“Our innovation efforts generate much-needed products, including an industry-first, the Cybersecurity Standardized Operating Procedures (CSOP),” states Cornelius. The CSOP is an editable catalog of templatized procedure statements that is targeted at being an “80 percent solution” which means ComplianceForge did the heavy lifting of writing the bulk of each procedure statement for frameworks that include NIST 800-53, ISO 27002, NIST CSF, and the Secure Controls Framework (SCF). The remaining 20 percent of the procedure statement is filled by clients, who provide the necessary details that are specific to their organization to make it into a customized set of procedures. “The CSOP equates to a time savings of approximately 300-400 hours, so the combined time and cost savings are immense,” stated Cornelius. Products like the CSOP offer a massive jumpstart for any organization that requires documented processes to comply with statutory, regulatory, and contractual obligations.
ComplianceForge’s Microsoft Office-based documentation provides organizations with a proven way to obtain their cybersecurity and privacy compliance documentation. Being Microsoft Word and Excel-based documentation formats, ComplianceForge’s content can be integrated into a variety of third-party GRC platforms and other applications.
Cybersecurity documentation is generally considered less-exciting as other aspects of the cybersecurity industry. However, it is a fundamental requirement for businesses and it shapes the overall cybersecurity posture for an organization. While documentation requirements are not new, regulations such as NIST 800-171 created an immediate business impact that non-compliance with cybersecurity requirements can lead to the loss or cancellation of a government contract. “ComplianceForge established itself as a leading provider of NIST 800-171 compliance-focused documentation. Through listening to our clients, we have enterprise-class solutions targeted for the Fortune 500, as well as tailored solutions for small and medium businesses,” states Cornelius. ComplianceForge is able to provide fully-mapped documentation to address NIST 800-171, EU GDPR, HIPAA, PCI DSS, NY DFS, and many more compliance requirements.
In 2018, ComplianceForge helped launch the Secure Controls Framework (SCF). The SCF has the ambitious goal of providing free cybersecurity and privacy control guidance to cover the strategic, operational, and tactical needs of organizations, regardless of its size, industry, or country of origin. The SCF has a 1-1 mapping with ComplianceForge’s flagship documentation product, the Digital Security Program (DSP). This allows an organization to have “tooth–to-tail” documentation that ranges from policies to control objectives, standards, guidelines, controls, procedures, and metrics. ComplianceForge is continually innovating to refine its documentation products and provide clients with highly relevant solutions to their compliance needs.