Are we even allowed to use cloud-based tools like Jira, Trello or Miro in a government project?

Well, yes and no.

If you are thinking about introducing a new collaboration tool into your delivery environment – particularly something cloud-based like Jira, Trello or Miro – my advice is to pause and check how it aligns with your department’s internal policies. In government, tool selection is not just a question of convenience or preference; it must also meet clearly defined standards around security, data protection and procurement.

Every department has its own position on which tools are approved, which require further assessment, and which are not permitted at all. This often depends on the nature of the service you are delivering, the type of data being handled, and the organisation’s appetite for risk. What one department allows may not be acceptable in another – even for apparently similar delivery contexts.

Before adopting or recommending a tool, I would advise speaking with your Information Governance or Cyber Security team. They can advise whether the tool you are considering is already approved, whether a formal risk assessment is required, or whether additional controls – such as restricted access, secure environments or data handling safeguards – must be applied.

Tools like Jira and Azure DevOps, for example, are more likely to be pre-approved in central government due to their enterprise features and robust permissions models. Trello and Miro, on the other hand, are more lightweight and accessible – but that may raise flags in relation to data storage, access control and auditability. That does not mean you cannot use them; it simply means you need to be more cautious and transparent about how you intend to manage the associated risks.

Ultimately, your choice of tool must reflect more than just your team’s workflow – it needs to align with your organisation’s duty to protect public data. Collaborative tooling should be treated as a shared responsibility. Bring the right people into the conversation early, ask the right questions, and document your rationale clearly. This will help you avoid issues later – especially when preparing for a GDS assessment or undergoing internal audit.

AgileDelivery PublicSectorDigital InformationGovernance CollaborationTools UKGDPR

I will be following up in the next post with guidance on data location and access control – two areas that are often overlooked when selecting collaboration tools in government projects.

Please feel free to follow me so that you receive a notification when the article is released or share your thoughts in the comments section.