Skip to main content
Privacy Horizon
Threat & Risk Assessment

Threat & Risk Assessment Services in Saskatoon

Identify, prioritize, and act on security risks across your organization in Saskatoon.

Saskatoon's economy spans agri-tech and crop science companies holding proprietary research data, a growing health and life sciences sector, mining and potash operations with both operational and corporate technology environments, and financial services firms managing retail and commercial client assets. That range of industries translates into a wide range of security risk profiles — and a city where a single-template approach to risk management does not work.

A Threat and Risk Assessment starts by understanding what your organization actually has to protect. The asset-identification phase catalogues not just servers and laptops, but the data flows, third-party integrations, cloud workloads, and privileged-access arrangements that attackers exploit. Vulnerability analysis examines each asset against realistic threats facing your sector. Risk prioritization scores each finding by likelihood and business impact, and the remediation roadmap translates the results into a sequenced action plan your team can execute.

For commercial organizations in Saskatoon, Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA) governs how you collect, use, and protect personal information. PIPEDA is enforced by the Office of the Privacy Commissioner of Canada — Saskatchewan has not enacted a general private-sector privacy law. A security breach that creates a real risk of significant harm to individuals carries mandatory reporting and notification obligations. A well-executed TRA directly reduces the probability of triggering those obligations by identifying and closing the control gaps most commonly exploited.

Health-sector organizations are also subject to Saskatchewan's Health Information Protection Act (HIPA), administered by the Saskatchewan Information and Privacy Commissioner. HIPA applies to trustees — hospitals, clinics, laboratories, pharmacies — and requires them to protect personal health information with appropriate safeguards. A formal TRA is the most credible way to demonstrate that obligation is being taken seriously.

Privacy Horizon serves Saskatoon organizations across sectors. Our TRA process is structured, proportionate, and designed to produce findings that are genuinely useful — not a compliance artifact, but a working tool for your security team and leadership.

Privacy & security regulation in Saskatoon

Regulator: Saskatchewan Information and Privacy Commissioner

Saskatoon businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Saskatchewan is separately governed by The Health Information Protection Act (HIPA), with oversight by the Saskatchewan Information and Privacy Commissioner.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

HIPA (Saskatchewan)The Health Information Protection Act (Saskatchewan)

Saskatchewan's health-sector privacy law, proclaimed in force on September 1, 2003. It sets the rules trustees must follow when collecting, using and disclosing personal health information and protects individuals' access and privacy rights. Oversight is by the Saskatchewan Information and Privacy Commissioner. General private-sector activity in Saskatchewan is governed by federal PIPEDA, not HIPA.

Read the legislation

What Threat & Risk Assessment includes

A threat and risk assessment (TRA) gives you a clear, prioritized view of where your security risks are and what to do about them first.

Asset & Threat Identification

Map what you're protecting and what threatens it.

Vulnerability Analysis

Find the weaknesses that matter most.

Risk Prioritization

Rank risks by likelihood and impact, not guesswork.

Remediation Roadmap

A practical plan to reduce risk in priority order.

Agri-Tech and Research: Protecting Proprietary Data

Saskatoon's concentration of agricultural technology companies and university-linked research organizations means intellectual property protection is often as important as personal information security. A TRA scoped to research and agri-tech environments examines the specific exposure points — data sharing agreements with academic partners, cloud storage of proprietary trial data, remote access by field researchers, and vendor access to internal systems — and prioritizes remediation based on the competitive and regulatory value of what you are protecting.

Mining and Potash: OT and IT Risk in One Assessment

Operations-heavy industries like potash and mining run a mix of operational technology and standard IT environments, and the interface between the two is frequently where the most significant security gaps sit. Attackers who compromise corporate IT can use that foothold to pivot toward control systems. A TRA that covers both environments gives your security team a unified view of risk — and a remediation roadmap that reflects the actual interdependencies between your IT and OT systems.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.