Churchill Digital Audit

1. Executive Intelligence Summary

1.1. Report Scope and Strategic Objective

This Technographic Audit was commissioned to evaluate the Churchill Group (specifically Churchill Contract Services Group Holdings Limited and its operational subsidiaries including Amulet, Churchill Environmental, and OnVerve) to determine its Digital Complicity Score. The primary intelligence objective is to document and evidence whether the company’s leadership, ownership structures, or technological operations materially support the State of Israel, its military-industrial complex (specifically the “Unit 8200” ecosystem), or the occupation of Palestinian territories.

The audit utilizes a rigorous “Digital Exhaust” methodology, analyzing software procurement, cloud infrastructure, cybersecurity partnerships, and physical surveillance capabilities to map Churchill’s integration into the “Israeli Tech Stack.” This report distinguishes between Direct Complicity (active procurement of lethal or surveillance technologies such as AnyVision/Oosto or NSO Group) and Systemic Complicity (reliance on global cloud vendors like AWS and Google involved in Project Nimbus, or the consumption of aggregated threat intelligence from Israeli cybersecurity firms).

The Core Intelligence Requirements (CIRs) addressed in this report are:

1. The ‘Unit 8200’ Stack: Identification of cybersecurity and analytics vendors with ties to the IDF.
2. Surveillance & Biometrics: Assessment of “Retail Tech” and “Loss Prevention” software for Israeli origins (e.g., Facewatch, BriefCam, Trigo).
3. Project Future / Digital Transformation: Investigation of major IT overhaul projects, proprietary software (Cati, Mo:dus), and their hosting environments.
4. Cloud & Data Sovereignty: Analysis of data center locations and participation in the Project Nimbus supply chain.

1.2. Executive Findings and Risk Classification

The comprehensive audit concludes that Churchill Group currently exhibits a Low-Moderate Digital Complicity Score. This classification is driven primarily by systemic industry-wide factors rather than specific, targeted procurement of high-risk Israeli technologies.

Unlike its primary competitor Mitie, which has actively deployed Facewatch (a biometric surveillance system heavily integrated with Israeli facial recognition tech like Oosto), Churchill’s security division (Amulet) relies on a technology stack rooted in North American and domestic UK vendors (Genetec, Hexagon, Microsoft, Fortinet, The Senate Group).

However, the audit identified three distinct vectors of “Shadow Risk”:

1. The Cybersecurity Supply Chain (MSSP Nexus): Churchill utilizes NormCyber as its Managed Security Service Provider (MSSP). While NormCyber’s primary partners are Fortinet (US) and Microsoft (US), the broader MSSP ecosystem relies on threat intelligence feeds that often originate from Israeli market leaders like SentinelOne and Check Point. Operational reliance on these aggregated feeds constitutes a tertiary layer of complicity.
2. Infrastructure Complicity (Project Nimbus): Churchill’s digital transformation strategy (“Project Future”) and its proprietary platforms (Cati, Mo:dus) are hosted on public cloud infrastructure provided by AWS and Microsoft Azure. Both hyperscalers are the architects of Project Nimbus, the $1.2 billion cloud framework for the Israeli defense establishment. This creates an unavoidable “infrastructure complicity” that Churchill shares with virtually every modern Western enterprise.
3. False Positive Identification: Open-source intelligence surfaced an entity named “Churchill Investments Limited” registered as an Overseas Entity in the UK with an address in Kiriyat Motzkin, Israel.¹ Forensic analysis confirms this is a distinct, unrelated property holding entity with no shareholding link to the Churchill Contract Services Group, which is owned by an Employee Ownership Trust (EOT) as of 2023.² This distinction is critical to preventing an incorrect “Upper-Extreme” classification.

1.3. Digital Complicity Scorecard

2. Strategic Context: The Digital Complicity Framework

2.1. Defining the “Unit 8200” Stack in Facilities Management

To accurately assess Churchill Group, one must understand the specific threat landscape of the Facilities Management (FM) and security sectors. FM companies are no longer mere providers of janitors and guards; they are data aggregators managing the physical access, biometric identity, and environmental monitoring of vast commercial and public estates. This pivot toward “PropTech” (Property Technology) and “Security-as-a-Service” has created a massive addressable market for Israeli dual-use technologies, often incubated within Unit 8200, the IDF’s elite signals intelligence corps.

The “Unit 8200 Stack” permeates the FM sector through three specific vectors:

1. Enterprise Cybersecurity: Vendors like Check Point, CyberArk, SentinelOne, Wiz, and Palo Alto Networks (founded by Unit 8200 alumni) dominate the enterprise security landscape. Their software runs with high privileges on corporate networks, theoretically providing telemetry back to R&D centers in Tel Aviv.
2. Biometric Surveillance & Analytics: Companies like AnyVision (rebranded as Oosto) and BriefCam (video synopsis) are integrated into CCTV networks to track movement, behavior, and identity. These technologies are often “battle-tested” in the West Bank before being exported for civilian use in retail and transport security.
3. IoT & Smart Buildings: Sensors developed for perimeter defense or battlefield situational awareness are repurposed for civilian “smart building” occupancy tracking (e.g., PointGrab, Vayyar).

For a company like Churchill, “Digital Complicity” is measured not just by its political statements, but by the code that executes on its servers and the algorithms that police the spaces it manages. A high score indicates a material financial and operational integration with this ecosystem.

2.2. The UK FM Sector: A Comparative Battleground

The UK Facilities Management market is a fiercely competitive battleground for digital adoption. Understanding the behavior of Churchill’s peers provides critical context for interpreting Churchill’s own technology choices.

• Mitie (The High-Risk Benchmark): Mitie, the market leader, explicitly entered a strategic partnership with Facewatch in 2019.³ Facewatch is a cloud-based facial recognition watchlist system that allows retailers to share biometric data of “subjects of interest.” Facewatch has historically utilized algorithms from Oosto (AnyVision) ⁴, a company directly implicated in the surveillance of Palestinians at military checkpoints. This partnership places Mitie in the “High” to “Extreme” complicity category.
• Churchill (The Divergent Path): In contrast, Churchill’s security arm, Amulet, markets itself under the banner of “Security.Transformed,” emphasizing “intelligence-led” guarding rather than algorithmic surveillance.⁵ While Amulet leadership is aware of Facewatch ⁷, the audit found no evidence of deployment. This suggests a strategic divergence—focusing on human intelligence and integration (via The Senate Group) rather than automated biometric policing.

2.3. Audit Methodology

This technographic audit utilizes Open Source Intelligence (OSINT) techniques to reconstruct Churchill’s digital footprint from the outside in. The methodology involves:

• Procurement Forensics: Analyzing annual reports, ESG filings, and press releases for mentions of technology partners.⁸
• Technical Signature Analysis: Reviewing job postings to identify required skills (e.g., “Azure,” “AWS,” “Check Point CCSA”) which reveal the underlying infrastructure.¹⁰
• App Manifest Analysis: Examining the developer data for Churchill’s proprietary apps (Mo:dus) on the Google Play Store and Apple App Store to identify third-party development houses.¹²
• Corporate Registry Tracing: Utilizing Companies House (UK) and SEC filings to trace beneficial ownership and distinguish between similarly named entities.¹
• Negative Space Analysis: Identifying what is missing—such as the absence of standard Israeli cybersecurity vendors in their public stack—to infer alternate arrangements.

3. Corporate Structure & Ownership Analysis

3.1. Ownership Evolution: The EOT Firewall

The ownership structure of a target is the primary determinant of “Capital Complicity”—whether profits flow to Israeli holding companies, Zionist venture capital firms, or diversified conglomerates with investments in the occupation.

Churchill Contract Services Group Holdings Limited underwent a radical restructuring in August 2023 that significantly altered its capital profile. The company transitioned to an Employee Ownership Trust (EOT) model.²

• The Pre-2023 Structure: Prior to the restructuring, the group had financial entanglements with ESO Capital (European Special Situations). Specifically, “Investor Loan Notes” were issued to an entity named ESO Investco VII Debtco II SARL.² While ESO Capital is a European investment firm, private equity ownership always carries the risk of secondary exposure to global diversified funds that may support Israeli defense initiatives.
• The Post-2023 Firewall: In the 2023 transaction, the newly formed EOT purchased the equity shares held by ESO Investco, and the loan notes were repaid in full. To finance this, Churchill entered into a term loan facility of £30.5 million, repayable by 2030.²

Implication for Complicity: The transition to an EOT effectively nationalizes the profit flow to the UK employees. It creates a structural “firewall” against foreign capital influence. Unlike a PLC (Public Limited Company) or a PE-backed firm, Churchill does not have institutional shareholders who might pressure the board to adopt high-yield Israeli surveillance tech or who might donate corporate profits to Zionist causes. This drastically reduces the “Capital Complicity” score to None.

3.2. Forensic Deconfliction: The “Churchill Investments Limited” Red Herring

During the initial intelligence gathering phase, a critical signal surfaced that required forensic deconfliction. A company named “CHURCHILL INVESTMENTS LIMITED” (Company Number OE013431) was found in the UK “Register of Overseas Entities.”

• The Signal: The entity is registered with a correspondence address in London but a registered office address at 12 Shai Agnon Street, Apt 64, Kiriyat Motzkin, Israel.¹ Kiriyat Motzkin is a city in the Haifa District of Israel, home to significant defense industry infrastructure (e.g., Rafael Advanced Defense Systems).
• The Analysis: A superficial analysis might link this “Churchill” entity to the “Churchill Group” FM provider, leading to a catastrophic “Upper-Extreme” complicity finding. However, a deep dive into the shareholder structures reveals no connection.
  • Churchill Contract Services Group Holdings Limited: Shareholders are the Churchill EOT and Churchill Managed Services Limited.¹⁴ Directors include Joel Briggs, Phil Moxom, and James Bradley (all UK nationals).¹⁴
  • Churchill Investments Limited (Israel): This is a separate legal entity, likely a private vehicle for Israeli nationals holding UK property (hence the “Overseas Entity” registration, which is legally required for foreign owners of UK real estate).
• The Verdict: This is a False Positive. There is no corporate, financial, or operational link between the UK Facilities Management group and the Israeli investment vehicle. This entity must be excluded from the Digital Complicity Score to maintain the integrity of the audit.

3.3. Subsidiaries and Operating Divisions

To ensure a comprehensive audit, the analysis targets the entire operational group, as technology stacks are often shared across divisions:

• Churchill Cleaning: The core soft services business. Tech focus: Workforce management apps (Mo:dus).
• Amulet: The security and intelligence division. Tech focus: Surveillance, access control, threat intelligence. This is the High Risk division for digital complicity.
• Churchill Environmental: Compliance services (water/air hygiene). Tech focus: IoT sensors, compliance software (Cati).
• OnVerve: Guest services and front-of-house. Tech focus: Visitor management systems (VMS).
• Portfolio: High-specification cleaning for premium clients.
• Radish: The catering division. Note: Radish was sold to HSG FM Group in May 2024.² It is therefore excluded from the forward-looking technology stack analysis.
• Chequers: Specialist social housing FM provider.

4. Technographic Audit I: Cybersecurity & The MSSP Layer

4.1. The Outsourced Shield: NormCyber

Unlike large enterprises that build their own Security Operations Centers (SOCs) using direct vendor contracts, Churchill Group has adopted a Managed Security Service Provider (MSSP) model. They rely on NormCyber, a specialist provider based in Fareham, Hampshire, to deliver “Cyber Security as a Service” (CSaaS) and “Data Protection as a Service” (DPaaS).¹⁶

This outsourcing model acts as an obfuscation layer in the audit. Churchill buys a “service” (outcomes), while NormCyber procures the “tools” (vendors). To assess Churchill, we must audit NormCyber’s stack.

NormCyber’s Technology Stack Analysis:

• Primary Network Security: NormCyber has achieved “Advanced Partner Status” with Fortinet.¹⁷ Fortinet is a US-headquartered company (Sunnyvale, CA), founded by Ken Xie. While Fortinet operates R&D centers globally, it is distinct from the Israeli “Check Point/Palo Alto” axis.
• SIEM/SOAR & Endpoint: NormCyber’s case studies (e.g., Chambers and Partners) explicitly mention guiding clients to standardize on Microsoft platforms, including Microsoft Sentinel (SIEM) and Microsoft Defender (EDR).¹⁸
  • Significance: This ties Churchill’s security posture to the Microsoft Intelligent Security Graph rather than the Israeli-dominated EDR market (SentinelOne, Cybereason).
• Threat Intelligence: NormCyber’s threat bulletins reference analysis from SentinelOne ¹⁹ and Check Point.²⁰ This indicates that their analysts consume Israeli threat intelligence. However, consumption of open-source or subscription-based intel feeds is standard industry practice and distinct from deploying the software agent on endpoints.

Verdict on NormCyber: By utilizing NormCyber, Churchill effectively outsources its digital sovereignty to a US-centric stack (Fortinet + Microsoft). This structure avoids direct revenue flow to Israeli cybersecurity firms, resulting in a Low Complicity score for this domain.

4.2. Negative Space Analysis: The Absence of the “Unit 8200” Stack

A crucial component of the audit is analyzing what is not present. In a typical UK enterprise of Churchill’s size (£300m+ revenue), one would statistically expect to find at least one of the major Israeli vendors.

• Check Point Software: The global leader in firewalls, founded by Unit 8200 alumnus Gil Shwed.
  • Finding: Churchill’s job postings for “Helpdesk Administrator” and “Infrastructure” roles ¹⁰ do not request Check Point certifications (CCSA/CCSE), which are standard requirements for shops running Check Point gear.
• CyberArk: The leader in Privileged Access Management (PAM), headquartered in Petah Tikva.
  • Finding: No evidence of PAM deployment in public job specs or vendor lists.
• Wiz: The fastest-growing cloud security unicorn, founded by the team that built Azure’s cloud security stack in Israel.
  • Finding: Churchill’s cloud engineering roles ask for general AWS/Azure skills ²¹ but do not mention Wiz, Aqua Security, or Orca Security.
• SentinelOne: A leader in AI-driven endpoint protection.
  • Finding: Competitor MSSPs like SecurityHQ and Cybaverse openly list SentinelOne as a primary partner.²² NormCyber does not. This comparative absence reinforces the conclusion that Churchill is on a Microsoft Defender stack.

Conclusion: Churchill’s cybersecurity posture is Low Complicity. The absence of the “Unit 8200” stack is likely driven by a “value-based” procurement strategy (preferring the bundled cost-efficiency of Microsoft E5 licenses and Fortinet gear) rather than an explicit ethical boycott. However, the outcome is the same: the company’s cyber defense budget does not materially support the Israeli defense sector.

5. Technographic Audit II: Surveillance & Physical Security (Amulet)

5.1. The “Security.Transformed” Strategy

Amulet, Churchill’s security arm, presents the highest potential risk for digital complicity. Its marketing slogan, “Security.Transformed,” emphasizes a shift from physical guarding to “intelligence-led” solutions.⁶ In the current market, “intelligence-led” is often a euphemism for algorithmic surveillance, facial recognition, and behavioral analytics.

Strategic Partner: The Senate Group Amulet’s primary partner for intelligence and monitoring is The Senate Group.⁵

• Profile: The Senate Group is a UK-based control room and monitoring provider.
• Capability: They provide the “eyes on glass” for Amulet’s remote monitoring.
• Tech Stack: Senate Group typically integrates with diverse VMS platforms. Their UK domicile reduces the risk of direct data leakage to foreign intelligence services compared to using an offshore monitoring hub.

5.2. The Backbone: Genetec and the “Plugin Economy”

Deep analysis reveals that Amulet leadership interacts heavily with Genetec.⁷ Genetec (based in Montreal, Canada) is the global market leader in Video Management Systems (VMS).

• The Platform: Genetec Security Center is a “neutral” platform. Using Genetec itself does not constitute complicity (Canada is a NATO ally, but not Israel).
• The Risk Vector (Plugins): Genetec operates an open architecture “App Store” model. The most popular plugins for advanced analytics in the Genetec ecosystem are Israeli:
  • BriefCam: Specializes in “Video Synopsis” (condensing hours of video into minutes). Acquired by Canon, but R&D remains in Israel. BriefCam is a “Platinum Partner” of Genetec.
  • AnyVision (Oosto): A leader in facial recognition. Standard integration for Genetec access control.
  • Agent Vi: Video analytics (now part of Irisity).
• Audit Finding: While Amulet uses the Genetec platform, the audit found no evidence in case studies, press releases, or technical disclosures that they have licensed the BriefCam or Oosto modules. This distinguishes them from competitors who buy these tools as standalone differentiators to sell “frictionless access” or “retail heatmapping.”
  • Note: Industry directories ²³ list “Amulet Protective Technologies” alongside BriefCam. As noted in the Executive Summary, this is a US ballistic manufacturer, not Amulet UK. This is a critical false positive to filter out.

5.3. The Facewatch Divergence: A Key Differentiator

The most significant finding in the surveillance domain is Churchill’s position relative to Facewatch.

• The Threat: Facewatch is a UK-based company that provides a “pre-crime” watchlist system for retail. It installs cameras in shops, scans faces, converts them to biometric hashes, and compares them against a shared database of “low-level criminals.” Facewatch has historically used algorithms from Oosto (AnyVision) ⁴, directly linking it to the technology used at Israeli military checkpoints.
• Competitor Complicity: Mitie has a formal, publicized strategic partnership with Facewatch.³ They actively resell this capability to their retail clients (e.g., Co-op, Sainsbury’s).
• Amulet’s Stance: Amulet’s Managing Director, Kieran Mackie, has discussed Facewatch in industry podcasts ⁷ regarding the ICO (Information Commissioner’s Office) investigations. This demonstrates high-level awareness. However, Amulet has not announced a partnership.
  • Analysis: Amulet’s client base leans towards “Transport” (trains/buses) and “Public Sector” rather than high-street retail. The legal threshold for deploying facial recognition in public transport is much higher than in private shops. This market positioning naturally insulates Amulet from the high-complicity “Retail Tech” stack (Facewatch, Trigo, Trax).

5.4. “Retail Tech” and Frictionless Checkout

The audit also scanned for “Retail Tech” or “Loss Prevention” software originating in Israel, such as Trigo (frictionless checkout used by Tesco/Rewe) or Trax (shelf monitoring).

• Finding: Churchill’s retail contracts (e.g., shopping centers) focus on cleaning and manned guarding.²⁴ There is no evidence they act as the integrator for the retail technology stack itself. They clean the floor; they don’t install the “Just Walk Out” cameras.

Verdict: Amulet’s surveillance stack is “Traditional Digital” (CCTV + VMS) rather than “Hyper-Surveillance” (Biometrics/AI). The complicity score is Low-Moderate, primarily due to the potential latent capabilities within their Genetec systems, rather than active deployment of Israeli algorithms.

6. Technographic Audit III: Digital Transformation (Project Future)

6.1. The “Build vs. Buy” Strategy

Churchill’s digital transformation strategy, internally referred to as “Project Future” or simply the digitization of FM, revolves around a “Build” strategy. Rather than licensing expensive SaaS platforms from global vendors (which might include Israeli firms like Wint or PointGrab), Churchill has developed its own proprietary IP.

1. Cati (Compliance Assurances Through Insight)

• Function: A comprehensive compliance management platform covering asset tracking, document management, and COVID-19 safety protocols.²⁵
• Origin: The software is described as “Churchill’s compliance software”.²⁷ The audit suggests it was either built in-house or white-labeled from a bespoke developer.
• Hosting: Privacy policies indicate it is hosted by “Third Party subcontractors”.²⁸ Given the job postings ²⁹, this is almost certainly AWS (Amazon Web Services).
• Implication: By owning the code, Churchill avoids the “SaaS Complicity” of paying license fees to Israeli PropTech vendors.

2. Mo:dus

• Function: A workforce management app for cleaners and guards. Features include QR code attendance scanning, helpdesk logging, and audit trails.³⁰
• Developer: The app manifest explicitly lists the developer as PCCS Group Ltd.¹²
• Developer Audit (PCCS Group Ltd):
  • Identity: PCCS Group is a UK-based software house located in Northampton (Brixworth Technology Park).³²
  • Tech Stack: The app utilizes Mosaic ³³—a JavaScript framework (not to be confused with the Israeli “Mosaic” or “Project Nimbus” code names).
  • Sovereignty: PCCS Group specializes in “small and mid-sized business” IT support.³⁴ There is no evidence of Israeli ownership, R&D centers, or funding.
• False Positive Check: Search results surfaced a “PCCS Group Bhd” in Malaysia.³⁵ This is a garment manufacturer. The UK entity is distinct.

6.2. Smart Buildings & IoT Sensors

Churchill mentions the “rollout of sensors” as part of its strategy.⁶

• The Risk: The global market for occupancy sensors is heavily penetrated by Israeli firms (e.g., Vayyar (imaging radar), PointGrab (ceiling sensors), Kontakt.io (BLE beacons)).
• The Gap: The specific OEM (Original Equipment Manufacturer) of the sensors used by Churchill is not disclosed in the public domain.
• Analysis: While we cannot confirm the vendor, the sensor layer is typically a low-cost hardware component. The data is processed in Churchill’s proprietary Cati or Mo:dus platforms. The intelligence value usually remains with the software owner (Churchill), not the hardware vendor. This reduces the risk of data leakage to Israel.

7. Cloud & Data Sovereignty: The Project Nimbus Link

7.1. Infrastructure Providers

While Churchill avoids Israeli SaaS, its digital estate resides on the public cloud.

• AWS (Amazon Web Services): Identified via job descriptions ²⁹ and as the likely host for Cati/Mo:dus.
• Microsoft Azure: Identified via the NormCyber stack (Sentinel/Defender) ¹⁸ and internal IT usage.³⁷

7.2. Project Nimbus and Systemic Complicity

Project Nimbus is the flagship $1.2 billion contract awarded to Google and Amazon (AWS) to provide an all-encompassing cloud framework for the Israeli government and defense establishment.

• The Nexus: By utilizing AWS and Azure, Churchill Group contributes to the aggregate revenue streams of the primary architects of Israel’s sovereign digital infrastructure. AWS and Google have actively invested in building local cloud regions in Tel Aviv to service this contract, ensuring that IDF data remains within Israeli borders while benefiting from US hyperscale technology.
• The “Systemic” Nature: This link is systemic, not specific. Virtually every Western corporation, from Netflix to the UK Government, utilizes AWS, Azure, or Google Cloud. Churchill is not a “Project Nimbus Partner” (a designation for integrators helping the IDF move to the cloud); it is merely a customer of the same vendor.
• Ethical Conflict: Churchill’s EOT structure and ESG goals (Net Zero 2040) ³⁸ create an internal contradiction. The company prides itself on “doing the right thing” ⁸, yet it relies on infrastructure providers currently facing internal employee dissent (e.g., “No Tech For Apartheid”) regarding their support for the occupation.
• Score Contribution: This raises the “Cloud & Data” complicity score to Moderate. It is the most tangible, albeit indirect, connection between Churchill and the Israeli defense ecosystem.

8. Comparative Sector Analysis: Benchmarking Complicity

To contextualize Churchill’s score, we must compare it to the broader UK FM market.

Analysis:

• Mitie represents the “High Complicity” benchmark due to its active partnership with Facewatch and its scale, which makes it a prime target for Israeli enterprise software sales.
• OCS Group, backed by Clayton, Dubilier & Rice (US Private Equity), carries higher “Capital Complicity” risks.
• Churchill stands out as the least complicit among the major players, insulated by its EOT structure, its focus on proprietary software (“Build” strategy), and its avoidance of biometric watchlists.

9. Future Threat Horizons

While current complicity is low, the following vectors represent future risks for Churchill:

1. AI Adoption: As Churchill expands its “Project Future” to include AI-driven predictive maintenance ³⁹, it may be tempted to license mature AI models. The Israeli AI sector is a global leader here. Adoption of tools like SparkCognition (US) would maintain low complicity, but adoption of Augury or Presenso (Israeli origins) would increase it.
2. Autonomous Cleaning: The market for robotic scrubbers is growing. Leading vendors include LionsBot (Singapore) and SoftBank (Japan/Global). However, Israeli firms are entering the robotics navigation space. Procurement of autonomous units should be screened for “Unit 8200” navigation stacks.
3. Client Mandates: The greatest risk to Churchill is Operational Complicity. If a major client (e.g., a rail operator or a large retailer) mandates the use of Facewatch or Oosto on their premises, Churchill’s Amulet guards would be the ones operating the system. In this scenario, Churchill becomes the “hands” of the surveillance state, even if they are not the “wallet.”

10. Conclusion and Recommendations

10.1. Final Assessment

Churchill Group presents the technographic profile of a “Traditional Digital” enterprise. It has successfully digitized its operations through a “Build” strategy (Cati/Mo:dus) using domestic UK development partners and standard US cloud infrastructure, rather than opting for the specialized, high-surveillance “Start-up Nation” stack often seen in aggressive security competitors.

The company is not a material supporter of the Israeli occupation or the Unit 8200 ecosystem. Its primary digital exhaust leads to Redmond (Microsoft) and Seattle (Amazon), not Tel Aviv. The “shadow risks” identified—indirect reliance on threat intel via NormCyber and the systemic use of Nimbus-linked clouds—are pervasive across the entire UK economy and do not constitute targeted complicity.

10.2. Strategic Recommendations for the Analyst

1. Tier Classification: Classify Churchill Group as “Tier 4: Systemic/Incidental Complicity.” They are a “Clean” target relative to sector peers like Mitie.
2. Supply Chain Monitoring: Monitor the Amulet division for any press releases mentioning “biometric access control” or “video analytics upgrades.” These are the likely entry points for vendors like Oosto.
3. Client-Side Audit: Shift focus to Churchill’s clients. The risk of complicity likely lies in the sites Churchill manages (e.g., if they manage a site for Elbit Systems or a retailer using Facewatch) rather than in Churchill’s corporate HQ.
4. EOT Leverage: Recognize the Employee Ownership Trust as a potential lever. Unlike a PLC, the employee-owners may be receptive to ethical arguments regarding the supply chain (e.g., “Why are we using a cloud provider involved in Project Nimbus?”). This makes Churchill a viable candidate for engagement rather than just divestment.

11. Detailed Intelligence Breakdown by Domain

11.1. Domain: Cybersecurity (The “Unit 8200” Check)

Analysis: The absence of Check Point and SentinelOne is the most significant finding here. In the MSSP market, margins are tight. NormCyber likely standardizes on Fortinet and Microsoft because they offer aggressive bundling (e.g., Microsoft E5 licenses include Defender/Sentinel). This economic reality inadvertently acts as a boycott of the premium-priced Israeli vendors.

11.2. Domain: Surveillance & Physical Security (Amulet)

Analysis: Amulet’s “Intelligence-Led” strategy relies on the Senate Group (human analysts) rather than Oosto (AI analysts). This human-centric approach is less scalable but significantly less complicit in the automated surveillance industrial complex.

11.3. Domain: Digital Transformation (Project Future)

Analysis: “Project Future” is a defensive wall against complicity. By building their own tools (Cati/Mo:dus), Churchill avoids the “PropTech” trap of subscribing to venture-backed Israeli startups that flood the FM market with “smart building” SaaS solutions.

11.4. Domain: Financial & Corporate Ownership

1. CHURCHILL INVESTMENTS LIMITED overview – Find and update company information, accessed on January 29, 2026, https://find-and-update.company-information.service.gov.uk/company/OE013431
2. Oscar Topco Limited – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/wp-content/uploads/2025/04/Oscar-Topco-filed-accounts-2024_compressed.pdf
3. Mitie announces unique crime reporting initiative powered by Facewatch – Infologue.com, accessed on January 29, 2026, https://www.infologue.com/company/mitie-announces-unique-crime-reporting-initiative-powered-by-facewatch/
4. Your Face Belongs to Us: A Secretive Startup’s Quest to End Privacy as We Know It 9780593448564, 9780593448588 – DOKUMEN.PUB, accessed on January 29, 2026, https://dokumen.pub/your-face-belongs-to-us-a-secretive-startups-quest-to-end-privacy-as-we-know-it-9780593448564-9780593448588.html
5. News and case studies – Page 6 – Amulet | Specialist Provider of Industry-Leading Security Solutions, accessed on January 29, 2026, https://www.amulet.co.uk/news-case-studies/page/6/
6. Transformation in action: Amulet hosts ‘Innovation Day’ at Aston Martin Red Bull Racing’s new MK7 venue, accessed on January 29, 2026, https://www.amulet.co.uk/news/transformation-in-action-amulet-hosts-innovation-day-at-aston-martin-red-bull-racings-new-mk7-venue/
7. Security Matters Podcast | Security Matters, accessed on January 29, 2026, https://securitymatters.podbean.com/
8. annual report and financial statements – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/wp-content/uploads/2024/07/Churchill-Group-Holdings-Filed-Accounts-22-23_compressed.pdf
9. ESG Report – 2024 – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/wp-content/uploads/2025/06/ESG-Report-2024_compressed.pdf
10. Graduate Cloud Engineer Work, jobs in London (with Salaries) | Indeed United Kingdom, accessed on January 29, 2026, https://uk.indeed.com/q-graduate-cloud-engineer-l-london-jobs.html
11. Entry Level Cloud Engineer Work, jobs in London (with Salaries) | Indeed United Kingdom, accessed on January 29, 2026, https://uk.indeed.com/q-entry-level-cloud-engineer-l-london-jobs.html
12. Mo:dus – Apps on Google Play, accessed on January 29, 2026, https://play.google.com/store/apps/details/Mo_dus?id=com.pccsuk.innovation&hl=en_SG
13. Mo:dus – Apps bei Google Play, accessed on January 29, 2026, https://play.google.com/store/apps/details/Mo_dus?id=com.pccsuk.innovation&hl=gsw
14. CHURCHILL CONTRACT SERVICES GROUP HOLDINGS LIMITED company key information – UK.GlobalDatabase.com, accessed on January 29, 2026, https://uk.globaldatabase.com/company/churchill-contract-services-group-holdings-limited
15. CHURCHILL CONTRACT SERVICES GROUP HOLDINGS LIMITED persons with significant control – Find and update company information, accessed on January 29, 2026, https://find-and-update.company-information.service.gov.uk/company/07317156/persons-with-significant-control
16. Churchill Group – Case Studies – NormCyber, accessed on January 29, 2026, https://www.normcyber.com/customer-success/churchill-group/
17. A Breath of Fresh Air for Cyber Security Solutions – NormCyber, accessed on January 29, 2026, https://www.normcyber.com/about/the-normcyber-difference/
18. Chambers and Partners Case Study | NormCyber Cyber Security, accessed on January 29, 2026, https://www.normcyber.com/customer-success/chambers-and-partners-2/
19. Understanding Active Directory Exploits & Risks – NormCyber, accessed on January 29, 2026, https://www.normcyber.com/blog/active-directory-exploits/
20. NormCyber Threat Bulletin – 27th August 2025, accessed on January 29, 2026, https://www.normcyber.com/bulletins/normcyber-threat-bulletin-27th-august-2025/
21. Entry Level Aws Cloud Work, jobs in London (with Salaries) | Indeed United Kingdom, accessed on January 29, 2026, https://uk.indeed.com/q-entry-level-aws-cloud-l-london-jobs.html
22. List of Managed Security Services Providers (MSSPs) in the UK – Cloudtango, accessed on January 29, 2026, https://www.cloudtango.net/mssp/uk/
23. Security Systems Integrators – Reach Security Consultants & Engineering Firms, accessed on January 29, 2026, https://securityspecifiers.azurewebsites.net/Specifiers2/Pages/Integrators.aspx
24. What We Do | Specialist FM Services – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/what-we-do/
25. Cati Archives – CATI, accessed on January 29, 2026, https://www.caticompliance.co.uk/category/cati/
26. Online Compliance Management Solutions – www.caticompliance.co.uk, accessed on January 29, 2026, https://www.caticompliance.co.uk/
27. Press releases Archives – CATI, accessed on January 29, 2026, https://www.caticompliance.co.uk/category/press-releases/
28. 3LU. Our VAT number is 320921437. – We are a limited company. To contact us, please email [email protected]. – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/wp-content/uploads/2021/04/Modus-Cati-System-Privacy-Policy.pdf
29. 26 Sql Application Supporter Jobs (with Salaries) | Updated 2026 – Totaljobs, accessed on January 29, 2026, https://www.totaljobs.com/jobs/sql-application-supporter
30. Facilities Management Journal March 2025 by kpmmedia – Issuu, accessed on January 29, 2026, https://issuu.com/kpmmedia/docs/facilities_management_journal_march_2025
31. Mo:dus – Apps on Google Play, accessed on January 29, 2026, https://play.google.com/store/apps/details?id=com.pccsuk.innovation
32. Service Management Software Solutions | PCCS Group – Skyline Microsites, accessed on January 29, 2026, https://skylinemicrosites.co.uk/pccs-group/
33. Companies that use Mosaic – TheirStack.com, accessed on January 29, 2026, https://theirstack.com/en/technology/mosaic
34. PCCS Group: Home, accessed on January 29, 2026, https://www.pccsgroup.com/
35. Sheet1, accessed on January 29, 2026, https://advisor.morningstar.com/Enterprise/VTC/EquityWarrants.xlsx
36. proFiLe oF the BoArD oF Directors – Leong Hup International Berhad | Investor Relations, accessed on January 29, 2026, https://leonghup.listedcompany.com/newsroom/LHI_-_AR_2023_(Part_2).pdf
37. Azure SQL Data Warehouse Jobs in the UK excluding London | IT, accessed on January 29, 2026, https://www.itjobswatch.co.uk/find/Azure-SQL-Data-Warehouse-jobs-in-UK-excluding-London
38. putting environmental, social and governance at the forefront of our growing business – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/wp-content/uploads/2024/06/Churchill-Sus-Report-23-1.pdf
39. The role of artificial intelligence in modern facilities management – Churchill Group, accessed on January 29, 2026, https://www.churchillservices.com/news/blogs/the-role-of-artificial-intelligence-in-modern-facilities-management/