Standardized Control Assessment (SCA) Procedure Products

The SCA Procedures provide risk professionals with a set of resources (solutions, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. This is the “verify” portion of a third-party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.

What’s Included In the SCA?

After purchasing the SCA, you will be able download the product and supporting materials (templates, checklists, guidelines).

SCA User Procedure Guide

The SCA User Procedure Guide includes instructions for how to utilize each component in the SCA Procedures.

SCA Assessment Best Practices Checklist

A customizable assessment checklist to provide efficiency in the planning and conducting of virtual or onsite third-party risk assessments leveraging best practices from the Shared Assessments community

SCA Documentation Artifacts Checklist

A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.

SCA Executive Summary Reporting Template

An Executive Summary Reporting Template used to summarize the results of a third-party risk assessment performed using the SCA Procedures.

SCA Executive Summary Data Tables

The SCA Executive Summary Data Tables Template provides instructions and a selection of formatted charts that can be tailored to summarize assessment results to include in management reporting

SCA Guidelines

These voluntary guidelines are intended for use by organizations and third-party risk practitioners to ensure consistency related to the execution and reporting of results from third-party risk assessments that utilize the Standardized Control Assessment (SCA) Procedures.

Pete 2 

“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process.   The SCA is a flexible and dynamic solution that allows us to validate controls and capture the full risk posture of our vendors.  By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”    

—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC

Request a demo

The SCA is Used by 15,000+ People World-Wide

19 Risk Domains

The SCA mirrors the 19 critical risk domains from the SIG, and can be scoped to an individual organization’s needs.

  • Access Control
  • Application Security
  • Asset and Information Management
  • Cloud Hosting Services
  • Compliance Management
  • Cybersecurity Incident Management
  • Endpoint Security
  • Enterprise Risk Management
  • Environmental, Social, Governance (ESG)
  • Human Resources Security
  • Information Assurance
  • IT Operations Management
  • Network Security
  • Nth Party Management
  • Operational Resilience
  • Physical and Environmental Security
  • Privacy Management
  • Server Security
  • Threat Management

Current SCA Guidelines

Current Version Available Here > 

SCA Subscription Options

Subscribe to the SCA or license for use in applications.


Standardized Control Assessment Procedure

The SCA is available for purchase on its own for one year. Includes any updates made within the year of the license.


Corporate License

TPRM Product Suite

Manage the full vendor assessment relationship life cycle

The SCA is part of our Third-Party Risk Product Suite which also includes our award winning VRMMM, SIG, and Data Governance Product.


Corporate License


Industry-Standard Best Practices and Products

Shared Assessments membership includes access to all the products in our Third-Party Risk Product Suite, including the SCA.

Starting at