According to the company Web site, the UCF is a "single point of control over hundreds of complex compliance requirements." The information is presented with IT compliance actions in the first spreadsheet column, and the different regulations spanning the columns across the top. See Figure 1 for a UCF screen shot.
Every possible IT compliance action is included in the Column A vertical list that numbers 781 entries. The setup allows users to focus on regulation commonalities by marking compliance requirements across the regulations. The letter "X" entries indicate the IT actions required by the regulations. With this system, you can see which IT actions are required by each regulation, and where an IT action may span multiple regulations, such as the "Establish a positive information control environment," near the bottom of Figure 1, which spans six different regulations.
The UCF regulation compliance information is prepared and reviewed by Latham & Watkins, an international law firm with over 2,100 lawyers in 12 countries, including 10 offices in the U.S.
The UCF has an online component and the spreadsheet product. The Web site offers a number of free resources, including a compliance term glossary, list of control types, and e-mail tutorial titled How to Write a Policy.
If you are overwhelmed or intimidated by regulation compliance, start at the Web site and review some of the unfamiliar terms. Then you can read the e-mail tutorial to get a sense of where to start. When you are ready, get the spreadsheet product so you can confidently track and confirm your compliance actions.