Long answer:

To achieve initial certification, the duration depends on the complexity of your organization. For a very small organization with 5 full-time employees and a few outsourced roles (such as bookkeeping and IT services personnel), and assuming your management system is implemented and ready for auditing, it takes about 4 weeks. Here is the rationale:

• You submit the application form (1 business day).

• The Complade back office team reviews the form and confirms the details with you, ensuring your organization is ready for an audit. You then sign the contract (approximately 2 business days).

• The Complade back office team assigns an auditor to you, shares the audit plan, and lists the required documents, etc. (1 business day).

• Assuming you have everything prepared and you submit the required information (1 business day).

• The auditor conducts a document review (1-2 weeks; for simplicity, let's say 1 week, which equals 5 business days).

• Assuming the auditor has no clarification questions and shares the timeline for a remote or in-person audit day (1 business day).

• Conducting the audit (1 business day).

• Assuming there are no major non-conformities, and only a few minor ones for which you need to submit a corrective action plan (1 business day).

• A second auditor reviews all the documentation (5 business days).

• Assuming everything is satisfactory, congratulations, you receive your certificate.

In summary, the fastest scenario for achieving certification is 4 weeks.

If you have any questions, please contact us. We can provide more precise answers based on the dynamics of your organization.

The cost for initial CyberSecure Canada certification for an organization with 5 people is CAD $1,500. For a detailed pricing guideline, please refer to our prices here or contact us. Additionally, if you are a non-profit organization or a charity, we offer a 30% discount as a token of appreciation for your community services.  These are guidelines and must have official offer for a firm quote.  

Long Answer

Much like in accounting, where your accountant or bookkeeper cannot serve as your financial auditor, Complade does not offer consultation or implementation services, nor do we provide "templates." Our objective is to assure you that your information risks and controls are adequately balanced. Offering implementation advice or templates would compromise the integrity of our audit process. It wouldn't make sense for us to identify non-conformities in procedures we advised you to implement, would it? Just as your accountant cannot audit their own financial records, an implementer responsible for implementing and maintaining your Information security management system cannot audit their own processes.

The good news is that there are many implementers and tools available to help you implement the CyberSecure Canada standard. We do not endorse or recommend any specific organizations. You might consider asking your IT services provider or reaching out to companies such as Drata.com, Vanta.com, SecureFrame.com, MapleGRC.com, etc., for assistance. Once you're ready, reach out to us. It makes no difference to us who assists you in implementing and maintaining your systems; our role is to assess your compliance impartially and provide you with a fair report and certification.