What kind of personal data does your charity hold?
How many staff have email accounts or system access?
Have you experienced a security incident in the last 24 months?
Is your board or are funders asking about cybersecurity?
What is your provincial scope of operations?
Posture Snapshot.
A one-week, fixed-fee assessment is the right starting point. You will get a board-ready document, a clear picture of where you stand, and a prioritized roadmap — without committing to ongoing work until you are ready.
- Format. Fixed-fee, ~1 week engagement.
- Output. Board-ready posture document and remediation roadmap.
- Best for. Charities just beginning to think about cybersecurity formally.
Stabilisation.
Your answers suggest specific high-risk gaps need addressing now. Stabilisation is a project-based engagement that closes the most urgent vulnerabilities — MFA rollout, endpoint hardening, identity cleanup — before you commit to a long-term retainer.
- Format. Project-based, typically 30 days.
- Output. Closed gaps plus 30-day stabilisation report.
- Best for. Charities with known issues or recent incidents.
- Recommended next step. Posture Snapshot first to scope the work.
Essentials.
You are ready for foundational managed controls and quarterly reporting. Essentials gives you EDR, email security, ongoing posture management, an annual tabletop exercise, and direct access to a senior engineer — without the cost of a full Tier 3 programme.
- Format. Monthly retainer.
- Includes. EDR, email controls, quarterly reviews, annual tabletop, direct senior contact.
- Best for. Charities with established operations and growing oversight needs.
Secure.
Your scope and risk profile call for a mature programme with active monitoring, full policy infrastructure, and vendor risk reviews. Tier 3 is appropriate for charities with multi-province operations, sensitive data holdings, or active board oversight.
- Format. Monthly retainer with broader scope.
- Includes. Active monitoring, vulnerability management, full policy library, vendor risk, compliance documentation.
- Best for. Mid-to-large charities with complex operations or regulated activities.
Guardian.
You operate at a scale and sensitivity level where continuous protection, embedded security leadership, and active board engagement are essential. Tier 4 includes everything in Secure plus a fractional CISO, 24/7 monitoring, annual penetration testing, and direct insurance and audit liaison.
- Format. Monthly retainer with full programme scope.
- Includes. Embedded vCISO, 24/7 monitoring, annual pen test, board reporting, insurance & audit liaison.
- Best for. National charities, regulated programmes, or organizations with material cybersecurity risk.