Threat & Risk Assessment Services in Manitoba
Identify, prioritize, and act on security risks across your organization in Manitoba.
Security risk doesn't scale with the size of an organization's IT department. A smaller firm with limited security resources can face an equally complex threat landscape as a large enterprise — and often has less capacity to absorb the consequences of an incident when one occurs. What makes the difference is having a clear view of where the real exposures lie, so that limited time and budget go to the risks that matter most rather than the ones that simply feel most urgent.
Privacy Horizon's Threat and Risk Assessment gives Manitoba organizations exactly that clarity. We begin with asset and threat identification: building a structured inventory of the systems, data, and connections that matter to your business, and mapping the threat landscape that's realistic for your sector and operating context. We don't import a generic threat model — we work from the specific characteristics of your environment, your industry, and the data you actually handle.
From there, we conduct a vulnerability analysis that examines technical controls, access management practices, third-party exposure, and the organizational factors — policies, training, incident-response readiness — that either reduce or amplify technical risks. Every finding is captured in a prioritized risk register that ranks exposures by likelihood and impact. The remediation roadmap that follows tells your team, in plain terms, what to fix first, what can wait, and how to sequence the work within your capacity.
Manitoba private-sector businesses are governed by federal PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Organizations in the health sector — hospitals, clinics, pharmacies, and other trustees — are also subject to Manitoba's Personal Health Information Act, with oversight by the Manitoba Ombudsman. A security incident that exposes personal information triggers notification obligations under either framework, adding regulatory and reputational consequences to operational ones. A TRA reduces the likelihood of reaching that point — and ensures that if an incident does occur, your organization has a documented record of the security work it has done.
Privacy & security regulation in Manitoba
Regulator: Manitoba Ombudsman
In Manitoba, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by trustees such as hospitals, clinics and pharmacies is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Manitoba)The Personal Health Information Act (Manitoba)
Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.
What Threat & Risk Assessment includes
A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.
Asset & Threat Identification
Map what you're protecting and what threatens it.
Vulnerability Analysis
Find the weaknesses that matter most.
Risk Prioritization
Rank risks by likelihood and impact, not guesswork.
Remediation Roadmap
A practical plan to reduce risk in priority order.
Right-Sized for Manitoba's Business Community
Many Manitoba organizations don't have dedicated security teams, and the prospect of a TRA can feel like a large-enterprise undertaking. Our process is designed to be proportionate — scoped to what matters for your specific environment, not padded to look comprehensive. The goal is actionable output that your team can execute, not a report that requires another consultant to interpret.
Health Sector Organizations Have a Second Layer to Consider
Manitoba's PHIA applies to trustees across the health system — including private clinics, community pharmacies, and health agencies. A security incident that compromises personal health information can trigger notification duties to the Manitoba Ombudsman on top of any PIPEDA obligations. A TRA conducted with both frameworks in mind ensures your security controls are calibrated to the full scope of your obligations, and that your incident-response plan reflects the multi-regulator reality you operate in.
Other services in Manitoba
Threat & Risk Assessment elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.