Compliance, risk & cyber insurance
Canadian privacy law, security frameworks, and insurer requirements all pull in the same direction: prove you take security seriously. This guide maps what applies to you.
Compliance is where most Canadian businesses first feel real pressure to act — a contract that demands SOC 2, a privacy law like PIPEDA or Quebec Law 25, or a cyber-insurance renewal that now asks hard questions. The obligations overlap more than they look like they do.
These articles translate the frameworks and laws into the controls they actually expect, cover vendor and third-party risk, and explain why cyber-insurance claims get denied — so you can meet the requirement and genuinely reduce risk at the same time.
12 articles
A Plain-Language PIPEDA Compliance Checklist for Small Businesses
A plain-language PIPEDA compliance checklist for small businesses — the practical steps to handle personal information the way Canadian law expects.
Read articleWhat PIPEDA expects from you after a data breach
Canada's PIPEDA sets clear obligations for businesses after a data breach. Here's a plain-language overview of what's required.
Read articleQuebec's Law 25: What Businesses Outside Quebec Still Need to Know
Quebec's Law 25 has tightened privacy rules and can apply to businesses outside Quebec. Here's what small and mid-sized businesses need to know.
Read articleA Small Business Guide to CASL: Canada's Anti-Spam Law
CASL governs the commercial emails and texts your business sends. Here's what consent, identification, and unsubscribe rules mean for Canadian SMBs.
Read articleSOC 2 for Canadian Companies: Do You Actually Need It?
SOC 2 for Canadian companies, explained: what a SOC 2 report is, when you actually need one, and how to prepare without wasting effort.
Read articleThe 13 Baseline Cyber Security Controls Every Canadian SMB Should Have
The Canadian Centre for Cyber Security's 13 baseline controls for small and medium organizations, explained in plain language with where to start.
Read articleCyberSecure Canada Certification: Cost, the 13 Controls, and How to Get Certified
CyberSecure Canada certification explained: the 13 baseline controls, what it costs, how long it lasts, and the step-by-step path to getting certified.
Read articleCPCSC Level 1: What Suppliers to the Government of Canada Need to Know
The Canadian Program for Cyber Security Certification (CPCSC) Level 1 sets a cyber-hygiene bar for federal suppliers. Here's who needs it and how to prepare.
Read articleBill C-8 and the Critical Cyber Systems Protection Act: What It Means for Your Business
Bill C-8 would create the Critical Cyber Systems Protection Act. Here's who it covers, what it would require, and why it matters even if you're not regulated.
Read articleVendor and Third-Party Risk: The Back Door Into Your Business
Your security is only as strong as your suppliers'. A practical guide to third-party risk management for Canadian small and mid-sized businesses.
Read articleWhat Canadian Cyber Insurers Now Require Before They'll Cover You
Cyber insurance requirements in Canada have tightened. Here are the security controls insurers now expect before they will issue or renew a policy.
Read articleWhy Cyber Insurance Claims Get Denied — and How to Stay Covered
Cyber insurance claims get denied more often than you'd think. Here are the most common reasons Canadian businesses lose coverage — and how to avoid them.
Read articleWant this handled for you?
Our Compliance & Risk Advisory service puts everything in this guide into practice for Canadian organizations — fully managed.
Explore Compliance & Risk Advisory →Other guides
Ransomware & incident response
Ransomware is still the attack most likely to take a Canadian business offline. This guide covers how these attacks unfold and how to be ready before one lands.
Read the guide →Choosing & working with an MSSP
The managed security market is full of overlapping acronyms. This guide cuts through them so you can tell what you actually need and what you are buying.
Read the guide →Phishing, scams & account security
Most breaches start with a person, not a firewall. This guide covers the scams aimed at your staff and the controls that stop a stolen password from becoming a breach.
Read the guide →Small business security foundations
If you are not sure where to begin, start here. This guide covers the foundations that give a small Canadian business the most protection for the least effort.
Read the guide →