Since a picture can be worth 1,000 words, the image to the right helps describe a methodology visualize a "Plan, Do, Check & Act" approach to cybersecurity and privacy compliance. The Integrated Controls Management (ICM) model describes "how to do governance, risk & compliance" in practical terms.
The process is pretty simple - identify the requirements and develop the evidence of due diligence and due care to be able to successfully demonstrate compliance with your obligations.
ComplianceForge can provide the "full stack" of cybersecurity and privacy documentation to meet your statutory, regulatory and contractual obligations.
The video to the right helps demonstrate how the ComplianceForge documentation ties everything together to create a scalable, comprehensive cybersecurity & privacy governance program:
CONTROL OBJECTIVES exist to support POLICIES
STANDARDS are written to support CONTROL OBJECTIVES
PROCEDURES are written to implement the requirements that STANDARDS establish
CONTROLS exist as a mechanism to assess/audit both the existence of PROCEDURES / STANDARDS and how well their capabilities are implemented and/or functioning
METRICS exist as a way to measure the performance of CONTROLS
NIST 800-171 & CMMC Policies, Standards, Procedures & More
At ComplianceForge, we take a unique view towards writing cybersecurity documentation. We developed a comprehensive and scalable way to write cybersecurity documentation that minimizes redundancies and inefficiencies that plaque cybersecurity governance. We know a standard is a standard for a reason.
We have a wide variety of documentation that can fit your specific needs that range from Level 1 all the way through Level 5 CMMC compliance obligations.