OCEG AND NETWORK FRONTIERS COLLABORATE TO EXPAND UNIFIED COMPLIANCE FRAMEWORK
The Open Compliance & Ethics Group and Network Frontiers, a leader in IT regulatory compliance management, have partnered to deliver the 2008 Unified Compliance Framework (UCF) a product of Network Frontiers at a discount to OCEG members.
The partnership will offer the latest version of the UCF's cross platform regulatory management controls at a substantial discount to OCEG members based on their level of participation in OCEG.
UCF has mapped thousands of controls from Sarbanes-Oxley, HIPAA, CobiT, FERC, Basel II, PCI (Payment Card Industry) data standards and many others across the globe, into a master hierarchal framework.
|
Meeting your IT compliance requirements has never been this straightforward.
| Basic Members |
Premium Members |
Enterprise Members |
| Discounted Bundle Price |
Additional 5% discount |
Additional 20% discount |
|
Join Now
|
Join Now
|
Join Now
|
The Unified Compliance Framework reduces the regulatory tornado to a much smaller set of harmonized controls, giving you a single point of control over hundreds of IT complex compliance requirements from around the world.
The Unified Compliance Framework helps you divide and conquer your compliance challenges by organizing real-world IT processes into 12 IT Impact Zones. Each impact zone deals with one area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc. Each IT Impact Zone can be used online in HTML format, or purchased and downloaded in Excel format.
 Simplify and centralize your compliance efforts by using these 12 IT Impact Zones to:
- Create a single point of control over hundreds of complex regulations, requirements, and guidelines
- Assert compliance across multiple authority documents simultaneously
-
Clarify conflicts created by multiple overlapping documents
- Drill down for explanations and sources for each control
Get Started
12 Impact Zones
-
Acquisition of technology and services
This impact zone contains the controls necessary for the planning and documentation necessary when acquiring new hardware and software, including the assurance controls, cost controls, licensing controls, and testing controls necessary for compliance.
-
Audits and risk management
These are the necessary requirements for establishing your internal audit and risk teams, conducting internal audits, and audit reporting.
-
Design and implementation
Whereas the acquisition impact zone covered what you need to know before you purchase hardware and software, the design and implementation impact zone covers all aspects of the design and implementation processes from the full project management standpoint to ensure that compliance is built in to the software or systems being designed.
-
Human Resources Management
Many requirements now call for a full blown description of the IT organizational structure, and additional hiring practices such as security requirements. This impact zone begins with the hiring process and then moves through training, job descriptions, job performance, and the eventual end of cycle for staff members and third parties.
-
Leadership and high level objectives
Beginning with the alignment of IT with the organization's strategies and tactics, this impact zone moves through the definitions of information classification, systems, organizing the compliance framework, and establishing a high level strategic plan for IT.
-
Monitoring and measurement
One of the keys to a successful compliance campaign is tracking your compliance. This means gathering the necessary evidence that you are doing your job. Therefore, this impact zone is concerned with monitoring and logging operations; risk, performance, and compliance monitoring and reporting.
-
Physical and environmental protection
This impact zone covers the IT facilities, the physical security of distributed IT assets, and the environmental controls necessary (such as power and air) for maintaining IT availability.
-
Privacy protection for information and data
Privacy is one of our most cherished and valued assets. And yet, privacy breaches abound. This impact zone has the most controls (about a quarter of the total controls we have mapped so far!), and the most international controls by far. It covers the establishment of personal information collection boundaries, what you can and can't do with the information, and how you have to provide for the integrity and security of the information.
-
Operational management
Privacy is one of our most cherished and valued assets. And yet, privacy breaches abound. This impact zone has the most controls (about a quarter of the total controls we have mapped so far!), and the most international controls by far. It covers the establishment of personal information collection boundaries, what you can and can't do with the information, and how you have to provide for the integrity and security of the information.
-
Records management
This impact zone covers computerized records as an integral part of each and every system. It also covers the definition and maintenance of your organization's records discovery program.
-
Systems continuity
Availability is one of the most critical aspects of information -- if it isn't available, the organization can't depend upon it. Therefore, this impact zone focuses on maintaining the continuity framework, establishing a continuity strategy, documenting continuity plans, alternate site preparations, and maintaining the continuity plan itself.
-
Technical Security
This impact zone begins with the need for establishing an access classification scheme, and moves through policies and procedures, network access point management, operating system access management, information flow enforcement, remote access management, encryption management, and managing intrusion detection/response.
| Basic Members |
Premium Members |
Enterprise Members |
| Discounted Bundle Price |
Additional 5% discount |
Additional 20% discount |
|
Join Now
|
Join Now
|
Join Now
|
|
