Security & Compliance Built In, Not Bolted On
Every Netpedia service is architected to meet NIST Cybersecurity Framework 2.0 standards. PIPEDA, PHIPA, and PCI DSS v4.0 compliance — all on 100% Canadian servers with end-to-end encryption.
The Six Security Functions We Implement
The NIST Cybersecurity Framework 2.0 organizes security into six core functions. Here is how Netpedia implements each one across our entire infrastructure.
GOVERN
Organizational context, risk strategy & supply chain security governance.
- Information security policy & program charter
- Risk tolerance thresholds defined & board-reviewed
- Vendor / supply chain risk management (C-SCRM)
- Legal, regulatory & contractual obligation tracking
- Cybersecurity roles, responsibilities & accountability
IDENTIFY
Asset inventory, risk assessment & vulnerability management.
- Hardware, software & data asset inventory (CMDB)
- Continuous vulnerability scanning (CVE-based)
- Risk assessments against business criticality
- Threat intelligence feeds & threat modelling
- Business environment & dependency mapping
PROTECT
Access control, data security, platform security & resilience.
- MFA enforcement & privileged access management (PAM)
- AES-256 encryption at rest, TLS 1.3 in transit
- CIS Benchmark server hardening on all nodes
- ModSecurity WAF + Cloudflare enterprise ruleset
- Daily encrypted off-site backups with verified restore
DETECT
Anomaly detection, continuous monitoring & adverse event analysis.
- 24/7 SOC with SIEM log aggregation & correlation
- IDS/IPS on all network segments
- Automated anomaly detection (baseline deviation alerts)
- Real-time DDoS traffic analysis via Cloudflare
- Integrity monitoring on critical system files
RESPOND
Incident management, analysis, mitigation & communication.
- Documented IR playbooks for 12 incident categories
- PIPEDA 72-hour breach notification procedure
- Escalation matrix: L1 → L2 → CISO within 4 hours
- Post-incident root cause analysis (RCA) reports
- Crisis communications templates for customer notification
RECOVER
Incident recovery, service restoration & lessons-learned communication.
- 4-hour Recovery Time Objective (RTO) for critical systems
- Recovery Point Objective (RPO) ≤ 24 hours
- Disaster Recovery Plan (DRP) tested bi-annually
- Business Continuity Plan (BCP) for multi-region failover
- Post-incident review & continuous improvement cycle
Multi-Framework Compliance Coverage
From Canadian federal privacy law to international security standards — we map our controls to every framework your business may need.
NIST CSF 2.0
All 6 functions (GV, ID, PR, DE, RS, RC) implemented across infrastructure, operations, and incident management.
PIPEDA
All data stored in Canadian data centres. Privacy-by-design principles, documented consent management, and 72-hour breach notification.
PHIPA (Ontario)
Suitable for Ontario health information custodians. Data residency in Ontario, audit logging, and custodian agreements on request.
PCI DSS v4.0
VPS, Cloud & Dedicated plans can be scoped for PCI DSS v4.0 cardholder data environments. Network isolation, WAF, and logging controls available.
SOC 2 Type II
SOC 2 Type II audit in progress. Trust Services Criteria: Security, Availability, and Confidentiality. Reports available Q4 2026.
ISO 27001
Controls aligned to ISO/IEC 27001:2022 Annex A. Full certification roadmap underway for 2026.
CCCS Guidelines
Canadian Centre for Cyber Security (CCCS) ITSG-33 security control catalogue applied to all government-grade hosting tiers.
GDPR (EU)
For EU-facing Canadian businesses: data processing agreements, right-to-erasure tooling, and DPA templates available on request.
Eight Layers of Defense in Depth
Security isn't a single product — it's a stack. Netpedia implements eight complementary control layers so a failure in one layer never becomes a breach.
Hardened Infrastructure
Servers secured with CIS Benchmarks, kernel hardening, and automated patch management aligned to NIST SP 800-53.
24/7 SOC Monitoring
Continuous threat detection with real-time log analysis, anomaly detection, and escalation runbooks for every incident.
Encryption Everywhere
TLS 1.3 in transit, AES-256 at rest. All backups are encrypted. Keys rotated on schedule per NIST guidelines.
Compliance Auditing
NIST CSF 2.0, PIPEDA, PHIPA, and PCI DSS v4.0 aligned controls with audit-ready reporting on request.
Automated Encrypted Backups
Daily off-site backups with verified restores. Point-in-time recovery available. Meets NIST RECOVER function requirements.
Identity & Access Control
MFA enforcement, role-based access, principle of least privilege — covering NIST PROTECT: Identity Management.
Incident Response Plan
Documented IR playbooks, 4-hour RTO, breach notification procedures compliant with PIPEDA and PHIPA obligations.
Network Perimeter Security
Cloudflare WAF, BGP anycast DDoS mitigation, IP reputation filtering, and real-time traffic analysis at the edge.
Security Controls Across Every Service
See exactly which security controls apply to each Netpedia service at a glance.
| Security Control | Shared | VPS | Cloud | Reseller | WordPress | SSL | Cloudflare | |
|---|---|---|---|---|---|---|---|---|
| Free SSL / TLS 1.3 | ||||||||
| Cloudflare WAF | BASIC | ADV | ADV | BASIC | ADV | ENT | ||
| DDoS Mitigation | BASIC | ADV | ADV | BASIC | BASIC | ADV | ENT | |
| Daily Encrypted Backups | ||||||||
| Malware Scanning | ADV | |||||||
| Two-Factor Auth (2FA) | ||||||||
| Intrusion Detection (IDS) | BASIC | ADV | ADV | BASIC | BASIC | |||
| Firewall (CSF/UFW) | ||||||||
| PIPEDA Data Residency | ||||||||
| Audit Log Retention | 30d | 90d | 90d | 30d | 30d | 90d | 30d |
ADV = Advanced tier | ENT = Enterprise tier | — = Not applicable to this service
Choose Your Security Level
Every plan includes core security. Upgrade for deeper compliance, dedicated monitoring, and enterprise-grade incident response.
Foundation
With every hosting plan
- Free SSL / TLS 1.3 on all domains
- Cloudflare CDN + Basic DDoS protection
- Imunify360 malware scanner
- ModSecurity WAF (OWASP ruleset)
- Daily backups with 7-day retention
- Two-factor authentication (2FA)
- 99.9% uptime SLA
- PIPEDA-compliant data residency
- CSF firewall on all shared servers
- Free site migration
Professional
For businesses with compliance needs
- Everything in Foundation
- Advanced Cloudflare WAF (custom rulesets)
- Enterprise DDoS mitigation (100+ Gbps)
- Dedicated IDS/IPS monitoring
- Weekly vulnerability scanning reports
- 90-day audit log retention
- Security incident summary reports
- PCI DSS scoping consultation
- PHIPA alignment documentation
- Priority incident response (4-hour RTO)
Enterprise
For regulated industries & large scale
- Everything in Professional
- Dedicated security engineer
- SOC 2 Type II evidence package
- Penetration testing coordination
- Custom IR playbook development
- 1-year audit log retention
- NIST CSF gap assessment & roadmap
- ISO 27001 alignment consultation
- Board-level security briefings
- SLA: 1-hour critical incident response
Common Security Questions Answered
The NIST Cybersecurity Framework 2.0 is the gold-standard security framework published by the US National Institute of Standards and Technology. It organizes security controls into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. We use it as our internal security architecture blueprint so your data is protected by proven, internationally recognized practices.
Yes. All data is stored exclusively in Canadian data centres (Toronto and Montreal), which keeps you compliant with PIPEDA (Personal Information Protection and Electronic Documents Act). We never route your data through US servers. For healthcare customers, our infrastructure also aligns with PHIPA requirements for Ontario-based organizations.
Our VPS, Cloud, and Dedicated Server plans can be configured to meet PCI DSS v4.0 requirements for cardholder data environments. We provide network isolation, logging, WAF, and IDS controls. Contact our team for a PCI scoping discussion — requirements vary by your specific card processing setup.
Our Security Operations Centre monitors for incidents 24/7. In the event of a confirmed breach, our Incident Response team activates our documented playbooks: isolate, analyze, contain, eradicate, and recover. You'll be notified within 72 hours as required by PIPEDA. We maintain a 4-hour Recovery Time Objective (RTO) for critical services.
Yes — encryption is applied at multiple layers. All data in transit uses TLS 1.3. Data at rest on our storage systems uses AES-256 encryption. Backups are encrypted before leaving the primary server. Database passwords and sensitive credentials are hashed using bcrypt or Argon2 depending on the application.
Core security — SSL, Cloudflare CDN/DDoS protection, WAF, server hardening, malware scanning, and daily backups — is included with every plan at no extra cost. Advanced features like dedicated WAF rulesets, security audit reports, penetration testing coordination, and SOC 2 evidence packages are available through our Professional and Enterprise security tiers.
Ready to Harden Your Infrastructure?
Talk to our security team about NIST CSF 2.0 implementation, compliance scoping, or a full security assessment for your organization.