GRC-Ready Cybersecurity & Privacy Controls   

The products and services that a business sells, the partnerships it enters into and the locations of its operations are the business decisions that dictate the statutory, regulatory and contractual obligations that cybersecurity & privacy teams are tasked to enforce.


Cybersecurity and privacy personnel do not dictate the requirements - they are merely the messenger by pointing out the controls that need to exist to satisfy those business requirements. The Secure Controls Framework (SCF) just helps the management of those requirements be more efficient for everyone involved. 

   Secure Controls Framework (SCF)   

The Digital Security Program (DSP), from ComplianceForge, has a 1-1 mapping relationship with the Secure Controls Framework (SCF), which is an open source catalog of cybersecurity and privacy controls. This coverage includes over 100 statutory, regulatory and contractual frameworks, including, but not limited to:

  • ISO 27002

  • NIST 800-53

  • NIST 800-171

  • NIST Cybersecurity Framework




  • GAPP

  • ISO 29100

  • NY 23CRR500

  • SOC 2

  • COBIT 5

The SCF is inclusive, so it provides comprehensive coverage that provides GRC customers the ability to comply with multiple cybersecurity and privacy frameworks! This enables cyber, IT, legal, privacy and project teams can share the same controls language and communicate risks efficiently.

The SCF focuses on internal controls. These are the cybersecurity and privacy-related policies, standards, procedures and other processes that are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented, detected and corrected.

Secure Controls Framework - 500.jpg

© Compliance Forge, LLC (ComplianceForge). All Rights Reserved.

This website does not render professional services advice and is not a substitute for dedicated professional services. If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. Compliance Forge, LLC (ComplianceForge) disclaims any liability whatsoever for any documentation, information, or other material which is or may become a part of the website. ComplianceForge does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the web site may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website is assumed by the user.

ComplianceForge reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

  • LinkedIn Social Icon
  • Facebook Social Icon
  • Google+ Social Icon