IT Compliance Toolbox
The Unified Compliance Framework (UCF) defines the what; the IT Compliance Toolbox helps you understand the who, where, when, and why. These resources are designed to help you understand, define, communicate, and implement your compliance efforts.
- Say What You Do
Document, measure, and communicate controls, policies, and procedures.
- Change Management Toolkit
Streamline, document, enforce, and monitor IT changes to minimize downtime and maintain compliance.
- The UCF Information Assurance Compliance Maturity Model Index (IACMMI™)
Determine your organization's capability to comply with laws, regulations, contractual obligations, and standards.
- Language of Compliance
The official glossary of the UCF: contains 2500+ compliance terms and 500+ acronyms from hundreds of internationally recognized standards and regulations.
- Systems and Information Classification
Standardizes levels of information assurance across various standards and regulations according to level of confidentiality, integrity, and availability impact.
Say What You Do: Building a Framework of IT controls, policies, and procedures
The Say What You Do section and book are designed to help you with your information assurance communication projects. What are information assurance projects? The projects fall into the following categories:
- Documenting your information assurance framework
- Documenting your policies, standards, and procedures
- Measuring success
- Reporting your status of successes and failures
- Managing and documenting the change process
Why is all of this "stuff" important? Simple. With regulatory compliance hovering over our collective heads, policies, standards, and procedures are becoming more and more important and the impact more personal. Policies, standards, and procedures are profoundly important to our organizations because they are the only real way to convey to the auditors and others who care that we are doing our jobs properly.
Learn more about the Say What You Do products.
The Change Management Toolkit
Know what causes 80% of all audit problems? Unauthorized IT changes.
The Change Management Toolkit lets you...
-Minimize downtime
-Understand the consequences of a change ahead of time
-Keep system documentation up-to-date
-Enforce system standards and stability and recovery checkpoints
-Monitor the progress and effects of changes
Learn more about The Change Management Toolkit.
The UCF Information Assurance Compliance Maturity Model Index (IACMMI)
The Information Assurance Capability Maturity Model Index adapts the various maturity models (including CobiT and CMMI) to information assurance compliance. The IACMMI is provided as a base platform for measuring an organization's level of progress, from initial awareness through optimization of metrics and automation of policies and procedures.
The IACMMI provides organizations with a platform to define, manage, and optimize compliance efforts within a Unified Compliance Framework.
The Language of Compliance
The Language of Compliance section and book (the official glossary of the Unified Compliance Framework) contains Standardization of 2500+ compliance terms and 500+ acronyms drawn from hundreds of internationally recognized standards and regulations.
Learn the compliance language that HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, PCAOB, BCI, BSI, ISSF, and over 100 others are speaking.
Systems and Information Classification
The Systems and Information Classification section of this site details each of the information systems types and the information categories that have been derived from a series of FIPS, PCI-DSS, NIST, and CMS documents. The terminology has been harmonized for the Unified Compliance Framework. We have developed this section in order to facilitate the standardization of appropriate levels of information assurance according to their levels of confidentiality, integrity, and availability impact should any of these assurances be compromised.