Is there a free way to start?

Yes. The free Copilot Readiness Scan runs Microsoft's official open-source assessment engine against your tenant, read-only, and delivers a Fusion-branded report across 7 service areas. It is the automated entry point; this AI Readiness Assessment is the paid, CISSP-led engagement that covers governance, shadow AI, and oversharing on top of configuration.

How long does it take and what does it cost?

Two formats. The 60-minute scoping call is free. A light assessment runs about two weeks at a fixed fee for tenants under 50 users with a defined Copilot pilot. A comprehensive engagement runs 4 to 6 weeks, environment-priced, for 50 to 250-user tenants or organizations with PIPEDA, PHIPA, or BC PIPA obligations. The quote is in writing before any work begins.

What frameworks does the assessment use?

Findings map to the NIST AI Risk Management Framework and ISO/IEC 42001, with PIPEDA, Quebec Law 25, and Bill C-27 (AIDA) alignment for high-impact systems.

Do we need Microsoft 365 Copilot already?

No. Most teams book before buying Copilot, precisely so the oversharing and governance work is done before the licences are committed.

Do I have to hire Fusion afterward?

No. The report and roadmap are yours to implement with any provider. An optional 90-day implementation retainer is available if you want help executing.

AI readiness assessment

AI Readiness Assessment for Canadian SMBs

A CISSP-led review of identity, data governance, shadow AI, and Microsoft 365 Copilot fit, so leadership can roll out AI with the controls and policy in place before the licences are committed.

Identity, data-governance, and shadow-AI review
Microsoft 365 Copilot oversharing scan
Mapped to NIST AI RMF and ISO/IEC 42001
A 90-day rollout plan with named owners

See AI services →

Free 60-minute scoping call. Light assessment in about two weeks; comprehensive engagement 4 to 6 weeks. CISSP and MSc AI leadership; a senior consultant replies within one business day.

Why teams trust the Fusion assessment

50 Best Managed IT
Named two years running, 2024 and 2025
CISSP + MSc AI
Security and AI leadership
500+ Canadian SMBs
Supported since 2012
NIST AI RMF
Mapped to ISO/IEC 42001

What we review

Six lenses on AI readiness

A grounded view of where AI saves time and where it adds risk, written for decision-makers.

Identity & permissions
Entra ID roles, Conditional Access, and MFA, plus a who-can-read-what map across SharePoint, OneDrive, Teams, and Exchange.
Shadow AI & data egress
Which consumer LLMs your staff already use, and which data classes leave the tenant through ChatGPT and Gemini sessions IT cannot see.
Data & sensitivity labels
Microsoft Purview labels, DLP, and Copilot exclusions, sampled across HR, finance, legal, and client folders to find oversharing exposure.
Workflow & governance
Five to seven priority workflows mapped with the people who run them, plus an acceptable-use policy aligned to PIPEDA and provincial privacy law.
Copilot fit
Whether Microsoft 365 Copilot, Power Automate, or a custom build should lead, with high-ROI use cases scored by value and review overhead.
AI-vendor risk
A third-party AI register against ISO/IEC 42001, with model cards, retention, sub-processor map, and NIST AI RMF function mapping.

Why it matters

Why most AI pilots fail without an assessment first

Three patterns repeat across the Canadian SMBs that come to us mid-pilot.

Security gaps
Shadow AI is already happening on personal accounts. Sensitive client data, contracts, and source code leave the tenant through ChatGPT and Gemini sessions IT cannot see.
Wasted licence spend
Copilot adds $30 per user per month. When SharePoint oversharing is unfixed, it surfaces HR salaries and board minutes to the wrong users on day one, and licences get pulled.
Stalled adoption
Staff abandon AI tools with no approved-tool list, no prompt library, and no acceptable-use policy. The assessment delivers the governance that makes adoption stick.

The deliverable

A 90-day plan with named owners, not a slide deck

The output is a board-ready report that closes the security, licence, and adoption gaps before a single Copilot licence is committed.

Every finding maps to the NIST AI Risk Management Framework and ISO/IEC 42001, so it reads in the language a board, an auditor, or a privacy regulator already knows.

Why it matters now

The governance gap Canadian SMBs are missing

Statistics Canada, 2024
1 in 7 businesses use AI
Adoption concentrates in firms with a documented data-governance program; SMBs without one are the cohort most exposed to data leakage.
Read more
Canadian Centre for Cyber Security, 2025
Gen-AI is a top threat vector
Employees routinely paste regulated client and financial data into consumer LLMs with no enterprise data agreement.
Read more
Bill C-27 (AIDA)
AIDA will require risk assessments
High-impact AI systems will need documented risk assessments and bias-mitigation evidence most off-the-shelf Copilot configs do not meet.
Read more
Microsoft Work Trend Index, 2025
40%+ Copilot productivity gains
But only once data classification, sensitivity labels, and conditional access are in place; under 30% of Canadian SMBs have those documented.
Read more

Who it is for

Book it when AI is real on your roadmap

Most teams that book share one of these four starting points.

Planning a Copilot rollout
You are about to deploy Microsoft 365 Copilot and want the oversharing and governance work done first.
Worried about shadow AI
Staff are already using ungoverned tools and you need visibility before sensitive data leaves the tenant.
Need governance first
You need an acceptable-use policy and a data-classification posture before any AI deployment.
Preparing for compliance
An audit, a PIPEDA review, or Bill C-27 exposure means you need a documented AI risk assessment.

How it works

Three steps, no obligation

The report and roadmap are yours regardless of what you decide afterward.

1. Free 60-minute scoping call
We confirm fit, scope, and format. Fixed-fee or environment-priced, with the quote in writing before any work begins.
2. Identity, data & shadow-AI review
We baseline permissions, inventory shadow AI, sample sensitivity labels, and map your priority workflows.
3. 90-day roadmap
A board-ready report with a prioritized 30/60/90-day plan and named owners. Light engagement in about two weeks.

CISSP + MSc AI leadership

Mike Pearlstein, CISSP, MSc (AI), Founder of Fusion Computing

“AI readiness isn't a tools question; it's a governance question. Approved tool list, data classifications, privilege-safe prompt patterns, audit artifact: once those are in place, the productivity win follows. We scope the assessment to produce that governance package, not another vendor-speak deliverable.”

CISSPMSc, AINIST AI RMFISO/IEC 42001

Frequently asked questions

Get a clear AI go / no-go call

Book a free 60-minute scoping call. We will assess the workflows, the risk, and the rollout path so leadership can decide with confidence instead of vendor pressure.

Book your scoping call Explore AI Services

Explore more:Free Copilot readiness scan·Cybersecurity assessment·IT business assessment

AI Readiness Assessment for Canadian SMBs

Book a Consultation

Six lenses on AI readiness

Identity & permissions

Shadow AI & data egress

Data & sensitivity labels

Workflow & governance

Copilot fit

AI-vendor risk

Why most AI pilots fail without an assessment first

Security gaps

Wasted licence spend

Stalled adoption

A 90-day plan with named owners, not a slide deck

The governance gap Canadian SMBs are missing

1 in 7 businesses use AI

Gen-AI is a top threat vector

AIDA will require risk assessments

40%+ Copilot productivity gains

Book it when AI is real on your roadmap

Planning a Copilot rollout

Worried about shadow AI

Need governance first

Preparing for compliance