Security and Risk Management

Our principles

• Security is part of everyday work—not a bolt-on.
• Most risk starts with identity (people & access), not just firewalls.
• Threats come from outside and inside, and can be accidental or deliberate.
• Tools don’t “solve” security; habits and governance do.
• The landscape changes—so we measure, learn, and improve.

What we deliver

Assess & Plan

• Security health check and prioritized roadmap
• Policy & gap reviews mapped to PIPEDA/FOIP and, when needed, HIPAA

Protect (Prevent)

• Zero Trust access: MFA, least-privilege, role-based access (Microsoft 365/Entra ID)
• Device hardening & patching; secure configurations for cloud and on-prem
• Email/web protection and safe file-sharing patterns

Detect (Know fast)

• Endpoint protection (EDR/XDR) and unified logging/SIEM
• Alert tuning so signals are actionable (not noisy)

Respond & Recover

• Incident response runbooks and tabletop exercises
• Backup & disaster recovery with immutability and tested RPO/RTO

Educate

• Practical awareness training and phishing drills tailored to your team

Technologies we work with (selected)

• Firewalls/VPN, secure remote access, network segmentation
• Microsoft 365 & Entra ID (MFA, Conditional Access, DLP)
• EDR/XDR, email security, vulnerability scanning & patch orchestration
• Backup/DR platforms (with immutability), logging/SIEM

Healthcare ready: We design on HIPAA-eligible services and support BAAs where applicable, with encryption in transit/at rest, audit trails, “minimum necessary” data use, and documented breach procedures, while also aligning to Canadian privacy rules.

A friendlier way to start

• Option A: Security Health Check (2–3 weeks) – quick wins, clear priorities
• Option B: Incident-Readiness Tune-up – test runbooks, refine roles, close gaps

Let’s make security simpler and stronger
• support@shemallc.com • +1 (587) 200-7885

---