The Unified Compliance Framework (UCF) is a database of all the controls for over 400 Authority Documents harmonized (or reduced) to the least number of controls possible. In order to facilitate access to the database, we have broken the UCF content into 12 different pieces, each available in a spreadsheet.
The UCF helps you define what you need to do.
Once you know what you need to do, you may be interested in learning how to do it. The UCF's IT Compliance Toolbox helps you understand the who, where, when, why—and how.
| Product | License | Price | |
| UCF Products | |||
Complete UCF BundleGet all 12 UCF Spreadsheets at a special discounted price. Both Single User and Corporate licenses are available. Save 33% by purchasing all 12 spreadsheets now. |
|
$1,005.00
10,050.00
|
|
Acquisition of technology and servicesThis impact zone contains the controls necessary for the planning and documentation necessary when acquiring new hardware and software, including the assurance controls, cost controls, licensing controls, and testing controls necessary for compliance. View Sample |
|
125.00
1,250.00
|
|
Audits and Risk ManagementThis impact zone contains the controls necessary for establishing your internal audit and risk teams, conducting internal audits, and audit reporting. View Sample |
|
125.00
1,250.00
|
|
Design and implementationWhereas the acquisition impact zone covered what you need to know before you purchase hardware and software, the design and implementation impact zone covers all aspects of the design and implementation processes from the full project management standpoint to ensure that compliance is built in to the software or systems being designed. View Sample |
|
125.00
1,250.00
|
|
Human Resource ManagementMany requirements now call for a full blown description of the IT organizational structure, and additional hiring practices such as security requirements. This impact zone begins with the hiring process and then moves through training, job descriptions, job performance, and the eventual end of cycle for staff members and third parties. View Sample |
|
125.00
1,250.00
|
|
Leadership and High Level ObjectivesBeginning with the alignment of IT with the organization's strategies and tactics, this impact zone moves through the definitions of information classification, systems, organizing the compliance framework, and establishing a high level strategic plan for IT. View Sample |
|
125.00
1,250.00
|
|
Monitoring and MeasurementOne of the keys to a successful compliance campaign is tracking your compliance. This means gathering the necessary evidence that you are doing your job. Therefore, this impact zone is concerned with monitoring and logging operations; risk, performance, and compliance monitoring and reporting. View Sample |
|
125.00
1,250.00
|
|
Operational ManagementOperational management, as you might have guessed, is huge. It covers everything from roles and responsibilities though help desk operations, managing the IT configurations (systems hardening), capacity management, allocating costs, accountability, and all other day-to-day processes that keep an IT organization on track. View Sample |
|
125.00
1,250.00
|
|
Physical and environmental protectionThis impact zone covers the IT facilities, the physical security of distributed IT assets, and the environmental controls necessary (such as power and air) for maintaining IT availability. View Sample |
|
125.00
1,250.00
|
|
Privacy protection for information and dataPrivacy is one of our most cherished and valued assets. And yet, privacy breaches abound. This impact zone has the most controls (about a quarter of the total controls we have mapped so far!), and the most international controls by far. It covers the establishment of personal information collection boundaries, what you can and can't do with the information, and how you have to provide for the integrity and security of the information. View Sample |
|
125.00
1,250.00
|
|
Records ManagementThis impact zone covers computerized records as an integral part of each and every system. It also covers the definition and maintenance of your organization's records discovery program. View Sample |
|
125.00
1,250.00
|
|
Systems ContinuityAvailability is one of the most critical aspects of information -- if it isn't available, the organization can't depend upon it. Therefore, this impact zone focuses on maintaining the continuity framework, establishing a continuity strategy, documenting continuity plans, alternate site preparations, and maintaining the continuity plan itself. View Sample |
|
125.00
1,250.00
|
|
Technical securityThis impact zone contains the controls necessary for the planning and documentation necessary when acquiring new hardware and software, including the assurance controls, cost controls, licensing controls, and testing controls necessary for compliance. View Sample |
|
125.00
1,250.00
|
|
| IT Toolbox Products | |||
Say What You Do ToolkitOther policy and procedure experts claim their methodologies are easy to use. But no other policy and procedure framework focuses on ONLY the regulatory and contractual provisions that actually apply to you -- no more, no less. Use this toolkit to protect your company from both risky compliance gaps and redundant, conflicting, and underperforming IT policies and procedures. Read More |
171.33
|
||
Say What You Do eBookPurchase just the eBook to get started. Read More |
49.95
|
||
Say What You Do eBook BundlePurchase both the Say What You Do and Language of Compliance eBooks together and save 30%. Read More |
55.93
|
||
Forms, Templates, and SamplesLearn how to write IT policies and procedures that meet actual regulatory and contractual requirements - no more and no less. Includes forms, worksheets, memos, Change Manager job description, and sample policies. Read More |
34.95
|
||
Change Management ToolkitMinimize downtime, understand the consequences of a change ahead of time, keep system documentation up-to-date, enforce system standards, and monitor the progress and effects of changes. |
49.95
|
||
Systems and Information ClassificationDo you know exactly which IT system supports which key information in your company? Compliance with every data protection regulation starts with categorizing your company's information. Use this standard to get a jump on mapping information to your IT systems. |
49.95
|
||
The Language of Compliance ebookThe eBook is fully searchable, printable, and you can cut and paste from it. |
29.95
|
||
The Language of Compliance MS Word versionThe Microsoft Word version is fully editable, with CSS styles set in such a way that you can import the glossary into your favorite documentation system like PathWorks, Policy and Procedure Manager, RoboHelp, Flare, or even to your Sharepoint intranet server to share with your whole ofice! |
79.95
|
||
The Language of Compliance ebook and Word version bundleBuy both the e-book version and the MS Word version of the Language of Compliance and SAVE 30%! |
79.93
|
||
