We stand behind the quality of our work as security professionals
We've been writing quality security documentation since 2005. In that time, we've served clients across nearly every industry and size. Our clients range from well-known Fortune 500 corporations to small businesses, both within the US and internationally. We've proved time and again that our cybersecurity documentation is flexible enough to work in any organization and can scale accordingly.
Industries We Serve - Our Clients Range From the Fortune 500 down to Small & Medium Businesses (SMBs)
ComplianceForge is "corporate America's dirty little secret" where our documentation solutions are used extensively by some of the most well-known US and international brands. Our clients appreciate ComplianceForge's ability to deliver high-quality, editable documentation the same business day, since it can save thousands of hours of labor and that equates to immediate and significant savings.
Below is a non-exhaustive list of industries where our products have been successfully implemented:
Medical - Hospitals - Doctors - Dentists - Physical Therapists - Chiropractors - Medical Billing - Elder Care Facilities
Consultants - Business Analysts - Management Consultants
Government - Defense Contractors (DoD) - Federal Government Contractors - Federal Government Agencies - State Government Agencies - Local Municipalities - Regional Airports - Law Enforcement
Education - Universities & Colleges - School Districts
We understand that no one wants to "fly blind" in their purchasing decisions and that is why we offer so many examples for your review. In addition to the product examples and videos, we are more than happy to setup a video teleconference session to do a more detailed walkthrough of our documentation to help answer your product-related questions, ensuring you find the right fit for your specific needs.
Client References
When it comes to providing client names for references, we respect the privacy of our clients and refrain from providing the names of the companies we serve, even if that means losing a sale due to your organization's internal review process that might require client references. Here are our reasons for this business practice:
Reason #1: Many of the well-known and trusted companies that you see and/or use on a daily basis are our clients and we are very proud of that fact. In many ways, we are "corporate America's dirty little secret" since we are a leading source for professionally-written cybersecurity and privacy documentation, yet we stay in the shadows as quiet professionals.
Feedback from our clients is that they appreciate the discretion we provide, since they do not want it public that they outsourced the document writing component of their cybersecurity program.
We feel it is important to protect the privacy of our clients, since we understand the sensitive nature of a company trusting a third-party to write their core cybersecurity and privacy documentation.
Reason #2: The common "How easy is it to implement?" question offers no value to another organization based on the unique nature of how organizations are governed. Governance is as unique as a fingerprint and the number one factor in implementing any documentation we sell is management support:
If your organization's leadership team takes cybersecurity/privacy governance seriously and is able to assign accountability to getting documentation reviewed, tailored and approved, it is a straightforward process to review and implement the ComplianceForge-written documentation.
If your organization's leadership team is resistant to change, incompetent and/or suffers from "analysis paralysis" then it will be a slower process, based entirely on the dysfunction inherent to your organization. Keep in mind that if your organization suffers from that type of management dysfunction, the same issues associated with rolling out new documentation apply equally to trying to write the documentation yourself or implementing purchased templates from one of our competitors.
Reason #3: The also common "Does it meet all of your needs?" question is a pointless question to ask another organization, since every organization has a different set of needs that are defined by its uniquely-applicable laws, regulations and contractual agreements that it is legally-obligated to comply with. That mix defines a set of Minimum Security Requirements (MSR) that are unique to each organization, so one company's requirements will be different from another, even if they are in the same industry, since geographic location and unique business operations impact what is applicable.
Situational awareness for all applicable statutory, regulatory and contractual obligations can't be avoided. This is crucial to a successful implementation, since your organization needs to be able to address all applicable cybersecurity and privacy needs that are unique to your organization. This also ties directly back to Reason #2 (management support) about doing the right thing from a corporate governance perspective to ensure that all applicable requirements are properly addressed, not just a subset what is required. If you want to learn more about how to address that issue, we have a great reference for you that you can see here.
For each organization, there is set number of statutory, regulatory and contractual obligations. These objective requirements are unique to each company and can be clearly identified by distilling the requirements from those applicable laws, regulations and reasonable practices. These requirements must be followed by your organization in order to demonstrate "reasonable" practices are in place, so asking another company if a product meets all their specific needs has little applicability to your specific needs. Our mapping documents can significantly help you in this step.
Look at it from the perspective that ComplianceForge is a "toolmaker" that sells specialized tools, no different than a quality hammer or screwdriver. In this context as a toolmaker, we provide basic instructions on how to use these tools, but how you actually use it is outside of our control and completely up to you for how it is implemented. For example, it is no different than how Craftsman or SnapOn can’t prevent someone from using one of their screwdrivers as a pry bar, where the tool is used incorrectly or for purposes it wasn't designed. Just like any tool, in the right hands and with proper usage you can build anything!
Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics.
Product Walkthrough Video
This short product walkthrough video is designed to give a brief overview about...