Standardized Control Assessment (SCA) Procedure Tools
The SCA Procedures provide risk professionals with a set of resources (tools, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. This is the “verify” portion of a third-party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.
What’s Included In the SCA?
After purchasing the SCA, you will be able download the tool and supporting materials (templates, checklists, guidelines).
SCA User Procedure Guide
The SCA User Procedure Guide includes instructions for how to utilize each component in the SCA Procedures Tool.
SCA Assessment Best Practices Checklist
A customizable assessment checklist to provide efficiency in the planning and conducting of virtual or onsite third-party risk assessments leveraging best practices from the Shared Assessments community
SCA Documentation Artifacts Checklist
A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.
SCA Executive Summary Reporting Template
An Executive Summary Reporting Template used to summarize the results of a third-party risk assessment performed using the SCA Procedures.
SCA Executive Summary Data Tables
The SCA Executive Summary Data Tables Template provides instructions and a selection of formatted charts that can be tailored to summarize assessment results to include in management reporting
These voluntary guidelines are intended for use by organizations and third-party risk practitioners to ensure consistency related to the execution and reporting of results from third-party risk assessments that utilize the Standardized Control Assessment (SCA) Procedures.
“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process. The SCA is a flexible and dynamic tool that allows us to validate controls and capture the full risk posture of our vendors. By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”
—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC
The SCA is Used by 15,000+ People World-Wide
- Enterprise Risk Management
- Security Policy
- Organizational Security
- Asset and Information Management
- Human Resources Security
- Physical and Environmental Security
- IT Operations Management
- Access Control
- Application Security
- Cybersecurity Incident Management
- Operational Resilience
- Compliance and Operational Risk
- Endpoint Device Security
- Network Security
- Threat Management
- Server Security
- Cloud Hosting Services
SINGLE LICENSE: $3000
The SCA is a holistic tool that assists risk professionals in performing onsite or virtual assessment of vendors.
BECOME A MEMBER
Shared Assessment membership includes access to all our tools in our third-party risk toolkit, including the SCA.