The Standardized Control Assessment (SCA) Procedure Tools are a standardized set of assessment procedures. When scoped, the SCA is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.
The Shared Assessments Standardized Control Assessment (SCA) Procedure Tools assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” portion of a third party risk program. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs. The SCA package includes the SCA Report Template, which provides a standardized approach to collecting and reporting assessment results.
SCA Procedure Tools
SCA Procedure Tools
The SCA is a holistic tool for onsite assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.
Third Party Risk Management Toolkit
Add the SIG Questionnaire Tools for building, analyzing and storing questionnaires, the VRMMM for benchmarking programs and the Third Party Privacy Tools.
Become an Assessment Firm Member
Assessment Firms work with the Shared Assessments onsite assessment tool, the Standardized Control Assessment for organizations that need validation of their vendor risk controls.
- Your download of the SCA will include:
SCA Getting Started Guide – Familiarizes users with the tool, the parties and the assessment process. It contains all the reference material needed to use the SCA Report Template for assessing an organization. A large part of the guide focuses on the details around preparing for, executing and reporting the results of an assessment.
SCA Standards – Standards for Assessment Firms performing distributable SCAs.
SCA Report Template – Standardized and customizable set of testing procedures provided in excel format.
Assessment Best Practices Checklist – Best practices for planning and execution of an SCA engagement.
SCA Executive Summary Data Table Templates – Instructions and selection of optional sample templates that can be modified to create an executive summary report.
SCA Executive Summary Reporting Template – Sample tables you can use to craft your SCA Executive Summary.
The SCA evaluates controls in the following risk domains:
- Risk Assessment and Treatment
- Security Policy
- Organization Security
- Asset and Information Management
- Human Resource Security
- Physical and Environmental Security
- Operations Management
- Access Control
- Application Security
- Incident Event and Communications Management
- Business Resiliency
- End User Device Security
- Network Security
- Threat Management
- Server Security
- Cloud Hosting