Press Release

Unified Compliance® Taps Coalfire® as First Audit Partner

January 13, 2015

Premier provider of compliance mapping and creators of the Unified Compliance Framework®(UCF) enlists Coalfire for audit and cyber risk expertise
DENVER – Jan. 13, 2015 – Coalfire, one of the nation’s fastest-growing independent information technology cyber risk management and advisory firms, has been named the first audit partner by Unified Compliance, creators of the Unified Compliance Framework (UCF).

The desire to curtail the proliferation of hacks and breaches has resulted in an increase in the number of IT regulations and standards. Many companies and organizations are struggling to keep pace, which can result in duplicated efforts and missed or misunderstood requirements, driving costs up and decreasing the effectiveness of compliance efforts. To address these issues, Unified Compliance created the UCF that maps more than 9,000 Common Controls to relevant regulations and standards.

As an audit partner, Coalfire will provide clients with advisory services that map the controls of the UCF database to various compliance areas through two key activities:

  • Coalfire will provide a comprehensive control framework translation service to design, test and report UCF controls with those relevant to the client.
  • The development of “what if” scenarios around control and compliance impacts surrounding business expansion to a new state, country or compliance domain area.
“The UCF has always been focused on helping businesses know exactly what they need to do to comply with all applicable regulations and standards and how to do it. We are pleased to have Coalfire as our first audit partner to further assist clients in this rapidly evolving area,” said Craig Isaacs, CEO of Unified Compliance.  In this role, Coalfire can:
  • act as virtual compliance manager to assist in the navigation of environments that often must adhere to multiple compliance and regulatory rules spanning a number of industries.
  • provide additional expertise on how to best design, implement and test controls to facilitate maintenance and minimize additional preparation for a possible audit.
  • bring a deeper understanding of how multiple compliance areas will impact their business model and a remediation roadmap to improve information security.
  • develop a consistent, standardized library of controls which has been vetted legally to ensure there are no missing controls.

“Through this partnership with Unified Compliance, Coalfire can work with clients to produce an overarching control framework and detailed control mapping, ensuring compliance while reducing costs and eliminating redundant activities,” said Carlos Peláez, director and national practice leader for Coalfire.

Coalfire and Unified Compliance are co-hosting a webinar, “Cut Compliance Costs and IncreaseROI with Consolidated Audit - Powered by the Unified Compliance Framework” on Tuesday, January 27, 2015 at 2 p.m. EST. For detailed information and registration, visit

About Coalfire®

Coalfire is the leading, independent cyber security and risk management firm that provides audit, assessment, advisory and compliance management solutions. Founded in 2001, Coalfire has offices in Atlanta, Boston, Dallas, Denver, Los Angeles, New York, Orlando, San Francisco, Seattle, Washington D.C. and England and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP. For more information, visit

About the Unified Compliance Framework®

Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. Our flagship product, the Unified Compliance Framework® is the only industry-vetted compliance framework that transforms the authority documents affecting your company into a simplified, unified set of harmonized controls, giving you a single point of management over hundreds of complex global compliance requirements. We help you perform a gap/overlap analysis between multiple authority documents, create your control list for specific IT areas, and clarify any conflicts created by overlapping authority documents. Unified Compliance was recently granted the first-ever patent for a Governance, Risk, and Compliance (GRC) framework. The UCF was honored with a 2014 GRC Technology Innovation Award by independent GRC analyst firm, GRC 20/20. More information can be found at