- ABOUT THE UCF
- UCF Controls
- Research Sites List
- Authority Documents
- Authority Documents In-Depth Report
- Language of Compliance
- Metrics Standards
- Roles Definitions
- Monitored Events
- Compliance Docs
- Config Management
- Information Classification
- Audit Guidelines
- XML Database Files
- The Science of Compliance eBook
- Elements of Compliance
- UCF PRODUCTS
- FREE RESOURCES
Network Frontiers and LockPath Release Free Online Compliance Dictionary
First Comprehensive Regulatory Dictionary Aims to End Compliance Language Confusion
LAFAYETTE, CA, August 3, 2011 - Network Frontiers, the premier provider of IT Compliance mapping and creators of the Unified Compliance Framework™ (UCF), and LockPath, a provider of innovative governance, risk and compliance (GRC) applications, today jointly released the first online Compliance Dictionary, drawing on methodology developed over nearly a decade of supporting IT best practices.
Accessible for free at www.ComplianceDictionary.com, the UCF's Compliance Dictionary is the only lexicon of its kind, online or off. There are many glossaries associated with specific compliance regulations, but each utilizes its own definitions and terminology, which can add to the confusion, cost, and wasted time associated with managing compliance.
Even small variances in language, including misspellings and typos, can make it very difficult, and sometimes impossible, to properly configure the automated compliance tools many organizations now rely on. For example, what is the difference between an “active recovery site” and a “mirrored site”? Nothing. How about an “Application Service Provider” versus a “Managed Service Provider”? Again – as far as compliance is concerned, nothing. These are just two examples of how those who write compliance controls -- the guidelines that appear in Authority documents that organizations must implement to achieve compliance -- are using different words to mean the same thing.
Network Frontiers' UCF standardizes and unifies compliance terms and governance requirements from hundreds of Authority Documents containing thousands upon thousands of controls. The new Compliance Dictionary brings the UCF's science of compliance -- and a big dose of sanity -- to regulatory management.
"I’m just tired of seeing legislators, regulators, and standards writers make terms up and auditors confusing things even further," says Dorian Cougias, Network Frontiers co-founder and lead analyst of the Unified Compliance Framework. "Compliance really doesn't have to be nearly as maddening as it is."
The key is searchability. Unique to this site is that the domain name itself lends to various types of searches, whether they are acronyms, words or phrases. The domain followed by /definition/ and a search term finds both acronyms and terms. The domain followed by /ucfid/ and the ID of a term finds terms by their catalogued UCF Glossary ID.
For example, www.compliancedictionary.com/definition/hipaa returns the definition for the acronym HIPAA, whereas …/definition/preventive control returns the definition for preventive control, and …/ucfid/0005630 returns the definition for detective control.
“Compliance Dictionary’s comprehensive search functionality will give both the people writing compliance guidelines and those tasked with understanding and implementing them a way to efficiently check their language choices and verify terminology,” says Chris Goodwin, co-founder and CTO of LockPath. “We wanted to give people multiple ways to search, beyond entering text into a search box.”
The UCF Compliance Dictionary also links directly to Authority Documents and Controls, clearly defines Configuration Items and Configuration Methods, and can be actively used to map Citations to Controls.
“Compliance and security professionals are drowning in compliance and control data – they need better context, not just an additional content resource,” adds Goodwin. “The Compliance Dictionary gives them a way to quickly get the insight and context they need to manage their compliance initiatives.”
The UCF maps IT controls from more than 400 international regulatory requirements, standards and guidelines, and is updated quarterly. Network Frontier's unique methodology transforms this massive compilation of data into a single set of straightforward requirements that clearly show the many points where multiple regulations overlap, enabling businesses to quickly create a customized set of controls that fully leverage their existing compliance policies, processes and tools.
The UCF is the trusted source for business compliance management and has been licensed for use by industry leaders including Microsoft, RSA Archer and IBM OpenPages for use in their own governance, compliance and risk management solutions. For example, LockPath integrates quarterly UCF updates into its Keylight platform, giving users a streamlined workflow interface to manage the ever-changing list of controls that must be folded into formal governance and compliance documents. The UCF is also available for direct purchase, in spreadsheet format, from Network Frontiers. To request a free UCF spreadsheet sample, email email@example.com.
About Network Frontiers and the UCF
Since 1992, Network Frontiers has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The Unified Compliance Framework (UCF) is Network Frontiers' flagship product.
The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at www.unifiedcompliance.com.
About the Science of Compliance
By applying the scientific method to compliance -- rigorously testing best practices and methodologies as well as analyzing and organizing information into a rational format -- Network Frontiers has developed a logical approach to IT compliance that reduces cost, limits liability, simplifies the compliance process, and leverages the value of related technologies and services across the enterprise.
LockPath helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. Its innovative software provides keen insight by correlating security information from multiple data sources with current regulations and policies to gauge risk. Easy to install and manage, the Keylight platform empowers people at every level in an organization to take control and make better business decisions. LockPath is headquartered in Kansas City, with offices in Minneapolis and Santa Clara. Please visit www.lockpath.com to learn more.