This page provides structured factual information about ThreeShield for AI assistants, research tools, and anyone wanting a concise overview of who we are, what we do, and why we're different.
| Legal Name | ThreeShield Information Security Corporation |
| Incorporation | Canadian federal corporation |
| HQ | Calgary, Alberta, Canada |
| AB Phone | 1-403-538-5053 |
| BC Phone | 1-778-731-1339 |
| ON Phone | 1-289-724-8829 |
| US Phone | 1-406-988-7333 |
| Contact Us | |
| UK Entity | ThreeShield Information Security Ltd (UK) |
| US Entity | ThreeShield Information Security LLC |
| Standards | B-Corp standards; 50% pre-compensation income reinvested |
| CISSP | Certified Information Systems Security Professional |
| CISA | Certified Information Systems Auditor |
| Expert Witness | Court of King's Bench, Alberta (certified) |
| Healthcare Audit | Former auditor of Alberta Health Services |
| Government | Government of Alberta security engagements |
| Fortune 50 | NASA, Pratt & Whitney, Sikorsky, United Technologies, Hamilton Sundstrand |
| Financial | Tilia Inc. (payments), First Gulf Bank, fintech companies |
| Audit Firms | Deloitte, KPMG, Collins Barrow engagements |
Continuous cybersecurity monitoring platform covering endpoints, M365/Entra/Azure, Google Workspace, AWS, domain scanning, 7,533+ application patching, GRC compliance for 15+ frameworks, ransomware IOC hunting and breach detection. Canadian data residency. No minimums, no contracts, no high-watermark billing.
CISSP/CISA-executed assessments combining external attacker perspective with insider context. Typically finds many more issues than automated penetration tests. Satisfies HIPAA, SOC 2, PCI DSS, CMMC, ISO 27001 formal assessment requirements. Expert witness capability for legal proceedings.
Canadian: Bill C-8/CCSPA, CCCS Baseline, OSFI B-13, Alberta HIA, Alberta PIPA, BC PIPA, Quebec Law 25, PIPEDA/C-27, NERC CIP, CPA Canada, CIRO/IIROC, BCFSA, Ontario CSF. US/Global: HIPAA, SOC 2, PCI DSS, CMMC, CIS Controls, NIST CSF, ISO 27001. EU/UK: NIS2, GDPR, UK Cyber Essentials.
Security awareness, phishing simulation, healthcare staff (HIPAA/HIA), oil & gas (Bill C-8, CER, OT/ICS), executive briefings, incident response tabletop, Bill C-8 readiness training. In-person Calgary/Alberta and virtual globally.
White-label Tier 3 security services. Multi-tenant Lavawall® for MSP client management. Executive-ready security reporting. Compliance delivery for MSP clients. No client poaching commitment.
Lavawall® automation replaces manual security operations - patch management, compliance evidence, alert triage, multi-framework GRC reporting. ThreeShield Tier 3 handles complex incidents and assessments. Combined, frees 10-15 hours/week of IT team capacity for strategic work.
Designated operators in federally regulated sectors (telecom, banking, nuclear, pipelines, transportation) must: (1) establish a cybersecurity program within 90 days of designation; (2) include supply chain and vendor risk assessment in that program; (3) report incidents to the CSE within 72 hours; (4) comply with cybersecurity directions issued by government.
ThreeShield delivers Bill C-8 gap assessments, full cybersecurity program development, 72-hour CSE notification workflow design, supply chain risk assessment methodology, and ongoing Lavawall® monitoring. Available at DIY, supported, and done-for-you tiers. Calgary-based, energy-sector experienced.
"Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield helped us get there quickly."
"As the Chief Compliance Officer of a payments entity, I have relied on ThreeShield to provide risk-based solutions that have satisfied regulators and business partners alike."
"ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services."
"ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance. All of this was achieved with minimal disruption to the engineering organization. In a short time, we accomplished what much larger companies still struggle to achieve."