ComplianceForge: Innovative, Comprehensive, and Affordable Cybersecurity Documentation

Tom Cornelius, Senior Partner
“When creating compliance-focused documentation, we understand that a standard is a standard for a reason,” states Tom Cornelius, Senior Partner at ComplianceForge. The stark reality of compliance is that if it is not documented, it simply does not exist. ComplianceForge’s award-winning lineup of cybersecurity and privacy documentation solutions are focused on assisting organizations with clearly documenting their statutory, regulatory, and contractual obligations, so that, they can be audit ready.

“Our innovation efforts generate much-needed products, including an industry-first, the Cybersecurity Standardized Operating Procedures (CSOP),” states Cornelius. The CSOP is an editable catalog of templatized procedure statements that is targeted at being an “80 percent solution” which means ComplianceForge did the heavy lifting of writing the bulk of each procedure statement for frameworks that include NIST 800-53, ISO 27002, NIST CSF, and the Secure Controls Framework (SCF). The remaining 20 percent of the procedure statement is filled by clients, who provide the necessary details that are specific to their organization to make it into a customized set of procedures. “The CSOP equates to a time savings of approximately 300-400 hours, so the combined time and cost savings are immense,” stated Cornelius. Products like the CSOP offer a massive jumpstart for any organization that requires documented processes to comply with statutory, regulatory, and contractual obligations.

ComplianceForge’s Microsoft Office-based documentation provides organizations with a proven way to obtain their cybersecurity and privacy compliance documentation. Being Microsoft Word and Excel-based documentation formats, ComplianceForge’s content can be integrated into a variety of third-party GRC platforms and other applications.
ComplianceForge works with several GRC platforms, providing “premium content” for these technology solutions so their clients may have quality policies, standards, controls, and procedures specific for their needs, without having to go through the time and expense of writing their own documentation.

Cybersecurity documentation is generally considered less-exciting as other aspects of the cybersecurity industry. However, it is a fundamental requirement for businesses and it shapes the overall cybersecurity posture for an organization. While documentation requirements are not new, regulations such as NIST 800-171 created an immediate business impact that non-compliance with cybersecurity requirements can lead to the loss or cancellation of a government contract. “ComplianceForge established itself as a leading provider of NIST 800-171 compliance-focused documentation. Through listening to our clients, we have enterprise-class solutions targeted for the Fortune 500, as well as tailored solutions for small and medium businesses,” states Cornelius. ComplianceForge is able to provide fully-mapped documentation to address NIST 800-171, EU GDPR, HIPAA, PCI DSS, NY DFS, and many more compliance requirements.

In 2018, ComplianceForge helped launch the Secure Controls Framework (SCF). The SCF has the ambitious goal of providing free cybersecurity and privacy control guidance to cover the strategic, operational, and tactical needs of organizations, regardless of its size, industry, or country of origin. The SCF has a 1-1 mapping with ComplianceForge’s flagship documentation product, the Digital Security Program (DSP). This allows an organization to have “tooth–to-tail” documentation that ranges from policies to control objectives, standards, guidelines, controls, procedures, and metrics. ComplianceForge is continually innovating to refine its documentation products and provide clients with highly relevant solutions to their compliance needs.


Tualatin, OR

Tom Cornelius, Senior Partner

Leading provider of cybersecurity and privacy documentation that expedites the process of getting and staying compliant through innovative, best-in-class policies, procedures and other documentation solutions