Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF Assessors

Within the SCF Conformity Assessment Program (SCF CAP), the role of the SCF Assessor is to:

  • Represent a single 3PAO for 3PAAC services. SCF Assessors must be either:
    • Employed by 3PAO (e.g., W-2 employee); or
    • A formal contractor of the 3PAO (e.g., 1099 contractor);
  • Maintain technical competence;
  • Assess only subject matter that the SCF Assessor is technically competent to evaluate; and
  • Perform 3PAAC services for the 3PAO that fall within SCF CAP guidelines.

SCF Assessor Listings

The following organizations have asked to be listed as a SCF Assessor. It is your organization's obligation to perform due diligence activities to ensure any organization you choose to work with has the appropriate competence to adequately support your specific needs:

 practitioner-how-to-grc.png How To GRC
Website: https://howtogrc.com
Email: admin@howtogrc.com		 Service Description: HowToGRC is a cybersecurity firm focused on designing and implementing cost effective and scalable cybersecurity & privacy programs, based on the Secure Control Framework (SCF). Extensive experience implementing and tailoring the SCF, including corresponding "SCF Premium Content" with ComplianceForge's Digital Security Program (DSP) documentation that can augment the SCF.

HowToGRC offers the following services:
  • Governance, Risk & Compliance (GRC) platform integration.
  • Developing a tailored cybersecurity program.
  • Capability maturity assessments.
 assessor-defcert.png DEFCERT
Website: https://www.defcert.com
Email: info@defcert.com		 Service Description: DEFCERT works with practitioners, assessors, and 3PAOs to develop, implement, and assess security controls. The DEFCERT team discovers and delivers new ways for the defense industrial base (DIB) and government contractors to meet their contractual and regulatory obligations for data protection. These efforts include compliance with DFARS safeguarding clauses, implementation of NIST special publications, and future assessment under the Cybersecurity Maturity Model Certification (CMMC).

DEFCERT primarily works with defense contractors, manufacturers, economic development organizations, managed IT service providers, and technology companies offering solutions to the DIB.

© 2024 Secure Controls Framework All rights reserved. | Sitemap