A manufacturing group optimizes data lifecycle and accelerates compliance with Qohash

Region: QC, Canada

“I was surprised by the human approach, the speed of execution, and the quick results. In just six weeks, we reduced our risk and achieved tangible outcomes that other solutions couldn’t deliver in three months.”

— Jean‑François Nadeau, CISO, Soucy

Soucy is an integrated manufacturing and distribution group ranked among the Top 100 largest companies in Quebec by Les Affaires. It is composed of 12 independent SMEs operating across three continents. Soucy’s multi-subsidiary model requires managing a large volume of unstructured data from multiple sources, spread across diverse technical environments and subject to different regulations depending on the territory and industry.

Regulatory and operational pressures

With increasingly stringent legislative requirements, Soucy needed to urgently locate its unstructured data and regain control over its data lifecycle to comply with standards such as Quebec’s Law 25 and PCI-DSS.

These regulatory and operational demands highlighted two critical needs:

• Gaining better visibility into the scattered unstructured data across the organization.
• Ensuring effective, continuous data governance.

Searching for the right solution

Previous attempts with other providers had been abandoned after three months due to the lack of results and support. “It was extremely cumbersome, produced no conclusive outcomes, and we were left stranded,” explained Jean‑François Nadeau.

Faced with the limits of traditional approaches, Soucy’s cybersecurity team sought a partner capable of combining rapid deployment, technological flexibility, and strong human support. Qohash stood out by meeting all three requirements, while also providing the adaptability to align with Soucy’s evolving business needs.

“Once everything was in place, the results were practically instantaneous.”

— Jean‑François Nadeau, CISO, Soucy

Results and benefits

The benefits were immediate, starting from the first scans. Qohash quickly uncovered social insurance numbers, forgotten backups, and other sensitive files – even on the oldest servers. Using contextual tagging (QTags) and customized regex, the team was able to filter out noise and prioritize corrective actions.

For Jean‑François, the platform enables a true “trust but verify” approach: objectively confirming that files scheduled for deletion were truly gone. “With Qohash, we can be certain that actions are taken – confirming that a copy no longer exists or that a file has actually been deleted.”

He also pointed out the natural tendency to create duplicates: “People don’t have bad intentions, but many suffer from the squirrel syndrome – creating copies everywhere.” Qohash provides full visibility into the data, no matter where it resides, and enables decisive action to ensure compliance.

The Qohash difference

Unlike other solutions they had previously tried, Qohash delivered clear, actionable results in less than two weeks. The team quickly gained visibility into their sensitive data, understood where it was located, and took action. “After three months with the other provider, the result was that we gave up. After six weeks with Qohash, I knew exactly what sensitive information I had, where it was, and I was able to reduce our risk.”

Jean‑François emphasized that the human partnership made all the difference: “Behind Qohash, there’s a person who stays with us and remains available throughout the process. With Qohash, we’re not just buying a technology solution; we’re buying an innovation enriched by a human experience tailored to our needs.”

Looking ahead

In just six weeks, Soucy gained unmatched visibility into its sensitive data, established a lifecycle aligned with Law 25, and validated the value of a true human partnership with Qohash. This collaboration now positions Soucy to extend this approach across all its strategic operations.