Recommendations to use free SCF or subscribe to UCF for Risk Management frameworks?

Nayan Thakkar · ‎07-26-2022

Hello - As I understand, ServiceNow support free SCF (Secure Controls Framework) to manage compliance and also support subscription to UCF (Unified Compliance Framework). Do you use SNOW RMF to assess against SCF or UCF or some other compliance frameworks (PCI, NIST, ISO etc.) and the reasoning why? Can you suggest if it is worth the cost (also not sure how much does the UCF subscription costs) to subscribe for UCF? Thank you!

Here is link to the UCF subscription, for reference.

Community Alums · ‎07-26-2022

Hi @Nayan Thakkar ,

To answer your question, we can use both ServiceNow support free SCF (Secure Controls Framework) and UCF (Unified Compliance Framework).

SCF is generally for the control objectives and policies which already exist at your company , you can create the entity scoping and others and start using SCF. However, UCF is a external body and Unified Compliance is the integration of processes and tools to aggregate and harmonize all compliance requirements applicable to an organization and it is the world’s largest library database of interconnected compliance documents and the world’s only commercially available Common Controls framework, which gives helps you with Authority documents and citations. Also, once you have UCF integrated it will help you to create the Policies, controls,etc.. automatically.

Only using SCF won't give you Authority documents!!

ServiceNow supports UCF integration using UCF spoke .

Refer to this video to understand importance of UCF :https://community.servicenow.com/community?id=community_article&sys_id=d4146efbdbc68c102be0a851ca961...

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

View solution in original post

Sebastien Fix1 · ‎08-02-2022

That is wrong. SN provides a few accelerators for content for free. Not just demo data.