HuCortex

BYOE by HuCortex

CCCS · PIPEDA · Law 25 · CASL

Every person with system access is a door into your business.

Whether it is a full-time employee, a remote hire, or a contractor, every person who can log into your systems needs governed access, documented policies, and a clear offboarding process. BYOE builds that foundation for your whole workforce and keeps it running, so you can focus on the business instead.

Get your free compliance scoreBook the 90-minute assessment instead

Free 90-minute assessment. Written gap report delivered within 5 business days. Yours to keep regardless of next steps.

8 / 10
Assessments find no documented offboarding procedure
13
CCCS baseline controls most Canadian SMBs have never mapped
$0
Cost of the gap assessment. Full written report, no charge.
72 hrs
PIPEDA breach window most businesses cannot currently meet

The problem

Most Canadian SMBs are exposed in ways they cannot see.

Businesses under 200 employees are running without any formal IT governance for their people. It does not matter whether that person is a salaried hire, a remote worker, or a short-term contractor. The failures are the same.

  • New hires are set up with personal email and handed access to company systems with no audit trail, no policy agreement, and no plan for what happens when they leave.

  • Sensitive business data ends up in personal cloud accounts and chat histories, with no visibility into who holds copies or where they go when the relationship ends.

  • When someone leaves, whether they resign, wrap up a contract, or simply stop showing up, access is rarely revoked completely. Former workers continue accessing systems weeks later.

  • No acceptable use policies or data handling agreements are in place, creating exposure under PIPEDA, Quebec Law 25, and sector-specific legislation regardless of employment type.

  • Phishing attacks succeed at higher rates because people are not trained, not monitored, and not operating inside a security-aware culture. That applies equally to your fifth employee and your twentieth contractor.

How it works

Assess. Design. Implement. Monitor.

  1. 01

    Free Assessment

    A 90-minute structured review of how your business manages workforce access, onboarding, data handling, and security controls, across employees and contractors alike. You get a written gap report scored against every applicable framework. No charge, no obligation.

  2. 02

    Design

    We design a governance framework tailored to your business: identity and access policies, data classification, onboarding and offboarding runbooks, data handling agreements, privacy policies, and an incident response plan.

  3. 03

    Implementation

    We build and configure everything. Entra ID, MFA enforcement, email security, phishing simulation, policy documentation, and CASL-compliant communications. Scoped as a one-time project, priced to your size.

  4. 04

    Monitor

    Monthly subscription covering access reviews, phishing simulations, policy maintenance, compliance monitoring, incident first response, and a quarterly advisory session. Ongoing governance, no IT hire required.

Who it is for

Built for Canadian SMBs whose people run the business.

  • Professional services
  • Legal practices
  • Accounting and finance
  • Technology and agencies
  • Healthcare and health tech
  • Financial services and fintech
  • Research and consulting
  • Any business where people need governed access to operate

10 to 200 employees. A mix of full-time staff, remote hires, and contractors. No dedicated IT function.

Pricing

Three implementation tiers. One simple monthly subscription.

Starter

$2,500

Teams of up to 5 people, basic M365

  • Entra ID setup and MFA enforcement
  • M365 and email provisioning
  • Acceptable use and data handling agreement
  • Basic offboarding runbook

Most popular

Growth

$5,500

Teams of 5 to 20, regulated industry

  • Everything in Starter
  • SSO to up to 10 SaaS tools
  • Full CCCS baseline configuration
  • Privacy policy and PIA template
  • CASL email compliance
  • Incident response plan

Enterprise

Custom

Large or complex teams, full compliance mandate

  • Everything in Growth
  • Sector compliance (PHIPA / FINTRAC)
  • Custom security awareness training
  • Full policy suite and board report

Monthly subscription (after implementation)

Essentials

$499/mo

Up to 5 people

Professional

$1,099/mo

Up to 20 people

Compliance+

$1,999/mo

Unlimited team size

Why HuCortex

Deep compliance expertise. Delivered as a managed service.

  • Aligned to all 13 CCCS Baseline Cyber Security Controls
  • Active coverage of PIPEDA, Quebec Law 25, CASL, PHIPA, and FINTRAC
  • Written reports and documentation you own outright
  • No internal IT team required to run it
  • Focused on Canadian SMBs, not enterprise one-size tooling
  • Senior operators, not junior consultants running checklists

Common questions

Questions about BYOE and workforce IT governance.

What is BYOE?
BYOE (Bring Your Own Employee) is HuCortex's managed IT governance program for Canadian businesses. Whether you are onboarding a full-time employee, a remote hire, a part-time worker, or a contractor, every person who needs access to your systems needs governed access, documented policies, and a clear offboarding process. We build that foundation and run it monthly so you do not need to.
Which Canadian compliance laws apply when people have access to my systems?
Any Canadian business handling personal information must address PIPEDA (the federal private-sector privacy law), the CCCS Baseline Controls (Canada's cyber hygiene standard), and Quebec Law 25 for anyone doing business in Quebec. CASL applies if you send commercial email. Sector-specific rules also apply: PHIPA for healthcare and FINTRAC guidelines for financial services. These obligations apply whether the person accessing your systems is a salaried employee or a short-term contractor.
How long does the BYOE free assessment take?
The free BYOE assessment is a 90-minute structured review of how your business manages workforce access, data handling, onboarding, and offboarding. You receive a written gap report scored against every applicable framework at no charge and with no obligation.
How much does BYOE cost?
Implementation starts at $2,500 for teams of up to 5 people (Starter) and $5,500 for teams of 5 to 20 in a regulated industry (Growth). Monthly compliance monitoring starts at $499 per month for up to 5 people and $1,099 per month for up to 20 people.
What happens if I do not manage workforce access properly?
Under PIPEDA, organizations must report breaches to the Privacy Commissioner within 72 hours of determining a real risk of significant harm. Former employees and contractors who retain access after leaving create ongoing liability. Eight out of ten HuCortex assessments find no documented offboarding process in place, for anyone.
What are the CCCS Baseline Controls?
The Canadian Centre for Cyber Security (CCCS) publishes 13 baseline controls that form the minimum cybersecurity standard for Canadian organizations. They cover multi-factor authentication, patching, incident response, and more. Most SMBs assessed by HuCortex have not mapped their posture against these controls.
What is the difference between PIPEDA and Quebec Law 25?
PIPEDA is Canada's federal private-sector privacy law. Quebec Law 25 (formerly Bill 64) is Quebec's own privacy law, stricter and more actively enforced. It requires a privacy impact assessment for any personal information system, appointment of a privacy officer, and breach notification to the Commission d'acces a l'information within 72 hours.
Do I need IT governance if my team is small?
Yes. Even one person with unmanaged access creates exposure under PIPEDA. The CCCS baseline applies regardless of team size. BYOE is designed for businesses with two or more people who need governed access to run the business.

From the team

The week you lose every time you hire someone.

Every time a business brings someone on, a week disappears into IT logistics. Setting up accounts, granting access, explaining tools. When they leave, the inverse plays out, and the access rarely gets cleaned up properly. This is what that cycle costs, and what it looks like when it stops.

Read the article

Start here

Get your compliance score in 4 minutes.

The self-assessment gives you a scored posture across every framework that applies to your business. The 90-minute assessment goes deeper, is completely free, and leaves you with a written report you own.

Take the self-assessmentBook the 90-min assessment

No commitment. Written report delivered within 5 business days.