Skip to content


Our Story

The Evolution of the UCF.


What is the Unified Compliance

And how it relate to the Common Controls Hub.

Compliance Critical Mass

In the spring of 2004, Unified Compliance co-founder, Dorian Cougias sat in a Miami conference room as blue-chip CIOs cited eerily similar complaints about the crushing mass of compliance mandates they had to address.


Globalization, regulation, and increasing business complexity made their compliance challenges a nightmare. Sarbanes-Oxley was law. HIPAA was coming. It seemed like new laws and requirements were popping up every day. The process was manual and the risk of error was enormous.


Project silos. Duplication. Skyrocketing costs. Uncertain results. Like an overtaxed transit system, each route traveled from A to B, but the network as a whole was hugely inefficient. 

business people group joining hands and stay as team in circle  and representing concept of friendship and teamwork-2
team of successful business people having a meeting in executive sunlit office-1

The Challenge

Why waste time and money starting from scratch each time a new regulation is introduced and handle each regulation separately when already addressed in a previous requirement?
Why not find the common elements between compliance mandates and show where they overlap? Then, leverage the pieces you already have in place, select the new mandates, see the immediate impact, and quickly assess the risk. 
That would dramatically simplify the compliance process. Millions saved in time and resources. Now, that would be the ultimate game changer.


Compliance Meets Courtroom

The idea of “harmonized compliance” wasn’t new, but none solved the two biggest challenges: making harmonized audits legally defensible and maintaining the control lists as new requirements became law. 
Dorian sought out Marcelo Halpern, a partner at Latham and Watkins (now a partner at Perkins Coie). They examined other frameworks and discovered that specific controls were combined with more general controls, making it almost impossible to identify specific requirements for different subsets of mandates from the original laws and standards. 

Even worse, when a new Authority Document was added, the controls became even less accurate and more difficult to maintain.

Unposed group of creative business people in an open concept office brainstorming their next project.-4
team of successful business people having a meeting in executive sunlit office-2

Testing the Hypothesis

After much research, Dorian and Marcelo theorized that the only way to ensure a legally defensible compliance process was to create a unified framework with a maintainable set of harmonized controls, based 100% on compliance mandates.


The Science of Compliance

In Chemistry, everything can be reduced to base elements. The same is true for compliance. 

The UCF team determined that each Authority Document contained individual mandates, and each mandate contained specific elements.

Mapping any Authority Document into the UCF begins with breaking it into specific mandates and then determining exactly what each mandate requires by looking at the particular parts of speech used.
The Science of Compliance® categorizes each noun-verb combination separately, allowing each mandate to be placed correctly within the Unified Compliance Framework’s legal hierarchy.
Ten years later, the UCF team was able to leverage the language elements to more than just Common Controls by connecting the Controls to other elements of compliance. 

When a Common Control requires someone to take an action, that action is connected to a role. When a Common Control includes a directive about an asset or record, it is connected to the asset or record.
By deconstructing the compliance elements into their most basic “components,” the team identified 19 core governance and compliance elements that form the foundation of the Unified Compliance Framework. These sources define the common language and content of all governance and compliance controls, fully connected in a top-down hierarchy that works in the real world.
This connected hierarchy allows the UCF to identify overlapping compliance requirements across hundreds of different regulations, allowing you to “comply once and demonstrate many” requirements simultaneously—dramatically reducing the number of controls you need to ensure compliance. 
We call this proven methodology the Science of Compliance®, and it provides the robust foundation that enables the UCF to deliver a single integrated view of compliance requirements across your organization.

Group of Arabic business people at work-1
Happy businesswoman sitting in front of business meeting

The Unified Compliance Framework

Here is how the UCF works and what it does
check-icon Scope: The UCF is the only compliance database that fully integrates critical legal and technical data to meet the needs of compliance officials, subject area experts, and lawyers. Creation of customized controls lists takes only seconds by selecting the specific industries, market segments, and geographies that apply to your organization.
check-icon Define: The UCF is built completely upon the mandates themselves, and each mandate is transparently presented to allow you to customize any Common Control to meet your specific geographic and vertical requirements.
check-icon Maintain: Due to the interconnected requirements established by the UCF methodology, you can automatically track the changes required by new or updated laws and quickly assess any incremental changes required, rather than having to complete an entirely new assessment. In addition, the UCF team continues to map new Authority Documents every day.
check-icon Gather Evidence: The UCF is the only patented framework that enables any GRC solution to automatically gather evidence from any security solution. This allows for the continuous monitoring, reporting, and audit data collection.


The UCF Today

Used by leading organizations in every sector of business and government, The Unified Compliance Framework is the most widely used GRC framework ever built. Customers make fast, informed decisions, streamline compliance initiatives, and net a 40% to 50% reduction in compliance-related costs.


Thousands of companies rely on the UC's Framework to facilitate their GRC initiatives. Leading software partners like HP, RSA Archer, MetricStream, McAfee, IBM, and Software AG use the UCF as the foundation of their GRC applications. 

Can you afford not to use the UCF? Isn't your job complex? Aren't the stakes high?


Take a closer look at what UCF has to offer. We can make it easier.

business group of people on laptops in a meeting at the office


Put Unified Compliance to work for you

The Unified Compliance suite of products saves compliance professionals time and reduces manual labor.