Vendor Compliance

Proactively Managing Third-Party Cybersecurity Risk 

ComplianceForge currently offers one (1) product that is specifically designed to assist companies with proactively managing risk associated with third-parties / vendors / suppliers:

The Vendor Compliance Program (VCP) is an externally-focused document that is tool for organizations to manage cybersecurity risk with its third-party providers. There is are two versions of the VCP - ISO 27002 and NIST 800-53 since these are two of the most common security frameworks that companies align to.

It is never recommended to share your complete policies and standards, since those documents can possibly leak sensitive technical and/or business information that could negatively impact your organization. The Vendor Compliance Program (VCP) solves that problem by creating a shareable document that focuses on the industry-recognized leading practices that you expect your vendors to follow (e.g., NIST 800-53, ISO 27002, PCI DSS, HIPAA, etc.). 

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Vendor Compliance Program (VCP) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a VCP from ComplianceForge is approximately 16% ($2,500+ savings) of the cost as compared to writing your own documentation and 8% ($5,500+ savings) of the cost as compared to hiring a consultant to write it for you!




Sort by: