Foundations
Compliance Foundations
The policy library, training modules and operational scaffolding every compliance program needs.
- 20–40 policy & procedure documents
- Compliance program design & calendar
- Employee training & awareness modules
- Onboarding & offboarding workflows
Risk & Governance
Risk Management & Governance
Enterprise risk assessments, vendor risk programs, BCP/DR governance and incident response playbooks.
- Enterprise Risk Assessment (ERA)
- Privacy Impact Assessments (PIA / DPIA)
- Vendor risk management program
- Incident response & BCP/DR governance
Audit Readiness
Audit Readiness & Assurance
SOC 2 and ISO 27001 readiness programs, internal audits, evidence collection and board reporting.
- SOC 2 Type I & Type II readiness
- ISO 27001 ISMS & Annex A controls
- Internal audits & evidence collection
- Board-level compliance reporting
Privacy
Privacy & Regulatory
PIPEDA, BC PIPA and GDPR-lite programs. Data classification, breach response, third-party privacy reviews.
- Privacy program (PIPEDA, BC PIPA, GDPR-lite)
- Data handling & classification framework
- Breach response governance
- Third-party privacy reviews
Operational
Operational Governance
OHS (WorkSafeBC-aligned), physical security, change management and centralized documentation.
- OHS governance (WorkSafeBC-aligned)
- Physical security governance
- Change management & audit trails
- Compliance documentation management
Project-Based
Add-On & Project Services
Targeted engagements when you need specific work done — gap assessments, tabletops, RFP support, custom policies.
- SOC 2 / ISO 27001 gap assessments
- BCP workshops & IR tabletops
- Vendor deep-dive assessments
- RFP support & custom policies