GRC-Ready Cybersecurity & Privacy Controls   

The products and services that a business sells, the partnerships it enters into and the locations of its operations are the business decisions that dictate the statutory, regulatory and contractual obligations that cybersecurity & privacy teams are tasked to enforce.


Cybersecurity and privacy personnel do not dictate the requirements - they are merely the messenger by pointing out the controls that need to exist to satisfy those business requirements. The Secure Controls Framework (SCF) just helps the management of those requirements be more efficient for everyone involved. 

2019 - spectrum - Cybersecurity Best Pra

   Secure Controls Framework (SCF)   

The Digital Security Program (DSP), from ComplianceForge, has a 1-1 mapping relationship with the Secure Controls Framework (SCF), which is an open source catalog of cybersecurity and privacy controls. This coverage includes over 100 statutory, regulatory and contractual frameworks, including, but not limited to:

  • ISO 27002

  • NIST 800-53

  • NIST 800-171

  • NIST Cybersecurity Framework




  • GAPP

  • ISO 29100

  • NY 23CRR500

  • SOC 2

  • COBIT 5

The SCF is inclusive, so it provides comprehensive coverage that provides GRC customers the ability to comply with multiple cybersecurity and privacy frameworks! This enables cyber, IT, legal, privacy and project teams can share the same controls language and communicate risks efficiently.

The SCF focuses on internal controls. These are the cybersecurity and privacy-related policies, standards, procedures and other processes that are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented, detected and corrected.

Secure Controls Framework - 500.jpg