What are the advantages to having a Unified Compliance Framework of Infosec? And is this acceptable globally?
Sort By:
Oldest
CISO in Softwarea year ago
One of the advantages is the reduction of the costs, overhead, confusion and redundancy of multiple mappings from the same controls to numerous audits and certifications.Principle Consultant in IT Servicesa year ago
I can see numerous benefits to a single compliance framework, like less audits, less confusion over the controls, less staff tracking all the different control sets. Though it would be nice, I am uncertain if there is a drive to get there. For example, PCI exists to save the credit card companies money, why would they care about what you do for the rest of your infrastructure? AND why do people implement PCI, only because they have to to process credit cards.Senior Information Security Manager in Softwarea year ago
The benefit of a unified framework is that things are unified, no redundancy.The downside is that not every can agree what that framework should be.
Sort of like Esperanto. Great idea in theory, just didn’t work in practice.
Chief Evangelist in IT Servicesa year ago
Using a rationalized compliance framework (UCF is a specific commercial framework) is great for organizations with multiple attestation requirements. It allows you to attest/demonstrate controls once rather than multiple controls per underlying framework utilizing the mappings. If your requirement is certification, the value is reduced because the biggest challenge remains that there is no reliance /trust between frameworks and certifications. Ie ISO27001 certification can’t be relied on during SOC2 auditsChief Information Security Officer in Healthcare and Biotecha year ago
UCF can be used as a starting point but organization has to follow the law of the land.