Insights

Insights

Practical writing on security leadership, compliance, and selling into regulated markets — from a fractional CISO working with Canadian startups.

July 2026 · 8 min

CPCSC vs CMMC: the Canadian supplier’s guide to doing both

Canada’s CPCSC and the US CMMC share the same NIST 800-171 roots but offer no mutual recognition. How to build once and certify for both.

Have a situation you’re working through?

The next step is a 30-minute conversation — no pitch, no obligation. An honest read on where you stand and what actually matters next.