SCF Practitioners

A common issue for organizations is finding competent personnel to help build and maintain their cybersecurity and privacy programs. To help with this effort, the SCF created the SCF Practitioner™ designation to help identify an individual who has expertise with the SCF.

SCF Practitioners Listings

The following organizations have asked to be listed as a SCF Practitioner. It is your organization's obligation to perform due diligence activities to ensure any organization you choose to work with has the appropriate competence to adequately support your specific needs:

	How To GRC Website: https://howtogrc.com Email: admin@howtogrc.com	Service Description: HowToGRC is a cybersecurity firm focused on designing and implementing cost effective and scalable cybersecurity & privacy programs, based on the Secure Control Framework (SCF). Extensive experience implementing and tailoring the SCF, including corresponding "SCF Premium Content" with ComplianceForge's Digital Security Program (DSP) documentation that can augment the SCF. HowToGRC offers the following services: Governance, Risk & Compliance (GRC) platform integration. Developing a tailored cybersecurity program. Capability maturity assessments.
	SHAW Data Security Website: http://www.shawdatasecurity.com Email: bbailey@shawdatasecurity.com	Service Description: SHAW helps customers to establish and grow their compliance and risk programs with the Secure Controls Framework (SCF) and ServiceNow. SHAW customers implement secure practices that are efficient and scalable using SCF as the controls framework and ServiceNow as the system of action and record. SHAW clients find that having an expert guide when implementing the SCF and ServiceNow GRC module speeds the transition from manual to automated processes. With a proven method and plan from SHAW, clients: Achieve incremental milestones that deliver value. Make informed workflow choices balancing people, process and technology. Collaborate in "right-sized" engagements to achieve short and long term goals.
	MJD Advisors Website: https://www.mjd.cpa Email: alison.flaherty@mjd.cpa	Service Description: MJD Advisors is a boutique CPA firm focused on providing SOC 2 and related examinations to global technology companies. MJD Advisors supports its clients as they operationalize their security program with controls built from the Secure Control Framework (SCF). MJD Advisors leverage the extensive resources made available by the SCF and help its clients tailor their controls in a way that is pragmatic and easy to understand. Utilizing the SCF resources allows MJD Advisors to focus on delivering high-quality SOC 2 and related services to our clients and create an unmatched client experience.
	SecuriThink Website: https://securithink.com Email: Hello@SecuriThink.com	Service Description: Field-Tested Cybersecurity™ Solutions which leverage the Secure Controls Framework (SCF). SecuriThink's CxO and CISO toolkits include proven solutions for: Rapid Cybersecurity Cost Estimates with verified accuracy for Compliance or M&A Cybersecurity Strategy and Executive Education Department of Energy Cybersecurity Plans CMMC Readiness Proactive Insider Threat Program Supply Chain Cybersecurity Program Data Classification OT/IT integration
	Logos Systems Website: https://logos.systems Email: info@logos.systems	Service Description: Logos Systems is a Fractional CISO, vCISO, and Cyber advisory firm. Logos Systems' services scale for business of any size. Logos Systems' advisory service offers all the benefits of having a full-time CISO on staff, but at a fraction of the cost. Logos Systems' starts with the Secure Controls Framework (SCF) to provide a comprehensive cybersecurity program that meets your unique needs: Strategy Development Risk Assessment and Management Cyber Incident Response Planning Crisis Incident Response Cybersecurity Training for Employees
	Lares Website: https://www.lares.com Email: information@lares.com	Service Description: Lares can help your organization validate its security posture through a combination of Secure Controls Framework (SCF)-based IT Risk Assessments and offensive security focused services such as complex adversarial simulations, penetration tests, insider threat assessments, vulnerability research, continuous security testing, and coaching.
	Protiviti Website: https://www.protiviti.com Email: dante.rodino@protiviti.com	Service Description: Protiviti has standardized and streamlined the implementation of these elements through a top-down prescriptive approach, so you can concentrate on running your business. Adoption of the Secure Controls Framework is the essential first step in gaining control of your cybersecurity program. Let’s have a conversation about how the Secure Controls Framework can benefit your organization. Most organizations are struggling to sustain their cybersecurity programs due to ineffective Governance, Risk, and Compliance (GRC) operations. Central to those operations are 5 key elements: A comprehensive risk and controls framework, Simplified GRC business processes, An organization that aligns to GRC operations, Enterprise reporting; and A system to digitize and enforce the other 4 elements.
	Cybershore Limited Website: https://www.cybershore.co.nz Email: security@cybershore.co.nz	Service Description: Cybershore provide security consulting with a business mindset, enabling your business to securely achieve its outcomes. Cybershore Limited uses the Secure Controls Framework (SCF) as a foundation for: Designing and implementing auditable cybersecurity and privacy programs that meet applicable statutory, regulatory, and contractual obligations. Defining robust IT security policies, procedures, and processes that support the business with vulnerability management, risk management, and vendor management, targeted to help your company achieve its outcomes. Building controls frameworks and conducting controls validation audits to meet best practice and compliance requirements. Capability maturity assessments that use a standard, scalable baseline. Cybershore can assist with almost any cyber security consulting need your business might have: Security assurance and strategy development to enable your organization to improve its security posture and ability to deal with known and unforeseen threats. Certification and Accreditation, including risk assessments and audits to meet compliance requirements and use insights to improve your organization's security maturity. Internal audit support and security reviews to support effective risk management across your organization. External assurance services and audit preparation to achieve compliance and support.
	Nitra Security Website: https://nitrasecurity.com Email: sales@nitrasecurity.com	Service Description: Nitra Security delivers cybersecurity services while maximizing the customer experience. Our three service pillars are advisory, assurance, and engineering. Clients often combine these services to maximize partnership benefits. The Secure Controls Framework (SCF) allows Nitra Security to achieve those goals as an organization and as a partner by leveraging a single solution that gives Nitra Security the ability to demonstrate those compliance needs, track artifacts, and do continuous monitoring of those requirements simply and effectively.
	Grafana Labs Website: https://www.grafana.com Email: christopher.doyle@grafana.com	Service Description: Grafana Labs focuses on the implementation and optimization of the Secure Controls Framework (SCF) to manage internal cybersecurity and privacy controls cross-functionally. The ever changing landscape of statutory, regulatory, and contractual obligations empowers control owners to categorize into defined sets leading to a focused management of internal best practices. Incorporating the organizational principles enables unified framework guidance applicable to the people, process, and performance that is additive to the GRC culture.
	Cassini Consulting AG Website: https://www.cassini.de Email: Tim.du@cassini.de	Service Description: Cassini Consulting supports companies and government organizations in achieving their security goals with the Secure Controls Framework (SCF). Cassini designs security tailored to the needs and strategic challenges of your organization, helping you to establish a sustainable security culture in your organization while supporting strategic business goals.
	AdvanceCyber Website: https://advancecyber.net Email: marc.vance@advancecyber.net	Service Description: AdvanceCyber provides cybersecurity consulting and advisory services utilizing the Secure Controls Framework (SCF). AdvanceCyber's cybersecurity experts provide comprehensive assessments to ensure your critical data and systems are secure. AdvanceCyber use the SCF to identify weaknesses in your organization’s security program and provide tailored solutions to help you reduce the risk of breaches and other cybersecurity threats.