- ComplianceForge does offer product updates - both one-time upgrades and annual subscriptions for select products.
- Cybersecurity documentation has a 3–5 year shelf life before a major review and update is needed.
- Non-subscription products can be upgraded at discounted rates (free within 90 days, 25% within 1 year, 50% after 1 year).
- Only four products have annual subscriptions: SCRP, CSOP, SCRP & CSOP bundle, and NCP.
- Updates are delivered with errata showing what changed - you decide which changes to adopt into your existing documentation.
What Is The Lifecyle For Policies, Standards & Procedures?
Our documentation is targeted for a 3-5 year life cycle before a major upgrade is needed. A common rule of thumb is that if your documentation is old enough to attend kindergarten, then it is time to do a thorough review and update to ensure it is applicable for your current needs. We have actually helped companies replace documentation that was old enough to drive, old enough to vote and even old enough to drink! Documentation has a shelf life and your Governance, Risk & Compliance (GRC) team is responsible for ensuring your documentation is sufficient for your current and future needs:
Policy statements are the most static components of the documentation hierarchy, since policies focus on high-level statements of management intent. Policies should be good for 3-5 years without making changes.
Standards are generally static, but change when influenced by a statutory, regulatory or contractual obligation or technology change. Standards can also change when new technologies are introduced. Annual reviews of standards are needed to ensure those are still accurate for your environment, but similar to policies, your standards should be good for a 3-5 year life cycle without making many significant changes.
Procedures are the most dynamic component of your security documentation. Procedures are influenced by your available people, service providers, processes and technologies, so you have to expect procedure documentation to be a "living document" where it requires ongoing attention to keep it current.
If your documentation is old enough to attend kindergarten, it's time for a thorough review and update to ensure it is applicable for your current needs.
Please note that when ComplianceForge product upgrades are sent out, they are not customized to your organization (e.g., logo & company name). The updates come with errata that shows what has changed in the documentation, where you can make the decision if you want to adopt the changes in your existing documentation, since it is expected that your organization has already tailored the original documentation for its specific purposes. It is expected that you would follow your organization's existing documentation change control processes to review and approve changes.
How Can I Upgrade Products To The Latest Version?
Most ComplianceForge products are one-time purchase that do not include updates or free upgrades. The reason for this is that the non-subscription products are designed to be relatively static, since the underlying framework (e.g., best practice) is static, where it may change once every 3-7 years. When new versions are released, we let customers know that they can obtain updated versions at significant discounts.
In an effort to reward existing customers, we have three different tiers of pricing for upgrades for products without subscriptions:
The method to obtain a product upgrade is very straightforward. Go to the product page and select "add to quote" at the top of the page. In the comments section for the quote, mention that you are requesting a product upgrade. We will then validate your request against your company's orders and apply the appropriate discount for the upgrade.
What Are ComplianceForge Subscription Terms & Eligibility?
Understanding the subscription eligibility rules helps you plan your documentation maintenance budget.
When you purchase an eligible product, the first year of product updates is included from the time of purchase at no additional cost.
Subscriptions are available only to clients who purchased a product that offers a subscription. Renewals keep you current with quarterly releases.
If you skip one or more years of a subscription, the cost to restart is 50% of the published price of the product.
Product updates are delivered with errata showing changes. Updates are not customized with your logo and company name, so you adopt changes into your existing tailored documentation.
ComplianceForge first released the Digital Security Program (DSP) in 2016 to address needs for comprehensive cybersecurity governance documentation. With the SCF's publishing its Security, Compliance & Resilience Management System (SCRMS) that is focused on helping companies be secure, compliant and resilient, ComplianceForge modified the SCRP support the SCF's new focus.
Clients who purchase the Security, Compliance & Resilience Program (SCRP) or SCRP version of the Cybersecurity Standardized Operating Procedures (CSOP) can subscribe to product updates. The first year of SCRP and CSOP product updates will be included in the purchase of the SCRP or CSOP.
What ComplianceForge Products Have Subscriptions?
Only the following four ComplianceForge products offer annual update subscriptions with quarterly releases.
