Nelson Ford, founder and principal consultant of Pilotcore

Built by Nelson Ford, CMMC CCP and CISSP

Book a CPCSC readiness review before evidence requests pile up

CPCSC readiness review for Levels 1 and 2

Book a CPCSC readiness review before evidence requests pile up

Independent readiness support for Canadian defence suppliers who are past basic research but not ready for a full CPCSC implementation engagement. We turn Level 1 and Level 2 uncertainty into a scope boundary, evidence gap list, and next-step plan before self-assessment or external assessment planning turns into rework.

Get the CPCSC Level 1 guide
  • Book a readiness review as the primary next step
  • Clarify scope, evidence, documentation, and priorities
  • Use the guide as a lower-intent starting point

Use this page to pick your next step. The readiness review is the main offer for teams under pressure. The guide stays here for visitors who want a lower-intent starting point first.

Already under pressure

Book a readiness review

Use this when a prime, contract team, or internal review wants a clear read on scope, evidence, documentation, and priorities.

Still checking fit

Start with the guide

Use the Level 1 guide when you want a lower-intent starting point before you ask for a call.

Get the CPCSC Level 1 guide

Pilotcore provides independent cybersecurity and compliance-readiness support. CPCSC is still rolling out; at this time Pilotcore supports readiness, implementation planning, evidence preparation, and self-assessment preparation only. Certification and assessment decisions stay with the applicable government process or accredited assessment body.

Founder-led readiness consultations are capacity-limited each week. The best time to ask is before a prime questionnaire, RFP response, or internal review deadline turns uncertainty into rushed remediation.

The readiness problem

CPCSC readiness often stalls on evidence, not intent

Level 1 has 13 controls. Level 2 has 98 controls and a more formal assessment path. The hard part is proving what applies, what exists, and what needs to be closed before the next requirement lands.

  • Which systems, users, vendors, and workflows may be in scope?
  • Which records already support your answers?
  • Where are policies disconnected from daily operations?
  • Which gaps should be fixed before self-assessment prep goes further?

What the review checks

A focused look at scope, evidence, documentation, and priorities

The readiness review is meant to make the next decision easier. It does not replace a self-assessment, audit, legal review, or certification process.

Scope

Clarify the people, systems, vendors, and workflows that may matter for CPCSC Level 1 or Level 2 preparation.

Evidence

Check whether records such as MFA settings, backup notes, incident procedures, training records, and access-change history are available.

Documentation

Find policies, procedures, and operating records that are missing, stale, or disconnected from how the team works.

Priorities

Separate quick evidence fixes from larger remediation work so your team can act in the right order.

What you leave with

A concrete readiness package, not a vague opinion

The review gives supplier, security, and IT owners a shared action path they can use after the call.

Scope boundary map

A practical read on the systems, users, vendors, and workflows most likely to shape your CPCSC path.

Evidence gap list

A plain list of records you have, records you may need, and areas where policy does not yet match operations.

Level 1 and Level 2 readiness path

A clear distinction between the 13-control Level 1 baseline and the larger 98-control Level 2 planning path.

90-day action sequence

A prioritized next-step sequence for owners, evidence, documentation, and larger remediation work.

How it works

  1. Context call

    Bring your contract trigger, prime questionnaire, current policies, and a rough system list if you have them. We use the call to confirm whether the guide, a readiness review, or a larger planning path fits.

  2. Evidence review

    If a review is the right next step, we look at available records, responsibilities, and documentation against the likely Level 1 self-assessment or Level 2 planning work.

  3. Action summary

    You leave with the practical next actions your team can sequence before self-assessment or future assessment planning goes further.

Reviewer background

  • CISSP, CMMC CCP, and AWS Solutions Architect Professional credentials
  • Security and cloud delivery experience since 2017
  • Platform-neutral review across cloud, SaaS, endpoint, identity, and operations evidence

Fit promise

If the first call shows you are not ready for paid readiness support, we will say so and point you to the right next step instead of selling the engagement.

Optional guide download

Prefer the CPCSC Level 1 guide as a starting point?

If you are still checking fit, use the guide to begin your CPCSC readiness journey. It gives you a practical starting point for scope, evidence, and documentation. If you already need help deciding what comes next, book a readiness review and use the guide as the lower-intent option.

13

Level 1 controls

98

Level 2 controls

  • A practical CPCSC Level 1 readiness guide
  • Scoping questions for supplier and IT teams
  • Evidence prompts for common control areas
  • Clear boundary language so the guide is not mistaken for certification advice
Pilotcore CPCSC Level 1 readiness guide book cover

Email me the guide

Enter your work email and we will send the CPCSC Level 1 guide.

By submitting, you agree to our Terms of Service and Privacy Policy.

Your information is encrypted and protected

We respect your privacy. Unsubscribe anytime.

Ready to apply it

Talk through your CPCSC Level 1 or Level 2 readiness questions

Bring your supplier context, current systems, and the evidence you already have. Pilotcore can help you identify what is clear for Level 1, what changes for Level 2, and what should happen next. If the first call shows the guide is the better next step, we will tell you.

Get the CPCSC Level 1 guide

Looking for the broader service overview? See CPCSC compliance consulting.

Frequently asked

CPCSC readiness review FAQ

Short answers for supplier teams checking fit before a guide request or consultation.

Does Pilotcore certify suppliers or act as a CPCSC assessor?

No. CPCSC is still rolling out. At this time, Pilotcore offers readiness support only: scope, evidence, documentation, implementation planning, and preparation for self-assessment or future external assessment. We do not issue certifications or represent a government assessment body. Nelson Ford is a CMMC Certified Professional and plans to pursue CPCSC certification when the path is available.

Is this only for companies that already have a defence contract?

No. It also helps suppliers preparing to sell into defence or government supply chains who want to understand what readiness work may be required before a contract is on the table.

What if we already have cybersecurity policies?

That is a good starting point. The review looks at whether policies are supported by practical evidence, operating procedures, and implementation records, not just written documents.

Do we need to be using a specific cloud platform?

No. The readiness review is platform-neutral. We can review cloud, SaaS, endpoint, identity, and operational evidence based on your actual environment.

Can you help us fix the gaps?

Yes. The readiness review identifies gaps and priorities. If you want help after the review, Pilotcore can support documentation, evidence collection, and implementation planning.

Is this the same as a full compliance audit?

No. It is a practical readiness review designed to help you understand where you stand before self-assessment or future assessment planning. It does not issue an audit opinion or certification.