Is the assessment eligible for CDAP funding?

The Gap Analysis ($997) is fully CDAP-eligible, covering the full $997 cost. CDAP provides up to $2,400 per eligible Alberta SMB. Contact QTSI before applying — we will assess your eligibility and assist with the application.

AI Governance Assessment — Gap Analysis & Deep Audit

What it is

Most Canadian businesses are using AI — and most of them have no written policy, no vendor review process, and no idea what their employees are feeding into ChatGPT, Copilot, or Google Gemini right now.

That is not a technology problem. It is a governance problem. And under PIPEDA, Alberta PIPA, and Canada's incoming Artificial Intelligence and Data Act (AIDA — Bill C-27), ignorance is not a defence. The QTSI AI Governance Assessment exists to give you a clear, honest, actionable picture of your current AI risk — and a concrete plan to fix it.

Led personally by Manav Chadha (MBA · CISM · Associate C|CISO · CCEP), every assessment is grounded in Canadian law, not US frameworks. The output is a business document your board, insurer, or acquirer can actually read.

Delivered byManav Chadha, CEO

Regulations coveredPIPEDA · PIPA · AIDA · Bill C-27

Gap Analysis$997 · 5–7 business days

Deep Audit$4,997 · 2–3 weeks

CDAP fundingGap Analysis fully covered

Output formatWritten report · Board-ready PDF

LocationCanada-wide · Remote delivery

Who it's for

You need this if any of these are true

Gap Analysis

You are using AI tools but have no written policy

Your team uses ChatGPT, Copilot, or similar — but you have never reviewed what data is being shared, with whom, or under what terms. A Gap Analysis tells you the exposure in plain language.

Gap Analysis

You want to be CDAP-compliant and need a starting point

CDAP requires a digital adoption plan. An AI governance assessment is the foundation — and at $997, it is fully covered by the CDAP grant. Start here before you apply.

Deep Audit

You are preparing for M&A due diligence or insurance renewal

Acquirers and cyber insurers are now asking explicit questions about AI governance. A board-ready written audit with a risk register is the document you need in the room.

Deep Audit

You are facing regulatory scrutiny or a compliance deadline

AIDA enforcement is coming. If you are in a regulated industry — finance, health, legal, professional services — the Deep Audit maps your current state against each regulation and tells you exactly what to fix, in what order, by when.

Assessment tiers

Two tiers. One starting point.

Not sure which is right for you? Book a free 20-minute discovery call — Manav will tell you exactly which tier fits your situation, no upsell.

Tier 1

AI Governance
Gap Analysis

$997 flat fee · CDAP eligible

A structured diagnostic for SMBs who need to understand their AI exposure quickly. You answer a questionnaire, we review your current tools and policies, and deliver a written gap report with clear priority actions. Completed in 5–7 business days.

AI tools & vendor usage inventory
Data flow and privacy risk review (PIPEDA / PIPA)
Policy gap identification — what you have vs. what you need
Written gap report (8–12 pages)
Priority action list — top 5 risks to address first
1× advisory call (60 min) to walk through findings
CDAP-compliant deliverable format

5–7 business days · Delivered remotely · CDAP covers the full $997

Most Comprehensive

Tier 2

AI Governance
Deep Audit

$4,997 flat fee · board-ready output

A full-scope governance engagement for organisations facing regulatory pressure, M&A due diligence, insurance renewal, or a board-level AI accountability question. We interview your leadership, review your actual tools and contracts, and deliver a document your board can act on.

Everything in the Gap Analysis, plus:
Stakeholder interviews — CEO, IT lead, and ops lead
Vendor contract and data processing agreement review
Full risk register with severity and likelihood ratings
AIDA · PIPEDA · PIPA · Bill C-27 compliance gap mapping
Board-ready written report (15–20 pages)
Executive summary (2-page standalone)
90-day remediation roadmap with ownership assignments
2× follow-up advisory calls (30-day + 90-day check-in)

2–3 week engagement · Remote delivery · Follow-up calls included

Side by side

What you get in each tier

Deliverable	Gap Analysis · $997	Deep Audit · $4,997
AI tools & vendor inventory	✓	✓
Privacy risk review (PIPEDA / PIPA)	✓	✓
Policy gap identification	✓	✓
Written gap report	8–12 pages	15–20 pages
Advisory call	1× 60 min	3× (findings + 30d + 90d)
Stakeholder interviews	—	✓
Vendor contract review	—	✓
Full risk register	—	✓
AIDA / Bill C-27 compliance mapping	—	✓
Board-ready executive summary	—	✓
90-day remediation roadmap	—	✓
CDAP funding eligible	✓ Fully covered	—
Turnaround	5–7 business days	2–3 weeks

How it works

The assessment process

Gap Analysis · $997

Day 1

Discovery call & intake

30-minute call to confirm scope. We send the structured AI governance questionnaire (completed async at your pace).

Days 2–4

Review & analysis

Manav reviews your questionnaire responses, current tool stack, and any existing policies you share.

Days 5–7

Written gap report delivered

You receive the 8–12 page gap report by email as a branded PDF. Includes your top 5 priority actions.

Day 7

Advisory call

60-minute call to walk through findings, answer questions, and agree on next steps.

Deep Audit · $4,997

Week 1

Scoping & stakeholder interviews

Discovery call, intake questionnaire, and structured interviews with CEO, IT lead, and ops lead. Document collection (vendor contracts, data processing agreements, existing policies).

Week 2

Analysis & risk register

Full review of tools, vendor agreements, and data flows. Risk register built with severity and likelihood ratings. AIDA · PIPEDA · PIPA compliance gaps mapped explicitly.

Week 3

Report & roadmap delivered

Board-ready report (15–20 pages) plus 2-page executive summary and 90-day remediation roadmap. Delivered by email and reviewed in a 60-min findings call.

Day 30 & 90

Follow-up advisory calls

Two check-in calls to review progress on the remediation roadmap and answer questions as your team implements the changes.

Canadian compliance

Built on Canadian law — not US frameworks

Every assessment is grounded in the regulations that actually apply to your business. Not NIST. Not SOC 2. Canadian law.

PIPEDA — Personal Information Protection and Electronic Documents Act Alberta PIPA — Personal Information Protection Act AIDA — Artificial Intelligence and Data Act Bill C-27 — Digital Charter Implementation Act APEGA — Professional liability considerations OPC Guidelines — Office of the Privacy Commissioner

If your business operates across provinces or serves the US market, we will note cross-jurisdictional considerations — but the primary lens is always Canadian regulatory reality, not imported US compliance frameworks that do not map to your actual obligations.

Client feedback

What clients say

"Manav translated our AI risk into language our board could actually act on. The gap report paid for itself the week we presented it to our insurer."

Operations Director Mid-size Alberta professional services firm

"We were days away from an M&A due diligence review with no AI policy in place. The Deep Audit gave us a credible, board-ready document in two weeks. It changed the conversation."

CEO Edmonton-based technology startup

"We thought we were compliant. Manav found three vendor agreements where we were sharing client data with AI systems under terms we had never reviewed. Worth every dollar."

Managing Partner Alberta accounting firm

FAQ

Common questions

What is the difference between the Gap Analysis and the Deep Audit?

The Gap Analysis ($997) is a structured diagnostic — you answer a questionnaire, we review your tools and policies, and deliver a written report with priority actions in 5–7 days. The Deep Audit ($4,997) is a full engagement: stakeholder interviews, vendor contract review, a full risk register, AIDA/PIPEDA compliance mapping, a board-ready report, and two follow-up calls over 90 days.

Which tier is right for my business?

If you are unsure where you stand and want a clear picture quickly, start with the Gap Analysis — especially if CDAP will cover the cost. If you are facing a specific deadline (M&A, insurance renewal, regulatory inquiry, board presentation), the Deep Audit is the right tool. Book a free 20-minute discovery call and Manav will tell you directly which one fits.

Does this cover Canada's AI Act (Bill C-27 / AIDA)?

Yes. Both tiers map your current AI usage against PIPEDA, Alberta PIPA, and Canada's Artificial Intelligence and Data Act (AIDA — Bill C-27). The Deep Audit includes explicit compliance gap mapping for each regulation with remediation steps and ownership assignments.

Is the Gap Analysis eligible for CDAP funding?

Yes. The Gap Analysis ($997) is fully CDAP-eligible — the CDAP grant covers up to $2,400 per eligible Alberta SMB, so the assessment costs you nothing out of pocket. Contact QTSI before applying — we will assess your eligibility and assist with the application at no additional charge.

How long does each engagement take?

The Gap Analysis is completed in 5–7 business days from the time you submit your questionnaire. The Deep Audit is a 2–3 week engagement, including stakeholder interviews, document review, written report, and the initial findings call. Follow-up calls are at the 30-day and 90-day marks.

Start with a conversation

Not sure which tier is right?
Book a free 20-minute call.

Manav will review your situation and tell you exactly which assessment fits — Gap Analysis or Deep Audit — with no obligation and no upsell. If neither is the right tool for where you are right now, he will tell you that too.

Email info@qtsi.ca