Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF Practitioners

A common issue for organizations is finding competent personnel to help build and maintain their cybersecurity and privacy programs. To help with this effort, the SCF created the SCF Practitioner™ designation to help identify an individual who has expertise with the SCF. You can find listings for SCF-knowledgeable consultants on the SCF Marketplace.

Note - as with any service, it is entirely your obligation to perform due diligence to ensure a consultant can competently meet your specific needs. 

SCF PRACTITIONER CODE OF CONDUCT (VERSION 2023.1)

SCF Practitioners have an influential and privileged role in how the Secure Controls Framework (SCF)™ is both adopted and utilized by an organization. Therefore, a SCF Practitioner™ must be able to account for the decisions and behaviors exhibited.

SCF Practitioners have no employment, contract or any other form legally-binding relationship with the Secure Controls Framework Council, LLC (SCF Council), where the term “SCF Practitioner™” is only provided as a means to help market the SCF Practitioner’s familiarity with the SCF to prospective clients. Any services provided by a SCF Practitioner are solely between a SCF Practitioner and their client. The Secure Controls Framework Council, LLC (SCF Council) trademarked the term “SCF Practitioner™” and it allows individuals to utilize that term to describe their use of the SCF, as long as the following criteria are met:

  • Indemnify the SCF Council for any consulting services or professional services provided as a SCF Practitioner;
  • Maintain familiarity with recommended SCF practices/guidance; and
  • SCF Practitioners must abide by the SCF Practitioner Code of Conduct to utilize the term “SCF Practitioner” to describe themselves.

SCF Practitioner Code of Conduct:

  • Be honest, impartial and committed to conducting rigorous, objective and fair assessments.
  • Adhere to professional conduct with truth, accuracy, fairness, responsibility and objectivity.
  • Avoid Conflicts of Interest (COI).
  • Treat all information gained about any client organization confidentially and sensitively.
  • Be able to act professionally and objectively under adverse pressure to deviate from recommended SCF practices/guidance. Seek clarification from the SCF Council for matters that are unclear or need authoritative guidance.
  • Honestly represent professional qualifications, competence and experience. Honest representation requires the SCF Practitioner to not undertake consulting / professional services beyond the SCF Practitioner’s capabilities.
  • Strive to increase the prestige of the SCF.
  • Be professionally qualified and competent for any consulting / professional services role that the SCF Practitioner accepts, as well as be capable of fulfilling the role’s responsibilities.
  • Inform client organizations of any business connections, interests, or affiliations which might influence SCF Practitioner judgment or which could be perceived to influence SCF Practitioner objectivity.