Frequently Asked Questions (FAQ)

Cybersecurity compliance and the variety of laws and industry regulations can be quite confusing. If you are unable to find an answer to your question in the following FAQs, please contact us and we will respond as soon as we can.

+ How will I receive my order?  

We manually process our orders to customize the documentation and email you the finished documentation either as a secure download link or as an attachment (depends on the size of the order). The exception is with the SSP product, since there is no additional customization needed and that is available as an electronic download. Generally, we process the orders the same day they are received. However, depending on the volume of orders, it may be processed the following business day.

+ Can I Pay With A Purchase Order (PO) or Invoicing?  

In addition to accepting all major credit cards, ComplianceForge can process orders through offline invoicing. It is a simple process where you place the order online and we email you the invoice. However, due to the unfortunate tendency of many companies to process payments slowly (even backed up by a Purchase Order (PO)), we instituted the practice of waiting for payment before orders are processed. With that practice, we found it significantly sped up the payment cycle and prevented wasted time tracking down payment status. Per the ComplianceForge terms and conditions (section 6), "terms of payment are within our sole discretion and, unless otherwise agreed by us in writing, payment must be received by us before our acceptance of an order.

To place an order, select the Invoice / Purchase Order (PO) payment option during the checkout process, since that ensures the order is in the system and that we can generate an invoice for you.

+ Are the products editable?  

Yes. Our products are delivered in editable Microsoft Office formats (e.g., Word, Excel, PowerPoint and Visio). These are editable documents that you are able to modify for your organization's unique needs. There is no software to install - it is just templatized documentation that you can edit for your needs.

+ How are product updates handled?

We put together an entire page to help discuss how products are updated and how customers can be notified of changes -

+ What is the difference between the Digital Security Program (DSP) and the Cybersecurity & Data Protection Program (CDPP)?

We put together an entire page to help discuss those differences -

+ Why are there several versions of the Cybersecurity & Data Protection Program? 

There are three competing frameworks for what really define "best practices" within cybersecurity - (1) National Institute of Standards and Technology (NIST) 800-53, (2) NIST Cybersecurity Framework and (3) International Standards Organization (ISO) 27002. We put together a page to specifically cover the differences between these frameworks -

Our goal is to provide a solution that meets what businesses face today and what they can expect to face in the future. We do not offer “bronze, silver or gold” packages like some competitors offer - we know the industry-recognized best practices and we created solution that meets our client’s business compliance requirements.

+ How are the Digital Security Program (DSP) and Cybersecurity & Data Protection Program (CDPP) a "customized" set of policies? 

Based on our extensive experience consulting with businesses on Information Security projects and documentation, we developed a very robust template of policies, procedures, standards, and guidelines that businesses require to meet compliance requirements. Since most compliance requirements are based on industry-recognized “best practices” and that standards are openly published, we were able to develop a modular approach to policies and create a customized template framework. This allows us to efficiently customize the policies for our clients.

Our solution is approximately 1/10th the cost of hiring a dedicated cybersecurity consultant to write policies for your company. The irony is that those cybersecurity consultants use the same basis of working off templates for their clients. The end result is the same that you get customized Information Security policies for an extremely affordable cost. 

What expertise is relied upon for the Digital Security Program (DSP), Cybersecurity & Data Protection Program (CDPP) & PCI DSS Policy documents?

Our products have been thoroughly peer-reviewed from members of the the IT, Information Security, Physical Security, and Legal professions for a very well-rounded and professional product. 

Why does my business need a Digital Security Program (DSP) or Cybersecurity & Data Protection Program (CDPP)?

A single negligent breach can close your business forever, because liability insurance will not cover professional negligence. Without the ability to prove steps are taken to ensure due care and due diligence are applied to your business operations, you may be considered negligible in a lawsuit. Additionally, it is a tool employers can use to enforce proper conduct by employees. 

Information Security policies form the foundation for your organization's attitudes and actions towards protecting the confidentiality, integrity and availability of your data. This is immensely important in terms of not only keeping you in business from being able to function, but it also puts safeguards in place to reduce your liabilities from the actions your employees either do or fail to do.

We also put together more information here to help explain the differences - 

+ How is your policy manual different from the free templates I can find on the Internet?

You get what you pay for. Free templates are generally of little value, whereas the CDPP and DSP are customized specifically for your company, as if you employed a cybersecurity professional to write it for you. With a lot of template sites, options are given to pick and choose policies. Realistically, unless you are trained in Information Security and legitimately know what components are required to meet compliance minimums with a law or regulation, you are assuming a significant liability. Without expertise, it is a situation of “the blind leading the blind” in selecting and implementing policies.

+ Why don’t I save money and create my own policies?

It took well over 400 hours to develop the cybersecurity policies, standards and guidelines in the CDPP. Even if you do it in 1/4 of the time, how much did that cost you when you could have been doing other things? For what we charge for our products, it is a fantastic deal - it is as simple as that!

The expertise that has been drawn upon to develop the CDPP covers over three decades of experience in mitigating risk for technical, operational, and physical threats. You are buying expertise. With a lot of lesser options on the Internet, you get what you pay for - it is as simple as that. When it comes to the liability facing your company, it would be careless to rely on amateur solutions. You use a CPA for your finances. You see a doctor for your medical care. Why would you rely on an amateur solution for your Information Security needs?

+ Will the CDPP or DSP have your logo or mine?

If you have a logo, have it ready at the time of purchase since you will be prompted to upload it. The cover page of the CDPP will have your company's logo prominently displayed. The rest of the document will have your company name throughout, so anyone reading the document will get the feel the CDPP was custom created and tailored to your company.

+ What if I do not have a logo?

Not a problem - you can have the CDPP or PCI DSS Policy made without a logo if you do not currently have one or if you wish to leave the logo off the cover page. Regardless if you have a logo or not, your company’s name will be embedded throughout the CDPP. The CDPP will still look very professional, even without your logo on the front page.

+ What do I need to provide?

We would like to have a high-resolution company logo file (JPG, GIF or BMP), but we do need your company’s official name and your company’s common name. You will be prompted to upload this information prior to payment.

Examples of "official" and "common" names for businesses: Official Name (Common Name)

+ Can I get additional customization?

Yes. There is added cost involved due to labor incurred, but we can customize to meet your specific requirements.

+ What is 

 We are a niche cybersecurity consulting business. We've been focused on providing cybersecurity and privacy consulting. We've been writing documentation for businesses since 2005. 

+ Is this software or a subscription service?

Neither. Our products are a one-time purchase and no software needs to be installed. The Digital Security Program (DSP) does have an upgrade process to obtain continuous updates, which is different from our other products. The product update process is covered here -

+ How quickly can I receive my order?

Turn around time is generally the same business day, but we give a buffer of 1-2 business days. Upon completing the online transaction, you will receive a confirmation e-mail. The completed product will be delivered to the e-mail address used to register at the time of purchase.

+ What is the refund policy?

Due to the Intellectual Property (IP) nature of the Information Security products and services offered by, we do not offer refunds once the product has been delivered to a client. stands behind its products and services. The quality of the work is equivalent to what is found in a Fortune 500 (enterprise-class) environment and the solutions provided by ComplianceForge are based on industry-recognized leading practices - with many satisfied clients from around the country.

+ Can I get a discount?

Our discounts are built into our bundles ( where we offer discounts up to 45% for certain bundles. We do not "grandfather" discounts on products that are purchased outside of a bundle (e.g., you buy one product this week and come back next week to buy other products). Discounts are only available at the time of purchase with two or more products as part of that purchase. 

Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP)


    Enterprise-Class, Hybrid Framework For Cybersecurity & Privacy What Is The Digital Security Program (DSP)? The DSP is an enterprise-class solution for cybersecurity & privacy documentation consisting of thirty-three (33) domains that defines a...

    Choose Options
  • NIST 800-171 Compliance Program (NCP). This is a bundle of products that are specific to NIST 800-171 and CMMC 2.0 compliance - policies, standards, procedures, SSP & POA&M templates. Editable CMMC 2.0 Level 2 (old Level 3) policies, standards, procedures, SSP & POA&M templates.

    NIST 800-171 Compliance Program (NCP): CMMC Level 2


      UPDATED FOR CMMC 2.0   NIST SP 800-171 & CMMC "Easy Button" Solution - Editable & Affordable Cybersecurity Documentation What Is The NIST 800-171 Compliance Program (NCP)? The NCP is a compilation of editable Microsoft...

    Choose Options

Find Out Exclusive Information On Cybersecurity