CyberSecure Canada
Audit Processes
Assess your CyberSecure Canada Compliance with Complade:
A Simplified Guide
Preparation is Key
Our team will reach out to guide you through the process and set the stage for your Initial audit. Please note that as your confirmity auditor we will not offer consultation or implementation services. To implement Cyber Secure Canada please refer to Cyber Secure Canada Public website. Or reach out to your IT consulting firm. Complade team can give guidance on the process, explain the standard but will not engage on specifics of your environment.
Application Intake:
First step is to fill in this application to get started. Or email or call us.
Initial Audit
Stage 1 Audit:
Auditor will review your management system and share conformity assessment as you prepare for stage 2Stage 2 Audit:
Once you feel prepared, an Auditor will conduct a comprehensive review to see if your management systems and procedures align with CyberSecure Canada's standards. You’ll know the Auditor's recommendations on the same day, which will then be confirmed by our Compliance Team.
Annual Surveillance
The strength of CyberSecure Canada lies in its focus on continuous improvement. To maintain your certification, we will schedule annual review.
Re-certification:
Similar to surveillance, re-certification after 2 years from initial certification
Certification Transfer from a Different Certification Body::
Transferring certification from another certification body to Complade is permitted under specific conditions.
CyberSecure Canada Certification Steps Summary
Step 1
Step 2
Stage 1 Audit
Step 3
Stage 2 Audit
Step 4
Annual Surveillance
Step 5
Re-Certification
How long does it take to get certified?
Quick answer: 4 weeks. Click for a longer answer.
Long answer:
To achieve initial certification, the duration depends on the complexity of your organization. For a very small organization with 5 full-time employees and a few outsourced roles (such as bookkeeping and IT services personnel), and assuming your management system is implemented and ready for auditing, it takes about 4 weeks. Here is the rationale:
You submit the application form (1 business day).
The Complade back office team reviews the form and confirms the details with you, ensuring your organization is ready for an audit. You then sign the contract (approximately 2 business days).
The Complade back office team assigns an auditor to you, shares the audit plan, and lists the required documents, etc. (1 business day).
Assuming you have everything prepared and you submit the required information (1 business day).
The auditor conducts a document review (1-2 weeks; for simplicity, let's say 1 week, which equals 5 business days).
Assuming the auditor has no clarification questions and shares the timeline for a remote or in-person audit day (1 business day).
Conducting the audit (1 business day).
Assuming there are no major non-conformities, and only a few minor ones for which you need to submit a corrective action plan (1 business day).
A second auditor reviews all the documentation (5 business days).
Assuming everything is satisfactory, congratulations, you receive your certificate.
In summary, the fastest scenario for achieving certification is 4 weeks.
If you have any questions, please contact us. We can provide more precise answers based on the dynamics of your organization.
How much CyberSecure Canada certification costs?
Quick answer: $1500 (or less) for very small organizations.
The cost for initial CyberSecure Canada certification for an organization with 5 people is CAD $1,500. For a detailed pricing guideline, please refer to our prices here or contact us. Additionally, if you are a non-profit organization or a charity, we offer a 30% discount as a token of appreciation for your community services. These are guidelines and must have official offer for a firm quote.
I am not ready, how do I prepare?
Quick Answer: Seek assistance from an implementer; we cannot provide implementation help.
Long Answer
Much like in accounting, where your accountant or bookkeeper cannot serve as your financial auditor, Complade does not offer consultation or implementation services, nor do we provide "templates." Our objective is to assure you that your information risks and controls are adequately balanced. Offering implementation advice or templates would compromise the integrity of our audit process. It wouldn't make sense for us to identify non-conformities in procedures we advised you to implement, would it? Just as your accountant cannot audit their own financial records, an implementer responsible for implementing and maintaining your Information security management system cannot audit their own processes.
The good news is that there are many implementers and tools available to help you implement the CyberSecure Canada standard. We do not endorse or recommend any specific organizations. You might consider asking your IT services provider or reaching out to companies such as Drata.com, Vanta.com, SecureFrame.com, MapleGRC.com, etc., for assistance. Once you're ready, reach out to us. It makes no difference to us who assists you in implementing and maintaining your systems; our role is to assess your compliance impartially and provide you with a fair report and certification.
Additional Information
For a more detailed understanding of our audit process, we invite you to download our Audit Process Policy. This comprehensive guide outlines the procedures, requirements, and standard practices that we adhere to.
Contact Us for Certification Process Review
If you have further questions or wish to discuss your specific needs, please don't hesitate to contact us today for a certification process review. Our team is always available to guide you through the steps needed to achieve your cybersecurity certification goals.