Home » Education » Testimonials


We are interested in hearing how the UCF is providing value to you and would love to share your success story. Click here to email us.

  • Coalfire

    You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”

    Carlos Pelaez
    National Practice Leader Coalfire
  • Aspect

    “Performing control and standards research could take several days in my old job, and there was always the concern that I might have missed some critical frameworks or entire regulations. With the UCF, I can do that same research and summarization in hours and have the confidence that any major framework, standard, or regulation was comprehensively reviewed. The UCF allows me to better focus my time on other important information security activities.”

    Rudy Montoya
    Information Security and Regulatory Compliance Aspect Software
  • Seccuris

    “We’ve been using the UCF for several years and it has continued to be the single most powerful compliance and regulation resource we have. UCF allows you to focus your efforts, increasing speed of compliance activities and decreasing risk of incomplete or inconsistent strategies, policies and controls. Regardless of the size of your organization you will see an immediate value in incorporating the UCF into your program and processes.”

    Michael Legary
    Chairman & Chief Strategy Officer Seccuris Inc.
  • USAN

    “The UCF has saved me countless hours of research on the Internet. Having direct access to the authority documents for standards, regulations and guidelines in one convenient location has helped me turn around compliance initiatives such as HIPAA compliance in a fraction of the time compared to what it used to take me prior to using the UCF.”

    Edgar Cooke
    Manager Information Security & Compliance USAN
  • Patch Advisor

    “We have used the UCF compliance package tool for many assessments! The availability to pull the governance requirements is outstanding especially for each State. We also use it for quick references with building specific test plans.The UCF compliance package is a tool that we would like to keep in our tool bag!”

    Steve Fisher
    IA SME Patch Advisor
  • Concise Consulting

    “We both use the UCF and recommend it to our clients. I can’t think of an organization that we work with whose core business is keeping track of the myriad of regulations that affect IT, not just in the US but overseas, but many spend a lot of effort doing just that. Why bother, when the UCF does all of the hard work, and allows you to focus on actually implementing controls to reduce risk to your organization, rather than working out how to interpret legislation? If that isn’t enough praise, for the amount of work that has gone into the UCF, it is incredibly competitively priced. We got almost instant return on our investment in UCF licenses and you will too.”

    Aaron Weller
    CEO & Co-founder
  • A large financial organization

    “I have used the UCF for 6+ years now, first as a Consultant and later as a full time InfoSec manager responsible for Governance, Compliance, and controls. The UCF has helped me in Business Impact Analysis and Risk Analysis functions for my work. It has saved me countless hours and reduced the cost associated with managing the complexity of IT risk and compliance by standardizing on a common set of controls that map to all the regulations and policy mandates they need to comply with.”

    Gary Everekyan
    VP, Information Security
  • Cint

    “At Cint, we are using UCF as information source for our Legislation guidelines matrix covering many countries all around the world. As Cint is ISO 20252 certified, these guidelines are an important part of our quality management where we are ensuring we always comply with the local laws and restrictions. The UCF helps us to keep the Legislation matrix up-to-date in a fast and easy way.”

    Veronika Oudova
    Business Analyst/Quality Management Cint
  • The GRC Sphere

    “GRC Sphere members have concluded that the Common Controls Hub provides the greatest strategic value for their GRC program initiatives, not only as the System-of-Record for their compliance management Centers-of-Excellence, but also through these astounding operational reductions: 60% reduction of Internal Controls, 40% reduction in Labor Overhead, 50% reduction in Labor Overhead associated with remediation/change requests, 30% reduction in Labor Overhead associated with prepping for an audit.”

    Phil Wilson
    Architect; Member Programs & Services The GRC Sphere
  • Danya International, Inc.

    “I’m one of your clients who recently upgraded to the corporate UCF. Kid in a candy store is all I can say.”

    Mark E. Potter
    Chief Information Security Officer Danya International, Inc.
  • Global Security Services, IBM
    “The UCF Mapper is the only accurate, documented, and repeatable mapping tool and methodology we’ve seen. This is exactly what we need to meet our clients’ demanding requirements.”
    Charles Chang
    Associate Partner Global Security Services, IBM
  • MetricStream
    “MetricStream customers love the Unified Compliance Framework, and now we can use UCF Mapper to add Authority Documents which are absolutely critical to specific customers, but not in demand by many. UCF Mapper allows us to continue to provide our customers with the best GRC solution in the market.”
    Vinaya Sathyanarayana
    Director, Product Management MetricStream