Standardized Control Assessment (SCA) Procedure Tools

The SCA assists risk professionals in performing onsite or virtual assessments of vendors. It is a holistic tool for onsite assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment. This is the “verify” portion of a third party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.

What’s Included In the SCA?

After purchasing the SCA, you will be able download the tool and supporting materials (templates, checklists, guidelines).

SCA Getting Started Guide

Familiarizes users with the tool, the parties and the assessment process. It contains all the reference material needed to use the SCA Report Template for assessing an organization. A large part of the guide focuses on the details around preparing for, executing and reporting the results of an assessment.

SCA Guidelines

These voluntary guidelines are intended for use by third party risk assessors that use the Standardized Control Assessment (SCA) procedures to ensure consistency related to execution and reporting of an SCA Engagement. 

SCA Report Template

Standardized and customizable set of testing procedures provided in excel format.

Assessment Best Practices Checklist

Best practices for planning and execution of an SCA engagement.

SCA Executive Summary Data Table Templates

Instructions and selection of optional sample templates that can be modified to create an executive summary report.

SCA Executive Summary Reporting Template

Sample tables you can use to craft your SCA Executive Summary.

“The SCA is a very useful tool in conducting objective, fact-driven assessments. The SCA provides best practices for analysis of cross-industry risk domains that are applicable to mature TPRM programs.”

—Angela Davis Dogan, MBA/TM, CTPRP, CTPRP, Founder & CEO, Davis Advisory Services, LLC

Request a demo

The SCA is Used by 15,000+ People World-Wide

18 Risk Domains

The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs.

  • Risk Management
  • Security Policy
  • Organizational Security
  • Asset and Info Management
  • Human Resource Security
  • Physical and Environmental
  • IT Operations Management
  • Access Control
  • Application Security
  • Incident Event and Comm Mgmt
  • Business Resiliency
  • Compliance
  • End User Device Security
  • Network Security
  • Privacy
  • Threat Management
  • Server Security
  • Cloud Hosting

Current SCA Guidelines

Current Version Available Here > 

SCA Buying Options

The SCA can be purchased in three ways as well as licensed for use in applications.


The SCA is a holistic tool that assists risk professionals in performing onsite or virtual assessment of vendors.


The SCA is part of our Third Party Risk Toolkit which also includes our award winning VRMMM, SCA and Privacy Tools.


Shared Assessment membership includes access to all our tools in our third party risk toolkit, including the SCA.