SCA – Standardized Control Assessment Procedure Products

When scoped, the standardized set of assessment procedures is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.

$3,000 / 1 Year
Corporate License
$5,700 / 2 Years
Corporate License
Remove this when have something to show
Demo

Standardized Control Assessment (SCA) Procedure Products

The SCA Procedures provide risk professionals with a set of resources (solutions, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. These procedures fit the “verify” portion of a third-party risk program, typically employed after an initial questionnaire such as the Standardized Information Gathering Questionnaire (SIG), to gather and confirm artifacts that attest to the veracity of the assessment.

What’s Included In the SCA?

After purchasing the SCA, you will be able download the product and supporting materials. 

REQUEST A DEMO

SCA Product

The SCA product itself. 

SCA User Guide

The SCA User Guide provides a summary on how to use the SCA. 

SCA Enhancement Document

This document covers the changes and revisions to the most recent version of the SCA.

Pete 2 

“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process.   The SCA is a flexible and dynamic solution that allows us to validate controls and capture the full risk posture of our vendors.  By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”    

—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC

Request a demo

21 Risk Domains

The SCA mirrors the 21 critical risk domains from the SIG, and can be scoped to an individual organization’s needs.

  • Access Control
  • Application Security
  • Artificial Intelligence (AI)
  • Asset and Information Management
  • Cloud Hosting Services
  • Compliance Management
  • Cybersecurity Incident Management
  • Endpoint Security
  • Enterprise Risk Management
  • Environmental, Social, Governance (ESG)
  • Human Resources Security
  • Information Assurance
  • IT Operations Management
  • Network Security
  • Nth Party Management
  • Operational Resilience
  • Physical and Environmental Security
  • Privacy Management
  • Server Security
  • Supply Chain Risk Management (SCRM)
  • Threat Management

Looking for more details on Risk Domains covered by the SCA?

Check out our Guide To Risk Domains.

© 2025 Shared Assessments LLC