CPCSC Level 1 readiness support for Canadian defence suppliers

CPCSC Level 1 Readiness Review

CPCSC Level 1 readiness support for Canadian defence suppliers

Prepare your scope, evidence, and documentation before you complete your CPCSC Level 1 self-assessment. Independent readiness support. Not official certification or government assessment.

Read the Level 1 guide
  • Review your likely CPCSC Level 1 scope
  • Find evidence and documentation gaps
  • Get a prioritised, practical action plan
  • Prepare before self-assessment

The preparation problem

CPCSC Level 1 may require more preparation than a quick self-assessment

CPCSC Level 1 can look simple from the outside. Read the requirements, answer the questions, and move on. In practice, many suppliers get stuck on the evidence behind those answers. What systems are in scope? Which policies are current? What records prove the controls are actually operating? What gaps should be fixed first?

Before you self-assess, it helps to know:

  • Which people, systems, and processes are in scope
  • What evidence you already have
  • What evidence is missing or unclear
  • Whether your policies match your actual operations
  • Which gaps should be addressed first

Pilotcore helps Canadian suppliers turn CPCSC uncertainty into a practical readiness plan.

Audience

Who this readiness review is for

This is for Canadian suppliers that:

  • Sell to defence, aerospace, government, or regulated supply chains
  • Are preparing for CPCSC Level 1 self-assessment
  • Need to understand what evidence and documentation to collect
  • Have cybersecurity policies but are unsure whether they are sufficient
  • Work with an MSP or internal IT team and need readiness-ready documentation
  • Want a practical gap review before investing in a larger compliance project

This is not for organisations looking for certification or a formal government assessment. Pilotcore provides independent readiness and documentation support.

What we review

What we review

  1. Scope

    We help clarify which systems, users, vendors, and workflows may be relevant to your CPCSC readiness work.

  2. Evidence

    We review the artifacts you have available, such as policies, access records, MFA settings, backup records, incident procedures, training records, and system documentation.

  3. Documentation

    We identify where written procedures, policies, or operating records may be missing, outdated, or disconnected from how your team actually works.

  4. Gaps

    We summarise practical gaps and prioritise what should be addressed before self-assessment.

  5. Next steps

    You receive a clear action plan that separates urgent readiness issues from longer-term improvements.

Deliverables

What you get from a CPCSC readiness review

Depending on your current state, the review may include:

  • CPCSC Level 1 readiness summary
  • Scope and evidence review
  • Documentation gap list
  • Practical remediation priorities
  • Recommendations for evidence collection
  • Optional roadmap for documentation or implementation support

You are buying clarity. You will know what is prepared, what is missing, and what should be addressed next.

Our process

How the readiness review works

  1. Step 1

    Intro call.

    We discuss your supplier context, current environment, and CPCSC readiness goals.

  2. Step 2

    Evidence and scope review.

    We review available documentation, systems, responsibilities, and evidence against CPCSC Level 1 expectations.

  3. Step 3

    Readiness summary.

    You receive a practical summary of gaps, risks, and recommended next steps before self-assessment.

The review can be lightweight for small suppliers, or expanded into a broader compliance-readiness engagement if you need it.

Book a CPCSC readiness review

Talk through your supplier context, current environment, and where your evidence and documentation gaps are. We turn that into a practical readiness plan before you self-assess.

Why Pilotcore

Practical cybersecurity and compliance readiness support

Pilotcore helps organisations prepare for security and compliance requirements with a practical, implementation-focused approach. We focus on evidence, documentation, security controls, and supplier readiness.

  • Practical support for small and mid-sized suppliers
  • Security and compliance-readiness focus
  • Documentation and evidence-first approach
  • Clear next steps instead of vague assessments
  • Platform-neutral guidance

CPCSC Level 1 guide

Still learning what CPCSC Level 1 requires?

If you are still researching CPCSC Level 1, start with our guide to understand the evidence, scope, and documentation suppliers may need before self-assessment.

Read the CPCSC Level 1 guide

Looking for the broader service overview? See CPCSC compliance consulting.

Frequently asked

CPCSC readiness review FAQ

  1. Does Pilotcore certify suppliers or act as a CPCSC assessor?

    No. Pilotcore provides independent readiness support. We help suppliers prepare their scope, evidence, documentation, and action plan before self-assessment. We do not issue certifications and we do not represent a government assessment body.

  2. Is this only for companies that already have a defence contract?

    No. It also helps suppliers that are preparing to sell into defence or government supply chains and want to understand what readiness work may be required before a contract is on the table.

  3. What if we already have cybersecurity policies?

    That is a good starting point. The review looks at whether your policies are supported by practical evidence, operating procedures, and implementation records, not just written documents.

  4. Do we need to be using a specific cloud platform?

    No. The readiness review is platform-neutral. We can review cloud, SaaS, endpoint, identity, and operational evidence based on your actual environment.

  5. Can you help us fix the gaps?

    Yes. The readiness review identifies gaps and priorities. If you want help after the review, Pilotcore can support documentation, evidence collection, and implementation planning.

  6. Is this the same as a full compliance audit?

    No. It is a practical readiness review designed to help you understand where you stand before self-assessment. It is not an audit, and it does not produce certification.

Pilotcore provides independent cybersecurity and compliance-readiness support. Pilotcore is not a certification body, an assessor, or a government agency, and this service does not produce certification.

Get clear on your CPCSC Level 1 readiness before you self-assess

If you are unsure what evidence you need, what is in scope, or where your documentation gaps are, Pilotcore can help you turn uncertainty into a practical readiness plan. After you submit, Pilotcore will follow up about CPCSC readiness support.