Identifying and managing risk is a part of business. We work hard to develop products that assist clients with removing the Fear, Uncertainty & Doubt (FUD) factor that clouds many cybersecurity risk decisions. These products are editable Microsoft Word & Excel templates, so if you can use Microsoft Office products, then you can use these risk management solutions!
When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as risk management. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Risk Management Program (RMP) is one of those products.
ComplianceForge currently offers two (2) products that are specifically designed to assist companies with cybersecurity risk management:
The Risk Management Program (RMP) is program-level documentation that is an essential need for any organization to demonstrate HOW risk is actually managed within an organization. Most companies run into issues during audits when the actual practices for risk management are looked at. The RMP is meant to advance your organization to a mature level of risk management and have the documentation to prove it!
The Cybersecurity Risk Assessment Template (CRA) supports the Risk Management Program (RMP), but it is a stand-alone product that consists of Microsoft Word and Excel templates that enable any organization to conduct repeatable and quality risk assessments. If you can use Microsoft Office products, then you can follow the guidance in the CRA to create your own quality risk assessments. The Cybersecurity Risk Assessment Template (CRA) addresses natural, man-made and cybersecurity risks to provide a robust risk assessment template. The cybersecurity controls used in the template are from NIST 800-171, which is based on leading NIST 800-53 and ISO 27002 controls.
ComplianceForge
Cybersecurity Risk Management Program (RMP) Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about what the RMP is to help answer common questions we receive. What Is The Risk Management...
ComplianceForge
Cybersecurity Risk Assessment Template Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about what the CRA is to help answer common questions we receive. What Is The Cybersecurity Risk...
ComplianceForge
Cybersecurity Business Plan (CBP) Template Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about what the CBP is to help answer common questions we receive. What Is The Cybersecurity...
The NIST Cybersecurity Framework (NIST CSF) is commonly used “cybersecurity best practice” for organ...
Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing and mit...
Determining the scope of controls (e.g., assessment boundary) is different than determining control...
NIST 800-171 focuses on protecting Controlled Unclassified Information (CUI) anywhere it is stored,...
