United States · North America

CPCSC Readiness in the United States

CPCSC readiness for US founders and operators. CPCSC is Canada’s defence supply-chain cyber certification program, built on ITSP.10.171, the Canadian profile of NIST SP 800-171. If you want to bid on or stay on federal defence contracts, certification is becoming table stakes. We get you from “we have no idea where we stand” to a Level 1 self-assessment you can attest to, and lay the groundwork for the third-party-assessed higher levels.

Book a discovery call Full CPCSC readiness service page

US ecosystem context

US enterprise buyers are the reason most of our clients need SOC 2 in the first place. The shape of it is always the same: a company wins real interest from a US enterprise, a vendor-security review lands in the middle of the deal, and everything parks until there is a report to hand over. The bar here is set by the buyer, not by a regulator, which is why it shows up as a questionnaire and a procurement gate rather than as a law you can look up.

We are a Canadian firm and we work with US clients cross-border, across US time zones. We do not keep a US office, and we are not going to pretend otherwise. What we do instead is coordinate around how you actually work, and establish presence for the length of the engagement where the work calls for it. What we bring is specific, repeated experience getting companies through US enterprise security review: what the questionnaire is really asking, which controls the reviewer actually checks, and what has to be true before the deal moves. We prep you to pass. Only an independent CPA firm can sign a SOC 2 report, and we will introduce you to one.

CPCSC Readiness scope

CPCSC is Canada’s defence supply-chain cyber certification program, built on ITSP.10.171, the Canadian profile of NIST SP 800-171. If you want to bid on or stay on federal defence contracts, certification is becoming table stakes. We get you from “we have no idea where we stand” to a Level 1 self-assessment you can attest to, and lay the groundwork for the third-party-assessed higher levels.

  • CPCSC / ITSP.10.171 scoping and certification-level determination
  • Level 1 self-assessment across the required security requirements
  • Gap remediation plan mapped to NIST SP 800-171 controls
  • Evidence, policies, and System Security Plan (SSP) authoring
  • Assessment coordination for third-party-verified certification levels

For the full service detail, see the CPCSC Readiness page. For fixed-price productized engagements, see pricing.

Services US clients usually bundle

CPCSC Readiness in other locations

CPCSC Readiness in the United States, on your timeline

Book a free 30-minute discovery call. We’ll tell you whether this engagement fits, what it would cost, and when we could start.

Book a call