Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Let's Talk About Evidence - Evidence Request List (ERL)

Let's Talk About Evidence - Evidence Request List (ERL)

SCF Council assessor | auditor | due care | due diligence | evidence | evidence request list | SCF | scf cap | Secure Controls Framework
November 2nd, 2022 1 minute read

Listen to article
Audio generated by DropInBlog's Blog Voice AI™ may have slight pronunciation nuances. Learn more

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for an assessment. This is going to be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls (it is mapped to SCF controls). 

The benefits of the ERL are (1) it levels the playing field by establishing evidence expectations upfront so there are no surprises and (2) it prevents an assessor from literally making up documentation requirements on the fly. Since "time is money" this is specifically designed to make assessments more efficient, therefore less expensive. 

Thanks to the many people who brought this together with their insightful and valuable feedback!

« Back to Blog

Related Articles

SCF Risk & Threat Catalog

SCF Risk & Threat Catalog

13 minute read

January 19th, 2023

Words Matter - Understanding Policies, Control Objectives, Standards, Guidelines & Procedures

Words Matter - Understanding Policies, Control Objectives, Standards, Guidelines & Procedures

5 minute read

February 11th, 2023

SCFConnect - SaaS approach to using the SCF

SCFConnect - SaaS approach to using the SCF

1 minute read

March 2nd, 2023

© 2026 Secure Controls Framework All rights reserved. | Sitemap