- Editable cybersecurity & privacy procedures. 1-1 mapping to SCRP standards & SCF controls.
- Comes in both Microsoft Word & Excel formats. GRC importable that supports CSV content imports.
- Based on the Secure Controls Framework (SCF). Maps to over 200 laws, regulations & frameworks.
- Provides quarterly updates to keep you current on evolving cybersecurity & privacy requirments.
CSOP Annual Update Subscription: Quarterly Releases
The CSOP Annual Update Subscription delivers quarterly releases of the Cybersecurity Standardized Operating Procedures (CSOP) SCRP Version. The CSOP provides the procedures that operationalize the policies and standards in the SCRP, with a 1-to-1 mapping between the two. This subscription keeps your procedures current as the SCRP evolves and as new framework guidance emerges.
Procedures are the how layer of cybersecurity documentation: they define exactly how standards are implemented in operational practice. Because procedures reference specific tools, cadences, and roles, they drift from current practice faster than policies. Quarterly updates help your procedures stay aligned with current operational expectations and framework requirements. The CSOP rebranding to align with the SCRP is reflected in subscription updates starting with release 2026.1 in April 2026.
What Is The CSOP Subscription?
The CSOP Subscription is a 12-month update subscription for existing CSOP clients. The CSOP is updated on approximately a quarterly basis to reflect framework evolution and lessons learned from customer engagements. This subscription entitles the purchaser to 12 months of these updates, delivered as an editable Microsoft Word document per release.
The CSOP Subscription is a 12-month update subscription that entitles the purchaser to all quarterly releases of the Cybersecurity Standardized Operating Procedures during the subscription window. Each release reflects updates to the underlying frameworks, new regulations and laws added to the CSOP mapping, and improvements derived from real-world customer engagements.
This is a subscription for existing CSOP clients. It is not a standalone purchase of the CSOP itself. To purchase the CSOP for the first time, see the CSOP product page. After initial purchase, renewing this subscription annually is the most cost-effective way to keep the documentation current. Delivery is via email with a secure ShareFile link, and each release includes an errata document describing what changed.
No Software To Install
This subscription delivers updated editable Microsoft Office-based documentation templates on a quarterly cadence. Like the underlying products, there is no software to install, no agent to deploy, no account to provision, and no cloud environment to configure. If your organization can open and edit Microsoft Word files, you can use every quarterly release delivered under this subscription.
Microsoft Word
Every quarterly release delivers updated .docx files. Compatible with Word 2016 and newer, Microsoft 365, OpenOffice, LibreOffice, and Google Docs.
ShareFile Delivery
Each release is delivered as a secure ShareFile link via email. Downloads include an errata describing what changed in that release, so you can efficiently apply updates to your customized version.
Quarterly Cadence
Subscriptions deliver approximately four releases per year, timed to reflect significant framework revisions, new regulations, and lessons learned from customer engagements.
This delivery model is intentional. Each release arrives as editable Office documents that you can diff against your customized version, review, and apply on your own schedule.
What Problems Does The CSOP Subscription Solve?
Without an active subscription, organizations face a predictable pattern of procedure drift as the underlying SCRP policies evolve, new regulations are added, and lessons emerge from real-world audits. The CSOP Subscription is designed specifically to address these challenges.
SCRP Policy Evolution
The CSOP procedures map 1-to-1 with SCRP policies and standards. When the SCRP is updated quarterly, the matching CSOP procedures must also be updated to maintain that mapping. Without subscription updates, your CSOP drifts from the current SCRP version.
Operational Practice Drift
Procedures reference specific tools, cadences, and roles, so they drift from current practice faster than policies. Quarterly updates help your CSOP stay aligned with current operational expectations and framework requirements.
Audit Drift
Auditors expect to see procedures aligned with the current policy framework. Documentation from a prior CSOP version may cite superseded control IDs, obsolete NIST guidance, or missing requirements that were added after initial purchase.
Missed Improvements
ComplianceForge incorporates improvements from every customer engagement into subsequent releases. Without the subscription, you miss clarifications, new supporting templates, and procedural enhancements that existing subscribers receive automatically.
How Does The CSOP Subscription Solve These Problems?
The CSOP Subscription addresses each challenge above with quarterly releases structured for efficient update application and synchronized with SCRP releases.
Synchronized With SCRP
Each CSOP release aligns with the matching SCRP release, so your procedures and policies stay in lockstep release-to-release. The 1-to-1 mapping is preserved automatically. This subscription only applies to the CSOP version of the SCRP, not both or the SCRP itself.
Detailed Errata Per Release
Every release ships with an errata document identifying every change. This makes it possible to apply updates surgically without re-reviewing the entire document set.
Stable Document Structure
Section numbering, control IDs, and outlines remain stable release-to-release. Your customization effort stays portable, and updates apply cleanly to tailored documentation.
Same-Day Access
Once subscribed, you receive each quarterly release within 1-2 business days of its publication. Secure ShareFile delivery ensures authorized access to updated documentation.
What Is Included With The Subscription?
A CSOP Subscription purchase entitles the subscriber to 12 months of updates from the purchase date. The subscription covers only the CSOP; updates to other ComplianceForge products are governed by their own subscription agreements.
Quarterly Release Files
Updated Microsoft Word version of the CSOP per release, all supporting annexes and templates refreshed, and consistent document structure release-to-release for stable customization. Procedures stay aligned with the matching SCRP release.
Release Errata
Detailed errata document accompanying every release, listing every added, removed, and modified procedure, identifying SCRP mapping updates and new regulations added, and enabling surgical application of updates to customized versions.
Delivery and Access
Email notification with secure ShareFile link per release, single-entity license that applies to the subscriber organization, no account provisioning required since delivery is link only, and prior releases accessible throughout the subscription window.
Subscription Scope
Covers approximately four quarterly releases, scope is limited to the CSOP since other products are separately licensed, renewal is optional and the subscription does not auto-renew unless elected, and no additional usage restrictions beyond the underlying product license.
Applies Only To The Underlying Product
This subscription covers updates to the CSOP only. If you also own other ComplianceForge products such as SCRP, RMP, VPMP, or others, those products are updated under their own individual product-update processes. The CSOP Subscription does not extend to other products.
Quarterly Release Cadence
ComplianceForge targets approximately four releases per year for the CSOP, synchronized with SCRP releases. Releases are typically labeled by year and release number (for example, 2026.1, 2026.2, 2026.3, 2026.4). Timing is driven by significant framework events: major NIST revisions, new privacy laws, PCI DSS updates, and other regulatory changes.
Not every quarterly release contains large changes. Some releases are primarily incremental improvements and clarifications. Larger structural releases are less frequent but deliver significant value when they occur, typically coinciding with major framework revisions or significant operational guidance updates from NIST or other authoritative sources.
Subscription Lifecycle
Each release flows from SCRP policy updates through ComplianceForge content updates, errata documentation, and ShareFile delivery within 1-2 business days of publication. Subscribers can apply procedure updates surgically using the errata as a guide, preserving customization effort while keeping documentation aligned to the current SCRP and framework versions.
How Updates Integrate With Your Customization
When you customized the CSOP, you invested time tailoring procedures to your organization, your roles, your cadences, and your tooling. Quarterly subscription releases are designed to preserve that customization effort while delivering procedural currency.
Each quarterly release ships with a detailed errata document that identifies every change since the prior release, including added, removed, and modified procedures, mapping updates, and new supporting templates. This errata is the key to efficient update application: rather than diffing the entire document, you apply changes surgically using the errata as a guide. ComplianceForge deliberately avoids structural overhauls between releases. Section numbering, control IDs, and document outlines remain stable release-to-release except when the underlying framework itself restructures. This keeps your customization effort portable across releases.
Professional Services
ComplianceForge offers optional professional services to customize purchased documentation. Professional services are not required to customize ComplianceForge documentation. However, some clients want our subject matter expertise to help customize their documentation to meet their specific business needs. If you have any questions about our professional services, please contact us at:
We offer the following professional service bundles:
5-Hour Bundle
This includes five (5) hours of professional services, which may be beneficial for companies that need some guidance on getting started with how to tailor their documentation.
10-Hour Bundle
This includes ten (10) hours of professional services, which may be beneficial for companies that need additional guidance on tailoring their documentation to meet their compliance requirements.
20-Hour Bundle
This includes twenty (20) hours of professional services, which may be beneficial for companies that need robust services, beyond just 10 hours, to assist in tailoring their documentation to meet their compliance requirements.
Purchased professional service hours expire 120 days (4 months) from the time of purchase if unused. Hours are intended to supplement, not replace, your own customization work, since only your organization knows the exact details to tailor your documentation. For questions regarding scoping a professional services engagement or configuring a custom package, contact ComplianceForge directly through the Contact Us page.
Why An Active Subscription Matters
Procedures that drift from current operational expectations are a predictable source of audit findings, control failures, and operational confusion. An active CSOP Subscription keeps your procedures aligned with the current SCRP and the underlying framework landscape without requiring your team to manually track every change.
For most organizations, the subscription cost is dramatically lower than the internal effort required to research framework changes, rewrite procedures, and verify mapping accuracy quarterly. The subscription is the most cost-effective approach to procedural currency, especially for organizations that face multiple compliance obligations or operate in regulated industries where audit readiness is continuously required.
Renewal Process
The CSOP Subscription is a 12-month subscription from the date of purchase. It does not auto-renew. Toward the end of your subscription window, ComplianceForge will notify you via email with the option to renew for another 12 months.
Renewal is optional. If you elect not to renew, you retain rights to all releases you received during the active subscription window. You simply stop receiving new releases from the date the subscription lapses. Re-subscribing later is always possible; you would resume receiving releases starting from whatever the current release is at the time of re-subscription.