Standardized Control Assessment (SCA) Procedure Tools

The SCA Procedures provide risk professionals with a set of resources (tools, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. This is the “verify” portion of a third-party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.

What’s Included In the SCA?

After purchasing the SCA, you will be able download the tool and supporting materials (templates, checklists, guidelines).

SCA User Procedure Guide

The SCA User Procedure Guide includes instructions for how to utilize each component in the SCA Procedures Tool.

SCA Assessment Best Practices Checklist

A customizable assessment checklist to provide efficiency in the planning and conducting of virtual or onsite third-party risk assessments leveraging best practices from the Shared Assessments community

SCA Documentation Artifacts Checklist

A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.

SCA Executive Summary Reporting Template

An Executive Summary Reporting Template used to summarize the results of a third-party risk assessment performed using the SCA Procedures.

SCA Executive Summary Data Tables

The SCA Executive Summary Data Tables Template provides instructions and a selection of formatted charts that can be tailored to summarize assessment results to include in management reporting

SCA Guidelines

These voluntary guidelines are intended for use by organizations and third-party risk practitioners to ensure consistency related to the execution and reporting of results from third-party risk assessments that utilize the Standardized Control Assessment (SCA) Procedures.

Pete 2 

“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process.   The SCA is a flexible and dynamic tool that allows us to validate controls and capture the full risk posture of our vendors.  By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”    

—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC

Request a demo

The SCA is Used by 15,000+ People World-Wide

18 Risk Domains

The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs.

  • Enterprise Risk Management
  • Security Policy
  • Organizational Security
  • Asset and Information Management
  • Human Resources Security
  • Physical and Environmental Security
  • IT Operations Management
  • Access Control
  • Application Security
  • Cybersecurity Incident Management
  • Operational Resilience
  • Compliance and Operational Risk
  • Endpoint Device Security
  • Network Security
  • Privacy
  • Threat Management
  • Server Security
  • Cloud Hosting Services

Current SCA Guidelines

Current Version Available Here > 

SCA Buying Options

The SCA can be purchased in three ways as well as licensed for use in applications.


The SCA is a holistic tool that assists risk professionals in performing onsite or virtual assessment of vendors.


The SCA is part of our Third-Party Risk Toolkit which also includes our award-winning VRMMM, SCA, and Data Governance Tools.


Shared Assessment membership includes access to all our tools in our third-party risk toolkit, including the SCA.