Security Documentation Does Have A Life Cycle
Cybersecurity is a constantly-evolving field and this means security documentation eventually needs updates to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies. However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain. Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed.
- Policies - Policy statements are the most static components of the documentation hierarchy, since policies focus on high-level statements of management intent. Policies should be good for 3-5 years without making changes.
- Standards - For the most part, standards generally change when influenced by a statutory, regulatory or contractual obligation. Standards can also change when new technologies are introduced. Annual reviews of standards are needed to ensure those are still accurate for your environment, but similar to policies, your standards should be good for a 3-5 year life cycle without making many changes.
- Procedures - Procedures are the most dynamic component of your security documentation. Procedures are influenced by your available people, processes and technologies, so you have to expect procedure documentation to be a "living document" where it requires ongoing attention to keep it current.
Upgrade Pricing for all products other than the Digital Security Program
In an effort to reward existing customers, we have three different tiers of pricing for upgrades:
- Within 90 days of purchase - No charge
- Within 365 days of purchase - 25% of current product price
- Beyond 365 days of purchase - 50% of current product price
Upgrade Pricing specific to the Digital Security Program & Cybersecurity Standardized Operating Procedures (CSOP)
Clients who purchase the Digital Security Program (DSP) or DSP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of DSP and CSOP product updates will be included in the purchase of the DSP or CSOP. Following that first year, clients have a choice between two (2) ways to update the DSP and CSOP:
- For the DSP, there is an annual subscription service ($1,200/year) that provides the client with the most current versions of the DSP as they are released, including errata. Similarly, for the CSOP, there is an annual subscription service ($600/yr) that also provides current versions, including errata; or
- Utilize the existing non-subscription upgrade model where a client would pay 50% of MSRP for the DSP/CSOP when they want to upgrade.
Upgrade Pricing specific to the NIST 800-171 Compliance Program (NCP)
Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to product updates. Starting in January 2020, the first year of NCP product updates will be included in the purchase of the NCP. Following that first year, clients have a choice between two (2) ways to update the NCP:
- An annual subscription service ($750/year) that provides the client with the most current versions of the NCP as changes to NIST 800-171 and CMMC are released, including errata; or
- Utilize the existing non-subscription upgrade model where a client would pay 50% of MSRP for the NCP when they want to upgrade.
Why We Charge For Updates
It takes our staff time to keep current on these changes and we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.
How To Get An Update
Contact us at firstname.lastname@example.org to start the process. We will send you an invoice that you can pay online or with a check. Upgrades are only eligible for purchases by the company that made the original purchase.
We let our customers know about major product updates and new products through our newsletter. You can sign up for the newsletter when you create an account or you can email us at email@example.com and we'll add you to the newsletter.