News

IMPORTANT Updates to the Unified Compliance Framework®

July 31, 2020

In preparation for the twentieth anniversary of the UCF®, updates are being carried out in August 2020.

Phase Zero Pilot Starts August 3

Five Common Controls will be merged and retired, and five Common Controls will be moved in the UCF hierarchy.

Phase One

If Phase Zero takes place without unforeseen impact, Phase One will take place the week of August 10 with 10% of the changes.

The final phase will be the week of August 17 where all remaining changes will take place.

At any time during these changes if negative impact is realized, a rollback will be announced and will take place.

All changes will be posted here prior to being implemented.

What to expect for the Common Controls in your Builds and/or Lists:

Changing Text within the Common Control

The Common Control ID will remain the same.

  • For Builds, you will see the new Common Control text with all the same Citation mappings.
  • If you are using GRC tools, the old Control text will be overwritten. You will want to ensure GRC documents with the past Common Control text align with the new Common Control text.
  • These changes have already taken place.

Merging and Retiring Common Controls

  • Where Common Controls and their mapped Citations are very similar, one Control will be retired, and the mapped Citations of the old Common Control will move to the remaining Common Control. If your Build has the Common Control to be retired, new Builds will result in the Citations moving to the remaining Common Control.
  • If you are using GRC tools, the same is true for Lists. The Citations will move to the remaining Common Control. You may need to address any orphaned Common Control and ensure the Citations are associated with the remaining Common Control.

It is possible a new Common Control can be introduced if none of the Citations in your List or Build are mapped to the remaining Common Control. You will want to review for the introduction of any new Common Controls mapped to already existing Citations. Citations will always persist; only the Common Control mapping will change. Authority Document mappings will never have any gaps.

Moving Common Controls in the Hierarchy

New Builds and Lists will reflect the new parent, siblings, and children of a Common Control that has moved in the hierarchy. The location of the Common Control will change, as well as the parent (Implied Controls), siblings and children (Implementation Controls).

  • For Lists, if your GRC tool accounts for the removal of Common Controls, the impact will be the re-location of the Common Control as well as the changes noted above and possibly the change of the Impact Zone. The Common Control will be deleted from its old location and added in its new location on the List refresh.
  • If your GRC tool does not account for the removal of Common Controls, the Common Control and associated Citations will appear in the old location and the new location. You will need to manually remove the Common Control and Citations from the old location in the hierarchy.