CPCSC readiness for BC founders and operators. CPCSC is Canada’s defence supply-chain cyber certification program, built on ITSP.10.171, the Canadian profile of NIST SP 800-171. If you want to bid on or stay on federal defence contracts, certification is becoming table stakes. We get you from “we have no idea where we stand” to a Level 1 self-assessment you can attest to, and lay the groundwork for the third-party-assessed higher levels.
British Columbia is Vancouver-led and US-facing: SaaS, payments, gaming, and a durable crypto and digital-asset scene, with Victoria adding govtech and cleantech. The province shares a time zone with Seattle and the Bay Area, and most BC companies sell south rather than east. That means US enterprise buyers, and US enterprise buyers ask for SOC 2 by default, usually earlier in the cycle than a Canadian buyer would.
We work remotely, and Pacific hours are a normal working day here, not a favour we do at the end of a Toronto calendar. The BC sequence is consistent enough to plan around: the first serious US customer sends a security questionnaire, the deal stalls, and the answer turns out to be SOC 2 plus a recent third-party penetration test. We scope that as one piece of work instead of two.
CPCSC is Canada’s defence supply-chain cyber certification program, built on ITSP.10.171, the Canadian profile of NIST SP 800-171. If you want to bid on or stay on federal defence contracts, certification is becoming table stakes. We get you from “we have no idea where we stand” to a Level 1 self-assessment you can attest to, and lay the groundwork for the third-party-assessed higher levels.
For the full service detail, see the CPCSC Readiness page. For fixed-price productized engagements, see pricing.
Book a free 30-minute discovery call. We’ll tell you whether this engagement fits, what it would cost, and when we could start.
Book a call