Comprehensive, Hybrid Security Policies, Standards, Controls & Metrics!
The Digital Security Program (DSP) is our flagship product. Unlike the Written Information Security Program (WISP) that is available in ISO 27002 and NIST 800-53 versions, the DSP is not locked into a single framework – it is a hybrid model that is built for organizations that do not want to be tied to just ISO or NIST frameworks. The DSP is a “best of breed” hybrid that leverages numerous leading frameworks to create a comprehensive security program for your organization!
DSP Product Walkthrough Video
If you have a few minutes, please watch the video for information about the DSP, as well as a look at the deliverables.
DSP Cost Savings
From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing IT security policies. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a DSP from ComplianceForge is approximately 19% ($40,000+ savings) of the cost as compared to writing your own documentation and 9% ($94,000+ savings) of the cost as compared to hiring a consultant to write it for you!
Example Digital Security Program (DSP)
The Digital Security Program (DSP) is logically organized, following industry-recognized best practices that are easy to implement & tailored to your company (delivered in Microsoft Word and Excel formats).
Our comprehensive Digital Security Program (DSP) is written in a manner that it is customized to your company, where you will be provided with the policies, procedures, standards, and guidelines required to properly educate your employees to their responsibilities and to provide documentation of your standards. Your Digital Security Program (DSP) will contain your logo on the front cover and the document is written from your company's perspective, incorporating your company's name throughout the document. This helps employees "take ownership" of the document and abide by the policies.
What do you need to provide when you order a Digital Security Program (DSP)?
STEP 1 - Provide your company name, as you want it to be in the DSP
STEP 2 - If possible, we would like a high-resolution company logo file (JPG, GIF or BMP) to add to the cover of the DSP.
Note - It is common in policies and other documentation to initial reference the official name of the organization (e.g., full legal name of the company) and the trade / DBA name that is used to commonly refer to the organization. This is usually written in this format: Official Name (Common Name). The reason for this is this covers calling out the legal entity the policy is written for, but then references the common name, by which the company will be referred to through the rest of the document. It makes documents much easier to read.
Examples of "official" and "common" business names are:
- BlackHat Consultants, LLC (BlackHat)
- ACME Consulting, Inc. (ACME)
- Beaverton Valley Chamber of Commerce (BVCC)
- City of Lake Tualatin (CLT)
- SonomaTechnology Consulting, Inc. (SonomaTech)
The DSP is the most comprehensive document we’ve made and it is targeted for enterprise-class organizations that have a need to align to the following frameworks:
| NIST 800-171
| NIST Cybersecurity Framework
|| CSA CCM
|| COBIT 5
|| UK DPA
|| MA 201 CMR 17.00
|| CA SB1386
|| OR 646A.200