ComplianceForge: Working Smarter, Not Harder for Comprehensive Cybersecurity Documentation

Beverly Cornelius, Partner & Co-Founder
Documentation is the bane of many cybersecurity programs. All companies need it, but only a few have good documentation that is designed to be scalable, based on leading practices, and also covers their compliance needs. ComplianceForge focuses on this niche within the Governance, Risk & Compliance (GRC) market, which is a specialization within the cybersecurity industry. Their comprehensive documentation solutions help companies become and stay compliant with common cybersecurity and privacy requirements.

“ComplianceForge serves as a business accelerator, where we take care of the tedious and time-consuming work that is associated with generating compliance-related cybersecurity documentation. Quite simply, our focus is to provide solutions to reduce the time, cost and complexity for businesses to meet their cybersecurity and privacy needs,” says Beverly Cornelius, partner and co-founder at ComplianceForge. The vision at ComplianceForge is based on the core understanding of the necessity for businesses of all sizes and industries to adopt secure practices to protect their interests, including their customers, employees, and partners.

ComplianceForge offers best-in-class cybersecurity and privacy compliance documentation to address multiple statutory, regulatory and contractual requirements. “There is no such thing a ‘bronze, silver or gold’ level of compliance since a standard is a standard for a reason. That is the premise we follow in developing our documentation products to help our customers have the needed evidence of due care and due diligence for their compliance needs,” says Cornelius. This compliance-focused approach to cybersecurity documentation also means the solutions can scale for any sized business since it is focused on leading industry practices. As evidence of their products’ ability to scale, their clients range from the Fortune 500 down to small businesses.
Leveraging a competitive advantage for generating a semi-customized approach to its products, ComplianceForge delivers comprehensive cybersecurity documentation solutions for a fraction of the cost and time associated with hiring an external consultant to “custom write” documentation, which is only a modification of an existing policy template. Their specialization addresses a general lack of in-house knowledge in GRC necessary to generate comprehensive documentation to meet common compliance requirements. However, since the products are mapped directly to leading practices and are written in a business-context language, IT generalists can edit and maintain the documentation. ComplianceForge’s solutions are all Microsoft Office-based documentation, so their clients can customize the documentation for their specific needs with tools they already own and know how to use. Interestingly, ComplianceForge sees repeat business from existing clients coming back for new products, such as the EU GDPR-focused Security & Privacy by Design (SPBD) product. And since many technology professionals change jobs every few years, ComplianceForge sees those former employees of clients seek out ComplianceForge, since those individuals want the same level of documentation excellence at their new place of employment.

In 2017, ComplianceForge added the Digital Security Program (DSP) to strengthen its product lineup further. This program also meets customer demand from larger organizations wanting a hybrid solution to address multiple frameworks and to avoid being narrowly constrained by alignment with only a single NIST or ISO cybersecurity framework. The DSP product served as an evolution of their flagship Written Information Security Program (WISP), which is available in either ISO 27002 or NIST 800-53 versions. The DSP addresses gaps in the ISO and NIST frameworks concerning privacy, Internet of Things (OT), Operational Technology (OT), cloud and risk management. Looking into 2018, Cornelius states, “Our innovation efforts will continue to generate much-needed products, including a highly-anticipated Cybersecurity Standardized Operating Procedures (CSOP) product that will provide a massive jumpstart for any company that requires documented processes.”


Tualatin, Oregon , US

Beverly Cornelius, Partner & Co-Founder

Expedites the process of getting and staying compliant through innovative, best-in-class cybersecurity and privacy compliance documentation that addresses multiple statutory, regulatory and contractual requirements