Sectors / Public Sector

Frameworks-ready services, outcomes-led delivery.

We've delivered through G-Cloud, the procurement processes that come with public money, and the assurance posture that comes after. The tick-boxes are part of the day job — outcomes are the point.

  • Crown Commercial Service
  • G-Cloud 14
  • ISO 27001
  • Cyber Essentials Plus
The standard that holds

When the IT estate underpins 999 emergency dispatch for a three-million-population region — or a sovereign overseas territory 8,000 miles from the UK mainland — the standard isn't “best effort.” It's “doesn't fail.”

South East Coast Ambulance Service runs life-critical 999 dispatch on a Nutanix platform M-Tech designed, deployed and continues to refresh — first commissioned in 2016, still operating today, never interrupted through a migration. The Falkland Islands Government runs an eight-node Nutanix hyperconverged estate across two Stanley data centres, commissioned on-island by M-Tech engineers under a 45-day professional services engagement, with the wider managed service running behind it. Both estates carry the same assurance posture we apply across the rest of our public-sector book.

Public Sector

Designed for the estates that can't go offline.

The same engineering bench that designs and runs networks, identity, cyber, cloud and managed service for the rest of the business does it here — fitted to the assurance posture, the procurement frameworks and the operational reality of public-sector delivery.

Inside the public-sector estate

Identity & access

Microsoft Entra, Conditional Access, MFA enforced, joiner-mover-leaver flows. Designed so the audit trail is automatic, not an end-of-year scramble.

Endpoint posture

Intune-managed devices, endpoint detection and response, automated patching. Compliance baselines aligned to NCSC Cyber Essentials and CAF outcomes.

Platform — Nutanix & private cloud

Hyperconverged infrastructure — on-premise, hosted in our UK data centres, or both. The same Nutanix platform underpinning 999 dispatch and a sovereign overseas territory.

Connectivity & SD-WAN

Fortinet SD-WAN, resilient access circuits, application-aware routing. Multi-site estates engineered so a single carrier path is never the single point of failure.

Data resilience & DR

Cross-site replication, immutable off-site backup, documented recovery objectives. Recovery designed around the outcome — not the green tick in a console.

Across the organisation

Framework procurement

Crown Commercial Service supplier on G-Cloud 14. Direct-award where the framework fits the buy; full tender support and bid response where it doesn't.

Audit & assurance evidence

Logging, change records, access reviews and configuration state captured in a form auditors and assurance teams can use directly. No reconstruction after the fact.

Cyber operations

24/7 SOC, managed detection and response, threat hunting, documented incident-response playbooks. Aligned to NCSC CAF objectives — identify, protect, detect, respond.

Service desk & on-site delivery

UK-based service desk with on-site engineers where the engagement needs them — from a 45-day on-island deployment in the South Atlantic to embedded teams in trust offices.

Strategic roadmap & QPRs

Quarterly performance reviews, structured improvement plans, technology roadmap discussions with senior people who can act on what comes out of the room.

What that depth in public sector actually buys you.

Mission-continuity through migration

999 dispatch never interrupted through a multi-site Nutanix refresh. Server workloads cut over out of hours, on the network, with the change invisible to operational staff. Migration isn't a service-impact event when it's run properly.

Evidence the auditor can actually use

Controls designed to produce evidence — not described in a methodology document. Logging, change records, access reviews and configuration state captured in a form CAF and ISO auditors can take straight into the assessment.

One accountable partner, end to end

Infrastructure, identity, cyber, connectivity, service desk, on-site delivery and strategic roadmap inside one engagement. From a UK data centre to a Stanley server room — same standards, same supplier, same accountability.

  • Crown Commercial Service
  • G-Cloud 14
  • Cyber Essentials Plus
  • IASME Cyber Assurance L2
  • ISO 9001
  • ISO 27001
  • DBS-Enhanced — every employee
Multi-site, multi-team

The standards that hold across 110 sites are the same that hold across two on opposite sides of the world.

Public-sector estates rarely sit on one floor of one building. The operating model has to hold across regions and time zones — and across a central function that has to see the whole thing at once. The places this lands hardest:

Cross-site replicationWorkloads replicated between sites — across a region or across the South Atlantic. Failover designed-in, tested, documented.
Central identityOne Entra tenant across every site, with Conditional Access shaped to role and location. Joiner-mover-leaver flows that close the door automatically.
Federated reportingEstate-wide visibility on cyber posture, ticket volumes, patch state, change activity. One pane of glass for the central team, drill-down per site.
Shared service deskOne UK service desk across the whole estate — the same engineers seeing every ticket, building institutional knowledge of the organisation rather than learning it once per site.
Consolidated procurementMicrosoft 365, Nutanix, Fortinet, telephony and security licensing held centrally and consumed by site. Less procurement effort, sharper unit cost.

This is one of the best engagements we've ever had with an external company.

Voice of the clientJason Tree · IT Infrastructure Manager, South East Coast Ambulance Service
How to engage

Sized to the shape of the organisation.

Most public-sector engagements start with a documented posture review of the existing estate. From there, the shape of the relationship depends on what's in place already, the assurance posture you're aiming for, and whether procurement is going via framework or tender. We'll quote on what you've actually got, not what a generic brochure assumes.

  1. Posture & estate review

    Documented baseline of the existing estate — infrastructure, identity, cyber, connectivity, suppliers. Gap analysis against Cyber Essentials and the CAF, framework recommendation, closure plan in plain English.

  2. Frameworks-aligned purchase

    Direct-award through G-Cloud or CCS where it fits the buy. Full tender support and bid-response work where it doesn't. Procurement as part of the engagement, not the bit you do alone.

  3. Transition & co-managed

    Onboard alongside the existing internal IT function — the day-job stays with them, M-Tech sits behind for cyber, cloud, infrastructure and out-of-hours coverage.

  4. Fully managed operation

    The entire estate run as one accountable managed service. Quarterly performance reviews, continual improvement reporting, one number to call when something needs a decision.

FAQs

Questions we hear from public-sector buyers.

Can we buy M-Tech through public-sector frameworks?
Yes. We're a Crown Commercial Service supplier on G-Cloud, and we work through the procurement processes that come with public money. See Accreditations for the full set.
What's your assurance posture?
Cyber Essentials Plus, IASME Cyber Assurance Level 2, ISO 9001 and ISO 27001 — independently audited and current. We design controls and present evidence in a format auditors and assurance teams can actually use.
Do you align to NCSC guidance and the Cyber Assessment Framework?
Yes. Our standard cyber posture aligns to NCSC Cyber Essentials and the Cyber Assessment Framework objectives — identify, protect, detect, respond. We can map an estate to CAF outcomes and produce the evidence trail to go with it.
Can you work alongside an existing internal IT team?
Yes — that's often the right shape. Co-managed, with the internal team owning user-facing service and local context, and M-Tech sitting behind them for cyber, cloud, infrastructure and out-of-hours coverage. We scale up or down as the in-house function changes.
Are M-Tech staff DBS checked?
Yes — every single one. Every M-Tech employee holds an Enhanced DBS check and stays on the DBS Update Service. Office staff, engineers, management, everyone.
Where does the data sit?
UK. Our private cloud platform (mtech.cloud) is hosted in UK data centres with UK-resident data and UK-based support. Microsoft 365 tenants are configured for UK data residency where the licensing allows.
/ Start a conversation

Tell us what you're trying to do.

Whatever the shape of your team or your stack — multi-site, lean on IT, or somewhere in the middle — we'll listen first, ask the right questions, and tell you honestly how we'd approach it.

Talk to an engineerSee case studies