UCF Subject Matter List
UCF Subject Matter List
This is the current listing of all subject matter that the UCF tracks. If there is a subject matter that is not in this list, and you would like to work with us to map Authority Documents that pertain to that subject matter, please contact us.
Here is the listing that is most current.
- Acquisition or sale of Assets – Authority Documents that cover the purchasing of products and services or acquiring organizations (or their assets), or the giving or handing over to a buyer assets or services for money.
- Banking and Finance – Authority Documents that cover the safety and soundness of financial institutions by minimizing financial, reputational and operational risks arising from legal and regulatory non-compliance.
- Configuration Management – Authority Documents that cover the activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.
- Cybersecurity– Authority Documents that cover the activities focused on the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.
- Energy – Authority Documents covering the creation of power derived from the utilization of physical or chemical resources, especially to provide light and heat or to work machines. This includes the exploration and development of oil or gas reserves, oil and gas drilling, solar, or integrated power firms.
- Ethics – Authority Documents that cover the minimum standards of appropriate conduct within an organization; the behavioral norms and morals which govern the organization's members, including duties that the members owe one another, their clients, and the public.
- Health Information Technology – Authority Documents that cover the application of information processing involving both computer hardware and software that deals with the storage, retrieval, sharing, and use of health care information, data, and knowledge for communication and decision making.
- Healthcare and Life Science – Authority Documents covering the set of services provided by a country or an organization for the treatment of the physically and the mentally ill as well as the science that deals with the structure and behavior of living things, such as botany, zoology, biochemistry, and anthropology.
- Human Resources – Authority Documents that cover the hiring, firing, training, and other personnel activities and issues.
- IT Security – Authority Documents that cover the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).
- Monitoring and Reporting – Authority Documents covering the processes of surveillance in order to observe, record, or detect and then giving an account or statement describing in detail an event, situation, or the like, usually as the result of the monitoring activities.
- Operational Management – Authority Documents that cover the management of the design, execution, and control of operations that convert resources into desired goods and services and implement an organization's business strategy.
- Operational and Systems Continuity – Authority Documents covering the controls to protect an Information Technology system against three classifications of threats; Natural threats such as hurricane, tornado, flood, and fire; Human threats such as operator error, sabotage, implant of malicious code, and terrorist attacks; and Environmental threats such as equipment failure, software error, telecommunications network outage, and electric power failure.
- Payment Card – Authority Documents covering the set of requirements to ensure cardholder data remains secure. The primary goal is to protect cardholder data. Compliance is mandatory per the payment brands (American Express, Visa, MasterCard, JCB, and Discover) in order for any organization transferring, processing, or storing cardholder data or creating and distributing payment cards.
- Physical Security – Authority Documents that cover the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.
- Privacy – Authority Documents that cover the right of individuals to control or influence information that is related to them in terms of who may collect or store it and to whom that information may be disclosed, as well as how personal information is collected, used, retained and disclosed in conformity with the commitments an organization makes in its privacy notice.
- Product Design and Development – Authority Documents covering the development of the organization products, including records created to initiate new product design and specification information, produce ability studies, design and specification of spares, research and development records that may or may not result in actual product development, and contract research records regarding new products.
- Public Companies – Authority Documents that cover organizations that have hat permission to offer their registered securities (stock, bonds, etc.) for sale to the general public, typically through a stock exchange, or occasionally an organization whose stock is traded over the counter (OTC) via market makers who use non-exchange quotation services.
- Records Management – Authority Documents that cover the set of activities required for systematically controlling the creation, distribution, use, maintenance, and disposition of recorded information maintained as evidence of business activities and transactions.
- Risk Management – Authority Documents that cover the identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events.
- Third Party and Supply Chain Management – Authority Documents that cover the intersection of managing the supply chain and third parties. Supply chain management is the oversight of materials, information, and finances as they move in a process from supplier to manufacturer to wholesaler to retailer to consumer. Supply chain management involves coordinating and integrating these flows both within and among companies, i.e., Third Parties. Third party management is the process whereby companies monitor and manage interactions with all external parties with which it has a relationship.