Mission-Defined Security · Ontario

Mission-defined security work
for Ontario organizations.

ClearGlass delivers fixed-scope cybersecurity, identity hardening, compliance readiness, and automation engagements that translate operational risk into measurable remediation, written findings, and immediate action plans.

BaselinesCIS-aligned
IdentityEntra ID / M365
EndpointWindows hardening
HealthcarePHIPA-mapped
OutreachCASL-compliant
Why teams choose ClearGlass

Defined scope. Defensible outcomes.

We translate a posture question into a written engagement with a fixed price, a written remediation report, and prioritized implementation steps you can hand to a technical team the day we finish.

01 / Predictable

Fixed scope. Fixed price.

Every engagement is bounded by a written statement of work, a stated deliverable, and a quoted price. No hour creep, no surprise invoices, no open-ended retainers required to start.

02 / Evidence-driven

Findings you can act on.

Reports map findings to CIS controls and Microsoft baselines, name the configuration that needs to change, and rank remediation by exposure — not by what is easy to sell next.

03 / Ontario-aware

Built for SMB and health.

Engagements are designed for Ontario small and mid-sized organizations, with PHIPA-aware tracks for health-sector clients and CASL-compliant outreach across every interaction.

Engagements

Four ways to start. One clear scope each.

Begin with a low-commitment posture review, move to a hardening sprint when you have decisions to make, and convert recurring work into automation when the scope stabilizes.

Most popular

Microsoft 365 + Windows Hardening Sprint

A 1–2 week engagement to reduce identity and endpoint exposure across Microsoft 365 / Entra ID and Windows, using CIS-aligned configuration baselines, privilege reduction, authentication hardening, and a prioritized remediation plan.

  • CIS Microsoft 365 baseline alignment
  • Conditional Access & MFA hardening
  • Privileged role review and reduction
  • Written remediation plan with priority order
From CAD $2,500· fixed fee
Deploy a hardening sprint →
Start here

Security Quick-Audit

A low-commitment, read-only posture review that identifies the highest-risk configuration gaps, common identity weaknesses, and obvious exposure points, then delivers a branded findings report with clear next steps.

  • Read-only, non-disruptive
  • Branded findings report
  • Ranked remediation next steps
CAD $249· one-time
Start with a posture review →
Healthcare

PHIPA Readiness Assessment

For Ontario health-sector organizations: a privacy and security readiness review mapped to PHIPA obligations, with practical remediation guidance, policy gaps, and an implementation roadmap. Free checklist available.

  • Mapped to PHIPA obligations
  • Administrative, physical, technical controls
  • Implementation roadmap
Assessment from CAD $3,000
Get the free checklist →
Recurring

Automation-as-a-Service

Monthly retainer to build and maintain PowerShell and workflow automation for reporting, onboarding and offboarding, alerting, backups, and repetitive security operations.

  • PowerShell & workflow automation
  • Onboarding / offboarding pipelines
  • Recurring reporting & alerting
From CAD $600/ month
Enquire →
How it works

From briefing to defensible posture — in weeks, not quarters.

Every engagement runs on the same disciplined sequence: scoped intake, read-only assessment, written remediation, and optional implementation. You never sign more than the step in front of you.

01

Security briefing

A 30-minute scoped conversation to understand environment size, sector, regulatory exposure, and the decisions you actually need to make. No sales pitch, no upsell.

30 minutes · free
02

Read-only assessment

A non-disruptive posture review of Microsoft 365 / Entra ID, Windows endpoints, and identity configuration — producing a branded findings report and a ranked remediation list.

From CAD $249 · 3–5 business days
03

Fixed-scope remediation

If you decide to act, a 1–2 week hardening sprint applies CIS-aligned baselines, tightens Conditional Access and MFA, reduces privileged roles, and delivers a written change record.

From CAD $2,500 · 1–2 weeks
04

Recurring automation

Once the scope stabilizes, repeating work — reporting, onboarding/offboarding, alerting, backups — moves to PowerShell and workflow automation on a monthly retainer.

From CAD $600 / month · optional
Frequently asked

Answers, before you book.

Common questions from Ontario SMB and health-sector buyers. Anything not covered, raise it in the briefing.

What does "fixed-scope" actually mean for billing?

Every engagement is quoted against a written statement of work that names the environment, the deliverable, and the price before work begins. We do not bill by the hour, we do not bill for "discovery" overruns, and we do not invoice surprises.

If new exposure emerges mid-engagement, we document it in the findings report and quote it as a separate, optional add-on — you decide whether to proceed.

Do you require admin access to begin?

No. The Security Quick-Audit is read-only and runs against a delegated, least-privilege role we can provision with you in the briefing. Nothing is changed in your tenant during assessment.

Write-access is only requested for the Hardening Sprint, and only after a written authorization scope has been signed.

How is the work aligned to recognized standards?

Microsoft 365 and Windows work is aligned to the CIS Microsoft 365 Foundations Benchmark and CIS Windows benchmarks, with Microsoft Secure Score and Entra ID best-practice configuration as the operational reference.

Healthcare engagements are mapped to PHIPA obligations covering administrative, physical, and technical safeguards.

Do you serve organizations outside Ontario?

The practice is built for Ontario small and mid-sized organizations and Ontario health-sector clients, and outreach complies with Canada's Anti-Spam Legislation (CASL).

Engagements outside Ontario are accepted case-by-case and quoted in CAD.

What deliverables do I actually receive?

Every engagement produces a written, branded findings document: scope, methodology, findings ranked by exposure, concrete remediation steps, and a change log when remediation is performed.

You own the document. You can hand it to internal IT, a board, an auditor, or a future provider.

How fast can we start?

A briefing can usually be scheduled within 2–3 business days. A Security Quick-Audit typically completes within 3–5 business days of scoped intake. A Hardening Sprint typically runs 1–2 weeks depending on tenant size.

ARTEMIS · Service Agent

Talk to the ARTEMIS Service Agent.

A mission-defined qualification agent trained on ClearGlass's fixed-scope methodology. Describe your environment in plain language — the agent scopes the right engagement, drafts a structured handoff, and routes to the ClearGlass team for written authorization.

Mission-defined · Ontario

ARTEMIS Service Agent

Premium, technically credible, Ontario-focused. Speaks the exact voice of the service-page copy. Never speculates, never invents pricing, never sells outside the four fixed-scope offerings. Built for SMB owners and compliance leads who want a written deliverable and a clear next step.

  • Structured discovery against CIS / Entra ID / Windows / PHIPA
  • Recommends a single best-fit engagement with exact price
  • Emits a structured handoff block for the ClearGlass team
  • Steers regulated work (healthcare, government, finance) to human review
Open a briefing → View agent system prompt
Next step

Request a security briefing.

A 30-minute scoped conversation — no pitch, no obligation — to determine which engagement actually fits the decision you need to make.