One area where ComplianceForge sets itself apart is in its role to help launch the Secure Controls Framework (SCF). According to Tom Cornelius, senior partner and co-founder of ComplianceForge, “Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? We decided to take action and make a difference.” That difference was the SCF. “We had the ambitious goal of providing free cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of businesses, regardless of its size, industry or country of origin,” says Cornelius. The end state is a free controls framework that help companies become and stay compliant with cybersecurity and privacy requirements.
“The latest trend in cybersecurity documentation is that contractual requirements are driving higher expectations for evidence of cybersecurity policies, standards and procedures than what is being demanded by statutory or regulatory changes,” says Cornelius. In addition to the requirements for evidence of due care through documentation, companies are pressed to hire talented personnel to actually execute those requirements.
Cornelius informs that the cybersecurity and privacy documentation lifecycle is a relatively new concept for businesses, where the same policies and standards may exist for nearly a decade or more, just being added onto and never revamped. ComplianceForge found that the catalysts for change are often predicated by staffing changes, where outside talent is brought into the organization and after an assessment of GRC processes, the decision is made that the documentation is outdated or inadequate to meet current or future needs and needs updating. In these cases, it is generally more efficient and economical to purchase documentation from ComplianceForge than it is to write the documentation in-house or hire a consultant to write it. Since many technology professionals change jobs every few years, ComplianceForge often encounters employees of clients seek out ComplianceForge from their new employer, since those individuals want the same level of documentation excellence at their current company.
Our solutions are all Microsoft Office-based documentation, so its clients are able to customize the documentation for their specific needs with tools they already own and know how to use
The company’s documentation products are designed to address an encompassing array of requirements that include NIST Cybersecurity Framework, European Union General Data Protection Regulation (EU GDPR), Payment Card Industry Data Security Standard (PCI DSS), Federal Financial Institutions Examination Council’s (FFIEC), New York’s Department of Financial Services (DFS) 23 NYCRR 500, DoD Federal Acquisition Regulation Supplement (DFARS 252.204-7012), Federal Acquisition Regulation (FAR 52.204- 21), NIST 800-171, and many more.