Simplified Control Framework
What is the Simplified Control Framework?
The Simplified Control Framework (planned for public release in late 2012) is a collection of control definitions that are organized into logical groupings. This set of common controls is mapped to regulatory requirements and standards such as the PCI Data Security Standard, HIPAA Security and Privacy Rules and ISO 27001. SCF Controls can also be mapped to existing organizational controls as well. Once organizational controls are mapped, compliance with any supported regulation or standard can be measured with a few clicks using the Simplified Control Framework.
Why is the Simplified Control Framework Being Released?
The reason we are releasing the Framework to the public is to make compliance easier for both large and small organizations. With the ability to determine compliance gaps quickly and easily, the Simplified Control Framework makes much of the analysis and guesswork commonly used today unnecessary. With the SCF, organizations can determine complaince gaps in a fraction of the time it would have taken to manually analyze new regulatory requirements.
Who Should Consider Using the Simplified Control Framework?
Any organization that must be compliant with PCI, HIPAA/HITECH or GLBA IT requirements will immediately benefit from the Simplified Control Framework. Also, organizations that plan to adopt ISO 27001 as their information security standard will immediately benefit from using the framework. Because the SCF is mapped to multiple regulations and standards, organizations that are subject to more that one standard will benefit the most.
What Regulations Will Be Covered in the Initial Release?
The Simplified Control Framework will be released with mappings to HIPAA Security Rule, HIPAA Privacy Rule, PCI Data Security Standard 2.0, FFIEC IT Examination Handbook and ISO 27001 security control requirements. State privacy laws and other regulations will be mapped in future releases.
What will the Simplified Control Framework Cost?
The Simplified Compliance Framework will be offered at no cost to small organizations with less than 100 employees as well as individuals. There will be a nominal charge for organizations with over 100 employees. Pricing for larger organizations will be released along the Framework late in 2012.
Where Can I get the Simplified Control Framework?
The SCF will be available here when it is released. Please check back in the Fall of 2012.
Have a Question that We haven’t Answered?
Please feel free to contact us with any questions regarding the Simplified Control Framework.