Frequently Asked Questions (FAQ)

If you are unable to find an answer to your question in the following FAQs, please contact us and we will respond as soon as we can.

What is the order process? 

Purchase NIST 800-171 Compliance Documentation Online

How will I receive my order?

We manually process our orders to customize the documentation and email you the finished documentation either as a secure download link or as an attachment (depends on the size of the order). The exception is with the SSP product, since there is no additional customization needed and that is available as an electronic download. Generally, we process the orders the same day they are received. However, depending on the volume of orders, it may be processed the following business day.

How can I get a quote?

If you need a formal quote, please use the “Add To Quote” feature on the product page. This will allow us to generate a formal quote for you.

Can I pay with a Purchase Order (PO) or an offline invoice?

Yes. In addition to accepting all major credit cards, ComplianceForge can process orders through offline invoicing. It is a simple process where you place the order online and we email you the invoice. However, due to the unfortunate tendency of many companies to process payments slowly (even backed up by a Purchase Order (PO)), we instituted the practice of waiting for payment before orders are processed. 

If you need a formal quote, please use the “Add To Quote” feature on the product page. This will allow us to generate a formal quote for you.

Are the products editable?

Yes. Our products are delivered in editable Microsoft Office formats (e.g., Word, Excel, PowerPoint, Visio, etc.). These are editable documents that you are able to modify for your organization's unique needs. There is no software to install - it is just templatized documentation that you can edit for your needs.

How are product updates handled?

We put together an entire page to help discuss how products are updated and how customers can be notified of changes - FAQ - Product Updates

Is this software or a subscription service?

Neither. Our products are a one-time purchase and no software needs to be installed. However, the Digital Security Program (DSP) and NIST 800-171 Compliance Program (NCP) products do include one year of updates. Our product update process is covered here - FAQ - Product Updates

How quickly can I receive my order?

Turn around time is generally the same business day for orders placed by credit card, but we give a buffer of 1-2 business days. Upon completing the online transaction, you will receive a confirmation e-mail. The completed product will be delivered to the e-mail address used to register at the time of purchase. If you pay by PO/Invoice, we do not process the order until payment is received.

What is the refund policy?

Due to the Intellectual Property (IP) nature of the products offered by ComplianceForge, we do not offer refunds once the product has been delivered to a client. ComplianceForge stands behind its products and services. The quality of the work is equivalent to what is found in a Fortune 500 (enterprise-class) environment and the solutions provided by ComplianceForge are based on industry-recognized leading practices - with many satisfied clients.

Can I get a discount?

Our discounts are built into our bundles, where we offer discounts up to 45% for certain bundles. We do not "grandfather" discounts on products that are purchased outside of a bundle (e.g., you buy one product this week and come back next week to buy other products). Discounts are only available at the time of purchase with two or more products as part of that purchase. 

What is the difference between the DSP & CDPP products?

We put together an entire page to help discuss the differences between the Digital Security Program (DSP) and the Cybersecurity & Data Protection Program (CDPP) - DSP vs CDPP.

+ How are the Digital Security Program (DSP) and Cybersecurity & Data Protection Program (CDPP) a "customized" set of policies? 
Based on our extensive experience consulting with businesses on Information Security projects and documentation, we developed a very robust template of policies, procedures, standards, and guidelines that businesses require to meet compliance requirements. Since most compliance requirements are based on industry-recognized “best practices” and that standards are openly published, we were able to develop a modular approach to policies and create a customized template framework. This allows us to efficiently customize the policies for our clients.

Our solution is approximately 1/10th the cost of hiring a dedicated cybersecurity consultant to write policies for your company. The irony is that those cybersecurity consultants use the same basis of working off templates for their clients. The end result is the same that you get customized Information Security policies for an extremely affordable cost. 

How is your documentation different from the free templates I can find on the Internet?

You get what you pay for. Free templates are generally of little value, whereas ComplianceForge products are high-quality, professionally-written solutions for your compliance needs. With a lot of template sites, options are given to pick and choose policies. Realistically, unless you are trained in cybersecurity and legitimately know what components are required to meet compliance minimums with a law or regulation, you are assuming a significant liability. Without expertise, it is a situation of “the blind leading the blind” in selecting and implementing policies.

This is where our guide on NIST CSF vs ISO 27001/2 vs NIST 800-53 vs SCF is a very useful tool to help identify the most appropriate solution for your specific needs.

Why don't I save money and create my own documentation?

How much is your time worth and how long would it take you to actually research and write comparable documentation? We invested thousands of hours in the creation of our documentation, so that you can focus on what you do best, which is running your company. For what we charge for our products, it is a fantastic deal - it is as simple as that. The product pages contain cost savings estimates so that you can see for yourself what a reasonable cost would be to write it yourself or hire someone to write it for you.

The expertise that has been drawn upon to develop ComplianceForge documentation covers over three decades of experience in mitigating risk for technical, operational, and physical threats. You are buying expertise. With a lot of lesser options on the Internet, you get what you pay for and that is not much. When it comes to the liability facing your company, it would be careless to rely on amateur solutions. You use a CPA for your finances. You see a doctor for your medical care. Why would you rely on an amateur solution for your cybersecurity documentation needs?

Will the documentation have your logo or mine?

If you have a logo, have it ready at the time of purchase since you will be prompted to upload it. The cover page of the documentation will have your company's logo prominently displayed. The rest of the document will have your company name throughout, so anyone reading the document will get the feel it was was custom created and tailored to your company.

If you do not have a logo, that is no problem. We just leave the logo off. The documentation will still look very professional, even without your logo on the front page.

What do I need to provide as part of the order process?

We would like to have a high-resolution company logo file (JPG, PNG, GIF or BMP), but we do need your company’s official name and your company’s common name. You will be prompted to upload this information prior to payment.

Examples of "official" and "common" names for businesses: Official Name (Common Name)

Can I get additional customization?

Yes. ComplianceForge, or its partners, can offer professional services to provide additional customization. However, it is added cost involved due to labor incurred. Please review the Partners page for consultants who you want want to work with for any professional services.


Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP) - SCF Policy Template

    Secure Controls Framework (SCF)

    Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about...

    Choose Options
  • NIST 800-171 Compliance Program (NCP). This is a bundle of products that are specific to NIST 800-171 and CMMC 2.0 compliance - policies, standards, procedures, SSP & POA&M templates. Editable CMMC 2.0 Level 2 (old Level 3) policies, standards, procedures, SSP & POA&M templates. CMMC policies & standards. NIST 800-171 policies & standards.

    NIST 800-171 Compliance Program (NCP): CMMC Level 2

    ComplianceForge - NIST 800-171 & CMMC

    NIST 800-171 & CMMC Editable & Affordable Cybersecurity Documentation This short product walkthrough video is designed to give a brief overview about what the NCP is to help answer common questions we receive. Includes NIST 800-171 Rev...

    Choose Options

Learn More About Cybersecurity & Data Privacy