For Government IT · Canada · Provincial · Municipal

AI IT support that stays inside Canada.

ARIA is Canada-domiciled, PIPEDA-compliant, ITSG-33 + NIST 800-53 + ISO 27001-aligned. We are already registered on CanadaBuys and SAP Ariba, with applications in motion for PSPC AI Source List, Sourcewell, and US federal sub-prime pathways. Pre-built for procurement evaluators.

Request RFP packet Try ARIA — 15 min free

Procurement vehicles we are on or pursuing

Registered + active + pre-qualified. Not aspirational.

PSPC AI Source List

Public Services and Procurement Canada AI Source List — application in preparation for the 2026-09-30 cohort window. Once admitted, federal AI procurement flows through this list.

Submission target: 2026-09-30

Sourcewell Cooperative

US-Canada cooperative purchasing alliance with 50,000+ municipal, education, and non-profit buyers. Single contract award = multi-buyer pipeline.

Submission packet in build

MERX

Federal + provincial RFP feed. Daily monitoring with our saved-search routine — IT support, AI augmentation, helpdesk, MSP services.

Active monitoring

Why ARIA is a fit for government IT

Canada-domiciled, sovereign-data path

Operating from Toronto. Data residency configurable to Canadian regions. PIPEDA Principle 9 self-serve data export + deletion built in. GDPR Art. 22 automated-decisions notice published.

ITSG-33 + NIST 800-53 aligned

Governance suite published at iisupp.net/governance covers risk management, change management, vendor management, encryption, vulnerability management. Mappable to ITSG-33 control families for evaluator review.

Human-approved on every privileged action

ARIA refuses to auto-modify accounts, licenses, group memberships. Every privileged action requires HMAC-signed admin approval via email link. Per-tenant audit log with cap 500 events, exportable for auditor / oversight review.

SOC 2 + ISO 27001 readiness in motion

Public self-assessments at /soc2-readiness and /compliance/iso-27001-readiness. Audited reports targeted Q2 2027 — happy to provide control evidence on request for any RFP evaluator.

Vulnerability disclosure policy (ISO 29147)

Public coordinated disclosure policy at /security/disclosure. security.txt published at /.well-known/security.txt. We treat security researchers as collaborators, not threats.

Bilingual-ready (EN / FR + 3 more)

ARIA UI supports EN, FR, ES, DE, AR. Suitable for bilingual federal procurement requirements. Voice and chat both work in all five.

Documents we can produce on request

CAIQ-Lite (Cloud Security Alliance) — outputs/CAIQ-Lite-prefilled.md ready
SIG-Lite (Standardized Information Gathering) — outputs/SIG-Lite-prefilled.md ready
SOC 2 Type I control evidence package — current state self-assessment
ISO 27001 control crosswalk — /compliance/iso-27001-readiness
PIPEDA compliance attestation — /compliance/pipeda-readiness
Architecture + data-flow diagram (anonymized)
Vendor sub-processor list (Anthropic, Netlify, Stripe, Resend) with their respective DPAs
Insurance proof on award — Cyber Liability + E&O + CGL bindable within 5 business days of contract
BAA template (US healthcare-adjacent engagements)
VPAT 2.5 (US Section 508 accessibility — for US federal sub-prime work)
HECVAT Lite (education sector security questionnaire)
Founder bio + 15-year IT operations history — happy to provide W-9 / W-8BEN / Canadian equivalent on award

Pricing for government

Public pricing at /plans. RFP pricing follows GoC procurement standards (per-user-per-month or per-contract-year). Volume discounts available at multi-year commitments.

Small Business / Department

$156,000 USD/yr

Single department or small agency (under 250 users)

Mid-size / Multi-department

$312,000 USD/yr

Multi-department or regional rollout

Enterprise / Pan-Canadian

$625,000 USD/yr

Federal department or provincial network

Request RFP packet Discuss our procurement fit