Say What You Do: Building a framework of IT controls, policies, standards, and procedures is an excellent book on how to build a compliance framework, which is the focus of this work. While many other books have claimed to assist the reader in that task, most are nothing more than tedious collections of checklists and tables that have little practical value.
The authors take a different approach here, laying out a true structure upon which to build a compliance effort. In more than 400 densely packed pages, they walk the reader through the steps needed to achieve IT compliance.
The book is an outgrowth of the Unified Compliance Framework (UCF) project, an initiative to map IT controls across international regulations, standards, and best practices. The UCF seeks to accomplish its goal by harmonizing terms and controls against the backdrop of a master hierarchical list. Many readers, and their employers, will likely be surprised how many regulations they have never heard of yet are obligated to follow.
The book is unique in that the authors have taken a high-level approach to compliance, focusing on the commonalities among the various requirements. Thus, the UCF and Say What You Do empower organizations to deal more practically with the myriad regulations and standards they are required to follow. The book is valuable for any practioner serious about gaining control over a compliance program.