Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF CAP - SCF Assessor

Within the SCF CAP, the role of the SCF Assessor is to:

  • Represent a single 3PAO for 3PAAC services. SCF Assessors must be either:
    • Employed by 3PAO (e.g., W-2 employee); or
    • A formal contractor of the 3PAO (e.g., 1099 contractor);
  • Maintain technical competence;
  • Assess only subject matter that the SCF Assessor is technically competent to evaluate; and
  • Perform 3PAAC services for the 3PAO that fall within SCF CAP guidelines.

SCF Assessor Code of Conduct (2023.1)

SCF Assessors have an influential and privileged role in representing the SCF CAP. These individuals must be able to account for the decisions and behaviors exhibited. Therefore, the focus of the SCF CAP’s Code of Conduct on ethics and professional conduct is twofold:

  1. Establish clear, precise, ethical and professional guidelines for the assessment team; and
  2. Provide minimum standards by which to judge the conduct of SCF Assessors.

SCF Assessors must abide by the following conduct requirements:

  1. Be honest, impartial and committed to conducting rigorous, objective and fair assessments.
  2. Adhere to professional conduct with truth, accuracy, fairness, responsibility and objectivity.
  3. Avoid conflicts of interest, including perceived conflicts of interest, by acting solely in the best interests of the Organization Seeking Certification (OSC), the Third-Party Assessment Organization (3PAO), the SCF Accreditation Body (SCF-AB) and the SCF Council in the performance of SCF Assessor duties.
  4. Be able to act professionally and objectively under adverse pressure from the 3PAO and OSC. Seek clarification from the SCF-AB for matters that are unclear or need authoritative guidance.
  5. Honestly represent professional qualifications, competence and experience. Honest representation requires the SCF Assessor to not undertake assessments beyond the SCF Assessor’s capabilities.
  6. Strive to increase the prestige of the SCF CAP.
  7. Limit sampled records to those needed to assess OSC performance within the assessment scope.
  8. Exercise discretion in the use and protection of sensitive OSC information acquired during the performance of SCF Assessor duties.
  9. Treat all information gained about any OSC confidentially and sensitively; this includes:
    • Any device, graphics, written material, or other information in a tangible or intangible form identified as confidential or identifiable as private/sensitive by the nature of its content or context; and
    • Information about any individuals encountered in the assessment process.
  10. Never communicate false or misleading information, as this may compromise the integrity of the assessment, certification, and/or accreditation, processes, or decisions therein.

SCF Third Party Assessment Organization (3PAO) & SCF Assessor Guidebook

The following document provides more guidance on the SCF CAP from the perspective of 3PAOs and SCF Assessors: 

© 2024 Secure Controls Framework All rights reserved. | Sitemap