Managing IT Risk and Compliance with UCF
John Kelly 270004J7VQ firstname.lastname@example.org | | 0 commentaires | 110 visites
I just returned from the Gartner Security and Risk Summit where IT risk and compliance was a featured topic. In a recent blog post, I mentioned that Gartner Research VP French Caldwell presented a session titled “Selecting and Applying GRC Frameworks and Standards,’ in which he polled the audience on “which areas are you most likely to apply standards?” Not surprisingly, IT risk and IT security ranked highest followed by regulatory compliance and enterprise risk. We hear every day how companies are grappling with compliance requirements of hundreds of regulations, standards and guidelines that include thousands of overlapping controls and which make the task of managing IT compliance an increasingly daunting one.
The folks at Network Frontiers developed the Unified Compliance Framework (UCF) – the first and largest independent initiative to map IT controls across international regulations, standards, guidelines and best practices, with this challenge in mind. The UCF indexes over 400 laws, regulations, standards and guidelines into a set of integrated controls and reduced over 20,000 citations to fewer than 2,700 harmonized activities.
OpenPages partnered with Network Frontiers to integrate the UCF with the OpenPages Platform, thus allowing IT risk and compliance directors to identify where the greatest risk of non-compliance exists from both a business and IT perspective and prioritize resources accordingly. Pairing this approach with a harmonized requirements and control framework, companies are able to reduce redundancy and duplication of effort and achieve an effective and efficient testing and monitoring program.
To learn more about the OpenPages Platform and Unified Compliance Framework (UCF), download this paper.