Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Evidence Request List (ERL)

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for a SCF-based assessment. However, the ERL can be used as a guidebook for "reasonable" artifacts to demonstrate evidence of due diligence and due care for other cybersecurity and/or privacy audits or assessments.

The ERL will be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls, since the identified evidence artifacts are mapped to SCF controls. The benefits are:

  1. It levels the playing field by establishing evidence expectations upfront so there are no surprises; and
  2. It prevents an assessor from literally making up documentation requirements on the fly.

Since "time is money" when it comes to an audit/assessment, the ERL is specifically designed to make assessments more efficient, therefore less expensive. The ERL is one of the tabs that is included as part of the SCF

There are no products listed under this category.

© 2025 Secure Controls Framework All rights reserved. | Sitemap