top of page

Custom Security Program

Blacksmith InfoSec was designed from the ground up for small and medium businesses (SMBs).

Develop a risk and compliance based cybersecurity strategy with our all-in-one tool, tailored to meet the unique needs of SMBs. This innovative solution offers an easy-to-use platform for crafting robust cybersecurity programs, including policies and procedures, security awareness training, a risk register, compliance tracking, and a learning management system, ensuring your business has the tools it needs.  All for either $200 per month or $2,000 per year! We don't charge you per user or have premium features because we believe that a security program is most effective when companies are incentivized to bring their entire organization onto the platform. 


Each business has different regulatory compliance and security framework needs. Blacksmith provides customized security programs for a large and growing number of frameworks.  We support the below frameworks to customize your policies, compliance requirements, and risks. Pick and choose from amongst these frameworks to craft your program in a way that aligns with all of the security controls your business needs. By default, all of our security programs align with the National Institutes of Standards and Technology (NIST) Cybersecurity Framework (CSF). 



SOC 2 (Service Organization Control 2) is a framework for managing data security that's particularly relevant for technology and cloud computing organizations. It's designed to ensure that service providers securely manage data to protect the interests and privacy of their clients. This is most commonly used by Software as a Service (SaaS) vendors to ensure and demonstrate that their software is secure.

HIPAA logo


HIPAA (Health Insurance Portability and Accountability Act) is a set of rules and controls relevant for any organization that deals with patient data.  It's designed to ensure confidentiality, integrity, and availability of Protected Health Information (PHI). It applies to both covered entities, such as medical offices and hospitals, as well as their business associates.



The NIST Cybersecurity Framework (CSF) is a set of guidelines designed to help organizations manage and reduce cybersecurity risk. It's widely used across various sectors and is particularly important for organizations looking to bolster their cybersecurity posture. As soon as NIST CSF 2.0 is released (expected soon), our policies will be updated to reflect the new security controls.

NIST 800-171 logo

NIST 800-171

NIST 800-171 is a set of standards and guidelines developed by the National Institute of Standards and Technology (NIST) in the United States, specifically targeting the safeguarding of Controlled Unclassified Information (CUI) in non-federal information systems and organizations.

NY DFS logo

NY DFS 500

New York Codes, Rules and Regulations (NYCRR) Part 500 is a set of regulations from the New York Department of Financial Services (NY DFS) that establishes cybersecurity requirements for financial services and insurance  companies operating in NY. It's aimed at protecting consumer data and the financial services industry's information technology systems from cyber threats.

CMMC logo


The Cybersecurity Maturity Model Certification (CMMC) is a certification process developed by the United States Department of Defense (DoD) to certify that contractors have the controls to protect sensitive data, including Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).


Security Policies

Our policy engine allows you to quickly hammer out security policies that are custom crafted for your organizations needs. We wrote them to adhere to the regulatory and/or security frameworks you select and that they are written in language that auditors and security professionals understand. This helps ensure that audits and reviews are smooth and easy affairs for your team. At the same time, our security policy templates contain explanatory text to ensure that everyone in your organization understands the policies, which increases adoption and adherence. Our security policy templates are carefully written to allow for customization with a minimal set of variables per policy, options for customization that are carefully written to be compliant with your chosen frameworks, and rational defaults pre-selected for you to make getting started a simple and straightforward process.

Screenshot of Blacksmith Security Policy Preview


Screenshot of Blacksmith Compliance Module

As your policies are generated, Blacksmith automatically builds you a compliance checklist to ensure your company is following the policies you've laid out. These are produced in a prioritized list - a security roadmap - so you can focus on the things that matter most to your business. These represent the security controls you need to implement to protect your business's sensitive information and prevent data breaches. These tasks include the security requirements and controls you select as you build your policies, such as defining your incident response plan. 

Risk Management

Every company should regularly do a risk analysis of their organization - what are the issues that may hurt your business and how are you addressing them? Blacksmith gives you a simple, straightforward risk register to provide the cornerstone of your risk management program. Security and compliance risks are added and resolved automatically alongside your compliance tasks.  You can add and manage your other business risks and security threats to the register to maintain a holistic view of your organization. By doing so, you can ensure your business is making healthy, risk-based decisions.

Screenshot of Blacksmith Risk Register
Risk Mangement


Screenshot of Blacksmith Training Module

All users receive security awareness training by default. This training ensures your staff understands the risks to your business and, more importantly, what their role is in protecting your business. If your organization requires either HIPAA or Confidential Unclassified Information (CUI) training, your users will also be automatically enrolled in those courses. As users acknowledge your security policies and complete their training, Blacksmith tracks their progress and provides clear visibility to your admins to ensure adoption of the platform. 


Demo Video

Still not convinced? Watch how we create a security program in 2 minutes in this demo.

Other Benefits

In addition to reducing your security threats and the likelihood of experiencing a security incident, implementing a robust security program and security policies carries a few other benefits:

  • You'll increase your chances of qualifying for cyber liability insurance and may even qualify for lower premiums. If you're interested in learning more, our partners can help!

  • Customers and prospects will be more likely to do business with you when you can tout the security controls you have in place to secure your organization.

bottom of page