- Editable cybersecurity & privacy policies, control objectives, standards, metrics & more!
- Formatting enables CSV content imports by GRC tools. Contains editable Microsoft Word & Excel documentation or you can import directly into your GRC.
- Based on the Secure Controls Framework (SCF). Maps to over 200+ laws, regulations & frameworks.
- Comes with quarterly updates to keep you current on evolving cybersecurity & privacy requirements.
SCRP Annual Update Subscription: Quarterly Releases
The SCRP Annual Update Subscription delivers quarterly releases of the Security, Compliance and Resilience Program (SCRP), the evolution of the Digital Security Program (DSP). For organizations that already own the SCRP, this subscription is the most cost-effective way to keep the documentation current as the Secure Controls Framework (SCF) and the underlying laws, regulations, and frameworks continue to evolve.
ComplianceForge first released the DSP in 2016. With the SCF publishing its Security, Compliance and Resilience Management System (SCRMS) focused on helping organizations be secure, compliant, and resilient, ComplianceForge evolved the DSP into the SCRP to align with this broader focus. For all clients who have an active DSP subscription, the subscription updates to the SCRP subscription automatically. This is purely a rebranding; the content quality and SCF alignment remain consistent with what DSP clients expect. The rebranding is reflected in subscription updates starting with release 2026.1 in April 2026.
What Is The SCRP Subscription?
The SCRP Subscription is a 12-month update subscription service for existing SCRP clients. Due to the dynamic nature of the SCRP and the underlying Secure Controls Framework (SCF), the SCRP is updated on approximately a quarterly basis as new laws, regulations, and frameworks are added to the metaframework. This subscription entitles the purchaser to 12 months of these updates, including both the Word and Excel mapping documents.
The SCRP Subscription is a 12-month update subscription that entitles the purchaser to all quarterly releases of the Security, Compliance and Resilience Program during the subscription window. Each release reflects updates to the underlying frameworks, new regulations and laws added to the SCRP mapping, and improvements derived from real-world customer engagements.
This is a subscription for existing SCRP clients. It is not a standalone purchase of the SCRP itself. To purchase the SCRP for the first time, see the SCRP product page. After initial purchase, renewing this subscription annually is the most cost-effective way to keep the documentation current. Delivery is via email with a secure ShareFile link, and each release includes an errata document describing what changed.
No Software To Install
This subscription delivers updated editable Microsoft Office-based documentation templates on a quarterly cadence. Like the underlying products, there is no software to install, no agent to deploy, no account to provision, and no cloud environment to configure. If your organization can open and edit Microsoft Word or Excel files, you can use every quarterly release delivered under this subscription.
Microsoft Word and Excel
Every quarterly release delivers updated .docx and .xlsx files. Compatible with Word 2016 and newer, Microsoft 365, OpenOffice, LibreOffice, and Google Docs and Sheets.
ShareFile Delivery
Each release is delivered as a secure ShareFile link via email. Downloads include an errata describing what changed in that release, so you can efficiently apply updates to your customized version.
Quarterly Cadence
Subscriptions deliver approximately four releases per year, timed to reflect significant framework revisions, new regulations, and lessons learned from customer engagements.
This delivery model is intentional. Each release arrives as editable Office documents that you can diff against your customized version, review, and apply on your own schedule. There is no forced upgrade and no risk of a vendor SaaS breaking your documentation.
What Problems Does The SCRP Subscription Solve?
Without an active subscription, organizations face a predictable pattern of documentation drift as frameworks evolve, new regulations are added, and lessons emerge from real-world audits. The SCRP Subscription is designed specifically to address these challenges.
Framework Evolution
Cybersecurity frameworks change constantly. NIST 800-53 had a major revision in 2020, NIST CSF moved to 2.0 in 2024, and PCI DSS moved to v4.0 with multiple incremental updates. Without subscription updates, your SCRP drifts from current framework language.
New Laws and Regulations
New privacy laws, cybersecurity regulations, and industry mandates are added regularly. The SCRP quarterly releases incorporate these additions into the mapping, so your documentation remains audit-ready without manual tracking effort.
Audit Drift
Auditors expect to see documentation aligned with the latest framework language. Documentation from a prior SCRP version may cite superseded control IDs, obsolete NIST guidance, or missing requirements that were added after initial purchase.
Missed Improvements
ComplianceForge incorporates improvements from every customer engagement into subsequent releases. Without the subscription, you miss clarifications, new supporting templates, and enhancements that existing subscribers receive automatically.
How Does The SCRP Subscription Solve These Problems?
The SCRP Subscription addresses each challenge above with quarterly releases structured for efficient update application.
Quarterly Framework Updates
Each release reflects the most recent framework changes relevant to the SCRP, so your documentation tracks the current version of underlying standards automatically.
Detailed Errata Per Release
Every release ships with an errata document identifying every change. This makes it possible to apply updates surgically without re-reviewing the entire document set.
Stable Document Structure
Section numbering, control IDs, and outlines remain stable release-to-release. Your customization effort stays portable, and updates apply cleanly to tailored documentation.
Same-Day Access
Once subscribed, you receive each quarterly release within 1-2 business days of its publication. Secure ShareFile delivery ensures authorized access to updated Word and Excel files.
What Is Included With The Subscription?
A SCRP Subscription purchase entitles the subscriber to 12 months of updates from the purchase date. The subscription covers only the SCRP; updates to other ComplianceForge products are governed by their own subscription agreements.
Quarterly Release Files
Updated Microsoft Word version of the SCRP per release, updated Microsoft Excel version of the SCRP mappings per release, all supporting annexes and templates refreshed, and consistent document structure release-to-release for stable customization.
Release Errata
Detailed errata document accompanying every release, listing every added, removed, and modified section, identifying framework mapping updates and new regulations added, and enabling surgical application of updates to customized versions.
Delivery and Access
Email notification with secure ShareFile link per release, single-entity license that applies to the subscriber organization, no account provisioning required since delivery is link only, and prior releases accessible throughout the subscription window.
Subscription Scope
Covers approximately four quarterly releases, scope is limited to the SCRP since other products are separately licensed, renewal is optional and the subscription does not auto-renew unless elected, and no additional usage restrictions beyond the underlying product license.
Applies Only To The Underlying Product
This subscription covers updates to the SCRP only. If you also own other ComplianceForge products such as RMP, VPMP, IIRP, or others, those products are updated under their own individual product-update processes. The SCRP Subscription does not extend to other products.
Quarterly Release Cadence
ComplianceForge targets approximately four releases per year for the SCRP. Releases are typically labeled by year and release number (for example, 2026.1, 2026.2, 2026.3, 2026.4). Timing is driven by significant framework events: major NIST revisions, new privacy laws, PCI DSS updates, and other regulatory changes.
Not every quarterly release contains large changes. Some releases are primarily incremental improvements and clarifications. Larger structural releases are less frequent but deliver significant value when they occur, typically coinciding with major framework revisions like NIST 800-53 baseline changes or PCI DSS major version updates.
Subscription Lifecycle
Each release flows from framework changes through ComplianceForge content updates, errata documentation, and ShareFile delivery within 1-2 business days of publication. Subscribers can apply updates surgically using the errata as a guide, preserving customization effort while keeping documentation aligned to the current framework version.
How Updates Integrate With Your Customization
When you customized the SCRP, you invested time tailoring it to your organization, your roles, your cadences, and your tooling. Quarterly subscription releases are designed to preserve that customization effort while delivering framework currency.
Each quarterly release ships with a detailed errata document that identifies every change since the prior release, including added, removed, and modified sections, framework mapping updates, and new supporting templates. This errata is the key to efficient update application: rather than diffing the entire document, you apply changes surgically using the errata as a guide. ComplianceForge deliberately avoids structural overhauls between releases. Section numbering, control IDs, and document outlines remain stable release-to-release except when the underlying framework itself restructures. This keeps your customization effort portable across releases.
Professional Services
ComplianceForge offers optional professional services to customize purchased documentation. Professional services are not required to customize ComplianceForge documentation. However, some clients want our subject matter expertise to help customize their documentation to meet their specific business needs. If you have any questions about our professional services, please contact us at:
We offer the following professional service bundles:
5-Hour Bundle
This includes five (5) hours of professional services, which may be beneficial for companies that need some guidance on getting started with how to tailor their documentation.
10-Hour Bundle
This includes ten (10) hours of professional services, which may be beneficial for companies that need additional guidance on tailoring their documentation to meet their compliance requirements.
20-Hour Bundle
This includes twenty (20) hours of professional services, which may be beneficial for companies that need robust services, beyond just 10 hours, to assist in tailoring their documentation to meet their compliance requirements.
Purchased professional service hours expire 120 days (4 months) from the time of purchase if unused. Hours are intended to supplement, not replace, your own customization work, since only your organization knows the exact details to tailor your documentation. For questions regarding scoping a professional services engagement or configuring a custom package, contact ComplianceForge directly through the Contact Us page.
Why An Active Subscription Matters
Cybersecurity documentation that drifts from the current framework version is a predictable source of audit findings, customer questionnaire issues, and regulatory exposure. An active SCRP Subscription keeps your SCRP aligned with the current framework landscape without requiring your team to manually track every change.
For most organizations, the subscription cost is dramatically lower than the internal effort required to research framework changes, update documentation, and verify mapping accuracy quarterly. The subscription is the most cost-effective approach to framework currency, especially for organizations that face multiple compliance obligations or operate in regulated industries where audit readiness is continuously required.
Renewal Process
The SCRP Subscription is a 12-month subscription from the date of purchase. It does not auto-renew. Toward the end of your subscription window, ComplianceForge will notify you via email with the option to renew for another 12 months.
Renewal is optional. If you elect not to renew, you retain rights to all releases you received during the active subscription window. You simply stop receiving new releases from the date the subscription lapses. Re-subscribing later is always possible; you would resume receiving releases starting from whatever the current release is at the time of re-subscription.