Select Page

Standardized Control Assessment


The  Standardized Control Assessment (SCA) Procedure Tools are a standardized set of assessment procedures. When scoped, the SCA is an efficient way to assess service providers during onsite or virtual assessments or to audit your own systems.

  • SCA

    The Shared Assessments Standardized Control Assessment (SCA) Procedure Tools assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” portion of a third party risk program. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs. The SCA package includes the SCA Report Template, which provides a standardized approach to collecting and reporting assessment results.

SCA Procedure Tools

SCA Procedure Tools

The SCA is a holistic tool for onsite assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

TPRM Toolkit

Third Party Risk Management Toolkit

Add the SIG Questionnaire Tools for building, analyzing and storing questionnaires, the VRMMM for benchmarking programs and the Third Party Privacy Tools.

Assessment Firms

Become an Assessment Firm Member

Assessment Firms work with the Shared Assessments onsite assessment tool, the Standardized Control Assessment for organizations that need validation of their vendor risk controls.

Learn More 

  • SCA Features

  • Your download of the SCA will include:

SCA Getting Started Guide – Familiarizes users with the tool, the parties and the assessment process. It contains all the reference material needed to use the SCA Report Template for assessing an organization. A large part of the guide focuses on the details around preparing for, executing and reporting the results of an assessment.

SCA Standards – Standards for Assessment Firms performing distributable SCAs.

SCA Report Template – Standardized and customizable set of testing procedures provided in excel format.

Assessment Best Practices Checklist – Best practices for planning and execution of an SCA engagement.

SCA Executive Summary Data Table Templates – Instructions and selection of optional sample templates that can be modified to create an executive summary report.

SCA Executive Summary Reporting Template – Sample tables you can use to craft your SCA Executive Summary.


  • The SCA evaluates controls in the following risk domains:

  • Risk Assessment and Treatment
  • Security Policy
  • Organization Security
  • Asset and Information Management
  • Human Resource Security
  • Physical and Environmental Security
  • Operations Management
  • Access Control
  • Application Security
  • Incident Event and Communications Management
  • Business Resiliency
  • Compliance
  • End User Device Security
  • Network Security
  • Privacy
  • Threat Management
  • Server Security
  • Cloud Hosting


Want access to all the Shared Assessment Program tools, thought leadership and a network of members? Find out about Membership or contact for general inquiries, email

Membership Info

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance. To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.