Shared Assessments Program Tool. The standardized assessment procedures formerly known as the Shared Assessments Agreed Upon Procedures (AUP). The SCA assists in performing the “verify” component of third party risk onsite or virtual assessments. The SCA is a specific type of point in time due diligence process. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organization’s needs. For organizations that do not have a proprietary enterprise risk platform for managing assessments results, the SCA package includes the SCA Report Template, which: provides a standardized approach to collecting and reporting onsite assessment results; and allows for a mechanism to track mitigating controls relevant to providing a sound control requirement.
