Standardized Control Assessment (SCA) Procedure Tools

The SCA assists risk professionals in performing onsite or virtual assessments of vendors. It is a holistic tool for onsite assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment. This is the “verify” portion of a third party risk program and was created leveraging the collective intelligence and experience of our vast member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.

What’s Included In the SCA?

After purchasing the SIG, you’ll be able to immediately download three files.

SCA Getting Started Guide

SCA Getting Started Guide – Familiarizes users with the tool, the parties and the assessment process. It contains all the reference material needed to use the SCA Report Template for assessing an organization. A large part of the guide focuses on the details around preparing for, executing and reporting the results of an assessment.

SCA Standards

Standards for Assessment Firms performing distributable SCAs. View Standards >

SCA Report Template

Standardized and customizable set of testing procedures provided in excel format.

Assessment Best Practices Checklist

Best practices for planning and execution of an SCA engagement.

SCA Executive Summary Data Table Templates

Instructions and selection of optional sample templates that can be modified to create an executive summary report.

SCA Executive Summary Reporting Template

Sample tables you can use to craft your SCA Executive Summary.

“The SCA is a very useful tool in conducting objective, fact-driven assessments. The SCA provides best practices for analysis of cross-industry risk domains that are applicable to mature TPRM programs.”

—Angela Davis Dogan, MBA/TM, CTPRP, CTPRP, Founder & CEO, Davis Advisory Services, LLC

Request a demo

The SCA is Used by 15,000+ People World-Wide

18 Risk Domains

The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an individual organizations’ needs.

  • Risk Management
  • Security Policy
  • Organizational Security
  • Asset and Info Management
  • Human Resource Security
  • Physical and Environmental
  • IT Operations Management
  • Access Control
  • Application Security
  • Incident Event and Comm Mgmt
  • Business Resiliency
  • Compliance
  • End User Device Security
  • Network Security
  • Privacy
  • Threat Management
  • Server Security
  • Cloud Hosting

Current SCA Standards

Current version 3.0. Download Now >

SCA Buying Options

The SCA can be purchased in three ways as well as licensed for use in applications.

SINGLE LICENSE: $5000

The SCA is a holistic tool that assists risk professionals in performing onsite or virtual assessment of vendors.

RISK TOOLKIT: $11,000

The SCA is part of our Third Party Risk Toolkit which also includes our award winning VRMMM, SCA and Privacy Tools.

BECOME A MEMBER

Shared Assessment membership includes access to all our tools in our third party risk toolkit, including the SCA.

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance.
To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.