Partners

 

"Some of the best of these tools, whether as stand-alone packages or integrated with larger enterprise management software, are based on the Unified Compliance Framework (UCF)."  


The Unified Compliance Framework has played a critical role behind the scenes for the GRC industry. Only the companies listed below can provide functional support of the Unified Compliance Framework.

NOTE: If someone promises UCF support, and their software is not listed below, buyer beware. Unlicensed software cannot deliver what we promise. Please click here to request a live demonstration of the true power of the UCF so you can see it for yourself.


What do successful companies like these have in common? They have recognized the value of the UCF and incorporated it into their own products.

Click on the company logos to visit our Partners' websites.

 

Anx Logo

BWise Logo

LockPath Logo Lumension Logo



Microsoft Logo

 


Nanaroq Logo


 
     

 

Akibia’s Managed Service, AssuredCompliance, reduces the cost of compliance by addressing multiple regulations via a single integrated framework. Viewing compliance through this framework enables companies to leverage the same processes and data for multiple regulations.  This allows companies greater insight into the overlap between various compliance regulations and assists the IT organization in prioritizing issues based on risk mitigation. AssuredCompliance includes identification and documentation of gaps in current processes, mapping of controls across multiple mandates, compliance reporting and documentation, quarterly compliance evaluations, compliance training for IT staff, and access to an online compliance portal. Akibia, a Zensar company, provides innovative Infrastructure Management solutions that enable leading companies worldwide to optimize, secure, manage and support their mission-critical infrastructure.

 
 

 

Allgress provides easy to use and implement Risk Management and intelligence solutions that enable achievement of business objectives. By providing business intelligence, key stakeholders can make rapid decisions to protect the business. That's why some of the most respected Global 2000 companies use Allgress to automate the entire processes of managing risk, compliance and security from a single roles based dashboard. Unlike other risk management solutions, Allgress provides business value in a few weeks instead of months.  Contact us at http://www.allgress.comAllgress Business Risk Intelligence

Business Risk Intelligence

 
 
 

 

Anx Logo

TruComply, ANX’s enterprise governance, risk, and compliance (GRC) solution, is designed to help organizations manage compliance and risk in their internal environment and in their extended vendor supply chain. With TruComply, clients are able to provide clear and timely communication of risk, and translate the data into actionable recommendations and reporting.  Furthermore, clients have the ability to rapidly adjust to new or updated regulatory requirements and eliminate redundant compliance activities and tasks.

 
 
 

 

 

                         
 

Aruvio Inc. (wholly owned subsidiary of Virima Technologies) provides organizations with enterprise scale, easy-to-use and cost-effective governance, risk, and compliance (GRC) software solutions with support for more than 900 compliance regulations, frameworks, and standards. Aruvio simplifies the way you work with the UCF content. Aruvio GRC is built and delivered on Salesforce.com, which is a proven platform for availability, scalability and security. Aruvio offers advanced social collaboration capabilities in addition to easy-to-use process automation features. Aruvio GRC is quick to deploy and easy to use. Aruvio offers free trial and pay-as-you-go pricing to reduce risk and guarantee rapid, proven results for any size organization. For more information, visit www.aruvio.com.

Aruvio also offers a free UCF Browser utility to visualize the UCF content. You can access UCF Browser at http://aruvio.com/applications/ucf-browser/

 
 
 

 

BWise Logo

BWise delivers proven solutions to help organizations become "in control" by increasing corporate accountability; strengthening financial, strategic and operational efficiencies; and maximizing performance and ROI. Partnering with Network Frontiers enables BWise customers to further mitigate compliance costs, reduce the administrative burden, and leverage the value of compliance-related technologies and services. UCF quarterly updates help to ensure continuous compliance. BWise's integration of the UCF is in process.

 
 
 

 

RiskSense®, from CAaNES, LLC™, aggregates large volumes of vulnerability/threat data from multiple (over 25) scanners/tools (Network, System, Application, and Compliance), correlates, performs visual analytics, and delivers contextual insights to take actionable and real-time decisions.Compliance automation (addresses over 600 regulations) allows quick identification and tracking of required controls and makes compliance assessments/audits less labor intensive. RiskSense offers a common platform (network/application vulnerabilities, compliance mapping, penetration testing, attack trees, remediation workflow, and exploit/malware mappings) for unified vulnerability/threat management analytics by tearing down security silos and helps with finding, prioritizing, and providing decision support for security activities.

 
 
 

 

SecureGRC ™ is a patent-pending, multiple award-winning, Cloud based software-as-a-service (SaaS) solution that provides PCI, HIPAA/HITECH, ISO, FISMA etc. based security and compliance management for small, medium businesses to large enterprises. SecureGRC is sold exclusively through channel partners, through its innovative Managed Compliance Provider (MCP) program. The solution leverages the Unified Compliance framework (UCF) for regulation citations information. By enhancing the regulation information with additional in-built policies, procedures, best practices, dashboards and detailed reporting on security and compliance, SecureGRC offers a one stop solution in security monitoring, IT Governance, Risk and Compliance management. The solution demystifies security and compliance management so that it can be used by non-domain experts, non-IT savvy end users and /or  domain experts such as auditors and IT experts.

 
 
 

HP is transforming the enterprise security landscape with its Security Intelligence and Risk Management (SIRM) Platform. The SIRM Platform uniquely leverages advanced threat research with powerful correlation of security events and vulnerabilities. By delivering unparalleled visibility across security assets in context of business critical processes and applications we help our customers manage their risk and maximize their security investments.

Datasheet: HP EnterpriseView: Business-Centric IT
Risk Management:

 
 
 

 

IBM provides integrated risk management solutions for global companies that empower a risk-based approach to identify and manage key business risks across the enterprise, avoiding unexpected outcomes while improving performance.

Managing IT Compliance with OpenPages and the UCF

 
 
 

 

LockPath Logo

LockPath helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. Its innovative software provides keen insight by correlating security information from multiple data sources with current regulations and policies to gauge risk. Easy to install and manage, the Keylight platform empowers people at every level in an organization to take control and make better business decisions. www.lockpath.com

Datasheet: Unlock the full Power of the UCF with LockPath

White paper: Unlock the Power of the UCF to Solve Complex Compliance Issues

 
 
 

 

Lumension Logo

Lumension® Compliance and IT Risk Management, comprised of Lumension Risk Manager and Lumension Enterprise Reporting, automates the compliance and IT risk management workflow to reduce the cost of supporting numerous compliance requirements. The Lumension solution ensures that IT risks are prioritized by their potential impact on the business. Key capabilities include risk profiling of IT assets and business interests, use of the Unified Compliance Framework (UCF), which harmonizes IT controls across numerous compliance mandates, automated assessment of technical, physical and procedural controls, and continuous monitoring and reporting to satisfy a diverse IT risk and compliance audience.

 
 
 

 

 McAfee products for enterprise risk management and security compliance help minimize risk, automate compliance, and optimize security. Through our Security Connected framework, enterprise risk and compliance management achieves a new level of operational efficiency. Our solutions help identify governance and compliance requirements, deliver real-time insight into vulnerabilities and policies, and automate threat management and remediation.

Datasheet: McAfee Enterprise Security Manager

 
 
 

 

MetricStream offers an advanced and comprehensive IT GRC software solution suite for streamlining these processes and effectively managing IT risk and meeting IT regulatory requirements. MetricStream enables companies to implement a formal framework to ensure rigor around how to measure, mitigate, and monitors IT risks. It eases complying with many regulations governing data retention, privacy, confidential information, financial accountability and recovery from disasters reduce the cost of compliance.

Datasheet: Simplify IT Compliance across Regulations, Standards, & Guidelines

 
 
 

 

Microsoft Logo

Microsoft System Center Service Manager is an integrated platform for automating and adapting your organization's IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management. Through its configuration management database (CMDB) and process integration, Service Manager automatically connects knowledge and information from System Center Operations Manager, System Center Configuration Manager and Active Directory.

Compliance Management Guide

 
 
 

 

NetIQ's Security and Compliance Management solution reduces enterprise risk, decreases compliance costs, and increases the security of critical information assets. Intelligent and integrated management of user activity and control of system configuration directly addresses the most significant security problems facing the enterprise. Automating the compliance and security processes reduces costs and helps you more easily protect critical servers, applications and customer data through scalable and streamlined security and compliance programs.

 
 
 

 

Prevari provides predictive analytics, metrics and instrumentation to proactively manage risks to information.  Prevari has licensed UCF content and mapped the UCF controls to the specific mathematical impact on Confidentiality, Integrity and Availability using our patented Risk Calculation Engine.

Prevari's computational capability factors both compliance data and technical data from GRC suites, technology scanners, sensors and SIM/SEM to provide the most holistic understanding of risks to information available.

Prevari doesn't make GRC tools, Prevari makes GRC tools better.
 
 

 

 

RSA Archer has licensed the UCF content to provide customers with a consistent set of controls mapped to several regulatory standards and best practices. In addition, UCF controls have been mapped to the Archer Control Standards which will simplify managing your compliance to the control objectives across all regulations.

Datasheet: Enabling Next Generation Compliance
Operations

 
 

 

 

TruOps GRC Solution from SDG provides a simple-by-design framework that can be calibrated to your IT Risk and Compliance processes to provide business insight and smart governance.

TruOps’ Risk Management solution combines qualitative and quantitative risk analysis and supports the end-to-end process from risk scoring to mitigation and reporting. The workflow-driven TruOps Policy and Compliance solution is backed by the comprehensive UCF (Unified Compliance Framework).  

Customers who deploy TruOps benefit from common risk nomenclature, standard metrics, shorter audit cycles, dynamic dashboards and reports for proactive mitigation and a flexible integration to scale as the enterprise grows and needs change.

 

 
Nanaroq Logo The UCF translated into Japanese!  
 
 

 

 

Software AG is the global leader in business processes, integration and big data. Our process-driven ARIS Governance, Risk and Compliance (GRC) Management Platform combines Business Process Analysis (BPA) with audit-proof workflows, turning risk and compliance management into a strategic management tool. You’ll work smarter, reduce risk and remain efficient. All risk management and compliance topics are executed in an integrated central ARIS repository for maximum control, transparency, simplicity and efficiency. Our GRC platform uses complex event processing for real time monitoring and to automate tasks to increase productivity. Reporting and dashboard capabilities via individual mashups help customer to increase Business Performance.

The UCF is a natural fit with Software AG’s GRC platform as it allows to leverage the synergies between multiple compliance areas and GRC disciplines in combination with the generic approach to governance, risk and compliance management.

www.grclounge.com         www.softwareag.com

 
 
 

 

Symantec Control Compliance Suite (CCS) is designed to address IT risk and compliance challenges by delivering greater visibility and control across your infrastructure, data and people.  Our holistic, fully-automated solution allows you to effectively manage security risks while reducing the cost and complexity of compliance.  You can take advantage of built-in regulatory and technical content automatically mapped to policies and updated as regulations change; automatic technical and procedural controls assessments; a centralized database which combines CCS and third party data making it available for multi-level reports and dashboards; the ability to do risk-based remediation through built-in risk scoring and integration with remediation ticketing systems.

 
 
 

 

TraceSecurity’s TraceCSO is the industry’s first full-featured, cloud-based IT GRC solution, built for organizations of any size, industry, or security skill set that need to protect critical data or are subject to security mandates. TraceCSO transforms IT GRC management from a complex technology challenge into a simple, reliable business application and is delivered as a cost-effective cloud service.

Brochure: TraceCSO simplifies risk management and compliance while maintaining sophisticated capabilities

 
 
 

 

ARC Logics™ for Financial Services combines the proven technology of ARC Logics, a Wolters Kluwer business, with industry content, regulatory content and the expertise of Wolters Kluwer Financial Services, enabling organizations to efficiently manage compliance risk, financial risk, operational risk, and audit. ARC Logics is a modular integration of five key risk management components: Policies and Procedures, Risks and Controls, Financial Analytics, Program Management and Audit. With ARC Logics, organizations are able to fulfill immediate enterprise risk management objectives in a targeted, cost-effective manner while concurrently building a holistic, enterprise wide program.

 

 
 

We work closely with these organizations to map their content into the UCF.