Unified Compliance Framework (UCF)

Unified Compliance Framework: integrated industry standards

CA has simplified the entire compliance process by enabling you to harmonize your compliance efforts across multiple regulations or best practice standards simultaneously. Rather than testing and asserting compliance for each individual regulation, you can use the Unified Compliance Framework (UCF) to help you rationalize a core set of controls across a range of regulations, thereby saving time and expense in your control design and testing.

CA has made this possible by working in close partnership with UCF to provide customers with a harmonized set of controls within which all regulatory standards and best practices can be mapped. UCF is the first and largest independent initiative to map IT controls across international regulations, standards and best practices.

Extensive research and editorial methodologies have contributed to UCF's success. Two hundred and eighty international standards and regulations (e.g., SOX, HIPAA, CObiT, Basel II, NERC and PCI) and 13,865 individual controls were examined and incorporated into the framework from both technical and legal perspectives and reduced by 83% through harmonization.

CA GRC Manager also provides an extensible environment that allows for integration with internal or other third-party control frameworks.

Unified Compliance Framework Simplifies Compliance by Rationalizing Controls Objectives across all Regulations

Future development

Compliance requirements are continuously changing and growing, and the CA GRC Manager continues to increase the breadth and depth of coverage of regulatory requirements. The inclusion of UCF allows you to more easily meet the requirements of new regulations; since the UCF content is updated regularly, your repository of regulatory requirements is always current and harmonized across the regulations relevant to you.