancy firms, manufacturers, professional services, logistics — anywhere with repetitive admin and lots of documents. If your team lives in email, Word and Excel, there's almost certainly a worthwhile use case.
Is Microsoft 365 Copilot worth the licence cost?
For some roles, clearly; for others, not yet. That's why we target licences using real usage data instead of buying one for everyone. The readiness assessment includes a licensing and cost estimate so you decide with numbers, not a vendor pitch.
How fast will we see any value?
The assessment is designed to pay back quickly: surfacing permissions problems and quick automation wins is the point of its first fortnight. Bigger deployments are phased so something useful ships early rather than everything arriving at once.
Talk to us
Find out where AI actually fits your business
Bring your questions — even if they start with “is this all nonsense?”. You'll get a straight, engineer's answer.
Everything we look at is read-only, under NDA, and access is removed when we're done.