SOURCE: Network Frontiers

November 12, 2008 10:00 ET

Global SOX Compliance: Finding Common Ground Reduces Cost, Effort

Q4 2008 Unified Compliance Framework Release Eases Global SOX Compliance and Includes New PCI 1.2 Requirements

OAKLAND, CA--(Marketwire - November 12, 2008) - Compliance pressures are growing in today's international economy. Enterprises must abide by an increasing number of global and regional regulations and standards, interpret sometimes vague guidance, and adjust quickly to regulatory updates as well as new interpretations of existing regulations. However, if compliance management is unified and controlled, it offers the opportunity for improved operations and might just help you get out of that special level of Dante's IT hell that SOX has created.

Network Frontiers, the leader in IT regulatory compliance management, today announced the release of the Q4 2008 Unified Compliance Framework (UCF), an independent database that distills the requirements from hundreds of regulatory standards into one cohesive information source, significantly easing enterprise regulatory compliance efforts. The Q4 release highlights international corporate governance and Sarbanes-Oxley (SOX) compliance and includes the EU 8th Directive, German Corporate Governance Code, Australia Corporate Law Economic Reform Program (CLERP), Singapore Corporate Governance, India Clause 49, and more. The Q4 2008 release also includes 1.2 updates for PCI DSS, PCI SAQ A, PCI SAQ B, PCI SAQ C, and PCI SAQ D, all just released.

A complete list of Q4 08 updates is available at In addition, a full list of all authority documents in Excel format is available at

While regulatory compliance may be challenging, particularly for companies without a unified approach to manage the many disparate and sometimes competing regulatory priorities throughout the enterprise, it plays a vital role in today's global business landscape. Unfortunately, many enterprises are still ineffective at managing their compliance initiatives. In a recent survey of IT executives conducted by CA, Inc., nearly 45 percent of the global large and mid-sized companies surveyed reported an increase in the time and financial resources required to ensure compliance with 13 regulations and industry standards around the world. SOX compliance tops the list of 13, representing the biggest impact on cost, IT, and overall business processes.

"Developing and implementing a unified and centralized governance, risk and compliance program should be a top priority for business leaders today, particularly given current market conditions and pressures," said Marc Camm, senior vice president and general manager for Governance, Risk and Compliance Products at CA. "The UCF is an integral part of what we offer our clients with our CA GRC Manager solution. Enterprises can streamline their compliance initiatives and reduce the cost and risk associated with non-compliance, improving operations and enhancing their competitiveness."

"While failing to comply with Sarbanes-Oxley could get you thrown into jail, failure to meet PCI obligations could bankrupt your business," stated Craig Isaacs, CEO of Network Frontiers, LLC. "Every quarter, we update the Unified Compliance Framework to help our customers reduce their audit and compliance costs while staying current with the requirements that matter most to them."

Network Frontiers simplifies compliance by compiling IT controls from over 400 international regulatory requirements, standards, and guidelines from both technical and legal perspectives into a single hierarchal framework. This enables organizations to easily define commonalities among multiple regulatory bodies, leverage policies, processes and tools already in place, and establish a single, streamlined cost-effective plan to achieve continuous compliance across the enterprise.

The UCF database is licensed by several GRC vendors, including CA, NetIQ (an Attachmate Business), and Compliance Spectrum. In addition, the UCF is available in HTML and Excel formats, organized into impact zones defined by real-world IT processes such as technology acquisition, audits and risk management, system continuity, privacy protection, records management, and more. The Q4 08 release includes a new impact zone focused on systems hardening and configuration management controls.

"UCF has developed a unique way to extract the IT controls that run through hundreds of international regulatory requirements, standards, and guidelines, which we harmonize into a simple spreadsheet format. This approach significantly reduces the time and cost associated with regulatory compliance efforts," says Dorian Cougias, founder and lead analyst of Network Frontiers.

Top level information is linked to in-depth data which includes an analysis of the regulations and standards, best practices, and commentary from IT experts, all filterable on a highly granular level. Individualized control lists combining all overlapping controls in the regulations that an enterprise must comply with can be easily created.

UCF regulation compliance information is prepared and reviewed by Latham & Watkins, an international law firm with over 2,100 lawyers in 12 countries, including 10 offices in the U.S.

About the UCF

The Unified Compliance Framework is the first independent initiative to exclusively support IT compliance management by focusing on commonalities across regulations, standards-based development, and simplified architectures. The UCF's strategic approach simplifies compliance and standards, reduces cost, limits liability, and leverages the value of compliance-related technologies through a harmonized set of controls against which all regulatory standards and best practices can be mapped.

The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at

About Network Frontiers

Since 1992, Network Frontiers has been at the forefront of IT best practices and author of numerous books, including "The Compliance Book" and the award-winning "Backup Book: Disaster Recovery from Desktop to Data Center." The content and methodology of the Unified Compliance Framework is the result of Network Frontiers in-depth understanding of IT regulations and standards as well as real-world experience consulting for clients, publications, and vendors in the mission-critical IT arena. For more information, visit

Contact Information

  • For further information, contact:
    Steven Blinn
    Email Contact

    Craig Isaacs
    Unified Compliance Framework
    Phone: 510-962-5191
    Email Contact