Governance
Design and deployment of compliance governance — policies, charters, roles and responsibilities, procedures, dashboards. Construction of the evidentiary documentation required for third-party audits and certification bodies.
Compliance Advisory Firm
Governance · Risk Management · Information Security
Defence supply chain specialist
Positioning
Information security governance requires a genuine distance from operations to remain credible. Mature professions — audit, actuarial science, assurance engineering — have long demonstrated this: objectivity is protected through the separation of functions. Lustrum operates at that distance, by principle and by design.
Expertises
Governance, risk management, and information security are not built at the same level as their day-to-day operation. Lustrum operates at that level of remove — the level that makes objectivity, documentation, and evidence possible.
Design and deployment of compliance governance — policies, charters, roles and responsibilities, procedures, dashboards. Construction of the evidentiary documentation required for third-party audits and certification bodies.
Mapping, assessment, and treatment of technological and organizational risks. Gap analyses and prioritized remediation plans based on recognized Canadian and international methodologies, calibrated to the organization's profile — maturity, size, and applicable obligations.
Design of the security architecture, charters, policies, and procedures, and governance of the management system. Selection of frameworks and controls aligned with the organization's profile — maturity, size, and applicable regulatory obligations.
The Firm
Jean-François Leclerc is the principal analyst and founder of Lustrum. He supports Québec and Canadian organizations in their regulatory compliance, the management of their technological and organizational risks, and the securing of their information assets.
Trained in law, he quickly oriented his practice toward information technology, security, and governance. That trajectory grounds the firm's distinctive articulation between regulatory rigour and technical competence.
The firm has developed a documented specialization in the Canadian and American defence supply chain, read in the context of the geostrategic, industrial, and institutional dynamics that structure it. This position is developed in the analytical monograph The Canadian Defence Supply Chain — Investment, Regulation, and the Logic of Market Access (April 2026). The scope of engagement remains broader than this single segment.