INDEX / DIRECTORY / CHURCHILL / V-DIG

Churchill V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-18
V-DIG Score 0.46 /10 E Churchill — BDS-1000 114
V-DIG 0.46

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

Churchill Group — V-DIG Domain Audit

Target: Churchill Contract Services Group Holdings Limited and subsidiaries (Amulet, Churchill Environmental, OnVerve, Chequers) Audit Phase: V-DIG — Digital Forensics / Technographic Audit Reference Date: 2026-05-01

Enterprise Technology Stack & Vendor Relationships

Cybersecurity Outsourcing — NormCyber

Churchill Group’s enterprise cybersecurity function is outsourced in its entirety to NormCyber (Fareham, Hampshire, UK), operating under a “Cyber Security as a Service / Data Protection as a Service” model 1. This is confirmed by a named Churchill Group case study published on NormCyber’s website and represents a core, non-peripheral dependency: NormCyber provides SOC monitoring, data protection compliance, and endpoint security across Churchill’s estate 1.

NormCyber’s documented primary technology partnerships are with Fortinet (Sunnyvale, California — firewall and network security, Advanced Partner status) 23 and Microsoft (Redmond, Washington — Sentinel SIEM and Defender EDR) 45. Neither vendor is of Israeli origin. No public evidence identifies NormCyber as a reseller, integrator, or licensed partner of Check Point, CyberArk, SentinelOne, Wiz, Aqua Security, or any other Israeli-origin cybersecurity vendor 24.

NormCyber’s published threat bulletins and blog content reference analytical material drawn from SentinelOne and Check Point publications 67. This represents consumption of open-source or subscription threat intelligence research — not deployment of software agents or licensed platforms from those vendors within Churchill’s environment.

No public evidence identifies Churchill Group as holding a direct licensing, subscription, or integration relationship with Check Point, SentinelOne, CyberArk, Wiz, Claroty, Verint, NICE, Palo Alto Networks, or comparable Israeli-origin vendors 12. Infrastructure and helpdesk job postings reviewed across this period do not reference Check Point certifications (CCSA/CCSE), CyberArk, or Israeli-origin security tooling; this constitutes negative evidence only and is not definitive proof of non-use 2.

Workforce Management Platform — Mo:dus / Cati

Churchill Group’s workforce management and compliance operations are supported by the proprietary Mo:dus application 8, developed by PCCS Group Ltd (Northampton, UK — Brixworth Technology Park), a UK-domiciled software house 91011. The developer identity is confirmed by the Google Play Store app manifest (package ID: com.pccsuk.innovation) 9. The associated Cati compliance platform is also PCCS-developed 12. No Israeli IP component has been identified in either platform 91012.

The Mo:dus/Cati privacy policy (2021) references unspecified “third party subcontractors” for hosting without naming a provider 13. Inference from the NormCyber technology stack (Azure-based Sentinel/Defender) and job posting analysis indicates AWS and Microsoft Azure are Churchill’s cloud infrastructure providers, but this is not confirmed by a primary source disclosure 1413.

Integrator and Procurement Relationships

No evidence of any Israeli-origin systems integrator or digital transformation consultancy being engaged by Churchill has been identified 1910. NormCyber is the confirmed MSSP/integrator for cybersecurity 1; PCCS Group is the confirmed application developer for workforce management tooling 91011.

Churchill Group is a private, employee-owned company 14 and is not subject to UK public sector procurement transparency obligations. No public procurement records disclosing specific technology vendor contracts were identified. The full vendor stack for subsidiaries Chequers and OnVerve has not been publicly disclosed at any level of specificity 151617.

Surveillance, Biometrics & Retail Technology

Video Management & Physical Security (Amulet)

Amulet (Churchill’s security guarding and risk management division) uses Genetec Security Center as its confirmed Video Management System (VMS) platform 181920. Genetec is a Canadian company (Montreal, Quebec) with no Israeli ownership or state affiliation.

Genetec operates an open plugin ecosystem. Within that ecosystem, BriefCam (video synopsis and analytics, Israeli R&D origin, subsequently acquired by Canon) 21 and Oosto/AnyVision (facial recognition, Israeli-origin) 22 are listed as Platinum-tier technology partners 21. No evidence has been identified that Amulet has licensed or activated these specific Genetec plugins. Their existence within the Genetec ecosystem represents a latent third-party deployment pathway, not a documented Amulet deployment 2021.

Facial Recognition — No Deployment Identified

No public evidence identifies Churchill Group or Amulet as deploying facial recognition, biometric identification, behavioural analytics, or gait analysis technologies from Trigo, BriefCam, AnyVision/Oosto, Trax, or comparable Israeli-origin vendors 1819.

Amulet’s Managing Director Kieran Mackie has discussed Facewatch (a UK-based retail facial recognition platform that has used the Oosto/AnyVision algorithm) and the associated ICO investigation in industry podcast appearances 2324, demonstrating executive-level awareness of this market segment. No partnership, procurement, or deployment of Facewatch by Amulet has been publicly announced or documented 23.

By contrast, competitor Mitie entered a formal, publicised strategic partnership with Facewatch in 2019 25, a platform documented as relying on Oosto/AnyVision-based facial recognition algorithms for retail watchlist screening 2622. No equivalent arrangement is documented for Churchill or Amulet.

Amulet’s published case studies indicate a client focus weighted toward transport hubs and public sector estates 1819 — a market segment where the regulatory threshold for biometric deployment under the ICO framework is demonstrably higher than in high-street retail 24.

ICO Regulatory Context

The ICO’s October 2023 investigation into facial recognition technology in UK retail 24 is directly relevant to Amulet’s operating environment but does not name Churchill or Amulet as a subject. That investigation primarily addressed Facewatch deployments at retailers — a technology Amulet has not been documented as using 24.

Remote Monitoring & Command and Control

Amulet’s confirmed remote monitoring partner is The Senate Group (UK-domiciled) 18. No Israeli-origin analytics layer has been identified within this arrangement. The Senate Group’s own internal technology platform — including its camera management software and any analytics integrations — is not publicly detailed, and whether it incorporates Israeli-origin modules is unverified 18.

Occupancy & Environmental Sensing

Churchill references a sensor rollout for occupancy and environmental monitoring across its FM estate. The specific hardware OEM(s) are not disclosed in any annual report 1516, ESG report 2728, or case study 1819. Vendors such as Vayyar (Israeli-origin, radar-based occupancy sensing) 29 and PointGrab (Israeli-origin, ceiling-mounted occupancy analytics) 30 operate in this product category. No evidence of procurement from either vendor by Churchill has been identified; their inclusion here reflects market-sector relevance only.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Cloud Providers

Churchill Group’s cloud infrastructure relies on Amazon Web Services and Microsoft Azure in their standard commercial capacity, as indicated by the NormCyber technology stack (Azure-hosted Sentinel/Defender) 14 and inferences from job posting analysis. No primary source confirms the specific cloud provider for Mo:dus/Cati hosting; the 2021 privacy policy references unnamed “third party subcontractors” 13.

Project Nimbus — No Participation Identified

Project Nimbus is a $1.2 billion cloud infrastructure contract awarded jointly to Google Cloud and Amazon Web Services, providing cloud services to Israeli government and defence institutions 31. Churchill’s commercial use of AWS and Azure makes it a downstream customer of these hyperscalers, not a Project Nimbus partner, integrator, or designated sub-contractor 3132. No public evidence identifies Churchill Group as participating in Project Nimbus or any analogous Israeli state-backed cloud programme.

Data Centre Operations in Israel

No public evidence identifies Churchill Group as operating, leasing, or co-locating data centre infrastructure within Israel.

Data Sovereignty Services

Churchill Group is an FM and security services company, not a cloud or IT infrastructure provider. No public evidence identifies Churchill as marketing or providing data sovereignty, data residency, or infrastructure resilience services to Israeli state institutions or military bodies.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identifies any contract, partnership, or service agreement between Churchill Group (or Amulet) and the Israeli Ministry of Defence, the Israel Defence Forces (IDF), Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200 alumni ventures), or other Israeli state security bodies.

Dual-Use Technology Provision

No public evidence identifies Churchill’s proprietary technology — Mo:dus workforce management 91312, Cati compliance platform 12, or Amulet’s Genetec-based VMS and CCTV infrastructure 181920 — as being deployed for military, intelligence, or law enforcement surveillance applications within Israel or occupied territories.

Offensive Cyber & Digital Weapons

No public evidence identified. Churchill Group is a facilities management and security guarding company 17. It does not develop, sell, license, or maintain offensive cyber capabilities, zero-day exploit tools, or digital weapons systems. The company holds no documented relationship with Israeli cyber-offensive firms (NSO Group, Candiru, Paragon, or comparable entities).

Entity Disambiguation — Churchill Investments Limited

Churchill Investments Limited (Companies House OE013431) is registered as a UK Overseas Entity with a registered address at 12 Shai Agnon Street, Apt 64, Kiriyat Motzkin, Israel 33. This is a distinct and unrelated legal entity — a private property holding vehicle. No identified shareholding, directorial, or operational link connects it to Churchill Contract Services Group Holdings Limited (Companies House 07317156) 3435. This entity must not be attributed to the Churchill FM group.

AI, Algorithmic & Autonomous Systems

Published AI Strategy

Churchill Group’s publicly documented AI strategy (circa 2024–2025) is confined to domestic commercial FM applications: predictive maintenance scheduling, operational efficiency optimisation, and resource allocation within its cleaning, security, and environmental service lines 36. No deployment of AI for surveillance, population monitoring, or enforcement applications is described.

AI Provision to State Bodies

No public evidence identifies Churchill Group as providing AI, machine learning, computer vision, or autonomous decision-support systems to Israeli state, military, or security bodies.

Training Data & Model Development

No public evidence identifies Churchill’s AI models or platforms as having been trained on, or granted access to, civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or occupied territories.

Autonomous & Robotic Systems

Churchill’s documented interests in autonomous systems concern floor-scrubbing robotics and autonomous cleaning equipment for commercial premises 36 — operational efficiency tools with no tracking, targeting, or enforcement applications.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres

No public evidence identifies Churchill Group as operating research and development facilities, engineering offices, innovation labs, or accelerator programmes within Israel.

Acquisitions & Investments

No public evidence identifies Churchill Group as having acquired any Israeli-origin technology company or made strategic investments in Israeli technology startups or venture capital funds.

Churchill’s documented corporate transactions are confined to UK-domiciled FM and security businesses. The most recently disclosed transaction is the sale of its Radish catering division to HSG FM Group in May 2024 1516 — unrelated to Israeli technology. Churchill transitioned to Employee Ownership Trust (EOT) status in 2023 14, a structural change with no technology provenance implications. Prior to the EOT transition, the company was backed by ESO Capital 37, a European special-situations fund; no Israeli LP relationships or co-investment structures involving Israeli state entities have been identified in connection with ESO Capital’s involvement in Churchill.

Proprietary IP — UK Origin

Churchill’s two principal proprietary technology assets — the Mo:dus workforce management application and the Cati compliance platform — are developed and maintained in partnership with PCCS Group Ltd (Northampton, UK) 9101112. Both platforms are UK-origin IP with no identified Israeli component.

Patent Portfolios & Academic Collaboration

No public evidence identifies significant patent portfolios, licensing arrangements, or co-development agreements between Churchill Group and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute, Ben-Gurion University, or comparable).

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

No public evidence identifies published NGO investigations, academic studies, or UN reports specifically addressing Churchill Group’s technology relationships with the Israeli state or operations in occupied territories. Churchill Group has not appeared in reports published by Who Profits, the American Friends Service Committee (AFSC), the BDS Movement, Business & Human Rights Resource Centre, or comparable organisations in the context of technology supply chains to Israel 32.

This gap may reflect genuine absence of documented relationships or the fact that Churchill, as a private FM company rather than a technology manufacturer, has not been a focus of technology-supply-chain auditing by these organisations.

Boycott & Divestment Campaigns

No public evidence identifies organised boycott, divestment, or sanctions campaigns specifically targeting Churchill Group in relation to technology provision to Israel or operations in occupied territories.

Regulatory & Legal Actions

No public evidence identifies regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving Churchill Group’s technology sales or services to Israeli state entities.

The ICO’s October 2023 investigation into facial recognition technology in UK retail 24 is relevant contextual background for Amulet’s operating environment. Churchill and Amulet are not named as subjects of that investigation. The investigation principally concerned Facewatch deployments — a platform that Amulet has not been documented as using 2324.

Evidence Gaps

The following material gaps constrain the completeness of this audit. They are noted as unresolved rather than resolved negative findings:

  1. NormCyber’s complete vendor stack — Fortinet and Microsoft are confirmed primary partners 24, but the full list of threat intelligence subscriptions, SIEM data connectors, and endpoint tools deployed specifically within Churchill’s environment is not publicly disclosed beyond the Churchill case study 1.
  2. IoT/sensor OEM identity — Churchill references occupancy and environmental sensor rollouts 2728 but no hardware manufacturer is named in any annual report, ESG report, or case study 151627281819.
  3. Cati/Mo:dus hosting provider — The 2021 privacy policy references unspecified subcontractors 13; no subsequent filing names a specific cloud provider. The AWS/Azure inference is not confirmed by primary disclosure.
  4. Amulet’s complete VMS and access control technology list — Genetec is identified through industry cross-references 181920 but Amulet has not published a formal technology partner registry. Whether additional VMS vendors, access control platforms, or analytics modules are deployed is unknown.
  5. The Senate Group’s technology platform — Confirmed as Amulet’s remote monitoring partner 18, but its own software stack and analytics integrations are not publicly detailed.
  6. Chequers and OnVerve technology stacks — The platforms used by these two subsidiaries are not disclosed at any level of specificity in annual reports 1516, ESG reports 2728, or the Churchill website 17.
  7. BDS and civil society audit coverage — No BDS, Who Profits, AFSC, or equivalent NGO report referencing Churchill Group was identified. This reflects both the private/non-technology nature of the company and the absence of documented relationships that would typically trigger such scrutiny.

End Notes

Footnotes

  1. https://www.normcyber.com/customer-success/churchill-group/ 2 3 4 5 6 7 8

  2. https://www.normcyber.com/about/the-normcyber-difference/ 2 3 4 5

  3. https://www.fortinet.com/partners/partner-program

  4. https://www.normcyber.com/customer-success/chambers-and-partners-2/ 2 3 4 5

  5. https://www.microsoft.com/en-gb/security/business/microsoft-sentinel

  6. https://www.normcyber.com/bulletins/normcyber-threat-bulletin-27th-august-2025/

  7. https://www.normcyber.com/blog/active-directory-exploits/

  8. https://issuu.com/kpmmedia/docs/facilities_management_journal_march_2025

  9. https://play.google.com/store/apps/details?id=com.pccsuk.innovation 2 3 4 5 6 7

  10. https://skylinemicrosites.co.uk/pccs-group/ 2 3 4 5

  11. https://www.pccsgroup.com/ 2 3

  12. https://www.caticompliance.co.uk/ 2 3 4 5

  13. https://www.churchillservices.com/wp-content/uploads/2021/04/Modus-Cati-System-Privacy-Policy.pdf 2 3 4 5

  14. https://employeeownership.co.uk/news/ 2

  15. https://www.churchillservices.com/wp-content/uploads/2025/04/Oscar-Topco-filed-accounts-2024_compressed.pdf 2 3 4 5

  16. https://www.churchillservices.com/wp-content/uploads/2024/07/Churchill-Group-Holdings-Filed-Accounts-22-23_compressed.pdf 2 3 4 5

  17. https://www.churchillservices.com/what-we-do/ 2 3

  18. https://www.amulet.co.uk/news-case-studies/page/6/ 2 3 4 5 6 7 8 9 10

  19. https://www.amulet.co.uk/news/transformation-in-action-amulet-hosts-innovation-day-at-aston-martin-red-bull-racings-new-mk7-venue/ 2 3 4 5 6 7

  20. https://www.genetec.com/solutions/resources/security-center-datasheet 2 3 4

  21. https://www.briefcam.com/partners/technology-partners/genetec/ 2 3

  22. https://oosto.com/blog/anyvsion-is-now-oosto/ 2

  23. https://securitymatters.podbean.com/ 2 3

  24. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-warns-about-use-of-facial-recognition-technology-in-retail/ 2 3 4 5 6

  25. https://www.infologue.com/company/mitie-announces-unique-crime-reporting-initiative-powered-by-facewatch/

  26. https://dokumen.pub/your-face-belongs-to-us-a-secretive-startups-quest-to-end-privacy-as-we-know-it-9780593448564-9780593448588.html

  27. https://www.churchillservices.com/wp-content/uploads/2025/06/ESG-Report-2024_compressed.pdf 2 3 4

  28. https://www.churchillservices.com/wp-content/uploads/2024/06/Churchill-Sus-Report-23-1.pdf 2 3 4

  29. https://vayyar.com/smart-building/

  30. https://www.pointgrab.com/

  31. https://aws.amazon.com/government-education/government/israel/ 2

  32. https://www.notechforapartheid.com/ 2

  33. https://find-and-update.company-information.service.gov.uk/company/OE013431

  34. https://find-and-update.company-information.service.gov.uk/company/07317156/persons-with-significant-control

  35. https://uk.globaldatabase.com/company/churchill-contract-services-group-holdings-limited

  36. https://www.churchillservices.com/news/blogs/the-role-of-artificial-intelligence-in-modern-facilities-management/ 2

  37. https://www.esocapital.com/