Standardized Control Assessment - Procedure Products
When scoped, the standardized set of assessment procedures is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.
Standardized Control Assessment (SCA) Procedure Products
The SCA Procedures provide risk professionals with a set of resources (solutions, templates, checklists, guidelines) that can be used to plan, scope, and perform third-party risk assessments. This is the “verify” portion of a third-party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.
What’s Included In the SCA?
After purchasing the SCA, you will be able download the product and supporting materials (templates, checklists, guidelines).
SCA User Procedure Guide
The SCA User Procedure Guide includes instructions for how to utilize each component in the SCA Procedures.
SCA Assessment Best Practices Checklist
A customizable assessment checklist to provide efficiency in the planning and conducting of virtual or onsite third-party risk assessments leveraging best practices from the Shared Assessments community
SCA Documentation Artifacts Checklist
A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.
SCA Executive Summary Reporting Template
An Executive Summary Reporting Template used to summarize the results of a third-party risk assessment performed using the SCA Procedures.
SCA Executive Summary Data Tables
The SCA Executive Summary Data Tables Template provides instructions and a selection of formatted charts that can be tailored to summarize assessment results to include in management reporting
SCA Guidelines
These voluntary guidelines are intended for use by organizations and third-party risk practitioners to ensure consistency related to the execution and reporting of results from third-party risk assessments that utilize the Standardized Control Assessment (SCA) Procedures.
“SBFE has been a member of Shared Assessments for nearly 7 years, with the SCA serving as one of the core components of our third-party risk assessment process. The SCA is a flexible and dynamic solution that allows us to validate controls and capture the full risk posture of our vendors. By integrating the SCA into our program, we have been able to stay on budget and provide sound third-party risk insight to internal leadership.”
—Peter Tannish, CISSP, CTPRP, Director, Security & Risk, SBFE, LLC
The SCA is Used by 15,000+ People World-Wide
21 Risk Domains
The SCA mirrors the 21 critical risk domains from the SIG, and can be scoped to an individual organization’s needs.
- Access Control
- Application Security
- Artificial Intelligence (AI)
- Asset and Information Management
- Cloud Hosting Services
- Compliance Management
- Cybersecurity Incident Management
- Endpoint Security
- Enterprise Risk Management
- Environmental, Social, Governance (ESG)
- Human Resources Security
- Information Assurance
- IT Operations Management
- Network Security
- Nth Party Management
- Operational Resilience
- Physical and Environmental Security
- Privacy Management
- Server Security
- Supply Chain Risk Management (SCRM)
- Threat Management
Current SCA Guidelines
Current Version Available Here >