SAN FRANCISCO, CA - February 24, 2014: The Unified Compliance Framework® (UCF) has been granted the first ever patent for a Governance, Risk, and Compliance (GRC) framework.
The UCF helps compliance professionals demonstrate compliance by providing both comprehensive content and structure within an industry-proven framework. The UCF is the only solution to fully integrate critical legal and technical data, to meet the needs of both compliance officials and IT experts. Additionally, it is also the only solution that enables GRC and security solutions to communicate with each other effectively. As part of the patent process, details of the methodologies utilized to deliver the UCF’s uniquely innovative method of managing GRC are now fully transparent.
“The patent allows us to further deliver on our promise of ‘the science of compliance.’ The scientific method requires testing and retesting a theory, publishing it, and opening it to peer review. Patenting the UCF enabled us to do this in the most efficient way possible, while also protecting our intellectual property,” said Dorian Cougias, co-founder of the Unified Compliance Framework.
Among the most important practical applications of the patented framework is full support for automated governance and continuous monitoring. Due to the interconnected requirements established by the UCF methodology, organizations can automatically track the changes required by new or updated laws and quickly assess any incremental changes required, rather than having to complete an entirely new assessment.
In addition, the UCF marries technical controls (such as machine configuration settings) to automated audit mechanisms. This allows for the complete automation of continuous monitoring, reporting, and audit data collection
"The only proven method an organization can use to absolutely know their specific legal requirements for IT, is to use the UCF," said Craig Isaacs, CEO of Unified Compliance Framework.
The patent specifically covers the design, mapping, and delivery of data necessary to establish, harmonize, and track governance methodologies, regulatory requirements, and compliance demands. Unlike patents intended to protect a potential implementation of a “unique, useful idea,” the UCF is already in wide-use for both customers and OEMs where it is delivered within industry-leading GRC and security products.
The UCF provides targeted, harmonized research on what an organization needs to do — and not do — to achieve and maintain compliance with industry, government, and best practice demands. Customers using the UCF can document and leverage the links between harmonized controls, records, assets (and their configurations), events, metrics, and roles.
And by using the UCF to “map the overlap” between multiple authority documents, organizations can clarify any conflicts created by overlapping authority documents, create a control list for specific IT areas, and confidently simplify their GRC processes.
Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. More information can be found at unifiedcompliance.com.
By applying the scientific method to compliance — rigorously testing best practices and methodologies as well as analyzing and organizing information into a rational format — Unified Compliance has developed a logical approach to IT compliance that reduces cost, limits liability, simplifies the compliance process and leverages the value of related technologies and services across the enterprise.