AI Readiness & Governance Assessment

Know exactly what your Microsoft 365 estate can safely support before you switch on Copilot or AI. A fixed-fee, independent assessment: read-only scan, scored findings, a prioritised fix order, and a report you can put in front of the board.

"Can We Do AI Safely?"

That question is landing on every IT leader's desk. The honest answer depends on the estate underneath: Copilot and AI tools inherit whatever your permissions, sharing links, and data governance already allow. An un-governed tenant is where AI surfaces the gaps — overshared sites, stale access, unlabelled sensitive data. And the bar is rising anyway: housing providers face new repair-data duties under Awaab's Law Phase 2 from October 2026, the Building Safety Act's golden thread is raising property-data standards, and care providers hold special-category data that AI must never mishandle. Readiness is a security and governance question before it is a technology one.

What You Get

One fixed fee. Around two weeks end to end. No agents installed, no disruption to your team.

Scored Security Baseline

Security, identity, and data governance scored against peer benchmarks — including the gaps that stay invisible in an un-governed tenant.

Permissions & Sharing Exposure

Where oversharing, anonymous links, and stale access would surface the moment Copilot can search everything.

AI Readiness Verdict

A clear-eyed read of what the estate can safely support today, and what it could support once the priority fixes land.

Prioritised Fix Order

A sequenced, effort-rated remediation list your own team can action — not a generic best-practice dump.

Board-Ready Report

Plain-English findings written for executive and board assurance, with the evidence behind every score.

Clear Next Steps

Named follow-on options if you want help with remediation or ongoing governance — with no obligation to take any of them.

How It Works

1 · Read-Only Scan

An independent, read-only assessment across Microsoft 365, Entra ID, and SharePoint. Nothing installed, nothing changed, no disruption.

2 · Analysis & Scoring

Findings scored and benchmarked, every gap tied to a specific fix, and the whole picture framed against your sector's regulatory bar.

3 · Report & Briefing

The written report plus a working session — with your IT lead, your exec, or your board. You keep everything.

Built for Regulated, Mid-Market Organisations

We work with UK housing associations, property organisations, and healthcare and care providers — sectors where the AI question arrives with a regulatory deadline attached.

Social Housing

Awaab's Law Phase 2 raises repair-data duties from October 2026. The same data quality and governance that makes you compliant is what makes AI safe.

Property

The Building Safety Act's golden thread and rising standards in the private rented sector make property-data quality a board matter, AI or not.

Healthcare & Care

Special-category data raises the bar on permissions, labels, and sharing before anything switches on. Governance first is the only safe order.

We Ran It on Ourselves First

Before offering this assessment to anyone else, we ran it against our own Microsoft 365 tenant and scored the results honestly — gaps included: a 45% Secure Score, zero Conditional Access policies, zero sensitivity labels. Then we fixed them in priority order, lifting the score to 53% in a single remediation pass. Ask for the redacted sample report and see exactly what you would receive. Casey IT is Cyber Essentials certified, led by a Microsoft Azure Solutions Architect Expert with 10+ years securing infrastructure across housing, property, healthcare, and the arts.

Request the sample report → Read the whitepaper behind the thinking →

Are You AI-Ready and Governed?

A short conversation is enough to tell whether the assessment is worth your time. No pitch, no obligation.

Start the Conversation