For Cyber Insurance Carriers

Cyber Insurance Approved Vendor

When your insured calls, we answer. 24/7 incident response from court-qualified forensic examiners.

Sherlock Forensics is a cyber insurance approved vendor providing 24/7 incident response, digital forensics and breach notification support for insured organizations. Our court-qualified forensic examiners deliver court-admissible reporting with strict chain-of-custody protocols, PIPEDA and GDPR compliant documentation and expert witness testimony. We offer 1-hour acknowledgment, 4-hour initial response and 24-hour on-site or remote deployment SLAs.

Insurance carriers need a forensics vendor who picks up the phone at 2 AM, produces reports that hold up in court and communicates clearly with adjusters, counsel and the insured. That is what we do. Every engagement follows documented methodology, preserves chain of custody and produces deliverables designed for claims files and regulatory submissions.

Add Us to Your Vendor Panel Call 604.229.1994

1hr

Acknowledgment SLA

4hr

Initial response

20+

Years DFIR experience

What Insurers Need

Built for Insurance Panel Requirements

Court-Admissible Methodology

Every investigation follows NIST SP 800-86 and ISO 27037 standards. Our methodology has been tested under cross-examination and accepted by courts in British Columbia and Newfoundland. Reports are written for judges, not just IT departments.

Chain of Custody

Forensic evidence is collected, documented and preserved using protocols that maintain admissibility from acquisition through testimony. Every evidence item is hash-verified, timestamped and tracked through a continuous chain of custody.

Regulatory Compliance Reporting

Reports address PIPEDA mandatory breach notification requirements, provincial privacy legislation and GDPR obligations for organizations with EU data subjects. Documentation maps directly to regulatory reporting templates.

Timeline Reconstruction

We build forensic timelines that show exactly when the attacker entered, what they accessed, how they moved laterally and when data was exfiltrated. These timelines anchor claims decisions and regulatory notifications.

Root Cause Analysis

Every investigation identifies the initial attack vector, contributing security gaps and the complete kill chain. Root cause findings inform both the claims file and the insured's remediation requirements. Many cyber insurance policies now require annual tabletop exercises. Run a free security scorecard to identify gaps before your insurance renewal.

Expert Witness Testimony

When a claim proceeds to litigation or subrogation, our principal examiner provides expert witness testimony. Court-qualified in digital forensics with experience in both civil and criminal proceedings across multiple Canadian jurisdictions.

Response SLAs

When Minutes Matter

Milestone	SLA	What Happens
Acknowledgment	1 hour	Qualified examiner confirms receipt, gathers initial details from carrier or insured
Initial Response	4 hours	Remote triage begins, containment guidance provided, evidence preservation initiated
On-site or Remote Deployment	24 hours	Full forensic collection underway, either on-site or via remote acquisition tools
Preliminary Findings	48-72 hours	Initial scope assessment, confirmed indicators of compromise and preliminary timeline delivered to carrier

Policy Coverage

Services Covered Under Typical Policies

Incident Response

24/7 breach containment, threat actor eviction, credential rotation coordination and business continuity guidance. Covered under first-party incident response provisions.

Digital Forensics

Forensic imaging, log analysis, memory forensics, malware analysis and timeline reconstruction. Covered under forensic investigation provisions of most cyber policies.

Breach Notification Support

Scope-of-compromise determination, affected records identification and regulatory notification documentation for PIPEDA, provincial legislation and GDPR. Covered under notification expense provisions.

Expert Witness

Court-qualified testimony for coverage disputes, subrogation actions and regulatory proceedings. Covered under legal expense or defense cost provisions.

Remediation Guidance

Post-incident hardening recommendations, control gap analysis and remediation verification. Often covered under crisis management or restoration expense provisions.

Vendor Panel

Add us to your panel.

We provide all documentation required for vendor onboarding: proof of E&O insurance, certifications, methodology documentation, sample reports and references from existing carrier relationships. Most onboarding completes within two weeks.

CISSP, ISSAP, ISSMP certified principal examiner
Court-qualified in British Columbia and Newfoundland
20+ years digital forensics and incident response
Bilingual reporting available (English/French)
Canada-wide coverage with remote and on-site capability

Since 20064.8/5 ratingSOC 2, PCI DSS, ISO 27001

Add Us to Your Vendor Panel File a Claim-Related Engagement

Frequently Asked Questions

Insurance Vendor FAQs

What qualifications does Sherlock Forensics have for insurance panel work?: Our principal examiner holds CISSP, ISSAP and ISSMP certifications and has been court-qualified as a digital forensics expert in British Columbia and Newfoundland. We follow NIST SP 800-86 methodology and maintain strict chain-of-custody protocols that meet evidentiary standards for litigation and regulatory proceedings.
What are your response SLAs for insured engagements?: We provide 1-hour acknowledgment, 4-hour initial response and 24-hour on-site or remote deployment. Our 24/7 incident hotline ensures that when your insured calls at 2 AM, a qualified examiner answers. Call 604.229.1994.
What services are typically covered under cyber insurance policies?: Most cyber insurance policies cover incident response and containment, digital forensic investigation, breach notification support, expert witness testimony and remediation guidance. We provide detailed invoicing that maps directly to standard policy coverage categories for streamlined claims processing.
How do we add Sherlock Forensics to our vendor panel?: Contact us at 604.229.1994 or through our website to begin the onboarding process. We provide all required documentation including proof of insurance, certifications, methodology documentation and sample reporting formats. Most panel onboarding completes within two weeks.

FAQ

Frequently Asked Questions

What qualifications does Sherlock Forensics have for insurance panel work?

Our principal examiner holds CISSP, ISSAP and ISSMP certifications and has been court-qualified as a digital forensics expert in British Columbia and Newfoundland. We follow NIST SP 800-86 methodology and maintain strict chain-of-custody protocols that meet evidentiary standards for litigation and regulatory proceedings.

What are the response SLAs for insured engagements?

We provide 1-hour acknowledgment, 4-hour initial response and 24-hour on-site or remote deployment. Our 24/7 incident hotline ensures that when your insured calls at 2 AM, a qualified examiner answers the phone.

What services are typically covered under cyber insurance policies?

Most cyber insurance policies cover incident response and containment, digital forensic investigation, breach notification support, expert witness testimony and remediation guidance. We provide detailed invoicing that maps directly to standard policy coverage categories for streamlined claims processing.

How do we add Sherlock Forensics to our vendor panel?

Contact us at 604.229.1994 or through our website to begin the onboarding process. We provide all required documentation including proof of insurance, certifications, methodology documentation and sample reporting formats. Most panel onboarding completes within two weeks.

Does Sherlock Forensics produce reports suitable for regulatory breach notifications?

Yes. Our forensic reports address PIPEDA mandatory breach notification requirements, provincial privacy legislation and GDPR obligations for organizations with EU data subjects. Documentation maps directly to regulatory reporting templates so carriers and insureds can meet notification deadlines without reformatting.

Your Insured Has a Breach. We Are Ready.

24/7 incident response from court-qualified forensic examiners. One call to activate. Reports designed for claims files and regulatory submissions.

Call 604.229.1994

Incident Hotline: 604.229.1994
Availability: 24/7/365 - including holidays
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada