 |
The Unified Compliance Framework
Developed by Network Frontiers
The Unified Compliance
Framework (UCF) is the first and largest independent initiative
to map IT controls across international regulations, standards, and best
practices.
 The
UCF harmonizes terms and controls against the backdrop of a master hierarchical
list. In simple
terms this means that we can present the complex rules, standards, and
policies you must follow in a simple spreadsheet format with in-depth
links for you to drill down for as much information as you need.
In short, by focusing
on the commonalities between standards and guidelines, you can comply
with a given rule once, while attesting to it for many different regulations.
The Unified Compliance
Framework helps you divide and conquer your compliance challenges by organizing
real-world IT processes into 12 IT Impact Zones:
Each IT Impact Zone
may be viewed online in HTML format, or purchased and
downloaded in Excel format.
When you
purchase one of our spreadsheets, we'll keep track of regulations, standards,
guidelines, and other authority documents as they change over time. Each
month you'll receive new version of the spreadsheet along with an E-mail
detailing which authority documents we've added that month. When you purchase
the Excel format, we include a whole year's worth of updates for free!
Finally,
as a customer, you'll have direct access to our team to submit
requests for adding IT related authority documents to the Unified Compliance
Framework that directly affect you and your team. Click
on the Buy Now button(s) to purchase the Excel version and sign
up for free updates.
The
12 IT Impact Zones
| PRODUCT |
PRICING |
PURCHASE |
Purchase all
12 Impact Zone Spreadsheets - Individual License
This bundle
includes an individual license for all 12 Impact Zone Spreadsheets.
|
$1,005.00
33% off!
|
 |
Purchase all
12 Impact Zone Spreadsheets - Corporate License
This bundle
includes a corporate license for all 12 Impact Zone Spreadsheets.
|
$10,050.00
33% off!
|
|
Acquisition of technology and services
This impact
zone contains the controls necessary for the planning and documentation
necessary when acquiring new hardware and software, including the
assurance controls, cost controls, licensing controls, and testing
controls necessary for compliance.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Audits and risk management
This impact
zone contains the controls necessary for establishing your internal
audit and risk teams, conducting internal audits, and audit reporting.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Design and implementation
Whereas the
acquisition impact zone covered what you need to know before you
purchase hardware and software, the design and implementation impact
zone covers all aspects of the design and implementation processes
from the full project management standpoint to ensure that compliance
is built in to the software or systems being designed.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Human Resources Management
Many requirements
now call for a full blown description of the IT organizational structure,
and additional hiring practices such as security requirements. This
impact zone begins with the hiring process and then moves through
training, job descriptions, job performance, and the eventual end
of cycle for staff members and third parties.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Leadership and high level objectives
Beginning with
the alignment of IT with the organization's strategies and tactics,
this impact zone moves through the definitions of information classification,
systems, organizing the compliance framework, and establishing a
high level strategic plan for IT.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Monitoring and measurement
One of the
keys to a successful compliance campaign is tracking your compliance.
This means gathering the necessary evidence that you are doing your
job. Therefore, this impact zone is concerned with monitoring and
logging operations; risk, performance, and compliance monitoring
and reporting.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Operational management
Operational
management, as you might have guessed, is huge. It covers everything
from roles and responsibilities though help desk operations, managing
the IT configurations (systems hardening), capacity management,
allocating costs, accountability, and all other day-to-day processes
that keep an IT organization on track.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Physical and environmental protection
This impact
zone covers the IT facilities, the physical security of distributed
IT assets, and the environmental controls necessary (such as power
and air) for maintaining IT availability.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Privacy protection for information
and data
Privacy is
one of our most cherished and valued assets. And yet, privacy breaches
abound. This impact zone has the most controls (about a quarter
of the total controls we have mapped so far!), and the most international
controls by far. It covers the establishment of personal information
collection boundaries, what you can and can't do with the information,
and how you have to provide for the integrity and security of the
information.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Records management
This impact
zone covers computerized records as an integral part of each and
every system. It also covers the definition and maintenance of your
organization's records discovery program.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Systems continuity
Availability
is one of the most critical aspects of information -- if it isn't
available, the organization can't depend upon it. Therefore, this
impact zone focuses on maintaining the continuity framework, establishing
a continuity strategy, documenting continuity plans, alternate site
preparations, and maintaining the continuity plan itself.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
Technical Security
This impact
zone contains the controls necessary for the planning and documentation
necessary when acquiring new hardware and software, including the
assurance controls, cost controls, licensing controls, and testing
controls necessary for compliance.
|
Personal Edition
$125.00
Corporate Edition
$1250.00
|
|
|
|
|
|
|
How do the Impact Matrices help me?
The primary
goal of the Unified Compliance Framework (UCF) is to
help your organization harmonize its compliance efforts across
multiple authority documents.
To this end,
we help you do three things:
1) map the overlap
between multiple authority documents,
2) create
your control list for each impact zone, and |
3)
clarify any conflicts created by overlapping authority documents.
You can map
the overlap by selecting a primary authority document, filtering
for its controls, and then cross reference those controls to all
of the other authority documents we track. You can create your control
list by defining a simple "acceptance list" of all controls you've
filtered for.
When you accept
controls from authority document A, B, and C, our tables will create
a combined control list for you - automatically combining all overlapping
controls! Using the in-depth control assessment documents linked
to each row of the impact matrix tables, you can clarify any conflicts
between the overlapping authority documents by reading what each
of them had to say and gaining insight from ours and other reader's
commentary!
|
|
|
|
