In order to stick to industry standards when meeting client requirements, Adobe simplified all their compliance standards down to what they call the Adobe Common Control Framework (CCF). Recently, Adobe decided to open source this document.

Brad Arkin, VP and Chief Security Officer of Adobe Systems, explained how other companies can benefit from their CCF. “We felt that we put a lot of work into [CCF] that would benefit other organizations looking to do the same type of work,” Arkin said.

SEE: Why every developer is an open source developer now (TechRepublic)

The CCF contains about 200 standards which the company can use and adjust whenever a new standard is thrown their way. It’s divided into a dozen different areas from change management to what happens when people leave the company.

Arkin said each area of the document covers the work required to assure the proper controls are in place to prevent bad things from happening, and to bring a level of security assurance to the environment.

The motivation behind open sourcing CCF at Adobe came from the interest of their peers, Arkin said. As Adobe employees talked about how they were managing different regulatory requirements and other control systems, their customers and other companies wanted to look at what Adobe was doing.

SEE: Open source big data and DevOps tools: A fast path to analytics applications (Tech Pro Research)

Arkin said it came to a point where they were signing a lot of non-disclosure agreements (NDA) and it made sense to open source the document since it didn’t release any sensitive information, and could help others.

To make it easier for other companies to adopt their CCF, Adobe adapted parts of it so it would be more applicable around the world.

“We think that the model is useful enough as a starting point,” he said. “It’s a great resource for other companies that are starting on this journey to better manage the complexity around their control framework in the way that they’re going to achieve compliance with these different standards.”

Also see: