top of page

Secure Controls Framework (SCF)

In 2018, we will launch the Secure Controls Framework (SCF) to create what we hope will be a new industry framework for cybersecurity and privacy controls.

The SCF leverages both cybersecurity and privacy requirements to help companies operationalize both cybersecurity and privacy by default, with an eye towards EU GDPR. The objective is Cybersecurity for Privacy by Design (C4P). With the SCF and products from our partners at ComplianceForge, companies will have the policies, control objectives, standards, guidelines, controls and procedures to build a world-class cybersecurity program.  

The SCF is a “best in class” approach to building a hybrid framework for cybersecurity and privacy controls. It allows companies to align with more than just ISO or NIST by having a common framework of controls that are customizable for a company, based on their needs.

There will be no charge for companies to use the SCF – users will just have to register for an account to be able to custom generate their own control set or download the entire SCF. 

  • Industry Frameworks 

    • AICPA GAPP

    • AICPA SOC 2 (2016)         

    • AICPA SOC 2 (2017)

    • CIS CSC v6.1

    • COBIT v5

    • CSA CCM v3.0.1

    • ENISA v2.0

    • ISO 27002 v2013

    • ISO 27018 v2014

    • NIST 800-53 rev 4

    • NIST 800-53 rev 5 [draft]

    • NIST 800-171 rev 1

    • NIST Cybersecurity Framework rev 1

    • PCI DSS v3.2        

    • UL 2900-1

  • US Federal Data Security Laws

    • COPPA

    • DFARS 252.204-70xx

    • FACTA

    • FAR 52.204-21

    • FDA 21 CFR 11

    • FedRAMP [moderate]

    • FINRA

    • GLBA

    • HIPAA

    • NERC CIP

    • NISPOM

    • SOX

  • US State Data Security Laws 

    • CA SB 1386

    • MA 201 CMR 17.00

    • NY DFS 23 NYCRR500

    • OR 646A

  • Europe, Middle East & Africa (EMEA) - Data Protection Acts 

    • ePrivacy [draft]

    • GDPR

    • Austria

    • Belgium

    • Czech Republic

    • Denmark

    • Finland

    • France

    • Germany

    • Greece

    • Hungary

    • Ireland

    • Israel

    • Italy

    • Luxembourg

    • Netherlands

    • Norway

    • Poland

    • Portugal

    • Russia

    • Slovak Republic

    • South Africa

    • Spain

    • Sweden

    • Switzerland

    • Turkey

    • UAE

    • UK          

  • Asia Pacific (APAC) - Data Protection Acts 

    • Australia

    • China DNSIP

    • Hong Kong

    • India ITR

    • Indonesia

    • Japan

    • Malaysia

    • New Zealand

    • New Zealand NZISM

    • Philippines

    • Singapore

    • Singapore MAS TRM

    • South Korea

    • Taiwan  

  • Americas - Data Protection Acts 

    • Argentina

    • Bahamas

    • Canada

    • Chile

    • Columbia

    • Costa Rica

    • Mexico

    • Peru

bottom of page