Partners

Akibia’s Managed Service, AssuredCompliance, reduces the cost of compliance by addressing multiple regulations via a single integrated framework. Viewing compliance through this framework enables companies to leverage the same processes and data for multiple regulations.  This allows companies greater insight into the overlap between various compliance regulations and assists the IT organization in prioritizing issues based on risk mitigation. AssuredCompliance includes identification and documentation of gaps in current processes, mapping of controls across multiple mandates, compliance reporting and documentation, quarterly compliance evaluations, compliance training for IT staff, and access to an online compliance portal. Akibia, a Zensar company, provides innovative Infrastructure Management solutions that enable leading companies worldwide to optimize, secure, manage and support their mission-critical infrastructure.

Aruvio simplifies the way you work with UCF content and manage your compliance controls. With Aruvio you can build a control library with your existing and UCF content; visualize controls hierarchy with configurable grouping; add any UCF control and authority documents to your library; map your own controls to UCF controls to leverage UCF's control mappings; define custom data elements to enhance UCF content for your organization; compare and visualize control changes between different UCF releases; reconcile UCF changes into your controls while preserving all custom attributes; easily import and export UCF content in both Excel and XML formats. AruvioGRC is ideally suited for mid-tier organizations. Built on Salesforce.com’s Force.com platform, the Aruvio GRC Suite is a complete set of GRC applications that are easy to use and deploy in hours. Aruvio also offers a free UCF Browser utility to visualize the UCF contents. You can access UCF Browser at http://www.aruvio.com/ucfbrowser

BWise delivers proven solutions to help organizations become "in control" by increasing corporate accountability; strengthening financial, strategic and operational efficiencies; and maximizing performance and ROI. Partnering with Network Frontiers enables BWise customers to further mitigate compliance costs, reduce the administrative burden, and leverage the value of compliance-related technologies and services. UCF quarterly updates help to ensure continuous compliance. BWise's integration of the UCF is in process.

Datasheet: UCF, Integrated and Incorporated

SecureGRC ™ is a patent-pending, multiple award-winning, Cloud based software-as-a-service (SaaS) solution that provides PCI, HIPAA/HITECH, ISO, FISMA etc. based security and compliance management for small, medium businesses to large enterprises. SecureGRC is sold exclusively through channel partners, through its innovative Managed Compliance Provider (MCP) program. The solution leverages the Unified Compliance framework (UCF) for regulation citations information. By enhancing the regulation information with additional in-built policies, procedures, best practices, dashboards and detailed reporting on security and compliance, SecureGRC offers a one stop solution in security monitoring, IT Governance, Risk and Compliance management. The solution demystifies security and compliance management so that it can be used by non-domain experts, non-IT savvy end users and /or  domain experts such as auditors and IT experts.

HP is transforming the enterprise security landscape with its Security Intelligence and Risk Management (SIRM) Platform. The SIRM Platform uniquely leverages advanced threat research with powerful correlation of security events and vulnerabilities. By delivering unparalleled visibility across security assets in context of business critical processes and applications we help our customers manage their risk and maximize their security investments.

Datasheet: HP EnterpriseView: Business-Centric IT
Risk Management:

IBM OpenPages ITG aligns IT policy, risk and operations management with corporate business initiatives, strategy and operational standards. Leveraging a core, shared-services and open architecture, OpenPages ITG makes IT risk and compliance management achievable, enabling organizations to sustain compliance across multiple IT best practice frameworks and regulations such as CoBIT, ISO 17799 (renumbered ISO/IEC 27002), and ISO/IEC 27001, while managing internal IT control and risk according to the business processes they support. OpenPages ITG unites multiple silos of IT risk and compliance to deliver improved visibility, better decision support, performance and stronger valuation.

Intreis™is a solutions integrator specializing in ITGRC and ITSM integrations. At the core of the Intreis™ methodology is the fundamental concept of placing your system of internal controls at the center of your operations management, service delivery, security & risk management, and governance & compliance programs. Intreis™ uses the power of the UCF to design a controls framework that is customized to the way you do business. We then integrate and automate your controls by making use of your ITSM platform’s core capabilities to create the perfect engine to not only power your internal controls framework, but improve operational effectiveness.Intreis™also offers a wide range of services which support ITGRC and ITSM integrations including: Assessments, Controls Definition (powered by the UCF), Process Design, Remediation Work, Risk and Compliance Strategy, Training and Education. www.intreis.com

LockPath helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. Its innovative software provides keen insight by correlating security information from multiple data sources with current regulations and policies to gauge risk. Easy to install and manage, the Keylight platform empowers people at every level in an organization to take control and make better business decisions. www.lockpath.com

Datasheet: Unlock the full Power of the UCF with LockPath

White paper: Unlock the Power of the UCF to Solve Complex Compliance Issues

Lumension® Compliance and IT Risk Management, comprised of Lumension Risk Manager and Lumension Enterprise Reporting, automates the compliance and IT risk management workflow to reduce the cost of supporting numerous compliance requirements. The Lumension solution ensures that IT risks are prioritized by their potential impact on the business. Key capabilities include risk profiling of IT assets and business interests, use of the Unified Compliance Framework (UCF), which harmonizes IT controls across numerous compliance mandates, automated assessment of technical, physical and procedural controls, and continuous monitoring and reporting to satisfy a diverse IT risk and compliance audience.

McAfee products for enterprise risk management and security compliance help minimize risk, automate compliance, and optimize security. Through our Security Connected framework, enterprise risk and compliance management achieves a new level of operational efficiency. Our solutions help identify governance and compliance requirements, deliver real-time insight into vulnerabilities and policies, and automate threat management and remediation.

Datasheet: McAfee Enterprise Security Manager

MetricStream offers an advanced and comprehensive IT GRC software solution suite for streamlining these processes and effectively managing IT risk and meeting IT regulatory requirements. MetricStream enables companies to implement a formal framework to ensure rigor around how to measure, mitigate, and monitors IT risks. It eases complying with many regulations governing data retention, privacy, confidential information, financial accountability and recovery from disasters reduce the cost of compliance.

Datasheet: Simplify IT Compliance across Regulations, Standards, & Guidelines

Microsoft System Center Service Manager is an integrated platform for automating and adapting your organization's IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management. Through its configuration management database (CMDB) and process integration, Service Manager automatically connects knowledge and information from System Center Operations Manager, System Center Configuration Manager and Active Directory.

The UCF translated into Japanese!

NetIQ's Security and Compliance Management solution reduces enterprise risk, decreases compliance costs, and increases the security of critical information assets. Intelligent and integrated management of user activity and control of system configuration directly addresses the most significant security problems facing the enterprise. Automating the compliance and security processes reduces costs and helps you more easily protect critical servers, applications and customer data through scalable and streamlined security and compliance programs.

Prevari provides predictive analytics, metrics and instrumentation to proactively manage risks to information.  Prevari has licensed UCF content and mapped the UCF controls to the specific mathematical impact on Confidentiality, Integrity and Availability using our patented Risk Calculation Engine.

Prevari's computational capability factors both compliance data and technical data from GRC suites, technology scanners, sensors and SIM/SEM to provide the most holistic understanding of risks to information available.

QualysGuard® Policy Compliance allows an organization to reduce the risk of internal and external threats, while at the same time providing proof of compliance demanded by auditors across multiple compliance initiatives. QualysGuard® Policy Compliance extends the global scanning capabilities of QualysGuard® Vulnerability Management to collect OS Configuration and Application Access controls from hosts and other assets within the enterprise, and maps this information to user-defined policies in order to accurately document compliance with security regulations and business mandates.

RSA Archer has licensed the UCF content to provide customers with a consistent set of controls mapped to several regulatory standards and best practices. In addition, UCF controls have been mapped to the Archer Control Standards which will simplify managing your compliance to the control objectives across all regulations.

Datasheet: Manage IT control activities across regulations, standards, and best practices

TruOps GRC Hub from SDG Corporation is a comprehensive Governance, Risk, and Compliance (GRC) platform: TruOps’ comprehensive Risk Management solution combines Qualitative and Quantitative risk analysis and supports the end-to-end process from risk scoring to mitigation and reporting. TruOps’ workflow-driven Policy and Compliance solution is backed by the comprehensive Unified Compliance Framework. TruOps Security Management provides a unified information platform that collates and correlates system availability data from disparate monitoring solutions and security data from “siloed” reactive security solutions, turning information into insights.

Symantec Control Compliance Suite (CCS) is designed to address IT risk and compliance challenges by delivering greater visibility and control across your infrastructure, data and people.  Our holistic, fully-automated solution allows you to effectively manage security risks while reducing the cost and complexity of compliance.  You can take advantage of built-in regulatory and technical content automatically mapped to policies and updated as regulations change; automatic technical and procedural controls assessments; a centralized database which combines CCS and third party data making it available for multi-level reports and dashboards; the ability to do risk-based remediation through built-in risk scoring and integration with remediation ticketing systems.

TraceSecurity’s TraceCSO is the industry’s first full-featured, cloud-based GRC solution, built for small and medium-sized enterprises that need to protect critical data or are subject to security mandates, and do not have the resources, skilled personnel or on-premise technologies to develop and administer a comprehensive risk-based information security program. TraceCSO is a ground-breaking innovation that transforms IT GRC management from a complex technology challenge into a simple, reliable business application, delivered as a cost-effective cloud service.

Brochure: TraceCSO simplifies risk management and compliance while maintaining sophisticated capabilities