Environmental policy
— Last updated 27 April 2026
Short version. Foundry Cyber Ltd is a small UK cybersecurity consultancy. Our direct environmental footprint is small: a few people, mostly remote, using laptops. Our biggest indirect impact comes from the cloud computing we run on behalf of customers. This policy sets out how we minimise both, honestly and proportionately.
Our commitment
We aim to:
- operate within our environmental obligations under UK law and our customer contracts;
- actively reduce, where reasonable, the energy and resource intensity of our operations;
- choose suppliers and partners with credible decarbonisation roadmaps;
- publish honest progress, not aspirational claims.
We do not currently hold ISO 14001 certification, but we use its principles to shape this policy.
Scope
This policy applies to:
- Foundry Cyber's own operations (devices, travel, procurement, working practices);
- cloud infrastructure operated by us, or for us, as part of customer engagements;
- goods and services we procure on behalf of customers.
It does not directly govern customer-managed environments, but we will always advise on energy-efficient configurations where they intersect with security.
Where we have impact
We focus on the areas where a small consultancy can actually move the needle:
- Cloud and digital infrastructure:where we operate workloads for assessment, scanning, AI inference, and reporting.
- Computing devices:laptops and peripherals used by our team.
- Travel:site visits, customer meetings, conferences.
- Procurement:paid software, hardware, and professional services.
- Working practices:paper, home-energy use, commuting.
What we do
Cloud
- Run customer workloads in regions whose grid mix has lower carbon intensity, where the customer's data residency requirements permit (typically UK South, West Europe, or North Europe, all on Microsoft's renewable-matched datacentre programme).
- Right-size infrastructure. Shut down unused environments, scale down out of hours, and prefer serverless and event-driven patterns over always-on VMs.
- Avoid duplicating data unnecessarily across regions.
Devices
- Buy laptops and peripherals built to last, with a target operational lifecycle of at least four years.
- Repair before replace where viable. Donate or recycle older kit through certified WEEE channels.
Energy
- The electricity we use in our offices and home-working setups is sourced from a 100% renewable tariff.
- This applies to direct consumption. Cloud workloads run on whichever grid mix our hyperscaler regions provide, covered above under "Cloud".
Travel
- Default to remote meetings.
- When travel is necessary, prefer rail over road or air for UK journeys.
- Consider credible removal-based offset schemes for any unavoidable air travel.
Procurement
- Prefer suppliers who publish a public sustainability or decarbonisation report.
- Microsoft, our primary cloud provider, has publicly committed to be carbon negative by 2030 and to remove its historical emissions by 2050. This aligns with our own direction of travel.
- Avoid printed deliverables. Digital documents are the default.
Waste and working practices
- Operate as a paperless business by default.
- Use existing customer Microsoft 365 and SharePoint estates wherever possible, rather than introducing parallel platforms that duplicate storage.
How we measure progress
- We track our cloud spend, which is a reasonable proxy for compute footprint, and review it quarterly.
- We publish updates to this policy when our practices change.
- We will provide procurement teams with a written environmental statement on request.
Review
This policy is reviewed at least annually and whenever there is a material change in how we operate.
Contact
For questions about this policy, contact hello@foundrycyber.com.