Unified Compliance Framework (UCF) Extra

Unified Compliance Framework (UCF) Extra

The Unified Compliance Framework (UCF) is a “Common Control Framework” and through SimpleRisk’s partnership with UCF, the UCF Extra provides full integration with the SimpleRisk GRC platform. Our direct integration with UCF is offered as a free SimpleRisk Extra and activating the SimpleRisk integration using the UCF Extra can be done with the click of a button. This allows users to select from UCF’s 1,000 mapped Authority Documents and 10,000+ Common Controls.

What are SimpleRisk Extras?

SimpleRisk Core is our widely acclaimed, award winning, free and open source product that has been downloaded over 60,000 times and contains all of the basic Governance, Risk Management and Compliance (GRC) functionality needed to establish a foundational GRC program. As an organization’s GRC program matures, extended functionality is often required to meet requirements beyond what is available in the SimpleRisk Core offering.

To address these expanded needs, SimpleRisk has developed a variety of plug-and-play modules termed "Extras" that provide functionality above and beyond our SimpleRisk Core offering. These plug-and-play modules will be essential to the success of your GRC program as your organization grows and matures its processes. While all of our Extras are available in packaged bundles with both SimpleRisk On-Premise and Hosted deployment models, they can also be purchased A La Carte for those organizations that choose to deploy our platform on-premise.

Why was the Unified Compliance Framework Extra created

UCF created their own proprietary "Common Control Framework" to produce significant time and resource savings related to regulatory compliance processes. The major benefit to using a common control framework is that it allows you to test a single control and have that effort apply across every applicable framework. By aggregating international, local, and industry specific standards and regulations, UCF provides a single point of reference that can be fully leveraged by the SimpleRisk GRC platform. 

The one potential drawback of this approach is that while it captures the spirit of the language used by the original framework, for legal and licensing reasons it doesn’t reflect the exact verbiage associated with control mappings and this can potentially create complications when trying to use it for auditing purposes. It’s worth noting that if a proprietary framework requires licensing from a vendor, SimpleRisk is unable to legally provide it to customers, but any framework can be imported directly into SimpleRisk from a CSV file using our Import-Export Extra.

How is the Unified Compliance Framework Extra used?

The SimpleRisk integration with ComplianceForge SCF streamlines and enhances many of the native GRC processes available in SimpleRisk. These two systems work in concert enabling users to more effectively leverage SimpleRisk’s foundational GRC functionality. For example, you can:

  • Simplify compliance audits by performing control tests for multiple frameworks simultaneously;
  • Link risks & controls to multiple frameworks automatically to identify your highest risk exposure;
  • Easily manage documents, policies and procedures and keep them current to satisfy compliance.

UCF

What users would benefit from the Unified Compliance Framework Extra?

The SimpleRisk UCF Extra integration primarily benefits Compliance Teams and Managers, but also extends benefits to Security Practitioners, and Executive Management.

Which plans include the Unified Compliance Framework Extra?

The UCF Extra is not included with any SimpleRisk packages or A La Carte Extras.  SimpleRisk has a reseller agreement in place with UCF and customers can purchases UCF, along with the API access, as a pass through cost through us directly. There is a $4,995 USD / year subscription fee plus a one-time fee of $5,000 USD for the API access. Once purchased, we give you a free UCF Extra that enables you to take the UCF Authority Document Lists and import them directly into SimpleRisk, select the relevant Authority Documents, and then import the controls and associated tests. 

How can I learn more about the Unified Compliance Framework (UCF) Extra or try it out for myself?

To learn more about the Unified Compliance Framework (UCF) Extra or discuss specific use cases for how your organization could use it, feel free to schedule a demo online. If you would like to try out the Unified Compliance Framework (UCF) Extra functionality for yourself, we offer a free (no credit card required!) 30 day trial. Please reach out to SimpleRisk Support if you have any additional questions about the Unified Compliance Framework (UCF) Extra or any of the additional functionality that we offer.