ComplianceForge Product Updates

We do offer product updates. However, we do charge for updates/upgrades since it takes our staff time to keep current on evolving requirements and maintain the documentation, so we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.

Cybersecurity Documentation Generally Has A 3-5 Year Shelf Life

Cybersecurity and data protection practices are a constantly-evolving and this means your documentation needs to be kept current to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies (e.g., Artificial Intelligence, Zero Trust Architecture, etc.). However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain.

Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed. A common rule of thumb is that if your documentation is old enough to attend kindergarten, then it is time to do a thorough review and update to ensure it is applicable for your current needs. We have actually helped companies replace documentation that was old enough to drive, old enough to vote and even old enough to drink! Documentation has a shelf life and your Governance, Risk & Compliance (GRC) team is responsible for ensuring your documentation is sufficient for your current and future needs:

• Policy Lifecycle - Policy statements are the most static components of the documentation hierarchy, since policies focus on high-level statements of management intent. Policies should be good for 3-5 years without making changes.
• Standards Lifecycle - Standards are generally static, but change when influenced by a statutory, regulatory or contractual obligation or technology change. Standards can also change when new technologies are introduced. Annual reviews of standards are needed to ensure those are still accurate for your environment, but similar to policies, your standards should be good for a 3-5 year life cycle without making many significant changes.
• Procedures Lifecycle - Procedures are the most dynamic component of your security documentation. Procedures are influenced by your available people, service providers, processes and technologies, so you have to expect procedure documentation to be a "living document" where it requires ongoing attention to keep it current. 
  

Please note that when ComplianceForge product upgrades are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes. It is expected that you would follow your organization's existing documentation change control processes to review and approve changes.

Upgrade Non-Subscription Products To The Latest Version

Most ComplianceForge products are one-time purchase that do not include updates or free upgrades. The reason for this is that the non-subscription products are designed to be relatively static, since the underlying framework (e.g., best practice) is static, where it may change once every 3-7 years. When new versions are released, we let customers know that they can obtain updated versions at significant discounts.

In an effort to reward existing customers, we have three different tiers of pricing for upgrades for products without subscriptions:

• Within 90 days of purchase - No charge
• Within 365 days of purchase - 25% of current product price
• Beyond 365 days of purchase - 50% of current product price

The method to obtain a product upgrade is very straightforward. Go to the product page and select "add to quote" at the top of the page. In the comments section for the quote, mention that you are requesting a product upgrade. We will then validate your request against your company's orders and apply the appropriate discount for the upgrade.

Annual Product Update Subscriptions

Only the following four (4) ComplianceForge products have annual product update subscriptions:

Subscription Eligibility

When a customer purchases any of the products listed above, the first year of product of updates are included from the time of purchase. 

Annual subscription updates are available only to clients who purchased a product that offers a subscription.

If a client skips one, or more, years of an annual update subscription, the cost to restart the subscription for one year is 50% of the published price of the product.

Pricing

Subscription Pricing: Security, Compliance & Resilience Program (SCRP) & Cybersecurity Standardized Operating Procedures (CSOP)

The Security, Compliance & Resilience Program (SCRP) is the next evolution of the Digital Security Program (DSP) - the DSP is now the SCRP. For all clients who have an active DSP, DSP version of the CSOP, or a DSP & CSOP subscription, the subscription will be updated to the SCRP, SCRP version of the CSOP, or SCRP & CSOP subscription, respectively - this is just a rebranding of the product, so you will still get the same high-quality content you expect out of the DSP that is aligned with the SCF. This rebranding will be reflected in subscription updates starting with 2026.1 (April 2026).

ComplianceForge first released the Digital Security Program (DSP) in 2016 to address needs for comprehensive cybersecurity governance documentation. With the SCF's publishing its Security, Compliance & Resilience Management System (SCRMS) that is focused on helping companies be secure, compliant and resilient, ComplianceForge modified the SCRP support the SCF's new focus. 

Clients who purchase the Security, Compliance & Resilience Program (SCRP) or SCRP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of SCRP and CSOP product updates will be included in the purchase of the SCRP or CSOP. For subscription renewals for the SCRP and the CSOP (SCRP version), these are the links to renew:

• SCRP only subscription ($1,700/yr)
• CSOP only subscription ($900/yr) 
  
• SCRP & CSOP subscription ($2,600/yr)

Subscription Pricing: NIST 800-171 Compliance Program (NCP)

Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to NCP updates ($950/yr) when the first year of updates expires. The first year of NCP product updates is included in the purchase of the NCP. For subscription renewals for the NCP, here is the link to renew:

• NCP subscription ($950/yr)