ComplianceForge Product Updates

We do offer product updates. However, we do charge for updates/upgrades since it takes our staff time to keep current on evolving requirements and maintain the documentation, so we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.

Cybersecurity Documentation Generally Has A 3-5 Year Shelf Life

Cybersecurity and data protection practices are a constantly-evolving and this means your documentation needs to be kept current to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies (e.g., Artificial Intelligence, Zero Trust Architecture, etc.). However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain.

cybersecurity documentation lifecycle

Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed. A common rule of thumb is that if your documentation is old enough to attend kindergarten, then it is time to do a thorough review and update to ensure it is applicable for your current needs. We have actually helped companies replace documentation that was old enough to drive, old enough to vote and even old enough to drink! Documentation has a shelf life and your Governance, Risk & Compliance (GRC) team is responsible for ensuring your documentation is sufficient for your current and future needs:

Please note that when ComplianceForge product upgrades are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes. It is expected that you would follow your organization's existing documentation change control processes to review and approve changes.

Upgrade Non-Subscription Products To The Latest Version

Most ComplianceForge products are one-time purchase that do not include updates or free upgrades. The reason for this is that the non-subscription products are designed to be relatively static, since the underlying framework (e.g., best practice) is static, where it may change once every 3-7 years. When new versions are released, we let customers know that they can obtain updated versions at significant discounts.

In an effort to reward existing customers, we have three different tiers of pricing for upgrades for products without subscriptions:

ComplianceForge product updates

The method to obtain a product upgrade is very straightforward. Go to the product page and select "add to quote" at the top of the page. In the comments section for the quote, mention that you are requesting a product upgrade. We will then validate your request against your company's orders and apply the appropriate discount for the upgrade.

Annual Product Update Subscriptions

Only the following four (4) ComplianceForge products have annual product update subscriptions:

DSP updates CSOP updates DSP & CSOP updates NCP updates

Subscription Eligibility

When a customer purchases any of the products listed above, the first year of product of updates are included from the time of purchase

Annual subscription updates are available only to clients who purchased a product that offers a subscription.

If a client skips one, or more, years of an annual update subscription, the cost to restart the subscription for one year is 50% of the published price of the product.


Subscription Pricing: Digital Security Program & Cybersecurity Standardized Operating Procedures (CSOP)

Clients who purchase the Digital Security Program (DSP) or DSP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of DSP and CSOP product updates will be included in the purchase of the DSP or CSOP. For subscription renewals for the DSP and the CSOP (DSP version), these are the links to renew:

Subscription Pricing: NIST 800-171 Compliance Program (NCP)

Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to NCP updates ($900/yr) when the first year of updates expires. The first year of NCP product updates is included in the purchase of the NCP. For subscription renewals for the NCP, here is the link to renew:

Browse Our Products

  • Subscription - DSP & CSOP

    Subscription - DSP & CSOP


    DSP & CSOP -  Annual Subscription for  Product Updates This is a subscription service for existing DSP & CSOP clients to obtain product updates. Due to the dynamic nature of the DSP and the Secure Controls Framework (SCF), the DSP...

    Choose Options
  • Digital Security Program (DSP) subscription updates

    Subscription - Digital Security Program (DSP)


    Digital Security Program (DSP) - Annual Subscription for  Product Updates This is a subscription service for existing Digital Security Program (DSP) clients to obtain product updates. Due to the dynamic nature of the DSP and the Secure Controls...

    Choose Options
  • DSP CSOP update subscription

    Subscription - CSOP (DSP version)


    Cybersecurity Standardized Operating Procedures (CSOP) - Annual Subscription for  Product Updates This is a subscription service for existing clients of the DSP/SCF version of the CSOP to obtain product updates. Due to the dynamic nature of the...

    Choose Options

Learn More About Cybersecurity & Data Privacy