Articles & Recorded/On-Demand Webinars

    • The UCF Common Controls Hub, You Need This Thang!

      You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”

      Great, another compliance initiative to work into the alphabet soup of controls-pain that haunts security professionals. More standards means more work to make sure that the standard control set you use in your organization will cover any new requirements you face. Compliance and Security frameworks often overlap, and usually just have a small number of requirements that are unique to the industry or data type protected.

      I recently had a great conversation with Dorian Cougias from UCF and he turned me on to one of his projects, the Common Controls Hub. I’ve been aware of the great work that Dorian and his team have been doing over the last decade, but the Common Controls Hub was a new one for me. I’ve been heads down on security outside of compliance (or fielding PCI DSS questions, representing just one initiative), so when I got to see this thing in action, I was pleasantly surprised. It’s what I think many of us have been waiting for….

      Read article
    • The Unified Compliance Framework simplifies how companies manage compliance

      Does the term regulatory compliance make your stomach churn? If so, you certainly aren’t alone. In the recent CSO article ‘Compliance fatigue’ sets in, author Taylor Amerding writes, “many organizations feel like they are drowning in such a sea of regulations that constant compliance with them all doesn’t give them much time to run their usual business.”

      Because many regulations pertain to information systems, it’s all but impossible for IT to escape involvement in implementing and maintaining controls and participating in audits that verify the veracity of those controls. In fact, technologists and corporate lawyers can find themselves working closely to interpret a regulatory mandate and ensure the chosen IT control (for example, system logging) is sufficient to meet the mandate.

      Depending on the size, industry and nature of a business, a company may need to comply with just a handful of mandates, or possibly with dozens. Multinational corporations also have to….  continue reading

      Read Article
    • Leveraging the UCF with ARIS GRC

      Need to comply with different regulations, standards and guidelines? The process can be painful and expensive when stakeholders work in silos and duplicate efforts. To remedy this, Software AG has integrated the Unified Compliance Framework (UCF) with its market-leading ARIS Governance, Risk and Compliance (GRC) Management Platform. Learn how this integration helps you streamline work, simplify regulations requirements, provide internal and external transparency, and better manage and mitigate risks.

      With Craig Isaacs, CEO of Unified Compliance and Michiel Jorna, Director, Global BPA & GRC Solutions of Software AG

      Launch Webinar
    • Convergence of Internal Audit, Security, Compliance, and the Business in GRC

      With Dorian Cougias, Compliance Scientist and co-founder of Unified Compliance, Yo Delmar, Vice President, GRC Solutions at MetricStream and Joesph Devita, Partner at PricewaterhouseCoopers LLP.

      Launch Webinar
    • Simplify and Strengthen Compliance with the Unified Compliance Framework

      Join this webinar to learn:

      • A real life case study of a Fortune 500 organization on how they are leveraging UCF and MetricStream
      • How to eliminate duplicate efforts by asserting compliance across multiple authority documents simultaneously
      • How to simplify your regulations requirements by clarifying conflicts created by multiple overlapping documents
      • How to save time by creating a single point of control over hundreds of complex regulations, requirements and guidelines
      • How to limit your legal liability by drilling down for explanations and sources for each common control

      With Craig Isaacs, CEO, Network Frontiers and Vinaya Sathyanarayana, IT GRC Product Manager, MetricStream.

      Launch Webinar
    • Creating Audit Questions

      Approaches and methods to creating audit questions
      A Dorian Cougias Learning Module

      Launch Webinar
  • Test the UCF Common Controls Hub for free, now.

  • GET STARTED