What is G-Cloud 14?

G-Cloud 14 is the UK Government’s procurement framework for cloud-based computing services. It streamlines the way public sector organisations buy cloud hosting, software and support services from pre-approved suppliers.

The framework aims to simplify procurement by removing lengthy tender processes. Instead of running individual tendering exercises, public sector buyers can purchase directly from suppliers that have already been vetted and approved. It saves time and reduces costs while maintaining quality standards. G-Cloud 14 replaced the previous G-Cloud 13 framework and includes:

  • Lot 1 – Cloud hosting
  • Lot 2 – Cloud software
  • Lot 3 – Cloud support (where KEEP’s services sit)

G-Cloud 14 runs for 18 months from 29 October 2024. Initial contracts can last up to 36 months, with one possible extension of up to 12 months, though this must be specified in the initial contract terms. The total contract length can’t exceed 48 months, including both the initial period and any extension. Central Government contracts are subject to additional restrictions on extensions.

Our approved G-Cloud 14 Services

KEEP is an approved G-Cloud 14 supplier. We’ve earned this status through proven results, not promises. Our 11 approved services in Lot 3 (Cloud Support) deliver the same expertise that protects Government organisations. Our G-Cloud 14 services include:

3rd Party Risk Review Service

Third-party cyber attacks are happening more frequently. Cybercriminals target your suppliers to reach you through compromised software, breached systems or weak security practices. We help you map your supply chain risks and build stronger defences against these indirect threats.

Service Benefits:

  • Expert analysis of your supplier security posture
  • Clear identification of high-risk relationships
  • Actionable steps to reduce third-party vulnerabilities
  • Tools to hold your suppliers accountable for their security
  • Stronger overall cyber resilience

Service Page & Rate Card:

G-Cloud 14: 3rd Party Risk Review Service

Attack Surface Mapping

Every organisation has unique vulnerabilities that attackers can exploit. These weak points make up your ‘attack surface’, the digital and physical entry points that criminals target. Our consultants identify where you’re exposed and help you close the gaps.

What we examine:

  • Employee and contractor access points
  • Physical location security
  • Supplier connections
  • Department-specific risks
  • Infrastructure vulnerabilities

Service Benefits:

  • Complete visibility of your attack surface
  • Specialist guidance on reducing vulnerabilities
  • A clear understanding of how attackers might target you
  • Practical steps to strengthen your defences

Service Page & Rate Card:

G-Cloud 14: Attack Surface Mapping

Cloud Security Consultancy

Without proper setup, your Microsoft Azure and Office 365 configurations can leave your organisation exposed. We review your cloud environment against security best practices and give you clear priorities for fixing any gaps or misconfigurations that could put your organisation at risk.

What we review:

  • Microsoft ENTRA ID setup and recommendations
  • Microsoft 365 Defender configuration
  • Office 365 and Intune security settings
  • Microsoft Exchange protection
  • Azure cost analysis
  • Azure Platform & Services

Service Benefits:

  • An expert review of your cloud security posture
  • Azure and Office 365 best practice recommendations
  • Clear steps to reduce your vulnerabilities
  • Smart resource allocation based on real risks
  • Configuration advice tailored to your organisation

Service Page & Rate Card:

G-Cloud 14: Cloud Security Consultancy

Cyber Security Consultancy

Good cybersecurity starts with understanding what you’re actually protecting. Our consultants work with you to map your physical infrastructure and digital assets, spot vulnerabilities and build defences that fit your budget and risk appetite. No cookie-cutter solutions, just practical security that works for your organisation.

How we work:

  • Identify: Map your assets (technical, physical and human)
  • Quantify: Measure your vulnerability levels and operational impact
  • Prioritise: Focus effort where it matters most
  • Mitigate: Apply controls that match your risk appetite
  • Improve: Build cybersecurity capabilities that grow stronger over time
  • Transform: Create lasting change through consistent, expert guidance

Service Benefits:

  • Expert analysis of your current security posture
  • Clear priorities based on your actual risks
  • Practical advice that fits your organisation
  • Smart resource allocation for maximum protection

Service Page & Rate Card:

G-Cloud 14: Cyber Security Consultancy

Cyber Security Transformation

Our consultants help you build mature cybersecurity capabilities that protect your organisation long-term. We work with you to overhaul your outdated approaches and create security programmes that reduce risk while supporting your growth.

Our approach:

  • Identify: Understand what you’re really protecting
  • Quantify: Measure risks based on their organisational impact
  • Prioritise: Focus your transformation efforts strategically
  • Mitigate: Implement controls that fit your environment
  • Improve: Build capabilities for continuous security improvement
  • Transform: Achieve effective, sustainable security measures

Service Benefits:

  • Complete security programme transformation
  • Expert guidance on lasting improvements
  • Controls that work with your organisation, not against it
  • Clear roadmap for ongoing security maturity

Service Page & Rate Card:

G-Cloud 14: Cyber Security Transformation

Cyber Threat Modelling (CTM)

Understand precisely how attackers might target your organisation. Our cyber threat modelling service gives you clear insight into the attack scenarios that pose real danger to your operations. We map the threats you face and show you how to defend against them effectively.

What we analyse:

  • Attack scenarios specific to your sector
  • Tactics, techniques and procedures used against organisations like yours
  • Vulnerabilities in your infrastructure
  • Practical steps to address the threats that matter
  • Cross-spectrum threat analysis
  • Likelihood and effort required for different attack types

Service Benefits:

  • Clear picture of attack scenarios targeting your organisation
  • Priorities based on real attacker behaviour
  • Reduced exposure to genuine threats
  • Third-party validation of your security approach

Service Page & Rate Card:

G-Cloud 14: Cyber Threat Modelling (CTM)

Microsoft Defender 365 services

Microsoft Defender 365 has powerful capabilities. But when it comes to implementing it effectively, most organisations barely scratch the surface. Our consultants help you get real value from your investment. We’ll configure Microsoft Defender 365 properly, show you the features worth using and integrate it with your existing security tools.

What’s included:

  • Complete Microsoft Defender 365 review and optimisation
  • Expert configuration guidance and implementation
  • New feature assessment and enablement
  • Integration with your existing security infrastructure
  • Licence analysis and cost optimisation recommendations
  • Azure platform security reviews

Service Benefits:

  • Maximum value from your Microsoft Defender 365 licences
  • Proper threat detection and response capabilities
  • Reduced security gaps through expert configuration
  • Understanding of Microsoft Security Copilot’s potential
  • Set up tailored to your organisation’s needs

Service Page & Rate Card:

G-Cloud 14: Microsoft Defender 365 services

Microsoft Kusto Query Language (KQL) support

Microsoft KQL is a powerful but complex tool that lets you explore your data to spot patterns and identify anomalies. Our consultants write advanced hunting queries that work in Microsoft Defender 365 and Sentinel. We help you find the threats that matter and automate your responses, so you spend less time chasing false alarms.

What we build:

  • Advanced hunting queries for Defender 365
  • Custom Microsoft Sentinel detection rules
  • Targeted alerts based on your threat landscape
  • Effective monitoring and alerting systems
  • Query optimisation for better performance
  • Configuration reviews to improve effectiveness

Service Benefits:

  • Expert KQL queries that find real threats
  • Better monitoring for organisation-specific risks
  • Faster threat detection and response
  • Actionable dashboards that make sense
  • Automated responses through Azure Logic Apps

Service Page & Rate Card:

G-Cloud 14: Microsoft Kusto Query Language (KQL) support

NCSC Cyber Assessment Framework

The NCSC Cyber Assessment Framework sets the standard for UK cybersecurity. We help you understand where you stand against CAF requirements and build a practical roadmap to close the gaps. No box-ticking exercises, just real improvements that strengthen your security.

How we help:

  • Gap analysis against the NCSC’s Cyber Assessment Framework
  • Strategic roadmaps with resources and tools to address gaps
  • Support for wider cybersecurity activities meeting CAF standards
  • Practical guidance to fix weak security controls
  • Cybersecurity workshops and individual expert guidance

Service Benefits:

  • Clear guidance on meeting CAF requirements
  • Expert assessment from consultants who deliver CAF globally
  • Cost-effective approach that provides real security benefits
  • Identification of technical weaknesses that cost you money
  • Alignment with UK Government standards and future requirements

Service Page & Rate Card:

G-Cloud 14: NCSC Cyber Assessment Framework

NIS2 Consultancy

NIS2 compliance isn’t optional for essential service operators. Our consultants help you understand exactly what you need to do, prioritise the work that matters most and complete your Operators of Essential Services returns correctly. We’ve guided organisations through NIS requirements across multiple sectors.

How we support your compliance:

  • NIS2 control gap analysis and remediation planning
  • Operators of Essential Services returns support
  • Strategic planning for NIS2 control implementation
  • Best practice guidance tailored to your sector

Service Benefits:

  • Expert guidance on NIS2 control requirements
  • Professional support with OES returns
  • Clear priorities for compliance activities
  • Smart resource allocation based on real risks

Service Page & Rate Card:

G-Cloud 14: NIS / NIS2 Consultancy

virtual Chief Information Security Officer

Get executive-level cybersecurity leadership without the executive-level price tag. Our virtual CISOs become trusted advisers to your organisation, bringing decades of experience to strengthen your security posture and guide your technology strategy.

What our virtual CISO delivers:

  • Strategic cybersecurity programme development
  • Flexible support for projects or ongoing security management
  • Trusted adviser relationship with senior leadership
  • Risk and vulnerability identification with practical solutions
  • Clear, actionable advice relevant to your organisation
  • Executive reporting that translates technical risks into everyday language

Service Benefits:

  • Immediate access to senior cybersecurity expertise
  • Cost-effective alternative to hiring a full-time CISO
  • Flexible support that scales with your needs
  • Dedicated consultant who understands your organisation
  • Surge capability for critical projects or incidents

Service Page & Rate Card:

G-Cloud 14: virtual Chief Information Security Officer

Get in Touch

Contact us

KEEP cyber security services

Get in Touch

Close form