Our Story

In the spring of 2004, Unified Compliance co-founder, Dorian Cougias sat in a Miami conference room as blue-chip CIOs cited eerily similar complaints about the crushing mass of compliance mandates they had to address.

Globalization, regulation, and increasing business complexity made their compliance challenges a nightmare. Sarbanes-Oxley was law. HIPAA was coming. It seemed like new laws and requirements were popping up every day. The process was manual and the risk of error was enormous.

Project silos. Duplication. Skyrocketing costs. Uncertain results. Like an overtaxed transit system, each route traveled from A to B, but the network as a whole was hugely inefficient. 

Why waste time and money starting from scratch each time a new regulation is introduced and handle each regulation separately when already addressed in a previous requirement?
 
Why not find the common elements between compliance mandates and show where they overlap? Then, leverage the pieces you already have in place, select the new mandates, see the immediate impact, and quickly assess the risk. 
 
That would dramatically simplify the compliance process. Millions saved in time and resources. Now, that would be the ultimate game changer.

The idea of “harmonized compliance” wasn’t new, but none solved the two biggest challenges: making harmonized audits legally defensible and maintaining the control lists as new requirements became law. 
 
Dorian sought out Marcelo Halpern, a partner at Latham and Watkins (now a partner at Perkins Coie). They examined other frameworks and discovered that specific controls were combined with more general controls, making it almost impossible to identify specific requirements for different subsets of mandates from the original laws and standards. 

Even worse, when a new Authority Document was added, the controls became even less accurate and more difficult to maintain.

After much research, Dorian and Marcelo theorized that the only way to ensure a legally defensible compliance process was to create a unified framework with a maintainable set of harmonized controls, based 100% on compliance mandates.

In Chemistry, everything can be reduced to base elements. The same is true for compliance. 

The UCF team determined that each Authority Document contained individual mandates, and each mandate contained specific elements.

Mapping any Authority Document into the UCF begins with breaking it into specific mandates and then determining exactly what each mandate requires by looking at the particular parts of speech used.
 
The Science of Compliance® categorizes each noun-verb combination separately, allowing each mandate to be placed correctly within the Unified Compliance Framework’s legal hierarchy.
 
Ten years later, the UCF team was able to leverage the language elements to more than just Common Controls by connecting the Controls to other elements of compliance. 

When a Common Control requires someone to take an action, that action is connected to a role. When a Common Control includes a directive about an asset or record, it is connected to the asset or record.
 
By deconstructing the compliance elements into their most basic “components,” the team identified 19 core governance and compliance elements that form the foundation of the Unified Compliance Framework. These sources define the common language and content of all governance and compliance controls, fully connected in a top-down hierarchy that works in the real world.
 
This connected hierarchy allows the UCF to identify overlapping compliance requirements across hundreds of different regulations, allowing you to “comply once and demonstrate many” requirements simultaneously—dramatically reducing the number of controls you need to ensure compliance. 
 
We call this proven methodology the Science of Compliance®, and it provides the robust foundation that enables the UCF to deliver a single integrated view of compliance requirements across your organization.