One Supply Chain, Two Rulebooks: Making Sense of CMMC and CPCSC
If you machine parts for a US prime and bid on Canadian Department of National Defence (DND) work, you now answer to two governments’ cybersecurity rules. CMMC Level 2 is already in over 100 DoD contracts. CPCSC Level 1 is live, with Level 2 coming Spring 2027. Neither satisfies the other.
Nobody is talking about the challenges of meeting these two frameworks and how they fit together. On July 30th at 1pm ET, PreVeil sits down with the people who are: FirstCall (C3PAO), CybercarePro (Canadian compliance practitioner), and Camcor Industries (Canadian defense contractor). You’ll learn:
- Where Canadian companies get stuck on CMMC — from the C3PAO who assesses them
- What CPCSC requires today, and what’s coming with Level 2
- What parts of CMMC carry over to CPCSC and what doesn’t

Travis Sands
Dir. Cyber Security FirstCall Consulting
Travis Sands is a Partner at FirstCall, a Certified Third-Party Assessment Organization (C3PAO) based in Georgia. He works directly with defense contractors navigating CMMC assessments and has firsthand insight into where Canadian suppliers run into gaps when US and Canadian compliance frameworks overlap.

Marguerite Fleming
CISO, Cybercare Pro
Marguerite Fleming is a Toronto-based compliance practitioner with CybercarePro, focused on helping Canadian defense contractors navigate emerging CPCSC requirements. She brings on-the-ground experience with how Canadian suppliers are approaching the transition from CMMC alignment to CPCSC certification.

Bruce McLaren
Camcor Industries Ltd.
Bruce McLaren leads IT and compliance at Camcor Industries Ltd., a Canadian CNC machining contractor serving the defense industrial base. Camcor adopted PreVeil in 2023 ahead of contract requirements, and Bruce will speak to what that compliance journey has looked like in practice.
PROUDLY MADE IN THE USA
PreVeil is 100% Designed & Developed in the USA