Since a picture can be worth 1,000 words, the image to the right helps describe a methodology visualize a "Plan, Do, Check & Act" approach to cybersecurity and privacy compliance. The Integrated Controls Management (ICM) model describes "how to do governance, risk & compliance" in practical terms.

The process is pretty simple - identify the requirements and develop the evidence of due diligence and due care to be able to successfully demonstrate compliance with your obligations. 

ComplianceForge can provide the "full stack" of cybersecurity and privacy documentation to meet your statutory, regulatory and contractual obligations.

CMMC Scoping Guide - ICGM.JPG

The video to the right helps demonstrate how the ComplianceForge documentation ties everything together to create a scalable, comprehensive cybersecurity & privacy governance program:

  • CONTROL OBJECTIVES exist to support POLICIES

  • STANDARDS are written to support CONTROL OBJECTIVES

  • PROCEDURES are written to implement the requirements that STANDARDS establish

  • CONTROLS exist as a mechanism to assess/audit both the existence of PROCEDURES / STANDARDS and how well their capabilities are implemented and/or functioning

  • METRICS exist as a way to measure the performance of CONTROLS

 

   NIST 800-171 & CMMC Policies, Standards, Procedures & More   

At ComplianceForge, we take a unique view towards writing cybersecurity documentation. We developed a comprehensive and scalable way to write cybersecurity documentation that minimizes redundancies and inefficiencies that plaque cybersecurity governance. We know a standard is a standard for a reason.

We have a wide variety of documentation that can fit your specific needs that range from Level 1 all the way through Level 5 CMMC compliance obligations.

2020.1 - ComplianceForge - NIST SP 800-1

   Editable Cybersecurity & Privacy Documentation Solutions