Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Let's Talk About Evidence - Evidence Request List (ERL)

Let's Talk About Evidence - Evidence Request List (ERL)

Posted by SCF Council on Nov 2nd 2022

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for an assessment. This is going to be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls (it is mapped to SCF controls). 

The benefits of the ERL are (1) it levels the playing field by establishing evidence expectations upfront so there are no surprises and (2) it prevents an assessor from literally making up documentation requirements on the fly. Since "time is money" this is specifically designed to make assessments more efficient, therefore less expensive. 

Thanks to the many people who brought this together with their insightful and valuable feedback!