Cybersecurity assessments for Ottawa & Gatineau organizations
A clear picture of your security posture — what’s exposed, what matters most, and a prioritized, practical plan to fix it. No jargon.
Your whole attack surface, not just antivirus
Identity & access
Microsoft 365 / Entra ID, MFA, privileged accounts.
Endpoints & devices
Protection, hardening and patching of devices.
Network & perimeter
Firewalls, segmentation and what’s exposed.
Cloud
Cloud configuration and risky sharing.
Data & backups
Where your data lives and whether you could recover.
Policies & governance
The rules that keep you compliant (Law 25, PIPEDA).
A prioritized plan, not a list of fears
Findings are mapped to recognized frameworks (CIS, NIST) and ranked by real impact on your business — with quick wins you can act on this week.
- A clear posture rating.
- Prioritized risks by real impact.
- Quick wins vs longer-term investments.
- Executive summary + technical detail.
- Mapped to Law 25 / PIPEDA and cyber-insurance.
- Delivered in French and English.
The assessment opens the door to the rest
The plan the assessment produces tells you what to fix and in what order. Depending on the findings, the natural next step is often a penetration test of what's exposed, ongoing vulnerability management so the fixes keep happening, or a compliance program (SOC 2, NIST CSF, Law 25) if your clients or insurers require one. You can do the follow-up with us or with your own team — the plan is yours either way.
Frequently asked questions
What does a cybersecurity assessment actually involve?
We combine interviews with your people and a hands-on review of your configurations — identity and Microsoft 365, endpoints, network, cloud, backups and policies. Findings are mapped to recognized frameworks (CIS, NIST) and ranked by real impact on your organization. You come away with an honest picture of your posture and a prioritized, plain-language plan leadership can actually read.
How is this different from a penetration test?
An assessment is breadth: a whole-posture review that shows where the gaps are and what to fix first. A penetration test is depth: an authorized, real-world attack against specific targets that proves what's exploitable. Most organizations start with the assessment, then test the areas that matter most in depth.
How much does it cost?
There's no flat rate — cost depends on the size of your environment and the scope. After a short conversation to frame the work, we give you a clear fixed fee with no surprises, sized for an SMB. The assessment is also the cheapest place to start: it keeps you from investing in the wrong things.
Will it disrupt our operations?
Very little. Most of the work is a read-only review of your configurations plus a few interviews — no exploitation, no downtime. We schedule the conversations around your availability, and your team keeps working normally.
How often should we reassess?
Annually is a good rhythm for most SMBs, or after a major change — a cloud migration, a merger, a new core system. Cyber insurers and frameworks like SOC 2 or NIST CSF expect regular reviews, not a one-time exercise.