The advanced SAICO certification for information security professionals who participate in and/or lead SCF 3PAO assessment teams. SCF Assessors conduct independent conformity assessments, evaluating controls against Assessment Objectives (AOs) to determine whether organizations meet SCF CAP certification requirements.
SCF Assessors are SAICO-certified individuals qualified to participate in and/or lead SCF Third-Party Assessment Organization (3PAO) assessment teams, conducting SCF CAP conformity assessments that evaluate an organization’s cybersecurity and data protection controls against defined Assessment Objectives (AOs).
The SCF Assessor curriculum is built around the SCF CAP assessment methodology, the examine, interview, and test (EIT) approach that assessors use to evaluate whether organizations have properly implemented the controls required for their selected SCF CAP certification.
The examine, interview, and test (EIT) methodology that underpins all SCF CAP conformity assessments. Covers how to plan, scope, execute, and document assessments in accordance with SCF CAP requirements.
How to evaluate each Assessment Objective to determine whether the control is appropriately designed, properly implemented, and producing the desired security outcome. Covers conformity vs. non-conformity determinations.
Techniques for collecting, reviewing, and evaluating evidence during SCF CAP assessments. Covers what constitutes acceptable evidence, how to evaluate documentation quality, and how to conduct interviews and tests.
How to document assessment findings, write conformity/non-conformity determinations, and produce SCF CAP assessment reports that meet program requirements.
Roles and responsibilities of SCF Assessors within a 3PAO team, including team lead vs. team member responsibilities, conflict of interest requirements, and the relationship to the Cyber AB accreditation body.
The complete SCF CAP program structure, including how to select applicable Minimum Security Requirements (MSR) for each certification track, how to interpret assessment guides, and how risk tolerance affects assessment scoping.
The SCF Assessor is the evaluation layer of the SCF CAP Ecosystem. Assessors perform the independent, third-party conformity assessments that produce the SCF Certified™ designation. They operate within authorized 3PAOs and are directly accountable to The Cyber AB’s accreditation standards.
Unlike Practitioners (who implement) and Architects (who design), Assessors must maintain independence from the organizations they assess. This independence is a core requirement of the SCF CAP program and is enforced through 3PAO accreditation standards.
The SCF Assessor is the advanced and final track in the three-level SAICO certification path. It requires the foundational and intermediate knowledge built through the Practitioner and Architect tracks.
Foundation: Step 1. Implement and maintain SCF controls. Foundation understanding of SCF structure, domains, and the SCF.
Intermediate: Step 2. Design and architect SCF-based programs. Control selection, SCRMS implementation, and strategic alignment.
Advanced: Current. Lead SCF CAP assessment teams within a 3PAO. Evaluate controls against AOs. Conduct independent conformity assessments.
%20(white).png)
.png)