- Policies & Standards - Security, Compliance & Resilience Program (SCRP)
- Procedures - Security, Compliance & Resilience Program (SCRP)
Don't Write It From Scratch.
Most compliance documentation locks you into one framework's language, then breaks the moment a customer, regulator, or new contract points you at a different one. Could your policies and procedures answer NIST, ISO, HIPAA, and a state privacy law from one source today? SCF Bundle 1 pairs the SCRP with its matching CSOP, an editable set of policies, standards, procedures, and metrics mapped to over 200 frameworks through the Secure Controls Framework, so your team tailors rather than authors and starts roughly 80 to 90 percent of the way there.
The SCRP and its corresponding Cybersecurity Operating Procedures (CSOP), come together to provide "premium GRC content" that enables an organization to establish or refresh its GRC practices by providing GRC policies and GRC procedures. This bundle is focused on the providing the "meat & potatoes" of a cybersecurity and privacy program - the policies, standards, controls, procedures and metrics that form the basis of security and privacy operations. This bundle goes beyond just having cybersecurity policies and standards. The end result with the SCRP is a comprehensive, customizable, easily-implemented set of documentation that your company needs to establish a scalable, "best in class" cybersecurity and privacy program. Being Microsoft Word documents, you have the ability to make edits, as needed. Please note that if you want a customized bundle, we are happy to create one for you. Just contact us with your needs and we will generate a quote for you.
This bundle combines the Security, Compliance & Resilience Program (SCRP) and the SCRP version of the Cybersecurity Standardized Operating Procedures (CSOP). Together, these two products provide enterprise-grade documentation that maps to over 200 statutory, regulatory, and contractual frameworks via the Secure Controls Framework (SCF).
What Is The SCF Bundle 1?
SCF Bundle 1 is the entry-level enterprise documentation bundle in the Secure Controls Framework family. It combines the Security, Compliance & Resilience Program (SCRP) and the SCRP version of the Cybersecurity Standardized Operating Procedures (CSOP) into a single, coordinated documentation set.
This bundle is focused on providing the "meat and potatoes" of a cybersecurity and privacy program. The SCRP delivers the policies, standards, and metrics that define what the organization will do. The CSOP delivers the procedures that define how those policies are operationalized day-to-day.
Because both products are mapped 1-to-1 with the Secure Controls Framework, the bundle scales to address over 200 cybersecurity and data privacy laws, regulations, and frameworks without forcing the organization into a single-framework taxonomy like NIST 800-53 or ISO 27002.
No Software To Install
This bundle is a one-time purchase of editable Microsoft Office-based documentation templates. There is no software to install, no agent to deploy, no account to provision, and no cloud environment to configure. If your organization can open and edit Microsoft Word or Excel files (or compatible tools like OpenOffice and Google Workspace), you can use every product in this bundle.
Microsoft Word and Excel
Delivered as fully editable .docx and .xlsx files. Compatible with Word 2016 and newer, Microsoft 365, OpenOffice, LibreOffice, and Google Docs/Sheets.
Email Delivery
All documents in the bundle are delivered via email download link within 1-2 business days of purchase. There is no installer, no license server, and no activation step.
One-Time Purchase
A single-entity license is included with purchase. The bundle price is a one-time charge. SCRP and CSOP include the first year of product updates, with optional annual subscription renewals available thereafter.
This deployment model is intentional. Cybersecurity documentation benefits from being in the organization's own hands, inside the organization's own version control and document management systems, rather than locked inside a vendor's SaaS tool. Once delivered, every document in this bundle belongs to the buyer.
What Problems Does The SCF Bundle 1 Solve?
Organizations building a cybersecurity and privacy program typically need policies, standards, and procedures that work together. Buying them separately costs more and risks inconsistencies between the documents. The SCF Bundle 1 is designed to solve these challenges.
Multi-Framework Compliance
Most organizations face more than one compliance requirement. The SCRP's 1-to-1 mapping with the SCF means a single set of policies and standards covers over 200 frameworks at once, eliminating the need to maintain separate documentation per framework.
Coordinated Policies and Procedures
The SCRP and CSOP are designed to work together, with the CSOP providing 1-to-1 procedure mapping to SCRP standards. There are no orphan controls and no inconsistencies between the policy and procedure layers.
Faster Program Stand-Up
Building SCRP-level documentation in-house typically takes 1,900+ hours. The SCF Bundle 1 provides a professionally-written baseline that can be customized in a fraction of that time.
How Does The SCF Bundle 1 Solve These Problems?
The SCF Bundle 1 delivers a pre-assembled, coordinated set of two products that together establish the policy, standards, procedure, and metrics foundation for a cybersecurity and privacy program.
SCF-Aligned Documentation
Both products are mapped 1-to-1 with the Secure Controls Framework (SCF), which covers 34 domains across over 200 statutory, regulatory, and contractual frameworks. Compliance with multiple frameworks happens through a single control set.
Audit-Defensible Documentation
Both documents are written to withstand scrutiny by external assessors. The SCRP includes control objectives, metrics, and capability maturity criteria. The CSOP provides 1-to-1 procedure-to-control mapping for evidence of implementation.
Same-Day Delivery
ComplianceForge processes most orders the same business day. Expect delivery within 1-2 business days of purchase, with both products arriving together.
What Is Included In The SCF Bundle 1?
The SCF Bundle 1 includes 2 ComplianceForge products delivered together as a discounted bundle. Each product listed below is a complete, standalone deliverable. The bundle discount applies because these products are frequently purchased together.
Cost Savings Estimate - SCF Bundle 1
When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing this bundle from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:
Internal Staff Cost
For your internal staff to generate comparable documentation, it would take them an estimated 1,900 internal staff work hours, which equates to a cost of approximately $177,250 in staff-related expenses. This is about 12-24 months of development time where your staff would be diverted from other work.
The SCF Bundle 1 is approximately 7% of the cost for your internal staff to generate equivalent documentation.
External Consultant Cost
If you hire a consultant to generate this documentation, it would take them an estimated 1,600 contractor work hours, which equates to a cost of approximately $507,250. This is about 9-18 months of development time for a contractor to provide you with the deliverable.
The SCF Bundle 1 is approximately 2% of the cost for an external consultant to generate equivalent documentation.
How Much Customization Is Remaining?
Given the difficult nature of writing templated cybersecurity documentation, ComplianceForge aims for approximately an 80 - 90% solution because it is impossible to write a 100% cookie-cutter document that can be equally applied across every organization. ComplianceForge did the heavy lifting, and the remaining work is to fine-tune the SCF Bundle 1 with the specific information that only your organization knows.
In practice, customization across both products in this bundle is essentially filling in the blanks and following the guidance provided to identify the who, what, when, where, why, and how for your specific environment. Typical customization tasks include adding your company name and logo (applied automatically to every document in the bundle), tailoring parameters such as review cadences and thresholds, naming specific owner roles, and removing sections that do not apply to your organization.
Professional Services
ComplianceForge offers optional professional services to customize purchased documentation. Professional services are not required to customize ComplianceForge documentation. However, some clients want our subject matter expertise to help customize their documentation to meet their specific business needs. If you have any questions about our professional services, please contact us at:
We offer the following professional service bundles:
5-Hour Bundle
This includes five (5) hours of professional services, which may be beneficial for companies that need some guidance on getting started with how to tailor their documentation.
10-Hour Bundle
This includes ten (10) hours of professional services, which may be beneficial for companies that need additional guidance on tailoring their documentation to meet their compliance requirements.
20-Hour Bundle
This includes twenty (20) hours of professional services, which may be beneficial for companies that need robust services, beyond just 10 hours, to assist in tailoring their documentation to meet their compliance requirements.
Purchased professional service hours expire 120 days (4 months) from the time of purchase if unused. Hours are intended to supplement, not replace, your own customization work, since only your organization knows the exact details to tailor your documentation. For questions regarding scoping a professional services engagement or configuring a custom package, contact ComplianceForge directly through the Contact Us page.
SCF Coverage - 200+ Frameworks
The SCF Bundle 1 is built around the Secure Controls Framework (SCF), which maps to over 200 statutory, regulatory, and contractual frameworks. The SCF is comprised of 34 domains that cover the high-level topics expected to be addressed by cybersecurity and privacy obligations.
Common frameworks the SCF maps to include NIST 800-53, NIST CSF 2.0, ISO 27001/27002, NIST 800-171/CMMC, HIPAA, PCI DSS, SOC 2, GDPR, CCPA/CPRA, and many more. This makes the SCF Bundle 1 a strong fit for organizations that need to address multiple compliance obligations and prefer not to be locked into the taxonomy of a single framework.
Need A Custom Bundle?
The SCF Bundle 1 covers the most common SCF starter configuration, but every organization's needs are different. ComplianceForge will build a custom bundle for any combination of products if your requirements differ from the standard bundles.
If you need additional operational documentation beyond policies, standards, and procedures (such as risk management, vulnerability management, incident response, supply chain risk, or business continuity), consider stepping up to the SCF Bundle 2 (Robust Documentation Solution), which adds 11 additional products at a 45% discount. To request a custom bundle quote, contact ComplianceForge directly with a list of products you need and your timeline.