We Offer Two (2) Versions of the WISP - ISO 27002 or NIST 800-53
The Written Information Security Program (WISP) is a comprehensive set of IT security policies and standards - available in either NIST 800-53 or ISO 27002 format. This is a comprehensive, customizable, easily implemented document that contains the policies, control objectives, standards and guidelines that your company needs to establish a world-class IT security program. Our customers choose the Written Information Security Program (WISP) because they:
Our customers choose the Written Information Security Program (WISP) because they:
- Have a need for comprehensive IT security documentation built on an industry framework
- Need to be able to edit the document to their specific needs
- Have documentation that is directly linked to best practices, laws and regulations
- Need an affordable solution
WISP Cost Savings
From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing IT security policies. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!
Example WISPs - ISO & NIST versions
Both versions of the Written Information Security Program (WISP) are logically organized, following industry-recognized best practices
- Easy to implement & tailored to your company (delivered in Microsoft Word format)
- Policies and standards are based on the control framework (ISO 27002 or NIST 800-53)
- Dozens of policies and standards specifically tailored for small to medium businesses
- Complete coverage of all PCI DSS version 3 requirements - over 240 unique PCI DSS control requirements!
- Customizable PCI DSS Controls Matrix in Microsoft Excel (RACI to help manage and assign responsibilities)
- Customizable presentation in Microsoft PowerPoint for information security awareness training ($260 value)
- Certification of information security awareness training form
- Customizable Incident Response Plan (IRP) template
- Business Impact Assessment (BIA) template
- Business Continuity Plan (BCP) & Disaster Recovery (DR) template
- Service provider indemnification & Non-Disclosure Agreement (NDA) template
- User acknowledgement form
- Change management request form
- Risk assessment methodology template
- Appointment orders for an Information Security Officer (ISO)
Our comprehensive Written Information Security Program (WISP) is written in a manner that it is customized to your company, where you will be provided with the policies, procedures, standards, and guidelines required to properly educate your employees to their responsibilities and to provide documentation of your standards. Your Written Information Security Program (WISP) will contain your logo on the front cover and the document is written from your company's perspective, incorporating your company's name throughout the document. This helps employees "take ownership" of the document and abide by the policies.
What do you need to provide when you order a Written Information Security Program (WISP)?
STEP 1 - Select the version you want - ISO 27002 or NIST 800-53
STEP 2 - Provide your company name, as you want it to be in the WISP
STEP 3 - If possible, we would like a high-resolution company logo file (JPG, GIF or BMP) to add to the cover of the WISP.
Note - It is common in policies and other documentation to initial reference the official name of the organization (e.g., full legal name of the company) and the trade / DBA name that is used to commonly refer to the organization. This is usually written in this format: Official Name (Common Name). The reason for this is this covers calling out the legal entity the policy is written for, but then references the common name, by which the company will be referred to through the rest of the document. It makes documents much easier to read.
Examples of "official" and "common" business names are:
- BlackHat Consultants, LLC (BlackHat)
- ACME Consulting, Inc. (ACME)
- Beaverton Valley Chamber of Commerce (BVCC)
- City of Lake Tualatin (CLT)
- SonomaTechnology Consulting, Inc. (SonomaTech)