The UCF Mapper™ Announcement Opens New Doors

January 24, 2017


As you know, Unified Compliance is the premier provider of compliance mapping. Our products include the Unified Compliance Framework® (UCF) and the Common Controls Hub® (CCH).

We’ve just announced the UCF Mapper™, a new product that allows any governance professional to significantly reduce the cost and complexity of ensuring compliance with regulations specific to their own industries.

Professionals using the UCF Mapper™ will access the same patented mapping process offered in the UCF itself. Therefore, a company can ensure compliance with regulations that aren’t currently available in the CCH.

Demonstrations are available at the RSA Cybersecurity Conference, February 13-17, 2017 at Moscone Center in San Francisco. To schedule an appointment and a 1-on-1 demo, call 510.962.5192 or email

Market Reaction to the UCF Mapper is Exciting

We’re pleased with the reaction from our partners to this new announcement. Here’s what some of them had to say.

"As a key partner, MetricStream looks forward to the release of UCF Mapper™, which will ensure that customers' local legal requirements are provided in the Unified Compliance Framework through their Common Controls Hub account,” Vasant Balasubramanian, Senior Vice President of Product Management at MetricStream said. “This will help streamline and simplify end-to-end compliance processes."

Robert Dyson, Partner, Global Security Services – Consulting Global Lead, Risk Management and Compliance, IBM Security said, “IBM Global Services has leveraged the Unified Compliance Framework in several key accounts. UCF Mapper™ is great for our clients, because we’ll be able to customize our clients’ Common Controls to meet requirements not available through the standard Unified Compliance Framework.”

“Businesses, organisations and information security professionals face increasing legal and regulatory challenges and requirements to prove their compliance. UCF Mapper™ gives organisations and individuals the opportunity to provide local requirements for global compliance in the UCF for their organizations and clients,” said Adrian Davis, (ISC)², Inc. Regional Managing Director, EMEA Region.

“The capacity to tie specific business use context to compliance rules is the only way to assure that evidence collection meet a business’ legal requirement. This capability is paramount to the effective use of any control framework. With UCF Mapper™, a company can use that same evidence in multiple audits, which is the unique and added value in working with the Unified Compliance Framework model,” said Robin Basham, CEO, EnterpriseGRC.

How It Works

Each organization that wants to use the Mapper will be required to meet certain requirements. Afterward, they will have many options to help them use the UCF Mapper™ in the way that best satisfies their needs.


Training and Certification

Mapping organizations will be required to train employees to earn a UCF-M certificate. Three employees are required, a mapper, a reviewer and an approver. All these employees can connect to a single CCH account, but they must each have a separate login.

The UCF Mapper™ training and certificate will be provided by (ISC)2, and eight to twelve CPE credits will be awarded.


Authority Document Control

We know that each mapping organization will want to control its own documents, and have provided the needed alternatives. Each organization can mark their Authority Documents for private or public use, and could be included on CCH Authority Document Lists.

To provide additional flexibility, an API is available for sharing information with popular compliance management software. In addition, Authority Document Lists can be exported into custom spreadsheets and compliance templates. They can also be shared with other organizations, including suppliers.

It’s important that we preserve the integrity of our mapping system. Therefore, our staff and lawyers will approve all public Authority Documents added to the UCF.


Roles for Mapping Organizations

We’ve identified several different ways that our customers and partners want to provide mapping services, and have defined different roles to fit their needs.

  • Self-Service Customer: A company that becomes certified to map certain publicly available documents such as laws and regulations for their own compliance requirements.
  • Individual Contributors: These contributors will act as part of the UCF mapping team and be paid directly by Unified Compliance.
  • Consultants: A consulting organization that meets the requirements to be a partner will provide mapping services to their clients for a fee.
  • Mapping Providers: An organization that provides mapped documents to clients for a fee.
  • Patron: An organization that shares free documents to a limited or unlimited audience.

Next Steps

We’re very excited about the response we’ve received to the UCF Mapper™ announcement to date. It will give a wide range of compliance professionals the support they need to manage any compliance requirements that are specific to their company or their industry.

If you’ve been wishing that you could use the Unified Compliance systems for your own purposes, now is your chance! Learn more about the UCF Mapper™ by calling us at 510-962-5192, or send an email.