Bilingual, Canadian-owned cybersecurity that keeps your data in Canada
IT Sincennes is a Canadian-owned cybersecurity firm based in Ottawa-Gatineau and serving organizations across Canada. We find where you’re exposed, get you compliant (Law 25, SOC 2, NIST), and put the protections in place — in French or English, with your data kept on Canadian soil. We’re also the people behind the free Cactus Security tools.
Canadian-owned and operated — your data stays in Canada, hosted in Canadian regions (Azure Canada Central/East, AWS ca-central-1). Bilingual, locally based in Ottawa, Ontario and Gatineau, Quebec.
- Microsoft Cybersecurity Architect Expert (SC-100)
- Bilingual — English & French
- Based in Ottawa & Gatineau
- Canadian-owned · data stays in Canada
Subject to Law 25? Take the free 2-minute self-check →
Hands-on expertise for your business
The same expertise behind the free Cactus Security tools, available hands-on for businesses that need more than a self-serve check.
Cybersecurity assessments
A practical review of your organization’s security posture — what’s exposed, what matters most, and a prioritized plan to fix it.
Penetration testing
Authorized, real-world testing of your systems and applications, with a clear report your team can actually act on.
IT consulting & managed IT
Day-to-day IT done right for small and mid-sized businesses: infrastructure, Microsoft 365, backups, and security baked in from the start.
Virtual CISO (vCISO)
Executive security leadership on demand: strategy, governance and compliance (Law 25) — at a fraction of a full-time CISO’s cost.
Everything to keep your IT running
Compliance & frameworks
SOC 2 readiness, NIST CSF 2.0 audits and Quebec Law 25 / PIPEDA — get audit-ready and pass client and insurer requirements.
Managed Detection & Response (MDR)
24/7 monitoring and response — a managed SOC without building one, with telemetry kept in Canada.
Quebec Law 25 compliance
Quebec’s Law 25 made practical for SMBs — privacy officer, EFVP, governance and breach reporting, in French.
Canadian data sovereignty
A Canadian-owned firm hosting your data in Canada — reducing CLOUD Act exposure and supporting Law 25.
Vulnerability management
Continuous identification, prioritization and tracking of vulnerabilities — so the risks that matter get fixed first.
Incident response planning
Response plans, runbooks and tabletop exercises so your team knows exactly what to do when it counts.
Awareness & phishing training
Bilingual phishing simulations and awareness training that turn your employees into a first line of defense.
Microsoft 365 security
Entra ID and MFA, conditional access, Defender and Purview — Microsoft 365 locked down and aligned to Law 25, by an SC-100 architect.
Cloud & hosting
Secure cloud architecture and migration on Azure, AWS and Google Cloud, plus Microsoft 365 and website hosting.
Hardware & licensing
Laptops, desktops, servers, accessories and software licensing — sourced, configured and supported.
A local partner that speaks your language
Based in Ottawa and Gatineau, we serve businesses coast to coast to coast — in English and French, with Canadian compliance front of mind.
- Assessment first. We start by measuring risk, not by selling products.
- Bilingual. Full service in both French and English.
- Local. A National Capital Region practice — you work with the senior architect, not a call centre.
- End to end. From strategy through to day-to-day operations.
- Canadian-owned. Your data stays in Canada, under Canadian privacy law.
We build Cactus Security
Cactus Security is a collection of free cybersecurity tools — for everyone, forever. Link checkers, scam alerts, breach checks and more, built and operated by IT Sincennes.
- Link & email checker
- Breached-website lookups
- Security Checkup & Spot-the-Scam quiz
- Scam of the Week & newsletter
Ready to know where you stand?
Book a no-obligation risk assessment and get a clear, prioritized plan.
Get in touch- Canadian-owned
- Microsoft SC-100
- Bilingual
- 48-hour reply
Frequently asked questions
What does a cybersecurity assessment include?
We review your security posture end to end — what’s exposed and what matters most — and hand you a prioritized, plain-language plan your team can act on.
What is penetration testing, and does my business need it?
Penetration testing is authorized, real-world testing of your systems and applications that finds weaknesses before attackers do. Most organizations that handle client data — or are required to by insurance or compliance — benefit from regular testing.
Do you serve both Ottawa and Gatineau, in English and French?
Yes. We’re based in the Ottawa-Gatineau region and serve clients on both sides of the river, fully in English and French, as well as across Canada.
Do you work with small and mid-sized businesses?
Absolutely. We work with organizations of all sizes, across every sector, and right-size our recommendations to your budget and risk.
Are you certified?
Yes. Our work is backed by Microsoft expert certifications — Cybersecurity Architect Expert (SC-100), Azure Solutions Architect Expert, and Identity & Access Administrator — plus 20+ years of hands-on experience.
Is IT Sincennes Canadian-owned, and does our data stay in Canada?
Yes. IT Sincennes is a Canadian-owned and operated firm based in Ottawa and Gatineau. We keep client data in Canada — hosted in Canadian cloud regions (Azure Canada Central/East, AWS ca-central-1) — so it stays subject to Canadian privacy law rather than crossing the border. For organizations bound by Quebec’s Law 25 or PIPEDA, that data residency is a deciding factor, and it’s something US-headquartered providers can’t match.
How do we get started?
Send us a note through the contact form or email [email protected]. We usually start with a no-obligation risk assessment, then give you a clear, prioritized plan.
Let’s talk about your project
Send us a note and we’ll get back to you within 48 hours.