Gauge your stance on CPCSC Level 1 before you commit to the official self-assessment.
Thirteen questions. A clear answer: ready or not. This readiness check maps to the 13 security controls in ITSP.10.171 and helps Canadian businesses pinpoint gaps before submitting the official assessment through CanadaBuys.
A practical check before the formal filing.
Organizations bidding on Defence contracts that require CPCSC Level 1 certification must complete the official self-assessment annually and provide an expiration date in the CanadaBuys supplier profile questionnaire. Falling short affects bidding eligibility and ongoing compliance — so knowing where you stand before you file matters.
This readiness check covers the 13 security requirements in the Canadian Centre for Cyber Security's publication Protecting specified information in non-Government of Canada systems and organizations (ITSP.10.171). Each question asks whether your organization currently meets the control. At the end, you'll get a clear readiness outcome and next steps.
Important
- This is not an official Government of Canada tool.
- Results are not submitted to PSPC or the Canadian Centre for Cyber Security.
- ITSP.10.171 and CPCSC Level 1 criteria may change — always refer to the official publication for authoritative guidance.
- "Met" requires the ability to demonstrate implementation, not just intent.
The 13 controls of CPCSC Level 1.
Each question covers one control from ITSP.10.171. You'll select Met or Not met based on whether your organization currently satisfies all requirements of that control.
Ready when you are.
You can retake the readiness check as many times as you'd like. Your answers stay in your browser.