Unified Compliance Framework
The Unified Compliance Framework (UCF) is a complex database with multiple elements. These elements reflect over 400 authority documents and are beneficial as stand-alone references, or as intertwining templates that address requirements through the linking of sources to harmonized controls. For example, the information is beneficial as a framework in a Governance, Risk, & Compliance (GRC) program.
The UCF corporate package is distributed with files stored in eleven folders that represent core elements. Below is a description of each element in the directory:
- Research Sites Report
The Research Sites report contains the list of all online compliance sites used to investigate UCF content. The report summarizes information by category, and is sorted by each individual site and document type. This information is a great reference guide for researching compliance issues.
- Authority Documents
The Authority Document List includes every statute, regulation, safe harbor, audit guideline, best practice, and any other documents mapped in the Unified Compliance Framework (UCF), whether redacted or current. This list includes the Authority Document name, the number of citations mapped to UCF controls, and the release date.
In addition, the Authority Documents In-Depth Reports offer comprehensive information tracked by the UCF. Each report provides an overview of the Authority Document, as well as various charts and lists depicting practices.
- Language of Compliance
The Language of Compliance harmonizes compliance terms for hundreds of international standards and regulations, including HIPAA, SOX, CobiT, other regulatory bodies and agencies. The Language of Compliance resource provides the opportunity to standardize written and spoken compliance language throughout the university, including acronyms.
Another quick resource for compliance definitions is the following: compliancedictionary.com. This dictionary is also managed by the UCF.
- Controls Spreadsheets
The Controls Spreadsheets identify each control listed in the Authority Documents. The “UCF Controls.xls” spreadsheet includes every control in hierarchical order. The other spreadsheets are subsections of controls, divided into the top thirteen levels of the UCF hierarchy.
- Metrics Management Standards
Metric Management Standards define each of the metrics specified by the Authority Documents mapped to the Unified Compliance Framework. The metrics reports include the applicable controls as well as an explanation of the metric formula, the calculation used to define the metric, how the metric should be displayed, and where to find the data or information that feeds the metric calculation.
- Roles Descriptions
Roles Descriptions identify each functional role described within the Authority Documents mapped into the Unified Compliance Framework. The UCF favors the functional roles employees play over job titles because functions can be standardized, and roles makes responsibilities more clearly understood.
- Monitored Events
The Monitored Events documents link each of the Monitored Events to Controls that either call for the event to take place, react to the event taking place, or both call for and react to the event taking place.
- Compliance Documents
Compliance Documents are all-encompassing files such as policies, standards, procedures, and checklists required across industries,