Skip to main content
Privacy Horizon
Threat & Risk Assessment

Threat & Risk Assessment Services in Fredericton

Identify, prioritize, and act on security risks across your organization in Fredericton.

Fredericton has an unusually high concentration of security-relevant organizations for a city of its size. The provincial government and its contractors handle sensitive citizen data across dozens of departments. The University of New Brunswick and its research ecosystem generate intellectual property that competes globally. A growing technology sector holds client data for organizations province-wide. And the healthcare system manages personal health information at significant scale. Each environment faces a distinct threat landscape, but all share a common challenge: understanding where security risks are concentrated before an incident forces the question.

A Threat and Risk Assessment delivers that understanding through a structured, evidence-based process. Asset and threat identification maps everything your organization has to protect and the realistic actors and methods targeting it. Vulnerability analysis examines your technical controls, configurations, and procedural safeguards against those threats. Risk prioritization ranks every finding by likelihood and impact, and the remediation roadmap sequences corrective actions into a plan your team can execute.

New Brunswick does not have a general private-sector privacy law — commercial organizations in Fredericton are governed by Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), enforced by the Office of the Privacy Commissioner of Canada. A breach that creates a real risk of significant harm to individuals triggers mandatory breach reporting and notification obligations. Organizations most exposed to that risk are those with unresolved vulnerabilities in high-value systems — exactly what a TRA surfaces and addresses.

Healthcare custodians in Fredericton operate under New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick. PHIPAA requires custodians to protect personal health information with appropriate security measures. A formal TRA is the most credible way to demonstrate that requirement is being met — and the most practical way to identify where it is not.

Privacy Horizon understands the Fredericton context: provincial contractor obligations, the university and research environment, and the specific pressures on New Brunswick's healthcare system. Our assessments are tailored to each client and designed to produce genuinely actionable findings.

Privacy & security regulation in Fredericton

Regulator: Office of the Ombud for New Brunswick

Fredericton businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)

New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.

Read the legislation

What Threat & Risk Assessment includes

A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.

Asset & Threat Identification

Map what you're protecting and what threatens it.

Vulnerability Analysis

Find the weaknesses that matter most.

Risk Prioritization

Rank risks by likelihood and impact, not guesswork.

Remediation Roadmap

A practical plan to reduce risk in priority order.

Provincial Contractors and Government Data

Organizations that provide services to the New Brunswick government handle sensitive data — citizen records, social services data, financial information, and infrastructure systems. Government clients increasingly expect contractors to demonstrate formal security assurance. A TRA gives you a documented, structured analysis of your security posture: evidence of due diligence you can present to procurement teams and use internally to drive continuous improvement.

Technology and MSP Sector: Protecting What You Hold for Others

Managed service providers and software companies in Fredericton occupy a high-risk position: a compromise of your own systems can cascade to every client whose environment you manage or whose data you process. A TRA scoped to an MSP or software firm examines the specific attack surfaces that make that cascade possible — privileged access tooling, remote monitoring platforms, credential vaulting, and client network segregation — and addresses both your internal security posture and the safeguards protecting the clients who depend on you.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.