menu
Compliance Mapping for the Unified Compliance Framework
Select a section from the dropdown
  • Who is the UCF Team in back of UCF Mapper?

    In the spring of 2004, Unified Compliance co-founder, Dorian Cougias sat in a Miami conference room as blue-chip CIOs cited eerily similar complaints about the crushing mass of compliance mandates they had to address. Globalization, regulation, and increasing business complexity made their compliance challenges a nightmare. Sarbanes-Oxley was law. HIPAA was coming. It seemed like new laws and requirements were popping up every day. The process was manual and the risk of error was enormous. Project silos. Duplication. Skyrocketing costs. Uncertain results. Like an overtaxed transit system, each route traveled from A to B, but the network as a whole was hugely inefficient.

    Dorian sought out Marcelo Halpern, a partner at Latham and Watkins (now a partner at Perkins Coie). They examined other frameworks and discovered that very specific controls were combined with more general controls. This made it next to impossible to identify specific requirements for different subsets of mandates from the original laws and standards. Even worse, as each new Authority Document was added, the controls became even less accurate and more difficult to maintain.

    Between that day and today the team has grown exponentially and now hold a couple hundred patent claims on compliance mapping.

    Our advantage in Compliance Mapping

    Compliance Mapping is the process of comparing one Citation’s Mandates to another Citation’s Mandates. An older methodology is from Citation to Citation in a matrix, with the newer methodology being each Citation to a Common Control in a star pattern. The process of compliance mapping consists of cataloging the Authority Document in question, extracting its pertinent Citations and Mandates, tagging the terms in those Mandates, selecting each tagged term’s in-context definition, mapping that tagged Mandate to a Common Control, and then matching the Common Control to corresponding Audit Questions.

     

     


    Credits and Certification

    Available credits: 8.00 CPE

    Accreditation: Certified Compliance Mapper

    Cost

    Each organization must have the following UCF Common Controls Hub licenses:

    Basic License
    UCF Mapper License

     

    Each person who wishes to use the UCF Mapper software and be a Certified Compliance Mapper must purchase the training course for $2,695 in addition to the CCH licenses above.

    For pricing information for the UCF Common Controls Hub:

     

    Pricing

  • Add Any Publicly Available Regulations and Standards into the Unified Compliance Framework® with the UCF Mapper™

    Governance professionals can now map regulations and standards relevant to their industries into the Unified Compliance Framework® with the same patented process used by the Unified Compliance mapping teams.

    UCF Mapper allows your organization to scope your compliance programs to support your unique business requirements. Any public regulations and standards relevant to your organization not currently available in the Unified Compliance Framework (UCF®) can be added. Once the new content is mapped into the UCF, it can be viewed through the Common Controls Hub™, the SaaS front-end to the UCF data. The mapping organization controls the access and distribution of any Authority Document they add to the Unified Compliance Framework by tagging it for public availability or private use.

    The Mapping Team

    The first step for the mapping team is to access the UCF directly through the CCH or with one of the many widely available GRC tools. Many vendors such as ServiceNow, MetricStream, IBM OpenPages, LockPath, and Aruvio integrate directly with the CCH. The next step is to license the UCF Mapper for no fewer than three people. The mapping process requires three roles: a mapper, a reviewer, and an approver. All three roles can be connected to a single Common Controls Hub account or different accounts for cross-organizational collaboration. Every member of the mapping team will need to attend an 8-10 hour training session offered by (ISC)2. Mappers, reviewers, and approvers will receive a UCF-M certificate with eight CPE credits.

    Organizations with mappers will be able to participate in several different ways.

    • Self-Service Customer: Your organization mapping publicly available documents for your own compliance requirements
    • Individual Contributors: Individuals acting as part of the UCF mapping team and being paid directly by Unified Compliance
    • Consultants: Consulting partners providing mapping services for a fee
    • Mapping Providers: Organizations providing mapped documents to clients for a fee
    • Patron: Organizations sharing mapped documents for free to a limited or unlimited audience

    Once your team is finalized, it is time to kick off the mapping processes.

    The Mapping Process

    Your team begins by selecting an Authority Document to map. Once approved by the Unified Compliance team, the mapping process begins. The UCF Mapper manages the workflow of mapping each citation from your selected Authority Document.

    • In the top section, Meta Data gives you the project’s title and description, as well as any necessary links to outside resources you need, such as the Authority Document you are working on.
    • Overview graphs show the percentages of tasks by their status and type.
    • The Tasks Pane in the bottom section is where you will spend most of your time. Here you may add a new task and see a description of your task types, their ID numbers, status, and assignee.

    It is very possible you will encounter new terms during the mapping process. This is part of the patented mapping process differentiating the UCF Mapper from all other public and private mapping processes and practices.

    • The Authority Document to be available via the Common Controls Hub may include new dictionary entries and new Common Controls to the UCF.
    • Through “tagging,” mappers control how to identify the nouns and verbs that already exist or need to be added to the Compliance Dictionary.
    • New dictionary entries can only be added when the terms are found in the Authority Document being mapped. Each new term request goes through final approval from the UCF team.

    After a final review from the UCF attorneys, the Authority Document and all supporting materials including citations, terms, and controls are now available. You have completed the mapping process!

    For more information on the UCF Mapper™, contact sales@unifiedcompliance.com

    What you need to have in place

    You need to have the following licenses in place to leverage the UCF Mapper software:

    • UCF Basic License
    • UCF Mapper License
    • (ISC)2 Certificate in Compliance Mapping


    For pricing information for the UCF Common Controls Hub:

     

    Pricing

  • (ISC)2 Compliance Mapping Certificate Program

    Compliance Mapping is serious business. It involves understanding sentence structures, grammar, terminological mapping, semantic relationships, and the various rules of term matching set forth by various ISO standards. (ISC)2 and the Unified Compliance team have joined forces to present this program.

    Compliance Mapping is the process of matching one Citation’s Mandates to another Citation’s Mandates. An older methodology is from Citation to Citation in a matrix, with the newer methodology being each Citation to a Common Control in a star pattern. The process of compliance mapping consists of cataloging the Authority Document in question, extracting its pertinent Citations and Mandates, tagging the terms in those Mandates, selecting each tagged term’s in-context definition, mapping that tagged Mandate to a Common Control, and then matching the Common Control to corresponding Audit Questions as shown in the flow diagram below.

    Through multimedia presentations, demonstrations and hands-on experiences, you will learn how to catalog Authority Documents, extract their pertinent Citations and Mandates, tag the terms in those Mandates, select each tagged term’s in-context definition, and then map that tagged Mandate to a Common Control. The goal of this training program is to prepare compliance mappers for the responsibility of mapping multiple Authority Documents correctly and accurately in a way that will satisfy auditors and regulators while simplifying governance for their organization or clients. After successful completion of the course, participants will be awarded the Compliance Mapping Certificate from (ISC)2, promoted to Mapper within the Unified Compliance Framework (UCF), and given full access to the UCF Mapper tool. There are currently seven modules for this course.

    Module 1

    We begin this module by identifying the topics to be discussed in this course. Then we will define compliance and identify the steps to complete before you comply. We will conclude this module by discussing how to use the UCF mapping process to meet corporate compliance requirements.

    Module 2

    In this module, you will learn how to navigate the UCF Mapper software. It is important for you to fully understand the software before beginning the mapping process. At the completion of this presentation, you will be able to use the UCF Mapper dashboard to analyze data, identify assignments and how to accept or reject them, and catalog Authority Documents and map their Citations using Project Pages.

    Module 3

    In this module, we discuss what an Authority Document is, identify the main components of Authority Documents, and teach you the process and techniques surrounding the cataloging of Authority Documents.

    Module 4

    In this module, we explore the Citation Extraction phase of the UCF Mapper process, discussing how to copy Citations and Citation References from the Authority Document; define, identify, and enter Citations; Citation References; Mandates and Stubs; and Information Gathering Citations.

    Module 5

    In this module, we cover how to tag the nouns and verbs of each Mandate in a Citation. It is only through tagged Mandates that we can link each of the Citations to a Common Control. You will learn how to recognize the importance of machine assisted tagging; diagram sentences to identify nouns, verbs, primary nouns, primary verbs, secondary nouns, and secondary verbs; tag multiple Mandates from a Citation; and select the appropriate definition for a term depending on how it is used in the Mandate.

    Module 6

    This is a vast module and one of the most important ones. In this module, we cover what you need to know to add new terms and their definitions to the Compliance Dictionary. You will learn how to assign each term a part of speech; how to add advanced semantic relationships to each new tem; how to add term designators; all of the intricacies of either finding or creating new definitions for the term; and then adding additional information to each term which is designated as a Named Entity (such as a Record Example, Asset, Group, etc.).

    Module 7

    In this module you will learn how to match each tagged Citation’s Mandates to an existing Common Control, or designate that Mandate as having no match and therefore needing a new Common Control. You’ll learn about the various processes of harmonization and advanced semantic relationships as well as the various crosswalking rules and how they are applied during the matching process. You will then go through the process of matching sample mandates to each other.

    Learn at your own pace

    This is an online course that is hosted by (ISC)2 with the practical application portion hosted by Unified Compliance. Each of the seven modules described above are covered online within (ISC)2’s online learning system.

    Each module in the online learning system also has a corresponding practical application project and test within the actual UCF Mapper Software application.

    Course Quizzes and Testing & Completion

    There are course quizzes built into the (ISC)2 online course and each practical application project within the UCF Mapper is also graded. Each student must pass both the XXX quizzes and must pass the practical application projects within the UCF Mapper before receiving a passing score and receiving their Certificate in Compliance Mapping which also unlocks the full functionality of the UCF Mapper software.

    Credits and Certification

    Available credits: 8.00 CPE

    Accreditation: Certified Compliance Mapper

    Cost

    Each organization must have the following UCF Common Controls Hub licenses:

    • Basic License
    • UCF Mapper License

    Each person who wishes to use the UCF Mapper software and be a Certified Compliance Mapper must purchase the training course for $2,695 in addition to the CCH licenses above.

    For pricing information for the UCF Common Controls Hub, click HERE.


    For pricing information for the UCF Common Controls Hub:

     

    Pricing

  • Contact Us

    First Name:

    Last Name:

    Email address:

    Tell us what you’re interested in, select all that apply:

    Send us your questions:

  • April 2018

    Thursday 04/26/18 | 11:00 am (PST)

    Mapping Observation Portal Webinar

    September 2017

    Tuesday 09/26/17 | 12:00 am (PST)

    Compare, Share, Attest: Get Up to Speed on the CCH Newest Features!

    Stay informed and up-to-date with the new product features we’ve added and how these enhancements will help you get the most out of the Common Controls Hub.

    View More

    June 2017

    Friday 06/09/17 | 10:00 am (PST)

    Compare, Share, Attest: Get Up to Speed on the CCH Newest Features!

    Stay informed and up-to-date with the new product features we’ve added and how these enhancements will help you get the most out of the Common Controls Hub.

    View More

    • 07/24/17
      THE COMPLIANCE DICTIONARY HAS JUST REACHED over 250,000 TERMS!

      Here’s the wild thing about it – there are only 200,000 or so definitions! Wonder what’s going on? There’s a difference because we are able to track non-standard forms of each term. What’s a Non-Standard Form and Why …

      Read More
    • 06/28/17
      Unified Compliance and (ISC)2 Launch UCF Mapper™ Training

      Training on the UCF Mapper™ is Available Now! The UCF Mapper™ is the first compliance mapping tool available to the compliance community. It allows compliance teams to include any publicly available Authority Documents relevant to …

      Read More
  • Upcoming Events