Prior to the mapping process, we need to know which websites can be trusted sources of information, and the type of information that lives at each of those websites. That is the information the Issuer's list provides us.

An issuer is the harmonized title the UCF team has given all those who either publish or promulgate authority documents. Technically, a publisher is a firm in the business of issuing printed matter for sale or distribution. However, when it comes to laws, the correct term is promulgator. A promulgator is the legal body that announces a law as a way of putting it into execution. This is distinct and different from a law's publishing office that actually prints and distributes the law. Sometimes the promulgator will have a domain under which to find their authority documents and sometimes they won't. Therefore, we use the harmonized term of issuer to cover authors, publishers, and promulgators.

The Issuers List is hosted and maintained by the Unified Compliance Framework™ (UCF). The UCF is responsible for ensuring that the Issuers List conforms to the Issuers List specification as well as managing the content review and quality assurance processes. Below is the Work Breakdown Structure (WBS) of the Issuers list's lifecycle.

The WBS for the Issuers List (click picture to enlarge it)

As you can see, there are four main processes within the Issuers list lifecycle;

1. Issuer request

2. Routing of the request for approval

3. Initial check of the request

4. Quarterly review

These processes are a combination of open web technology, automated routing, and the UCF's XML management process.

Issuer Request Process during website entry

The Issuer Request Process is open to the general public as well as identified UCF community members. Issuers List entries are created by the UCF community on an as-needed basis, and must be well-formed as determined by the Issuers List specification. Community members (the general public adding to the list is acting as a community member) should submit their requests to the UCF team for inclusion in the Issuers List.

Ensure that the Issuer's domain is live

This is the Unique Resource Locator of the issuing organization in fully qualified domain name (FQDN) format - as well as the top level directory of the issuer if the issuer does not have its own domain name.

A simple example is the issuer US Federal Trade Commission which has its own website (http://ftc.gov). Launching the URL brings up a website where the name of the issuer is plain to see.

Another example is the issuer US Office of Management and Budget which does not have its own domain name. Its domain is that of the US Whitehouse, but once you navigate to its top level directory by adding the OMB to the domain, you discover the correct address (http://whitehouse.gov/OMB/).

Check the Issuer's website for the appropriate Issuer Name

Once you have determined that the domain is live (and you are at the right directory if necessary), ensure that you can absolutely discern the Issuer's name from that address. The two examples above demonstrate being able to find a matching name to an address. If you can't find the issuer's name on the website, you aren't at the right address.

Check the document type available at the website address

This is a list that helps us narrow down what we're looking for even farther. Its one thing to look for a statute (an act, or a bill), and something completely different to look for the same thing once its become a regulation. The choices are:

• • Bill or Act

  • Regulation or Statute

  • Contractual Obligation

  • Self-Regulatory Body Requirement

  • Audit Guideline

  • Safe Harbor

  • International or National Standard

  • Best Practice Guideline

  • Organizational Directive

  • Vendor Documentation

  • Not Set

Submit one record for each document type even if the URL's are the same. Here are two examples to help clarify:

Example 1 (URL's are the same):

The Federal Deposit Insurance Corporation (FDIC) has two types of documents in our system: "Safe Harbor" and "Regulation or Statute". The URL's for both types of documents are the same (in this case): http://fdic.gov. Therefore, there are two separate records for FDIC in our system, one for Safe Harbor and one for Regulation or Statute each with the URL http://fdic.gov.

Example 2 (URL's are different):

The California Law website has two types of documents in our system: "Bill or Act" and "Regulation or Statute". In this example, the URL's for both types of documents are different: "Bill or Act" documents are stored at www.leginfo.ca.gov/calaw.html". Therefore">http://ca.gov/billinfo.html and "Regulation or Statute" documents are stored at "http://www.leginfo.ca.gov/calaw.html". Therefore, there are two separate records for California Law in our system, one for "Bill or Act" and one for "Regulation or Statute" each entered with their own respective URL.

Check the most appropriate category for the request

Within the UCF_AD_List, the Category is a direct reference to the Complex type UCF_AD_Parent_Type listed below. Within this Issuers list, the Category starts there, while we allow end users to provide additional category suggestions in order to grow the list. Below is the base list for the categories that are available. When requesting a new Issuer, select all that you think apply.

• • Asia and Pacific Rim Guidance

  • Banking and Finance Guidance

  • Energy Guidance

  • EU Guidance

  • General Guidance

  • Healthcare and Life Science Guidance

  • ISO Guidance

  • ITIL Guidance

  • Latin American Guidance

  • NASD NYSE Guidance

  • NIST Guidance

  • Other Configuration Guidance

  • Other European and African Guidance

  • Payment Card Guidance

  • Records Management Guidance

  • Sarbanes Oxley Guidance

  • System Configuration Guidance

  • UK and Canadian Guidance

  • US Federal Privacy Guidance

  • US Federal Security Guidance

  • US Internal Revenue Guidance

  • US State Laws and Protectorates Guidance

  • Vendors

Select the language the website uses

If the Issuer's website is in a specific language, that's what needs to be entered here. However, we are not using the name of the language, but rather the ISO 639-2 Codes for the Representation of Names of Languages reference. A complete and up-to-date reference can be found online at http://loc.gov/standards/iso639-2/php/code_changes.php. By default, all websites are listed as being in English (code eng).

Enter your email address for verification

The last thing you'll need to do before you hit the submit button is to add an e-mail address for verification and notification of the Issuer's list submission status.

Entry created and e-mail routed to reviewer

Once the request has been submitted, the system will automatically route the request to a UCF reviewer for the approval process.

Mark Record as Approved

The record is marked as Approved and made available for public access.

Initial check and approval process

This process is run by UCF Reviewers. The goal is to examine an Issuer List request, check if for validity, and split the request into several records if necessary to account for differences in categories and document types.

Ensure that the Issuer's domain is live

The first check is to ensure that you can launch the domain listed. If you can't, mark the record as deprecated due to an incorrect domain and end the approval process.

Test the language and correct as necessary

Once the website has been launched, if the website is in English, you can skip this step.

If the website is not in English, copy the URL from the website and open a browser to the Google Languages page (http://com.au/language_tools). Paste the URL into the "Translate a web page" field at the Google site. Select the language from the request in their first pop up, then click the Translate button. If the web page is translated into English, you have a match. If the web page is not translated into English, mark the request as deprecated due to incorrect language.

Check the Issuer's website for the appropriate Issuer Name

If you can launch the domain, check to ensure that the website's name that you found is the same as the Issuer's Name. If the two match, proceed to the next step. If you can correct the name by either changing the sub-directory of the domain or changing the Name field, do so.

Check the category

Ensure that the category listed matches the classification of information found on the website. If the category is not correct and you can correct the category, do so and proceed on. If the category is not correct and you cannot correct the category, deprecate the record due to non-existent categories.

Check the document type

Ensure that the document type listed matches the document type found at the website you are reviewing. If the document type is not correct and you can correct the document type, do so and proceed on. If the document type is not correct and you cannot correct the document type, deprecate the record due to non-existent document types.

Mark the record as approved or deprecated

In each of the steps above, the reviewer is requested to mark the record as deprecated if it does not meet the UCF specification or quality level required. If, and only if, the record has passed all of the above checks, the reviewer will mark the record as approved.

Route notification to requestor

Once a record has either been marked approved or deprecated, the system will automatically e-mail the requestor the status of the record. This concludes the initial Issuer Request process.

Quarterly review process

Outside of the initial request process, the UCF team maintains a quarterly review process for all records in the Issuer List. Because issuer websites do not change often, the UCF team feels at this time that there is no need for an ad-hoc editorial process for this list. We feel it is sufficient to test the list once a quarter and either modify or deprecate records as necessary.

A complete list of all Issuer sites is created

The first step in this process is that the UCF Management System automatically creates a listing of all live Issuer sites in the UCF XML Issuer List. This list is then assigned to a reviewer only (no approver is necessary) and sent to the reviewer via e-mail with a deadline for return.

Ensure that the Issuer's domain is live

The first check is to ensure that you can launch the domain listed. If you can't, mark the record as deprecated due to an incorrect domain and end the approval process.

Test the language

Once the website has been launched, if the website is in English, you can skip this step.

If the website is not in English, copy the URL from the website and open a browser to the Google Languages page (http://com.au/language_tools). Paste the URL into the "Translate a web page" field at the Google site. Select the language from the request in their first pop up, then click the Translate button. If the web page is translated into English, you have a match. If the web page is not translated into English, mark the request as deprecated due to incorrect language.

Check the Issuer's website for the appropriate Issuer Name

If you can launch the domain, check to ensure that the website's name that you found is the same as the Issuer's Name. If the two match, proceed to the next step. If you can correct the name by either changing the sub-directory of the domain or changing the Name field, do so.

Check the document type

Ensure that the document type listed in each record request matches the document type found at the website you are reviewing. If the document type is not correct and you can correct the document type, do so and proceed on. If the document type is not correct and you cannot correct the document type, deprecate the record due to non-existent document types.

Check the most appropriate category

Ensure that the category listed in each record request match the classification of information found on the website. If the category is not correct and you can correct the category, do so and proceed on. If the category is not correct and you cannot correct the category, deprecate the record due to non-existent categories.

If the record is must be deprecated, deprecate it and annotate reason

In each of the steps above, the reviewer is requested to mark the record as deprecated if it does not meet the UCF specification or quality level required.

Return the list to the UCF Team

Once the review process has been completed, return the list to the UCF Team.

Update the UCF XML Library

Upon receipt of the reviewed Issuers List, the UCF Team will run the list through the system's process to update the master XML list.

Quarterly XML Distribution

After the UCF XML Library has been updated, the Issuers list will be available for the UCF's quarterly XML distribution to all XML Licensees.

A complete list of all Issuers is created in XML

A complete list of all Issuers (whether live or deprecated) is created in XML and made ready for distribution.

A roll forward XML list is created

A complete list of all changes to the Issuers XML list is created and made ready for distribution.

Quarterly XML is distributed to XML Licensees

During the UCF's quarterly XML distribution, both the Issuers XML list and the Issuers roll forward list will be distributed to all XML Licensees.