ComplianceForge Product Updates
We do offer product updates. However, we do charge for updates/upgrades since it takes our staff time to keep current on evolving requirements and maintain the documentation, so we need to cover our costs so that we can continue to offer these quality products. For minor updates to mapping spreadsheets, we do not charge for those.
Cybersecurity Documentation Generally Has A 3-5 Year Shelf Life
Cybersecurity and data protection practices are a constantly-evolving and this means your documentation needs to be kept current to reflect changes. These changes tend to come from evolving statutory, regulatory or contractual requirements, but documentation changes also come from evolving technologies (e.g., Artificial Intelligence, Zero Trust Architecture, etc.). However, ComplianceForge designed its documentation to help with managing the life cycle of your organization's documentation through a hierarchical model that is easy to update and maintain.
Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed. A common rule of thumb is that if your documentation is old enough to attend kindergarten, then it is time to do a thorough review and update to ensure it is applicable for your current needs. We have actually helped companies replace documentation that was old enough to drive, old enough to vote and even old enough to drink! Documentation has a shelf life and your Governance, Risk & Compliance (GRC) team is responsible for ensuring your documentation is sufficient for your current and future needs:
- Policy Lifecycle - Policy statements are the most static components of the documentation hierarchy, since policies focus on high-level statements of management intent. Policies should be good for 3-5 years without making changes.
- Standards Lifecycle - Standards are generally static, but change when influenced by a statutory, regulatory or contractual obligation or technology change. Standards can also change when new technologies are introduced. Annual reviews of standards are needed to ensure those are still accurate for your environment, but similar to policies, your standards should be good for a 3-5 year life cycle without making many significant changes.
- Procedures Lifecycle - Procedures are the most dynamic component of your security documentation. Procedures are influenced by your available people, service providers, processes and technologies, so you have to expect procedure documentation to be a "living document" where it requires ongoing attention to keep it current.
Please note that when ComplianceForge product upgrades are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes. It is expected that you would follow your organization's existing documentation change control processes to review and approve changes.
Upgrade Non-Subscription Products To The Latest Version
Most ComplianceForge products are one-time purchase that do not include updates or free upgrades. The reason for this is that the non-subscription products are designed to be relatively static, since the underlying framework (e.g., best practice) is static, where it may change once every 3-7 years. When new versions are released, we let customers know that they can obtain updated versions at significant discounts.
In an effort to reward existing customers, we have three different tiers of pricing for upgrades for products without subscriptions:
- Within 90 days of purchase - No charge
- Within 365 days of purchase - 25% of current product price
- Beyond 365 days of purchase - 50% of current product price
The method to obtain a product upgrade is very straightforward. Go to the product page and select "add to quote" at the top of the page. In the comments section for the quote, mention that you are requesting a product upgrade. We will then validate your request against your company's orders and apply the appropriate discount for the upgrade.
Annual Product Update Subscriptions
Only the following four (4) ComplianceForge products have annual product update subscriptions:
Subscription Eligibility
When a customer purchases any of the products listed above, the first year of product of updates are included from the time of purchase.
Annual subscription updates are available only to clients who purchased a product that offers a subscription.
If a client skips one, or more, years of an annual update subscription, the cost to restart the subscription for one year is 50% of the published price of the product.
Pricing
Subscription Pricing: Digital Security Program & Cybersecurity Standardized Operating Procedures (CSOP)
Clients who purchase the Digital Security Program (DSP) or DSP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of DSP and CSOP product updates will be included in the purchase of the DSP or CSOP. For subscription renewals for the DSP and the CSOP (DSP version), these are the links to renew:
- DSP only subscription ($1,500/yr)
- CSOP only subscription ($800/yr)
- DSP & CSOP subscription ($2,300/yr)
Subscription Pricing: NIST 800-171 Compliance Program (NCP)
Clients who purchase the NIST 800-171 Compliance Program (NCP) can subscribe to NCP updates ($900/yr) when the first year of updates expires. The first year of NCP product updates is included in the purchase of the NCP. For subscription renewals for the NCP, here is the link to renew:
There are no products listed under this category.
Learn More About Cybersecurity & Data Privacy
-
NIST 800-171 R2 to R3 Transition Guide
Sooner, rather than later, the US Government's global supply chain will have to transition to NIST 8...
-
NIST 800-171 R3 Kill Chain
The CMMC 2.0 & NIST 800-171 R2 version of the CMMC Kill Chain introduces the theory of constrain...
-
NIST 800-171 R3 In A Nutshell
It is worthwhile to take a look at NIST 800-171 R3 through a People, Process, Technology, Data &...
-
NIST 800-171 R3
NIST 800-171 Rev 3 was released on 14 May of this year, and it contains significant changes from the...