Threat & Risk Assessment Services in New Brunswick
Identify, prioritize, and act on security risks across your organization in New Brunswick.
The consequences of a security incident compound quickly. An initial compromise triggers an operational response. If personal information is involved, notification obligations follow — to affected individuals, and potentially under regulatory requirements. Reputational damage accumulates in parallel. Insurance claims require documentation. And throughout, the organization is trying to understand what happened, what was exposed, and what the actual scope of harm is. Organizations that have mapped their assets and risks in advance can answer those questions faster and more accurately than those that haven't.
Privacy Horizon's Threat and Risk Assessment is designed to get New Brunswick organizations into that more prepared position before an incident occurs. We start with asset and threat identification: building a structured view of the systems, data, and connections your organization relies on, and mapping the threat actors and vectors that are realistic given your sector and operational context. We then conduct a vulnerability analysis — covering technical controls, access management, third-party exposure, and the organizational practices that shape how risks are managed in practice.
The analysis produces two deliverables built for action. A risk register ranks your exposures by the combination of how likely they are to be exploited and how significant the impact would be. A remediation roadmap sequences the fixes by priority, scoped to your organization's capacity. Both are written in plain language and designed to be used by your leadership and technical teams directly.
New Brunswick private-sector businesses are governed by federal PIPEDA, enforced by the Office of the Privacy Commissioner of Canada. For health information custodians — hospitals, clinics, and other providers — the Personal Health Information Privacy and Access Act adds a sector-specific layer, with oversight by the Office of the Ombud for New Brunswick. A security incident affecting personal information triggers notification obligations under either framework. Getting a clear picture of your risks before that scenario materializes is not just prudent security practice — it is documented due diligence that makes a meaningful difference when regulators, clients, or insurers want to understand what precautions were in place.
Privacy & security regulation in New Brunswick
Regulator: Office of the Ombud for New Brunswick
In New Brunswick, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by custodians is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Threat & Risk Assessment includes
A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.
Asset & Threat Identification
Map what you're protecting and what threatens it.
Vulnerability Analysis
Find the weaknesses that matter most.
Risk Prioritization
Rank risks by likelihood and impact, not guesswork.
Remediation Roadmap
A practical plan to reduce risk in priority order.
A Bilingual Business Environment Adds Process Complexity
New Brunswick's bilingual operating environment often means systems, vendors, and staff touch both English and French workflows, with data moving across those contexts in ways that can create undocumented dependencies. Our asset identification process accounts for organizational complexity — mapping the full picture of how information flows across your environment, not just the clean pathways in the architecture diagram.
Small and Mid-Sized Organizations Carry Real Risk
Security risk doesn't correlate cleanly with organization size. A regional professional services firm or a mid-sized healthcare organization can carry significant exposure — particularly when client data, financial records, or health information is involved. Our TRA is scoped appropriately for organizations that aren't running large security teams, delivering clear, prioritized guidance rather than an enterprise-scale methodology that doesn't match your operating reality.
Other services in New Brunswick
Threat & Risk Assessment elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.