Select Page

Standardized Control Assessment


The  Standardized Control Assessment (SCA) Procedure Tools are a standardized set of assessment procedures. When scoped, the SCA is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.

  • SCA

    The Shared Assessments Standardized Control Assessment (SCA) Procedure Tools assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” portion of a third party risk program. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs. The SCA package includes the SCA Report Template, which provides a standardized approach to collecting and reporting assessment results.

SCA Procedure Tools

SCA Tool

The SCA is a holistic tool for onsite assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

Add to Cart

TPRM Toolkit

Upgrade to the TPRM Toolkit $10,000

Add the SIG Questionnaire Tools for building, analyzing and storing questionnaires, the VRMMM for benchmarking programs and the Third Party Privacy Tools.

Add to Cart

Assessment Firms

Become an Assessment Firm Member

Assessment Firms work with the Shared Assessments onsite assessment tool, the Standardized Control Assessment (SCA, for organizations that need validation of their vendor risk controls.

Learn More 

  • SCA Features

  • Your download of the SCA will include:

SCA Practitioner’s Guide – Familiarizes users with the tool, the parties and the assessment process. It contains all the reference material needed to use the SCA Report Template for assessing an organization. A large part of the guide focuses on the details around preparing for, executing and reporting the results of an assessment.

SCA Standards – Standards for Assessment Firms performing distributable SCAs.

SCA Report Template – Standardized and customizable set of testing procedures provided in excel format.

Onsite Assessment Best Practices Checklist – Best practices for planning and execution of an SCA engagement.

SCA Executive Summary Templates – Instructions and selection of optional sample templates that can be modified to create an executive summary report.

SCA Executive Summary Sample Template – Sample tables you can use to craft your SCA Executive Summary.


  • The SCA evaluates controls in the following risk domains:

  • Risk Assessment and Treatment
  • Security Policy
  • Organization Security
  • Asset and Information Management
  • Human Resource Security
  • Physical and Environmental Security
  • Operations Management
  • Access Control
  • Application Security
  • Incident Event and Communications Management
  • Business Resiliency
  • Compliance
  • End User Device Security
  • Network Security
  • Privacy
  • Threat Management
  • Server Security
  • Cloud Hosting


Want access to all the Shared Assessment Program tools, thought leadership and a network of members? Find out about Membership or contact for general inquiries, email

Membership Info