Standardized Control Assessment - Procedure Products

When scoped, the standardized set of assessment procedures is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.

$3,000 / 1 Year
Corporate License
Remove this when have something to show

Standardized Control Assessment (SCA) Procedure Products

The SCA Procedures provide risk professionals with a set of resources (solutions, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. This is the “verify” portion of a third-party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.

What’s Included In the SCA?

After purchasing the SCA, you will be able download the product and supporting materials (templates, checklists, guidelines).

SCA User Procedure Guide

The SCA User Procedure Guide includes instructions for how to utilize each component in the SCA Procedures.

SCA Assessment Best Practices Checklist

A customizable assessment checklist to provide efficiency in the planning and conducting of virtual or onsite third-party risk assessments leveraging best practices from the Shared Assessments community

SCA Documentation Artifacts Checklist

A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.

SCA Executive Summary Reporting Template

An Executive Summary Reporting Template used to summarize the results of a third-party risk assessment performed using the SCA Procedures.

SCA Executive Summary Data Tables

The SCA Executive Summary Data Tables Template provides instructions and a selection of formatted charts that can be tailored to summarize assessment results to include in management reporting

SCA Guidelines

These voluntary guidelines are intended for use by organizations and third-party risk practitioners to ensure consistency related to the execution and reporting of results from third-party risk assessments that utilize the Standardized Control Assessment (SCA) Procedures.

Pete 2 

“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process.   The SCA is a flexible and dynamic solution that allows us to validate controls and capture the full risk posture of our vendors.  By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”    

—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC

Request a demo

The SCA is Used by 15,000+ People World-Wide

21 Risk Domains

The SCA mirrors the 21 critical risk domains from the SIG, and can be scoped to an individual organization’s needs.

  • Access Control
  • Application Security
  • Artificial Intelligence (AI)
  • Asset and Information Management
  • Cloud Hosting Services
  • Compliance Management
  • Cybersecurity Incident Management
  • Endpoint Security
  • Enterprise Risk Management
  • Environmental, Social, Governance (ESG)
  • Human Resources Security
  • Information Assurance
  • IT Operations Management
  • Network Security
  • Nth Party Management
  • Operational Resilience
  • Physical and Environmental Security
  • Privacy Management
  • Server Security
  • Supply Chain Risk Management (SCRM)
  • Threat Management

Current SCA Guidelines

Current Version Available Here >