Comprehensive Written Information Security Program (WISP) in Microsoft Word format.

Written Information Security Program (WISP) - ISO 27002 or NIST 800-53

Online Delivery Within One Business Day
* Version:
* Formal Company Name (e.g., ACME Business Solutions, Inc.):

(Maximum Size: . Type: )
* Common Company Name (e.g., ACME):

(Maximum Size: . Type: )
Logo File:

(Maximum Size: 4.88 MB. Type: jpg, gif, tiff, bmp)
Related Products
Product Videos
Also Viewed
By Category
Other Details
  • Product Description

    We Offer Two (2) Versions of the WISP - ISO 27002 or NIST 800-53

    The Written Information Security Program (WISP) is a comprehensive set of IT security policies and standards - available in either NIST 800-53 or ISO 27002 format. This is a comprehensive, customizable, easily implemented document that contains the policies, control objectives, standards and guidelines that your company needs to establish a world-class IT security program. Our customers choose the Written Information Security Program (WISP) because they:

    Our customers choose the Written Information Security Program (WISP) because they:

    • Have a need for comprehensive IT security documentation built on an industry framework
    • Need to be able to edit the document to their specific needs
    • Have documentation that is directly linked to best practices, laws and regulations
    • Need an affordable solution


    WISP Cost Savings

    From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing IT security policies. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!



    Example WISPs - ISO & NIST versions





    Both versions of the Written Information Security Program (WISP) are logically organized, following industry-recognized best practices

    • Easy to implement & tailored to your company (delivered in Microsoft Word format)
    • Policies and standards are based on the control framework (ISO 27002 or NIST 800-53)
    • Dozens of policies and standards specifically tailored for small to medium businesses
    • Complete coverage of all PCI DSS version 3 requirements - over 240 unique PCI DSS control requirements!
    • Customizable PCI DSS Controls Matrix in Microsoft Excel (RACI to help manage and assign responsibilities) 
    • Customizable presentation in Microsoft PowerPoint for information security awareness training ($260 value)
    • Certification of information security awareness training form
    • Customizable Incident Response Plan (IRP) template
    • Business Impact Assessment (BIA) template
    • Business Continuity Plan (BCP) & Disaster Recovery (DR) template
    • Service provider indemnification & Non-Disclosure Agreement (NDA) template
    • User acknowledgement form
    • Change management request form
    • Risk assessment methodology template
    • Appointment orders for an Information Security Officer (ISO)


    Our comprehensive Written Information Security Program (WISP) is written in a manner that it is customized to your company, where you will be provided with the policies, procedures, standards, and guidelines required to properly educate your employees to their responsibilities and to provide documentation of your standards. Your Written Information Security Program (WISP) will contain your logo on the front cover and the document is written from your company's perspective, incorporating your company's name throughout the document. This helps employees "take ownership" of the document and abide by the policies.


    What do you need to provide when you order a Written Information Security Program (WISP)?

    STEP 1 - Select the version you want - ISO 27002 or NIST 800-53 

    STEP 2 - Provide your company name, as you want it to be in the WISP

    STEP 3 - If possible, we would like a high-resolution company logo file (JPG, GIF or BMP) to add to the cover of the WISP.

    Note - It is common in policies and other documentation to initial reference the official name of the organization (e.g., full legal name of the company) and the trade / DBA name that is used to commonly refer to the organization. This is usually written in this format: Official Name (Common Name). The reason for this is this covers calling out the legal entity the policy is written for, but then references the common name, by which the company will be referred to through the rest of the document. It makes documents much easier to read.

    Examples of "official" and "common" business names are:

    • BlackHat Consultants, LLC (BlackHat)
    • ACME Consulting, Inc. (ACME)
    • Beaverton Valley Chamber of Commerce (BVCC)
    • City of Lake Tualatin (CLT)
    • SonomaTechnology Consulting, Inc. (SonomaTech)


  • Product Reviews


    Write A Review

    1. Top quality, cost effective and quick!

      I’ve been doing Infosec and Compliance policy work for 15 years and haven’t seen an offering as impressive and easy to implement as Compliance Forge. The WISP 27002 package (with an extra hint of HIPAA), provided us quality and complete content, excellent formatting, flexibility and critical supplemental documentation (exceptions, data classification and handling, roles, risk assessment, RACI, etc.). Of course you have to customize but that’s fast and easy and it would be great to have some of the control content in Excel. Controls are linked to authoritative sources through clear annotation; policy implementation time is cut in half - at least. Other market offerings couldn’t meet control requirements or ease of use and we had to invest in a framework that our clients and regulators instantly recognized. Compliance Forge is “one and done” at a fraction of the competition’s price and tremendous. Support is top notch. on Nov 16th 2016

    2. Great product and great price

      A good start to a proper security plan. Compliance Forge Support is very responsive and very helpful. on Oct 9th 2016

  • Find Similar Products by Category

Sign up for our Newsletter!