For further information, contact:

Kerry MacInnes
Unified Compliance Framework
Phone: 510-962-5192
kmacinnes@unifiedcompliance.com

 

Network Frontiers Brings Clarity to Compliance

Breach Notification Laws and Red Flag Rules Centerpiece of UCF Q3 Update

 

LAFAYETTE, CA – Network Frontiers, the leader in IT regulatory compliance management, today announced the release of the Q3 2009 Unified Compliance Framework (UCF) update to its popular compliance database further alleviating regulatory misery for companies worldwide.

This quarter's UCF update focuses on U.S. state security breach notification laws and the FTC's Red Flag Rules.

Security Breach Notification Laws
Forty-five states, the District of Columbia, and Puerto Rico require notification when security breaches involving personal information occur. When sensitive personal data is exposed, companies generally must comply with laws of the states in which that company conducts business and the states where its customers reside.

Most states base their legislation on California's breach law, but differ in details ranging from the mitigating factors which determine whether a breach is reportable, if the state's Attorney General must be notified, the amount of time within which a breach must be reported, the specific contents of the notification and the method of its delivery.

"Managing a data breach is always going to be an ugly experience, but the UCF has taken one difficult chore out of the equation by rationalizing all existing state date breach notification laws," says Craig Isaacs, CEO of Network Frontiers. "Now companies have a clear view of exactly what they need to do to comply with the patchwork of laws and can move quickly to inform consumers and contain the damage."

FTC Red Flag Rules
The Red Flag Rules are federal and standardized across the US, but that doesn't translate into easier compliance for affected businesses. Companies that offer credit or other deferred payment options to customers/clients are legally obliged to create formal policies and procedures to address the detection, prevention, and mitigation of identity theft. The deadline for compliance is November 1, 2009.

The UCF simplifies the process of complying with Red Flag Rules by harmonizing its requirements with a company's existing initiatives, such as fraud prevention and staff education. And unlike the Red Flag-focused toolkits that have flooded the market recently, the UCF assists businesses in establishing a comprehensive plan to comply with all of their compliance needs.

The UCF harmonizes IT controls from over 400 international regulatory requirements, standards and guidelines into a single set of straightforward requirements that clearly show the many points where global, state and industry regulations overlap, reducing compliance complexity and cutting the costs of regulatory management and audits.

This quarter's UCF update includes 683 citations mapped to 422 existing UCF Common Controls, bringing the UCF's total to 26,320 citations mapped across 2,520 active UCF Common Control IDs.

The UCF database is licensed by leading governance, risk and compliance (GRC) vendors including Archer, McAfee, CA, Lumension, Compliance Spectrum, NEMEA, NetIQ, PolicyTech, TruArx, and ControlScan. More information on the UCF can be found at www.unifiedcompliance.com. Complete release notes for the Q3 2009 update can be found at http://www.itucf.com/Q3_09.pdf.

About Network Frontiers and the UCF
Since 1992, Network Frontiers has developed ground-breaking tools to support IT best practices with a special focus on regulatory compliance, metrics, systems continuity and governance. The Unified Compliance Framework (UCF) is Network Frontiers' flagship product. By focusing on commonalities across regulations, standards-based development, and simplified architectures, the UCF supports a strategic approach to IT compliance that reduces cost, limits liability, and leverages the value of compliance-related technologies and services across the enterprise. The UCF's content and methodology is the direct result of Network Frontiers deep understanding of IT regulations and standards and decades of experience consulting for clients, publications, and vendors in the mission-critical IT arena.

 

###