Threat & Risk Assessment Services in Saint John
Identify, prioritize, and act on security risks across your organization in Saint John.
Saint John has the industrial backbone of an older port city: energy infrastructure, petrochemical processing, shipping and logistics, and a manufacturing base that has been quietly modernizing for two decades. When industrial organizations deploy connected sensors, remote monitoring systems, and supply-chain software, they create integration points between operational environments and corporate networks — and those integration points are among the most commonly exploited attack surfaces in the current threat landscape.
A Threat and Risk Assessment examines your entire environment — industrial and corporate — as a connected system. The process starts with asset identification: mapping every system, application, data store, and external connection that could serve as an attack path. Vulnerability analysis examines each asset against credible threats: ransomware targeting industrial firms, supply-chain compromise through third-party software, and credential-based attacks on remote access systems. Risk prioritization ranks findings by likelihood and impact, and the remediation roadmap sequences corrective actions so your team knows where to start.
Commercial organizations in Saint John are governed by Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), enforced by the Office of the Privacy Commissioner of Canada. New Brunswick has not enacted a general private-sector privacy law — PIPEDA is the applicable framework. A breach creating a real risk of significant harm to individuals carries mandatory reporting and notification obligations. For organizations holding employee data, vendor records, and customer information alongside operational systems, the scope of that potential exposure is worth understanding clearly.
Healthcare custodians in Saint John are also subject to New Brunswick's Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick. PHIPAA places explicit obligations on custodians to protect personal health information. A formal TRA documents that those obligations are being taken seriously and identifies where security controls need strengthening.
Privacy Horizon works with Saint John organizations across industrial and commercial sectors. Our assessments are grounded in the actual threat landscape facing your industry and proportionate to the complexity of your operating environment.
Privacy & security regulation in Saint John
Regulator: Office of the Ombud for New Brunswick
Saint John businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Threat & Risk Assessment includes
A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.
Asset & Threat Identification
Map what you're protecting and what threatens it.
Vulnerability Analysis
Find the weaknesses that matter most.
Risk Prioritization
Rank risks by likelihood and impact, not guesswork.
Remediation Roadmap
A practical plan to reduce risk in priority order.
Energy and Petrochemical: IT/OT Boundary Risk
The energy and petrochemical sector around Saint John operates with a mix of IT systems and operational technology — process control systems, SCADA platforms, and remote monitoring tools — often designed without security as a primary concern. The boundary between those environments is where attackers look first. A TRA that spans both IT and OT identifies vulnerabilities at that interface: network segmentation gaps, unpatched control system software, remote access configurations that expose operational systems to the corporate network, and monitoring blind spots that would allow an attacker to move laterally without detection.
Port and Logistics: Supply-Chain Exposure at Scale
Saint John's port and logistics operations connect to shipping companies, customs brokers, warehouse management systems, and cargo tracking platforms — dozens of external integrations, each a potential entry point. A TRA examines your third-party connectivity in detail, assesses the security controls at each integration, and produces specific remediation recommendations for the highest-risk connections. The result is a clearer understanding of your actual attack surface and a sequenced plan for reducing it.
Other services in Saint John
Threat & Risk Assessment elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.

