Security Documentation Does Have A Life Cycle
Cybersecurity is a constantly-evolving field and this means security documentation eventually needs updates to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies. However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain. Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed.
- Policies - Policy statements are the most static components of the documentation hierarchy, since policies focus on high-level statements of management intent. Policies should be good for 3-5 years without making changes.
- Standards - For the most part, standards generally change when influenced by a statutory, regulatory or contractual obligation. Standards can also change when new technologies are introduced. Annual reviews of standards are needed to ensure those are still accurate for your environment, but similar to policies, your standards should be good for a 3-5 year life cycle without making many changes.
- Procedures - Procedures are the most dynamic component of your security documentation. Procedures are influenced by your available people, processes and technologies, so you have to expect procedure documentation to be a "living document" where it requires ongoing attention to keep it current.
Please note that when product updates are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes.
In an effort to reward existing customers, we have three different tiers of pricing for upgrades:
- Within 90 days of purchase - No charge
- Within 365 days of purchase - 25% of current product price
- Beyond 365 days of purchase - 50% of current product price
Upgrade Pricing specific to the Digital Security Program & Cybersecurity Standardized Operating Procedures (CSOP)
Clients who purchase the Digital Security Program (DSP) or DSP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of DSP and CSOP product updates will be included in the purchase of the DSP or CSOP. Following that first year, clients have a choice to renew the subscription. Note - if a client skips one or more years of a DSP or CSOP subscription, the cost to restart the subscription for one year is 50% of the published MSRP of the product.
For subscription renewals for the DSP and DSP version of the CSOP, these are the links to renew:
- DSP only subscription ($1,300/yr)
- CSOP only subscription ($700/yr)
- DSP & CSOP subscription ($2,000/yr)
Upgrade Pricing specific to the NIST 800-171 Compliance Program (NCP)
Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to NCP updates ($800/yr) when the first year of updates expires. The first year of NCP product updates is included in the purchase of the NCP and following that first year, clients have a choice between two (2) ways to update the NCP:
- An annual subscription service ($800/year) that provides the client with the most current versions of the NCP as changes to NIST 800-171 and CMMC are released, including errata; or
- Utilize the existing non-subscription upgrade model where a client would pay 50% of MSRP for the NCP when they want to upgrade.
Why We Charge For Updates
It takes our staff time to keep current on these changes and we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.
How To Get An Update
Contact us at firstname.lastname@example.org to start the process or order online (see above). Upgrades are only eligible for purchases by the company that made the original purchase.
We let our customers know about major product updates and new products through our newsletter. You can sign up for the newsletter when you create an account or you can email us at email@example.com and we'll add you to the newsletter.