We do offer product updates. However, we do charge for updates/upgrades since it takes our staff time to keep current on evolving requirements and maintain the documentation, so we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.
Cybersecurity and data protection practices are a constantly-evolving and this means your documentation needs to be kept current to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies (e.g., Artificial Intelligence, Zero Trust Architecture, etc.). However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain.
Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed. A common rule of thumb is that if your documentation is old enough to attend kindergarten, then it is time to do a thorough review and update to ensure it is applicable for your current needs. We have actually helped companies replace documentation that was old enough to drive, old enough to vote and even old enough to drink! Documentation has a shelf life and your Governance, Risk & Compliance (GRC) team is responsible for ensuring your documentation is sufficient for your current and future needs:
Please note that when ComplianceForge product upgrades are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes. It is expected that you would follow your organization's existing documentation change control processes to review and approve changes.
Most ComplianceForge products are one-time purchase that do not include updates or free upgrades. The reason for this is that the non-subscription products are designed to be relatively static, since the underlying framework (e.g., best practice) is static, where it may change once every 3-7 years. When new versions are released, we let customers know that they can obtain updated versions at significant discounts.
In an effort to reward existing customers, we have three different tiers of pricing for upgrades for products without subscriptions:
The method to obtain a product upgrade is very straightforward. Go to the product page and select "add to quote" at the top of the page. In the comments section for the quote, mention that you are requesting a product upgrade. We will then validate your request against your company's orders and apply the appropriate discount for the upgrade.
Only the following four (4) ComplianceForge products have annual product update subscriptions:
 |
 |
 |
 |
When a customer purchases any of the products listed above, the first year of product of updates are included from the time of purchase.
Annual subscription updates are available only to clients who purchased a product that offers a subscription.
If a client skips one, or more, years of an annual update subscription, the cost to restart the subscription for one year is 50% of the published price of the product.
Clients who purchase the Digital Security Program (DSP) or DSP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of DSP and CSOP product updates will be included in the purchase of the DSP or CSOP. For subscription renewals for the DSP and the CSOP (DSP version), these are the links to renew:
Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to NCP updates ($900/yr) when the first year of updates expires. The first year of NCP product updates is included in the purchase of the NCP. For subscription renewals for the NCP, here is the link to renew:
ComplianceForge
DSP & CSOP - Annual Subscription for Product Updates This is a subscription service for existing DSP & CSOP clients to obtain product updates. Due to the dynamic nature of the DSP and the Secure Controls Framework (SCF), the DSP...
ComplianceForge
Digital Security Program (DSP) - Annual Subscription for Product Updates This is a subscription service for existing Digital Security Program (DSP) clients to obtain product updates. Due to the dynamic nature of the DSP and the Secure Controls...
ComplianceForge
Cybersecurity Standardized Operating Procedures (CSOP) - Annual Subscription for Product Updates This is a subscription service for existing clients of the DSP/SCF version of the CSOP to obtain product updates. Due to the dynamic nature of the...
ComplianceForge
NIST 800-171 Compliance Program (NCP) - Annual Subscription for Product Updates This is a subscription service for existing NIST 800-171 Compliance Program (NCP) clients, who have not skipped one or more years of a subscription, to obtain...
Determining the scope of controls (e.g., assessment boundary) is different than determining control...
As a Chief Information Security Officer (CISO) or cybersecurity director, it is likely that you been...
The release of the Cybersecurity & Data Protection Assessment Standards (CDPAS) is important to the...
There is a "materiality ecosystem" that exists within modern cybersecurity risk management discussio...
