What is an AI readiness assessment and why does a Canadian business need one?

An AI readiness assessment is a structured evaluation of whether your data, identity, governance, and security posture can safely host generative AI tools like Microsoft Copilot or Google Gemini for Workspace. Fusion Computing reviews Microsoft 365 tenant configuration, SharePoint and OneDrive permissions, sensitivity labels, conditional access, and shadow AI exposure across Toronto, Hamilton, and Vancouver clients. The output is a prioritized roadmap and 90-day plan, not a sales pitch.

What does Fusion's AI assessment cover end to end?

The engagement covers four review areas: identity and permissions baseline across Entra ID, SharePoint, and OneDrive; shadow AI and data-egress audit through browser inventory and Defender for Cloud Apps logs; data and sensitivity-label readiness in Microsoft Purview with DLP and Copilot exclusions; and workflow mapping with five to seven priority workflows tied to high-ROI Copilot or automation use cases. We document findings against PIPEDA, PHIPA, and BC PIPA expectations.

What is shadow AI and why is it a board-level risk in 2026?

Shadow AI describes employees using ChatGPT, Claude, Gemini, or unsanctioned Copilot extensions on personal accounts without IT visibility, often pasting client data, source code, or financials into models with no enterprise data agreement. The federal Office of the Privacy Commissioner and the Canadian Centre for Cyber Security have flagged this as a leading 2026 privacy risk because data leaves Canadian jurisdiction the moment it enters a consumer LLM.

Is this assessment focused only on Microsoft Copilot?

No. Copilot is the most common starting point because most of our clients already run Microsoft 365 Business or E3, but the same readiness work applies to Google Gemini for Workspace, Claude for Enterprise, ChatGPT Enterprise, and custom retrieval-augmented generation deployments. The governance, identity, and data-classification fixes carry across every platform, so the investment is not wasted if you change LLM vendor later.

How much does an AI readiness assessment cost in Canada?

Fusion Computing offers a free 60-minute scoping call, a fixed-fee Light assessment for tenants under 50 users, and a deeper Comprehensive engagement priced per environment size. For context, ongoing managed IT sits at roughly $180 per user per month, cybersecurity at $130 to $180 per user per month depending on stack and compliance scope, and Microsoft 365 Copilot adds $30 per user per month on top of base licensing. We quote in writing before any work begins.

How long does the assessment take and what deliverables do we receive?

The Light assessment runs about two weeks from kickoff to readout. The Comprehensive runs four to six weeks depending on tenant complexity and stakeholder availability. Deliverables include a written readiness report, a permissions and oversharing heatmap, a shadow-AI inventory, a sensitivity-label and DLP recommendation set, a Copilot or Gemini pilot scope, and a 90-day remediation roadmap with named owners and effort and risk ratings.

AI Readiness Assessment for Canadian SMBs

CISSP-led review of identity, data governance, shadow AI, and Microsoft 365 Copilot fit. Free 60-minute scoping call. 4–6 week engagement with a written 90-day roadmap.

Book your free scoping call →See timeline & cost

Mike Pearlstein, CISSP, MSc (AI) · CEO · Toronto · Hamilton · Vancouver

What an AI readiness assessment includes

SharePoint hygiene first: if your tenant has more than 25 SharePoint sites, the Pre-Copilot SharePoint Audit is part of the readiness work this assessment uncovers.

An AI readiness assessment for Canadian SMBs evaluates your Microsoft 365 tenant configuration, data-governance maturity, identity and permissions, shadow-AI exposure, and workflow fit, then produces a 90-day Copilot or Gemini adoption roadmap mapped to PIPEDA, PHIPA, BC PIPA, and the Bill C-27 (AIDA) framework. Fusion Computing delivers CISSP-led assessments with sector-specific guidance for legal, finance, healthcare, and professional-services firms.

Statistics Canada, 2024: Roughly 1 in 7 Canadian businesses had adopted AI by 2024, but adoption is concentrated in firms with 100+ employees and a documented data-governance program. SMBs without that foundation are the cohort most exposed to data-leakage incidents. (statcan.gc.ca, Survey of Digital Technology and Internet Use)

Canadian Centre for Cyber Security, 2025-2026 Threat Bulletin: Generative AI is a top-tier threat vector for Canadian organizations because employees routinely paste regulated client and financial data into consumer LLMs that lack enterprise data agreements. (cyber.gc.ca, National Cyber Threat Assessment)

Bill C-27 (Artificial Intelligence and Data Act): High-impact AI systems will require documented risk assessments, accountability frameworks, and bias-mitigation evidence. Most off-the-shelf Copilot and Gemini configurations do not meet that bar without explicit tenant-side controls.

IBM Cost of a Data Breach 2024: Organizations deploying AI-enhanced security tools shortened breach lifecycles by 108 days on average, but only when AI governance was documented and auditable.

Microsoft Work Trend Index 2025 (Canadian segment): Knowledge-worker firms report 40%+ productivity gains from Copilot once data classification, sensitivity labels, and conditional access are in place. Under 30% of Canadian SMBs have those controls documented today.

“AI readiness isn’t a tools question; it’s a governance question. Approved tool list, data classifications, privilege-safe prompt patterns, audit artifact: once those are in place, the productivity win follows. We scope the assessment to produce that governance package, not another vendor-speak deliverable.”

— Mike Pearlstein, CISSP, MSc Computer Science (AI), CEO, Fusion Computing

Book your free scoping call →

Why most AI pilots fail without an assessment first

Three patterns repeat across the Canadian SMBs that come to us mid-pilot. Each one has the same root cause: the foundation work was skipped to chase a launch date.

Security gaps

Shadow AI usage is already happening on personal accounts. Sensitive client data, contracts, and source code are leaving the tenant through ChatGPT and Gemini sessions IT cannot see. The assessment maps every consumer LLM employees are using and the data classes they are pasting in.

Wasted licence spend

Copilot for Microsoft 365 adds $30 per user per month on top of base licensing. When SharePoint oversharing is unfixed, Copilot surfaces HR salaries, board minutes, and client deliverables to the wrong users on day one. Licences get pulled. Trust takes longer to rebuild.

Stalled adoption

Staff abandon AI tools when there is no approved-tool list, no prompt library, and no acceptable-use policy. Champions get frustrated. Skeptics feel vindicated. Pilots get archived. The assessment delivers the governance artifacts that make adoption stick.

A readiness assessment closes all three gaps before licence dollars are committed. The deliverable is a 90-day plan with named owners, not a slide deck.

How we run the AI readiness assessment

Four review areas, each tied to a concrete deliverable in the final report. We start with the tenant configuration data and the people closest to the work, not a generic questionnaire.

1. Identity and permissions baseline

We export Entra ID role assignments, conditional-access policies, MFA enforcement, and group memberships. We map who can read what across SharePoint, OneDrive, Teams, and Exchange.

Output: permissions heatmap and least-privilege gap list.

2. Shadow AI and data-egress audit

Browser inventory, Defender for Cloud Apps logs, structured interviews with department leads. We document which consumer LLMs employees are using and which data classes are leaving the tenant.

Output: shadow-AI inventory and egress remediation plan.

3. Data and sensitivity-label readiness

Microsoft Purview labels, retention, DLP rules, and Copilot exclusions. We sample HR, finance, legal, and client folders to confirm sensitivity-label coverage and oversharing exposure.

Output: sensitivity-label taxonomy and DLP recommendation set.

4. Workflow mapping and governance

We map five to seven priority workflows with the people who run them, identify high-ROI Copilot or Power Automate workflow automation use cases, and draft an acceptable-use policy aligned to PIPEDA and provincial privacy law.

Output: pilot-use-case shortlist and acceptable-use policy draft.

Your deliverable: a 30-page roadmap and 90-day plan

One written report, ordered by impact and effort, with named owners and effort ratings. You receive both the full report and a stakeholder-ready executive summary you can present to the board.

AI Assessment deliverables: AI Readiness Report, Workflow Mapping, Prioritised AI Roadmap, Risk Reduction Plan, Governance Framework, 90-Day Action Plan

Who should book this assessment

The assessment is a fit when AI is real on your roadmap, not a slide. Common starting points and the sectors where the work pays back fastest.

Built for businesses planning Microsoft 365 Copilot rollout, concerned about shadow AI, needing AI governance, preparing compliance audits, wanting measurable AI ROI; industry examples include construction, manufacturing, finance, accounting, healthcare, non-profit, design and architecture, transport and logistics

How long does it take and what does it cost?

Two engagement formats. The 60-minute scoping call is free, the assessment itself is fixed-fee or environment-priced, and the quote is in writing before any work begins.

Light assessment

~2 weeks

Fixed-fee. Suitable for tenants with under 50 users, a single Microsoft 365 SKU, and a defined Copilot pilot in mind.

Includes: identity baseline, oversharing snapshot, shadow-AI inventory, sensitivity-label gap list, 90-day plan.

Comprehensive assessment

4–6 weeks

Environment-priced. Suitable for 50–250-user tenants, multi-SKU, or organizations with PIPEDA, PHIPA, or BC PIPA reporting obligations.

Adds: Purview DLP design, conditional-access review, pilot-cohort selection, board-ready executive summary, optional 90-day implementation retainer.

For context, ongoing managed IT and cybersecurity sit at $180 per user per month for managed IT, with cybersecurity priced separately at $130–$180 per user per month depending on stack and compliance scope. Microsoft 365 Copilot adds $30 per user per month on top of base licensing. Assessment fees do not include those subscriptions.

Book your AI readiness assessment

Tell us what you want AI to help with. A senior consultant follows up within one business day to scope the engagement, agree the format, and send a written quote before any work starts.

Where this assessment fits in our AI practice

This assessment is the diagnostic front end of Fusion Computing’s broader AI services and consulting practice, where the readiness findings feed directly into Copilot deployment, our custom business AI platform rollout, governance hardening, and ongoing managed AI operations across our Toronto, Hamilton, and Vancouver client base. After the assessment, see how ChatGPT Agents automate recurring workflows for the first hands-on use cases most clients pilot. Already running an AI pilot in a specific market? Fusion Computing also delivers city-level engagements through AI services in Toronto for GTA tenants navigating PHIPA and Ontario IPC guidance, AI services in Hamilton for Hamilton-Wentworth manufacturers and clinics, and AI services in Vancouver for Lower Mainland firms working under BC PIPA and OIPC BC oversight.

AI Readiness Assessments available in: Toronto · Metro Vancouver · See AI Services →