SCF Third-Party Assessment Organizations (3PAOs)

Within the SCF Conformity Assessment Program (SCF CAP), the role of the Third-Party Assessment Organization (3PAO) is to:

• Hire and train its personnel that are:
• Technically competent; and
• Capable of performing quality 3PAAC services;
• Manage the assignment of SCF Assessor roles:
• Formally documented roles & responsibilities; and
• Designating assigned personnel as a SCF Assessor within the SCF Connect tool;
• Operate an internal process management system to align with the following:
• ISO 9001:2015 - Quality management systems — Requirements; and/or
• ISO/IEC 17020:2012 - Conformity assessment — Requirements for the operation of various types of bodies performing inspection;
• Market its 3PAO services to OSC; and
• Develop and implement contract management practices for engaging in 3PAAC services with OSC.

SCF 3PAO Listings

The following organizations have asked to be listed as a SCF 3PAO. It is your organization's obligation to perform due diligence activities to ensure any organization you choose to work with has the appropriate competence to adequately support your specific needs:

	Cybersec Investments Website: https://cybersecinvestments.com Email: info@cybersecinvestments.com	Service Description: Cybersec Investments is the only organization that is both a SCF Third-Party Assessment Organization (3PAO) and an Authorized CMMC Third-Party Assessment Organization (C3PAO). Cybersec Investments is a Service-Disabled Veteran-Owned Small Business (SDVOSB) with over a decade of cybersecurity experience spanning private industry and the Department of Defense (DoD). Cybersec Investments' specialties include: Cybersecurity “best practices” consulting Cybersecurity control gap assessments Performing SCF 3PAO assessments Professional services associated with helping organizations implement the SCF Tailoring ComplianceForge’s SCF-based Digital Security Program (DSP) and Cybersecurity Standardized Operating Procedures (CSOP)
	Vigilant Systems Website: https://vigilant.us/scf-trusted Email: contact@vigilant.us	Service Description: Vigilant is one of the first organizations to earn status as a SCF Third-Party Assessment Organization (3PAO). Vigilant can provide 3PAO services to Organizations Seeking Certification (OSC), regardless of the OSC’s size, industry, or geographic location(s). Vigilant has extensive experience leveraging the SCF as a risk & controls foundation.   At its core, Vigilant is a consulting firm that does the heavy lifting to implement and manage effective cybersecurity and privacy governance programs. Vigilant is a Veteran-owned business with over 15 years of international experience implementing and managing cybersecurity risk controls. Vigilant’s client base includes complex multi-national corporations to start-ups with basic, immature governance programs.   Viglant's services include the following: SCF 3PAO Assessments – risks & controls Inside-out Cybersecurity (IoC) - SCF controls implementation ISO 27001:2013/2022 ISMS Internal Audits Compliance as a Service – Virtual Compliance Officer Merger & Acquisition Support
	Ignyte Assurance Platform Website: https://ignyteplatform.com Email: info@ignyteplatform.com	Service Description: Ignyte’s Assurance is a professional audit firm focused on automation. Ignyte is a SCF 3PAO, FedRAMP 3PAO, emerging C3PAO and ISO 27001 auditor so it has immense experience in highly-complex environments. Ignyte team also holds a Top-Secret Facility clearance for those looking to take their technology from unclassified to classified operations. The team at Ignyte has many years’ experience with the SCF. Ignyte’s Services Include the following:        FedRAMP consulting        C3PAO and 3PAO Audits        ISMS Consulting        ISMS Audits        Performing SCF 3PAO assessments .