"Some of the best of these tools, whether as stand-alone packages or integrated with larger enterprise management software, are based on the Unified Compliance Framework (UCF)."  

The Unified Compliance Framework has played a critical role behind the scenes for the GRC industry. Only the companies listed below can provide functional support of the Unified Compliance Framework.

NOTE: If someone promises UCF support, and their software is not listed below, buyer beware. Unlicensed software cannot deliver what we promise. Please click here to request a live demonstration of the true power of the UCF so you can see it for yourself.

What do successful companies like these have in common? They have recognized the value of the UCF and incorporated it into their own products.

Click on the company logos to visit our Partners' websites.


BWise Logo

LockPath Logo

Microsoft Logo

Nanaroq Logo



Allgress provides easy to use and implement Risk Management and intelligence solutions that enable achievement of business objectives. By providing business intelligence, key stakeholders can make rapid decisions to protect the business. That's why some of the most respected Global 2000 companies use Allgress to automate the entire processes of managing risk, compliance and security from a single roles based dashboard. Unlike other risk management solutions, Allgress provides business value in a few weeks instead of months.  Contact us at http://www.allgress.comAllgress Business Risk Intelligence

Business Risk Intelligence





Aruvio Inc. (wholly owned subsidiary of Virima Technologies) provides organizations with enterprise scale, easy-to-use and cost-effective governance, risk, and compliance (GRC) software solutions with support for more than 900 compliance regulations, frameworks, and standards. Aruvio simplifies the way you work with the UCF content. Aruvio GRC is built and delivered on, which is a proven platform for availability, scalability and security. Aruvio offers advanced social collaboration capabilities in addition to easy-to-use process automation features. Aruvio GRC is quick to deploy and easy to use. Aruvio offers free trial and pay-as-you-go pricing to reduce risk and guarantee rapid, proven results for any size organization. For more information, visit

Aruvio also offers a free UCF Browser utility to visualize the UCF content. You can access UCF Browser at



BWise Logo

BWise delivers proven solutions to help organizations become "in control" by increasing corporate accountability; strengthening financial, strategic and operational efficiencies; and maximizing performance and ROI. Partnering with Network Frontiers enables BWise customers to further mitigate compliance costs, reduce the administrative burden, and leverage the value of compliance-related technologies and services. UCF quarterly updates help to ensure continuous compliance. BWise's integration of the UCF is in process.



RiskSense®, from CAaNES, LLC™, aggregates large volumes of vulnerability/threat data from multiple (over 25) scanners/tools (Network, System, Application, and Compliance), correlates, performs visual analytics, and delivers contextual insights to take actionable and real-time decisions.Compliance automation (addresses over 600 regulations) allows quick identification and tracking of required controls and makes compliance assessments/audits less labor intensive. RiskSense offers a common platform (network/application vulnerabilities, compliance mapping, penetration testing, attack trees, remediation workflow, and exploit/malware mappings) for unified vulnerability/threat management analytics by tearing down security silos and helps with finding, prioritizing, and providing decision support for security activities.



IBM provides integrated risk management solutions for global companies that empower a risk-based approach to identify and manage key business risks across the enterprise, avoiding unexpected outcomes while improving performance.

Managing IT Compliance with OpenPages and the UCF



LockPath Logo

LockPath helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. Its innovative software provides keen insight by correlating security information from multiple data sources with current regulations and policies to gauge risk. Easy to install and manage, the Keylight platform empowers people at every level in an organization to take control and make better business decisions.

Datasheet: Unlock the full Power of the UCF with LockPath

White paper: Unlock the Power of the UCF to Solve Complex Compliance Issues



 McAfee products for enterprise risk management and security compliance help minimize risk, automate compliance, and optimize security. Through our Security Connected framework, enterprise risk and compliance management achieves a new level of operational efficiency. Our solutions help identify governance and compliance requirements, deliver real-time insight into vulnerabilities and policies, and automate threat management and remediation.

Datasheet: McAfee Enterprise Security Manager



MetricStream offers an advanced and comprehensive IT GRC software solution suite for streamlining these processes and effectively managing IT risk and meeting IT regulatory requirements. MetricStream enables companies to implement a formal framework to ensure rigor around how to measure, mitigate, and monitors IT risks. It eases complying with many regulations governing data retention, privacy, confidential information, financial accountability and recovery from disasters reduce the cost of compliance.

Datasheet: Simplify IT Compliance across Regulations, Standards, & Guidelines



Microsoft Logo

Microsoft System Center Service Manager is an integrated platform for automating and adapting your organization's IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management. Through its configuration management database (CMDB) and process integration, Service Manager automatically connects knowledge and information from System Center Operations Manager, System Center Configuration Manager and Active Directory.

Compliance Management Guide



NetIQ's Security and Compliance Management solution reduces enterprise risk, decreases compliance costs, and increases the security of critical information assets. Intelligent and integrated management of user activity and control of system configuration directly addresses the most significant security problems facing the enterprise. Automating the compliance and security processes reduces costs and helps you more easily protect critical servers, applications and customer data through scalable and streamlined security and compliance programs.




RSA Archer has licensed the UCF content to provide customers with a consistent set of controls mapped to several regulatory standards and best practices. In addition, UCF controls have been mapped to the Archer Control Standards which will simplify managing your compliance to the control objectives across all regulations.

Datasheet: Enabling Next Generation Compliance




TruOps GRC Solution from SDG provides a simple-by-design framework that can be calibrated to your IT Risk and Compliance processes to provide business insight and smart governance.

TruOps’ Risk Management solution combines qualitative and quantitative risk analysis and supports the end-to-end process from risk scoring to mitigation and reporting. The workflow-driven TruOps Policy and Compliance solution is backed by the comprehensive UCF (Unified Compliance Framework).  

Customers who deploy TruOps benefit from common risk nomenclature, standard metrics, shorter audit cycles, dynamic dashboards and reports for proactive mitigation and a flexible integration to scale as the enterprise grows and needs change.





ServiceNow IT Governance Risk and Compliance (IT GRC) automates the business-critical process of measuring and managing adherence to legislative policies, such as Sarbanes-Oxley (SOX), and industry ITIL framework like Control Objectives for Information and Related Technology (COBIT). First, IT GRC is used to document policies, define the risks of failing to comply and to design controls to enforce policies and mitigate risks. IT GRC is then used to schedule control tests to collect compliance evidence and identify failures that need remediation. Finally, information from service management processes can be automatically extracted as evidence for compliance audits.

Nanaroq Logo The UCF translated into Japanese!  



Software AG is the global leader in business processes, integration and big data. Our process-driven ARIS Governance, Risk and Compliance (GRC) Management Platform combines Business Process Analysis (BPA) with audit-proof workflows, turning risk and compliance management into a strategic management tool. You’ll work smarter, reduce risk and remain efficient. All risk management and compliance topics are executed in an integrated central ARIS repository for maximum control, transparency, simplicity and efficiency. Our GRC platform uses complex event processing for real time monitoring and to automate tasks to increase productivity. Reporting and dashboard capabilities via individual mashups help customers increase Business Performance.

The UCF is a natural fit with Software AG’s GRC platform as it allows to leverage the synergies between multiple compliance areas and GRC disciplines in combination with the generic approach to governance, risk and compliance management.



Symantec Control Compliance Suite (CCS) is designed to address IT risk and compliance challenges by delivering greater visibility and control across your infrastructure, data and people.  Our holistic, fully-automated solution allows you to effectively manage security risks while reducing the cost and complexity of compliance.  You can take advantage of built-in regulatory and technical content automatically mapped to policies and updated as regulations change; automatic technical and procedural controls assessments; a centralized database which combines CCS and third party data making it available for multi-level reports and dashboards; the ability to do risk-based remediation through built-in risk scoring and integration with remediation ticketing systems.



TraceSecurity’s TraceCSO is the industry’s first full-featured, cloud-based IT GRC solution, built for organizations of any size, industry, or security skill set that need to protect critical data or are subject to security mandates. TraceCSO transforms IT GRC management from a complex technology challenge into a simple, reliable business application and is delivered as a cost-effective cloud service.

Brochure: TraceCSO simplifies risk management and compliance while maintaining sophisticated capabilities



ARC Logics™ for Financial Services combines the proven technology of ARC Logics, a Wolters Kluwer business, with industry content, regulatory content and the expertise of Wolters Kluwer Financial Services, enabling organizations to efficiently manage compliance risk, financial risk, operational risk, and audit. ARC Logics is a modular integration of five key risk management components: Policies and Procedures, Risks and Controls, Financial Analytics, Program Management and Audit. With ARC Logics, organizations are able to fulfill immediate enterprise risk management objectives in a targeted, cost-effective manner while concurrently building a holistic, enterprise wide program.



We work closely with these organizations to map their content into the UCF.