Written Information Security Policies & Standards for NIST 800-53, DFARS, FAR, NIST 800-171,ISO 27002, NISPOM, FedRAMP, PCI DSS, HIPAA, NY DFS 23 NYCCRR 500 and MA 201 CMR 17.00 compliance

Security Documentation Starts with Policies & Standards 

Our products offer coverage for these and other leading frameworks and requirements:

NIST 800-53
NIST 800-171
NIST Cybersecurity Framework (CSF)
National Industrial Security Program Operating Manual (NISPOM)
Defense Federal Acquisition Regulation Supplement (DFARS 252.204-7012)
Federal Acquisition Regulation (FAR 52.204-21)
FedRAMP
Fair & Accurate Credit Transactions Act (FACTA)
Financial Industry Regulatory Authority (FINRA)

ISO 27002
ISO 27018
Generally Accepted Privacy Principles (GAPP)
Payment Card Industry Data Security Standard (PCI DSS)
Control Objectives for Information and Related Technology (COBIT 5)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes Oxley Act (SOX)
Gramm Leach Bliley Act (GLBA)
NY DFS 23 NYCCRR 500

American Institute of CPAs (AICPA) Service Organization Control (SOC2)
Center for Internet Security Critical Security Controls (CIS CSC)
Cloud Security Alliance Cloud Controls Matrix (CSA CCM)
European Union Agency for Network and Information Security (ENISA)
European Union General Data Protection Regulation (EU GDPR)
United Kingdom Data Protection Act (UK DPA)
Massachusetts 201 CMR 17.00
Oregon Identity Theft Protection Act (ORS 646A)

ComplianceForge offers three (3) unique products to implement an organization-wide security program: 

complianceforge-dsp.jpg complianceforge-nist-wisp.jpg complianceforge-iso-wisp.jpg
Click To Learn More Click To Learn More Click To Learn More

 digital-cybersecurity-security-program-documentation.jpg

Cost Savings Comparison

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Written Information Security Program (WISP) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!

   2017-pricing-written-information-security-program-wisp.jpg   

Digital Security Program (DSP) Cost Savings Estimate

Similar to the WISP example above, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a DSP from ComplianceForge is approximately 17% ($37,000+ savings) of the cost as compared to writing your own documentation and 8% ($90,000+ savings) of the cost as compared to hiring a consultant to write it for you!

 2017-pricing-cybersecurity-digital-security-policy-program.jpg

 

 

Documentation Hierarchy

 In both the Written Information Security Program (WISP) and Digital Security Program (DSP), we use a hierarchical model to design the documentation. The idea is the structure allows the mapping of policies all the way down to metrics. 

Component

Example Content 
comprehensive-cybersecurity-documentation.jpg  comprehensive-cybersecurity-documentation-example.jpg

Policies are “high level” statements of management’s intent and are intended to guide decisions to achieve rational outcomes. Policies are not meant to be prescriptive, but provide an overall direction for the organization.

Control Objectives support policy by identifying applicable requirements that the organization needs to address. These applicable requirements can be best practices, laws or other legal obligations.

Standards establish formal requirements in regards to processes, actions and configurations. Standards are entirely focused on providing narrowly-focused, prescriptive requirements that are quantifiable.

Procedures are formal methods of performing a task, based on a series of actions conducted in a defined and repeatable manner.

Controls are technical or administrative safeguards that may prevent, detect or lessen the ability of the threat actor to exploit a vulnerability.

Metrics are designed to facilitate decision-making, improve performance, and improve accountability through the collection, analysis, and reporting of relevant performance-related data.

Which Product Is Right For You?

Give us a call or send us an email - we are happy to help you find the right solution for your needs!

 

 

Sort by:

Sign up for our Newsletter!

×
×