SOURCE: Network Frontiers

Network Frontiers

September 03, 2009 10:30 ET

Network Frontiers Brings Clarity to Compliance Breach Notification Laws and Red Flag Rules Centerpiece of UCF Q3 Update

SAN FRANCISCO, CA--(Marketwire - September 3, 2009) - Network Frontiers, the leader in IT regulatory compliance management, today announced the release of the Q3 2009 Unified Compliance Framework (UCF) update to its popular compliance database further alleviating regulatory misery for companies worldwide.

This quarter's UCF update focuses on U.S. state security breach notification laws and the FTC's Red Flag Rules.

Security Breach Notification Laws

Forty-five states, the District of Columbia, and Puerto Rico require notification when security breaches involving personal information occur. When sensitive personal data is exposed, companies generally must comply with laws of the states in which that company conducts business and the states where its customers reside.

Most states base their legislation on California's breach law, but differ in details ranging from the mitigating factors which determine whether a breach is reportable, if the state's Attorney General must be notified, the amount of time within which a breach must be reported, the specific contents of the notification and the method of its delivery.

"Managing a data breach is always going to be an ugly experience, but the UCF has taken one difficult chore out of the equation by rationalizing all existing state date breach notification laws," says Craig Isaacs, CEO of Network Frontiers. "Now companies have a clear view of exactly what they need to do to comply with the patchwork of laws and can move quickly to inform consumers and contain the damage."

FTC Red Flag Rules

The Red Flag Rules are federal and standardized across the US, but that doesn't translate into easier compliance for affected businesses. Companies that offer credit or other deferred payment options to customers/clients are legally obliged to create formal policies and procedures to address the detection, prevention, and mitigation of identity theft. The deadline for compliance is November 1, 2009.

The UCF simplifies the process of complying with Red Flag Rules by harmonizing its requirements with a company's existing initiatives, such as fraud prevention and staff education. And unlike the Red Flag-focused toolkits that have flooded the market recently, the UCF assists businesses in establishing a comprehensive plan to comply with all of their compliance needs.

The UCF harmonizes IT controls from over 400 international regulatory requirements, standards and guidelines into a single set of straightforward requirements that clearly show the many points where global, state and industry regulations overlap, reducing compliance complexity and cutting the costs of regulatory management and audits.

This quarter's UCF update includes 683 citations mapped to 422 existing UCF Common Controls, bringing the UCF's total to 26,320 citations mapped across 2,520 active UCF Common Control IDs.

The UCF database is licensed by leading governance, risk and compliance (GRC) vendors including Archer, McAfee, CA, Lumension, Compliance Spectrum, NEMEA, NetIQ, PolicyTech, TruArx, and ControlScan. More information on the UCF can be found at Complete release notes for the Q3 2009 update can be found at

About Network Frontiers:

Since 1992 Network Frontiers has developed ground-breaking tools to support IT best practices with a special focus on regulatory compliance, metrics, systems continuity and governance. Dorian Cougias, founder and Lead Analyst, is a frequent speaker at technology conferences and has authored numerous articles and books, including The Compliance Book and the award-winning Backup Book: Disaster Recovery from Desktop to Data Center. Network Frontiers was recently cited by information technology research and advisory company Gartner as one of their five leading Cool Vendors in Risk Management and Compliance for 2009.

The Unified Compliance Framework (UCF) is Network Frontiers' flagship product. By focusing on commonalities across regulations, standards-based development, and simplified architectures, the UCF supports a strategic approach to IT compliance that reduces cost, limits liability, and leverages the value of compliance-related technologies and services across the enterprise. The UCF's content and methodology is the direct result of Network Frontiers deep understanding of IT regulations and standards and decades of experience consulting for clients, publications, and vendors in the mission-critical IT arena.

The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at

Contact Information

  • For further information, contact:
    Steven Blinn
    Phone: 646-734-4225
    Email Contact

    Kerry MacInnes
    Network Frontiers
    Phone: 510-962-5192
    Email Contact