ORCA Opti

United Kingdom

Let your team use AI withoutyour IP walking out the door

Governed AI and compliance for UK organisations

From UK GDPR to the NCSC's Cyber Essentials, ORCA Opti brings your risks, controls and AI governance into one living system of record, inside your existing Microsoft 365, hosted in the UK or the EU.

Opti Assist
Safe zone
Answers stay inside your tenant. No training. No external logging.

Summarise our supplier onboarding policy for the new vendor.

Onboarding requires a signed NDA, current ISO 27001 evidence, and a completed risk assessment before any data is shared with the vendor.

Supplier Onboarding Policy.pdf · p.3Cited
Ask Opti Assist…

Trusted by teams in defence, health, professional services, NDIS and critical infrastructure

  • VIRDIS
  • TalkVia AI
  • DNH Medical
  • Silicon Coast
  • Macrodata
  • Serious Capital
  • Jemco
  • Hikrissy
  • GH2
  • Optimum Greece
  • NEO

Compliance, AI safety and cyber on one platform

Compliance, AI risk and cyber are now the price of doing business, but most teams are stuck with spreadsheets, point tools and consultants they cannot afford. ORCA Opti puts governance, risk, compliance, cyber and AI safety on one platform, inside your Microsoft 365.

Cyber Essentials and ICO enforcement are now contract gatekeepers

UK procurement increasingly expects Cyber Essentials and NIS-aligned controls, the ICO is enforcing UK GDPR with real penalties, and AI guidance is hardening. Proof of compliance is becoming the price of entry.

Sovereign AI hosted in the UK or EU, on the M365 you already have

Built by people who have answered to Microsoft, Amazon, the RAF and defence customers on security posture. ORCA Opti is a virtual Chief Security and Risk Officer, grounded in your own data, sovereign by design, and priced so strong compliance is not reserved for the largest enterprises.

Regulation

Aligned to UK regulation

ORCA Opti maps to the frameworks UK organisations are measured against, and keeps your evidence current.

UK GDPR & Data Protection Act 2018

UK GDPR & Data Protection Act 2018

Personal data obligations and ICO expectations, mapped and evidenced.

Cyber Essentials & Cyber Essentials Plus

Cyber Essentials & Cyber Essentials Plus

The NCSC baseline controls many contracts now require, kept audit-ready.

NIS Regulations

NIS Regulations

Network and information systems duties for operators of essential services and digital providers.

ISO 27001

ISO 27001

Information security management, pre-mapped to your controls.

AI governance

AI governance

A practical path to safe, accountable AI aligned with the UK's pro-innovation approach.

UK & EU data residency

UK & EU data residency

Keep data in your own Microsoft 365 tenant, hosted in the UK or the EU under the EU Data Boundary, with residency you can demonstrate.

The local picture

What UK organisations are worried about

The pressures we hear most from UK boards and security teams.

Ransomware against public services and critical national infrastructure
Supply chain attacks reaching you through third parties
Using AI without losing control of sensitive data
ICO enforcement and demonstrating accountability on demand

Customer stories

Real teams, real outcomes

From small suppliers to national operators, see how organisations get compliant, win contracts and govern AI with ORCA Opti.

Defence

Defence supply-chain ready in 12 weeks

UK university research team

Challenge: Stand up an accredited secure environment for defence research, covering Cyber Essentials Plus, ISO 27001 and ISO 9001 management systems and the controls expected by MOD prime contractors and the Defence Cyber Protection Partnership, without adding load to a small research and IT team.

Solution: ORCA Opti delivered a managed secure environment end to end: Cyber Essentials Plus aligned controls deployed and tested automatically, SOPs and policies aligned to MOD and DCPP expectations, and ISO 9001 and ISO 27001 management systems at the core. Controls and evidence were assembled inside ORCA, ready for MOD supplier assessment, with very little load on the customer's research and IT teams.

It was a priority for the organisation to do Defence and Government research projects. We needed an environment for under 10 people and couldn't wait for the network uplift project to complete. This solution was cost-effective and fast.(Name withheld), Research Department
Critical Infrastructure

Procurement-ready in 3 weeks

Cybersecurity practice serving central and local government

Challenge: A cybersecurity consulting practice working with central and local government needed ISO 9001 and ISO 27001 to be procurement-ready, plus a safe way for the team to use AI when drafting tenders and proposals without sending sensitive customer information into frontier models or being exposed to prompt injection.

Solution: ORCA Opti stood up ISO 9001 and ISO 27001 management systems alongside Cyber Essentials Plus aligned controls in three weeks, with incident management and automated resolution workflows running from day one. AI Guardian provided a sovereign, protected AI environment so the team could write tenders and business proposals confidently, with customer data kept out of frontier models and prompts shielded from injection and other attacks.

We were doing everything manually and each tender was like writing War and Peace. With ORCA Opti, we created a Tender Pearl for our services, and after the first tender most of the evidence and question responses were ready. We were able to take a 120-hour (average) tender response and have a better quality response in less than 2 hours.Ray G., Cyber Security Practice
Clinical trials

From 45-minute search to seconds

Clinical trials

Challenge: A small clinical trials site, with a team of 7 specialists and 4 coordinators running multiple concurrent trials, was losing 1 to 2 hours per person per day searching protocols, pharmacy manuals and regulatory documents to answer patient and procedural questions.

Solution: ORCA Opti deployed Opti Assist inside the site's own Microsoft 365 tenant, securely indexing every active trial's documentation. Coordinators and clinicians ask natural-language questions and get instant, source-cited answers, with no patient data or trial documents leaving the tenant. Human-in-the-loop validation and ISO/IEC 42001-aligned governance are built in.

Cognitive overload is real. Small shifts in the needle in time make a huge difference to what folks can achieve in a day.Yupin R., Clinical trials

Testimonials

Trusted by the teams who have to prove it

ORCA Opti took us from compliance chaos to total control in weeks. We finally sleep at night.
BWBryton W.Not-for-profit
We need zero trust logistics, and ORCA Opti gives us just that. Visibility and positive controls throughout the process.
JRJustin R.Pharmaceuticals distributor and logistics
We wouldn't recommend any organisation deploying a public or internal-facing AI system without implementing robust safeguard measures, such as the ORCA AI Guardian. Based on our experience with Virtual Veterans, the risks of unfiltered AI interactions are simply too significant to ignore. Having proper content monitoring and filtering systems in place isn't just a best practice, it's essential for responsible AI deployment in educational and public-facing environments.
ARAnna R.State Library

See ORCA Opti for United Kingdom.

Work through a guided check with Opti Assist and get an immediate view of where you stand.

See Where You Stand
Trouble signing in?

Join our mailing list

News and updates from ORCA Opti.