SCF Organizations Seeking Certification (OSA)

The Secure Controls Framework Conformity Assessment Program (SCF CAP) is an organization-level conformity assessment. The SCF CAP is designed to utilize tailored cybersecurity and privacy controls that specifically address the applicable statutory, regulatory and contractual obligations an Organization Seeking Assessment (OSA) is required to comply with. By using the metaframework nature of the SCF, an OSC is able to perform a conformity assessment that spans multiple cybersecurity and privacy-specific laws, regulations and frameworks. 

Earning a SCF Certified™ conformity designation is meant to signify an accomplishment, rather than be viewed as a “participation ribbon” that has little practical value for the OSC or stakeholders in the OSC’s supply chain to understand the OSC’s security posture. The SCF CAP is focused on using the SCF as the control set to provide a company-level certification. While the SCF-CAP shares some similarities with other existing, single-focused certifications (e.g., ISO 27001, CMMC, FedRAMP, etc.), the SCF CAP is unique in its metaframework approach to covering cybersecurity and data protection requirements that span multiple laws, regulations and frameworks.