ComplianceForge: Innovative, Comprehensive and Affordable Cybersecurity and Privacy Documentation

Follow ComplianceForge on :

Tom Cornelius, Senior Partner
ComplianceForge is a business accelerator that continues to innovate with its products. “We created the Hierarchical Cybersecurity Governance Framework (HCGF) to help define ‘what right looks like’ for cybersecurity and privacy-related documentation in the industry. This helps all parties involved in governance, risk, and compliance to have the same baseline understanding,” states Tom Cornelius, the senior partner at ComplianceForge. With new laws and regulations, specifically, the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) and the California Consumer Privacy Act (CCPA), companies that once existed in an unregulated environment are now finding themselves in scope for compliance. The stark reality with compliance is that if it is not documented, it simply does not exist. ComplianceForge’s award-winning line-up of cybersecurity and privacy documentation solutions are focused on accelerating the actions an organization needs to put in place to be considered “audit-ready” and reduce those associated costs. The approach ComplianceForge applies to its documentation is to provide an affordable solution that is scalable and comprehensive yet written in a concise manner that is understandable for non-technical individuals.

ComplianceForge has been providing businesses with cybersecurity-related documentation since 2005. While it started focused on framework-specific policies and standards, it evolved into offering a myriad of cybersecurity and privacy documentation products. As compliance requirements have expanded over the past few years, companies are reporting that they need products that can help them with their evolving needs. “Our innovation efforts generate much-needed products that are focused on immediate business needs. For example, nearly every organization has requirements for documented procedures, but that is often neglected due to the enormous time constraints associated with the task. In response to that need, ComplianceForge developed the Cybersecurity Standardized Operating Procedures (CSOP),” states Cornelius. The CSOP is an editable catalog of templatized procedure statements that is targeted at being an “80 percent solution”. This means ComplianceForge did the heavy lifting of writing the bulk of each procedure statement for frameworks that include NIST 800-53, ISO 27002, NIST CSF, and the Secure Controls Framework (SCF).
The remaining 20 percent of the procedure statement is filled by clients whose subject matter experts provide the necessary details that are specific to their organization. This makes it relatively easy for an organization to tackle what was once a massive project and make it a manageable process through offering a semi-customized set of templated procedures. “The CSOP equates to a time savings of approximately 300-400 hours, so the combined time and cost savings are immense,” stated Cornelius. Products like the CSOP offer a massive jumpstart for any organization that requires documented processes to comply with statutory, regulatory, and contractual obligations.

ComplianceForge’s Microsoft Office-based documentation provides organizations with a proven way to obtain their cybersecurity and privacy compliance documentation. Being Microsoft Word and Excel-based documentation formats, ComplianceForge’s content can be integrated into a variety of third-party GRC platforms and other applications. ComplianceForge works with several GRC platforms, providing “premium content” for these technology solutions so their clients may have quality policies, standards, controls and procedures specific for their needs, without having to go through the time and expense of writing their documentation.

Cybersecurity documentation is generally considered “less-exciting” when compared to other aspects of the cybersecurity industry that garner headlines. However, the documentation provided by ComplianceForge addresses a fundamental requirement for businesses and can help shape the overall cybersecurity posture for an organization towards more secure practices. While documentation requirements are not new, regulations such as NIST 800-171 and CMMC created an immediate business impact that non-compliance with cybersecurity requirements can lead to the loss or cancellation of a government contract. “ComplianceForge established itself as a leading-provider of NIST 800-171 and CMMC compliance-focused documentation. Through listening to our clients, we have enterprise-class solutions targeted for the Fortune 500, as well as tailored solutions for small and medium businesses,” states Cornelius. ComplianceForge can provide fully-mapped documentation to address NIST 800-171, CMMC, CCPA, PCI DSS, SOC 2, EU GDPR, HIPAA, PCI DSS, NY DFS, and many more compliance requirements.


Sheridan, Wyoming

Tom Cornelius, Senior Partner

As a business accelerator, ComplianceForge strives to provide cybersecurity and privacy solutions to save clients both time and money to meet their cybersecurity and privacy documentation needs. The company’s unique business model allows them to sell their documentation solutions at a competitive price when compared to hiring a consultant to custom-develop documentation or writing it in-house with your existing staff. With a comprehensive and powerful documentation capability, the company enables clients to efficiently become and stay compliant with common cybersecurity and privacy requirements