Buy Now

The Unified Compliance Framework (UCF) is a database of all the controls for over 400 Authority Documents harmonized (or reduced) to the least number of controls possible. In order to facilitate access to the database, we have broken the UCF content into 12 different pieces, each available in a spreadsheet.

The UCF helps you define what you need to do.

Once you know what you need to do, you may be interested in learning how to do it. The UCF's IT Compliance Toolbox helps you understand the who, where, when, why—and how.


Product License Price
UCF Products

Complete UCF Bundle

Get all 12 UCF Spreadsheets at a special discounted price. Both Single User and Corporate licenses are available.

Save 33% by purchasing all 12 spreadsheets now.

Single User


Corporate

$1,005.00


10,050.00

Acquisition of technology and services

This impact zone contains the controls necessary for the planning and documentation necessary when acquiring new hardware and software, including the assurance controls, cost controls, licensing controls, and testing controls necessary for compliance. View Sample

Single User


Corporate

125.00


1,250.00

Audits and Risk Management

This impact zone contains the controls necessary for establishing your internal audit and risk teams, conducting internal audits, and audit reporting. View Sample

Single User


Corporate

125.00


1,250.00

Design and implementation

Whereas the acquisition impact zone covered what you need to know before you purchase hardware and software, the design and implementation impact zone covers all aspects of the design and implementation processes from the full project management standpoint to ensure that compliance is built in to the software or systems being designed. View Sample

Single User


Corporate

125.00


1,250.00

Human Resource Management

Many requirements now call for a full blown description of the IT organizational structure, and additional hiring practices such as security requirements. This impact zone begins with the hiring process and then moves through training, job descriptions, job performance, and the eventual end of cycle for staff members and third parties. View Sample

Single User


Corporate

125.00


1,250.00

Leadership and High Level Objectives

Beginning with the alignment of IT with the organization's strategies and tactics, this impact zone moves through the definitions of information classification, systems, organizing the compliance framework, and establishing a high level strategic plan for IT. View Sample

Single User


Corporate

125.00


1,250.00

Monitoring and Measurement

One of the keys to a successful compliance campaign is tracking your compliance. This means gathering the necessary evidence that you are doing your job. Therefore, this impact zone is concerned with monitoring and logging operations; risk, performance, and compliance monitoring and reporting. View Sample

Single User


Corporate

125.00


1,250.00

Operational Management

Operational management, as you might have guessed, is huge. It covers everything from roles and responsibilities though help desk operations, managing the IT configurations (systems hardening), capacity management, allocating costs, accountability, and all other day-to-day processes that keep an IT organization on track. View Sample

Single User


Corporate

125.00


1,250.00

Physical and environmental protection

This impact zone covers the IT facilities, the physical security of distributed IT assets, and the environmental controls necessary (such as power and air) for maintaining IT availability. View Sample

Single User


Corporate

125.00


1,250.00

Privacy protection for information and data

Privacy is one of our most cherished and valued assets. And yet, privacy breaches abound. This impact zone has the most controls (about a quarter of the total controls we have mapped so far!), and the most international controls by far. It covers the establishment of personal information collection boundaries, what you can and can't do with the information, and how you have to provide for the integrity and security of the information. View Sample

Single User


Corporate

125.00


1,250.00

Records Management

This impact zone covers computerized records as an integral part of each and every system. It also covers the definition and maintenance of your organization's records discovery program. View Sample

Single User


Corporate

125.00


1,250.00

Systems Continuity

Availability is one of the most critical aspects of information -- if it isn't available, the organization can't depend upon it. Therefore, this impact zone focuses on maintaining the continuity framework, establishing a continuity strategy, documenting continuity plans, alternate site preparations, and maintaining the continuity plan itself. View Sample

Single User


Corporate

125.00


1,250.00

Technical security

This impact zone contains the controls necessary for the planning and documentation necessary when acquiring new hardware and software, including the assurance controls, cost controls, licensing controls, and testing controls necessary for compliance. View Sample

Single User


Corporate

125.00


1,250.00

IT Toolbox Products

Say What You Do Toolkit

Other policy and procedure experts claim their methodologies are easy to use. But no other policy and procedure framework focuses on ONLY the regulatory and contractual provisions that actually apply to you -- no more, no less. Use this toolkit to protect your company from both risky compliance gaps and redundant, conflicting, and underperforming IT policies and procedures. Read More

Single User

171.33

Say What You Do eBook

Purchase just the eBook to get started. Read More

Single User

49.95

Say What You Do eBook Bundle

Purchase both the Say What You Do and Language of Compliance eBooks together and save 30%. Read More

Single User

55.93

Forms, Templates, and Samples

Learn how to write IT policies and procedures that meet actual regulatory and contractual requirements - no more and no less. Includes forms, worksheets, memos, Change Manager job description, and sample policies. Read More

Single User

34.95

Change Management Toolkit

Minimize downtime, understand the consequences of a change ahead of time, keep system documentation up-to-date, enforce system standards, and monitor the progress and effects of changes.

Single User

49.95

Systems and Information Classification

Do you know exactly which IT system supports which key information in your company? Compliance with every data protection regulation starts with categorizing your company's information. Use this standard to get a jump on mapping information to your IT systems.

Single User

49.95

The Language of Compliance ebook

The eBook is fully searchable, printable, and you can cut and paste from it.

Single User

29.95

The Language of Compliance MS Word version

The Microsoft Word version is fully editable, with CSS styles set in such a way that you can import the glossary into your favorite documentation system like PathWorks, Policy and Procedure Manager, RoboHelp, Flare, or even to your Sharepoint intranet server to share with your whole ofice!

Single User

79.95

The Language of Compliance ebook and Word version bundle

Buy both the e-book version and the MS Word version of the Language of Compliance and SAVE 30%!

Single User

79.93