- The DSP version of the CSOP is a template for procedures. This is an expectation that companies have to demonstrate HOW cybersecurity controls are actually implemented.
- This is an editable Microsoft Word document.
- Given the difficult nature of writing templated procedure statements, we aimed for approximately a “80% solution” since it is impossible write a 100% complete cookie cutter procedure statement that can be equally applied across multiple organizations. What this means is ComplianceForge did the heavy lifting and you just need to fine-tune the procedure with the specifics that only you would know to make it applicable to your organization. It is pretty much filling in the blanks and following the helpful guidance that we provide to identify the who/what/when/where/why/how to make it complete.
- The DSP CSOP has a 1-1 mapping relationship so every standard in the DSP has a procedure/control activity in the CSOP! It is a time savings of hundreds of hours.
Until now, developing a template to provide worthwhile cybersecurity procedures is somewhat of a “missing link” within the cybersecurity documentation industry. The good news is that ComplianceForge solved this issue with the Cybersecurity Standardized Operating Procedures (CSOP) product. We are the only provider to have an affordable and comprehensive procedures template! Our CSOP can save a business several hundred hours of work in developing control activities / procedure statements, so the CSOP is worth checking out!
The Digital Security Program (DSP) / Secure Controls Framework (SCF) version of the CSOP contains a catalog of over 700 procedure statements! The structure of the DSP / SCF maps to over 100 statutory, regulatory and contractual frameworks, so it is the most comprehensive set of procedures that we offer. If you need to address multiple compliance requirements, the DSP version of the CSOP is the best choice. If you have any questions, just give us a call since we are more than happy to help answer your questions to ensure you pick the right solution for your needs.
Comprehensive Cybersecurity Procedures Template
We currently offer several versions of the CSOP. The DSP version of the CSOP is significantly more detailed than the WISP versions, based on the expanded scope of the DSP and Secure Controls Framework.
- There is a Digital Security Program (DSP) version that is tailored for the DSP and the Secure Controls Framework.
- There are three Written Information Security Program (WISP) versions: ISO 27002, NIST 800-53 and NIST Cybersecurity Framework.
Identifying the right one is pretty straightforward, since if you purchase the DSP, you will want the DSP version. If you purchase a WISP, you just order the version of the CSOP that corresponds to the version of the WISP you purchased. The main differences are around content, where we tailor the content to meet the framework’s coverage. If that is confusing, please give us a call and we can help explain the differences.
Alignment With The NIST NICE Framework
One very special aspect of the WISP and DSP versions of the CSOP is that it leverages the NIST NICE Cybersecurity Workforce Framework. NIST released the NICE framework in 2017 with purpose of streamlining cybersecurity roles and responsibilities. We adopted this in the CSOP framework since work roles have a direct impact procedures. By assigning work roles, the CSOP helps direct the work of employees and contractors to minimize assumptions about who is responsible for certain cybersecurity and privacy tasks.
The CSOP uses the work roles identified in the NIST NICE Cybersecurity Workforce Framework to help make assigning the tasks associated with procedures/control activities more efficient and manageable. Keep in mind these are merely recommendations and are fully editable for every organization – this is just a helpful point in the right direction!
The CSOP can serve as a foundational element in your organization’s cybersecurity program. It can stand alone or be paired with other specialized products we offer.
At the heart of it, the CSOP provides an organization with clear cybersecurity procedures that can scale to meet the needs and complexity of any team. The procedures are mapped to leading frameworks, so it is straightforward to have procedures that directly link to requirements from NIST 800-171, ISO 27002, NIST 800-53 and many other common cybersecurity and privacy-related statutory, regulatory and contractual frameworks!
The value of the CSOP comes from having well-constructed procedure statements that can help you become audit ready in a fraction of the time and cost to do it yourself or hire a consultant to come on-site and write it for you. The entire concept of this cybersecurity procedures template is focused on two things:
- Providing written procedures to walk your team members through the steps they need to meet a requirement to keep your organization secure; and
- Help your company be audit ready with the appropriate level of due diligence evidence that allows you to demonstrate your organization meets its obligations.
What Is The Cybersecurity Standardized Operating Procedures (CSOP)?
Our products are one-time purchases with no software to install – you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The NIST 800-171 version of the CSOP contains procedure statements in an editable Microsoft Word format:
- For each standard within the Digital Security Program (DSP) (equates to each control from the SCF), the CSOP has a procedure associated with it.
- The CSOP addresses the “how?” questions in an audit, since procedures provide the means for how your organization’s policies and standards are actually implemented.
- The CSOP provides the underlying cybersecurity procedures that must be documented, as many stipulated by statutory, regulatory and contractual requirements.
- The procedure statements in the CSOP can be cut & pasted into other tools (e.g., wiki page) or left in a single document. There is no wrong answer for how procedures are maintained, since every organization is unique in the tools used and the location of users.
What Problem Does The CSOP Solve?
- Lack of In House Security Experience – Writing cybersecurity procedures is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive procedure documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The CSOP is an efficient method to obtain comprehensive security procedures for your organization!
- Compliance Requirements – Nearly every organization, regardless of industry, is required to have formally-documented security procedures. Requirements range from PCI DSS to HIPAA to NIST 800-171. The DSP is designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected security requirements.
- Audit Failures – Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The CSOP’s procedures provide mapping to leading security frameworks to show you exactly what is required to both stay secure and compliant.
- Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies, standards and procedures.
How Does The CSOP Solve It?
- Clear Documentation – The CSOP provides a comprehensive template for your procedures to help prove that your security program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
- Time Savings – The CSOP can provide your organization with a templated solution that requires minimal resources to fine tune for your organization’s specific procedural needs.
- Alignment With Leading Practices – The CSOP is written to support over 100 leading cybersecurity and privacy frameworks!