Skip to main content
Privacy Horizon
Threat & Risk Assessment

Threat & Risk Assessment Services in Saint John

Identify, prioritize, and act on security risks across your organization in Saint John.

Saint John has the industrial backbone of an older port city: energy infrastructure, petrochemical processing, shipping and logistics, and a manufacturing base that has been quietly modernizing for two decades. When industrial organizations deploy connected sensors, remote monitoring systems, and supply-chain software, they create integration points between operational environments and corporate networks — and those integration points are among the most commonly exploited attack surfaces in the current threat landscape.

A Threat and Risk Assessment examines your entire environment — industrial and corporate — as a connected system. The process starts with asset identification: mapping every system, application, data store, and external connection that could serve as an attack path. Vulnerability analysis examines each asset against credible threats: ransomware targeting industrial firms, supply-chain compromise through third-party software, and credential-based attacks on remote access systems. Risk prioritization ranks findings by likelihood and impact, and the remediation roadmap sequences corrective actions so your team knows where to start.

Commercial organizations in Saint John are governed by Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), enforced by the Office of the Privacy Commissioner of Canada. New Brunswick has not enacted a general private-sector privacy law — PIPEDA is the applicable framework. A breach creating a real risk of significant harm to individuals carries mandatory reporting and notification obligations. For organizations holding employee data, vendor records, and customer information alongside operational systems, the scope of that potential exposure is worth understanding clearly.

Healthcare custodians in Saint John are also subject to New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick. PHIPAA places explicit obligations on custodians to protect personal health information. A formal TRA documents that those obligations are being taken seriously and identifies where security controls need strengthening.

Privacy Horizon works with Saint John organizations across industrial and commercial sectors. Our assessments are grounded in the actual threat landscape facing your industry and proportionate to the complexity of your operating environment.

Privacy & security regulation in Saint John

Regulator: Office of the Ombud for New Brunswick

Saint John businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)

New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.

Read the legislation

What Threat & Risk Assessment includes

A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.

Asset & Threat Identification

Map what you're protecting and what threatens it.

Vulnerability Analysis

Find the weaknesses that matter most.

Risk Prioritization

Rank risks by likelihood and impact, not guesswork.

Remediation Roadmap

A practical plan to reduce risk in priority order.

Energy and Petrochemical: IT/OT Boundary Risk

The energy and petrochemical sector around Saint John operates with a mix of IT systems and operational technology — process control systems, SCADA platforms, and remote monitoring tools — often designed without security as a primary concern. The boundary between those environments is where attackers look first. A TRA that spans both IT and OT identifies vulnerabilities at that interface: network segmentation gaps, unpatched control system software, remote access configurations that expose operational systems to the corporate network, and monitoring blind spots that would allow an attacker to move laterally without detection.

Port and Logistics: Supply-Chain Exposure at Scale

Saint John's port and logistics operations connect to shipping companies, customs brokers, warehouse management systems, and cargo tracking platforms — dozens of external integrations, each a potential entry point. A TRA examines your third-party connectivity in detail, assesses the security controls at each integration, and produces specific remediation recommendations for the highest-risk connections. The result is a clearer understanding of your actual attack surface and a sequenced plan for reducing it.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.